textfiles/virus/fungen4.cvp

FUNGEN4.CVP   910819

                     Hiding in System Layers

One additional use that viral programs can make of operating
systems is as a source of hiding places.

Anyone who has ever tried to manage accounts on mainframes or
local area networks will recognize that there is a constant
battle between the aspects of security and "user friendliness" in
computer use.  This tension arises from the definition of the two
functions: if a computer is easy to use, it is easy to misuse. 
If a password is hard to guess, it is hard to remember.  If
access to information is simple for the owner, it is simple for
the "cracker".

(This axiom often gives rise to two false "corollaries".  First,
the reverse; that those systems which are difficult to use must
therefore be more secure; does not hold.  Secondly, many assume
that restricting the availability of information about a system
will make that system secure.  While this strategy will work in
the short term, its effectiveness as protection is limited. 
Indeed, it often has the unfortunate side effect of restricting
information to those who should have it, such as systems
managers, while slowing the "attackers" only marginally.)

"User friendly" programs and operating systems tend to hide
information from the user.  There are two reasons for this.  In
order to reduce "clutter", and the amount of information that a
user needs to operate a given system, it is necessary to remove
options, and therefore, to a certain extent, functionality.  A
user friendly system is also more complex in terms of it's own
programming.  In order for the computer to behave "intuitively",
it must be able to provide for the many "counter-intuitive" ways
that people work.  Therefore the most basic levels of a graphical
user interface system tend to be more complex than the
corresponding levels of a command line interface system, and are
hidden from the user by additional intervening layers (which also
tend to add more  complexity.)

The additional layers in an operating system, and the fact that
a great deal of management takes place automatically, without the
user's awareness, is an ideal situation for a viral program. 
Since many legitimate and necessary operations and changes are
performed without the user being aware of it, viral operations
can also proceed at a level completely hidden from the user. 
Also, because the user is basically unaware of the structure and
operations of the computer, changes to that structure and
operation are difficult to detect.

copyright Robert M. Slade, 1991   FUNGEN4.CVP   910819
Initial commit 2021-04-15 11:31:59 -07:00			`FUNGEN4.CVP 910819`

			`Hiding in System Layers`

			`One additional use that viral programs can make of operating`
			`systems is as a source of hiding places.`

			`Anyone who has ever tried to manage accounts on mainframes or`
			`local area networks will recognize that there is a constant`
			`battle between the aspects of security and "user friendliness" in`
			`computer use. This tension arises from the definition of the two`
			`functions: if a computer is easy to use, it is easy to misuse.`
			`If a password is hard to guess, it is hard to remember. If`
			`access to information is simple for the owner, it is simple for`
			`the "cracker".`

			`(This axiom often gives rise to two false "corollaries". First,`
			`the reverse; that those systems which are difficult to use must`
			`therefore be more secure; does not hold. Secondly, many assume`
			`that restricting the availability of information about a system`
			`will make that system secure. While this strategy will work in`
			`the short term, its effectiveness as protection is limited.`
			`Indeed, it often has the unfortunate side effect of restricting`
			`information to those who should have it, such as systems`
			`managers, while slowing the "attackers" only marginally.)`

			`"User friendly" programs and operating systems tend to hide`
			`information from the user. There are two reasons for this. In`
			`order to reduce "clutter", and the amount of information that a`
			`user needs to operate a given system, it is necessary to remove`
			`options, and therefore, to a certain extent, functionality. A`
			`user friendly system is also more complex in terms of it's own`
			`programming. In order for the computer to behave "intuitively",`
			`it must be able to provide for the many "counter-intuitive" ways`
			`that people work. Therefore the most basic levels of a graphical`
			`user interface system tend to be more complex than the`
			`corresponding levels of a command line interface system, and are`
			`hidden from the user by additional intervening layers (which also`
			`tend to add more complexity.)`

			`The additional layers in an operating system, and the fact that`
			`a great deal of management takes place automatically, without the`
			`user's awareness, is an ideal situation for a viral program.`
			`Since many legitimate and necessary operations and changes are`
			`performed without the user being aware of it, viral operations`
			`can also proceed at a level completely hidden from the user.`
			`Also, because the user is basically unaware of the structure and`
			`operations of the computer, changes to that structure and`
			`operation are difficult to detect.`

			`copyright Robert M. Slade, 1991 FUNGEN4.CVP 910819`