Know what would excite me?

It would be fucking awesome if servers had a separate processor, through which data passively travels and is separately examined for signs of illegal entry through coding flaws, buffer overruns, and user access changes from outside the local network. In other words, how many fucking years do I have to wait around before someone really and truly invents Black ICE?

We need dedicated hardware not only because you don’t want to spare time from the central central processor (heh, CPU is kind of a misnomer these days). We need predictive code that, for instance, runs through code as it is processed to make sure that, for instance, application code isn’t trying to be passed through as video (okay, I’m not exactly a low-level programmer, so work with me here).

What made me think of this is an article we’re going to have next week about GM being on guard for hackers, and their CIS(-ecurity)O talking about how they need to do a better job of patching vulnerabilities. It just made me think of how ridiculous it is that IT works that way, and how we need a more active system that processes trends and unusual effects to not just log or block what is known, but make decisions about the unknown.

Think of the difference as the same difference between when antivirus software used to simply look for specific viruses they’d already discovered, as opposed to now, where they do that -and- look for trends and common elements. Except one step further.

~ by Skennedy on June 16, 2006.

17 Responses to “Know what would excite me?”

  1. It’s not quite as easy as you describe. What you describe is still a reactive approach, which doesn’t protect against new things.

    There are ways of proactively protecting against various memory overruns (google ‘W or X’ or uhm… Data Execution Protection in Windows). You can also do all manner of auditing of ‘user access changes’ but it’s very hard to differentiate between what is and is not good.

    And it’s interesting that GM would publically say they need to do a better job. Well, hrm. I can’t say more about that, but suffice to say, they need some internal political changes before they can do it better.

    • I modified my post a little, a minute ago, actually. I realize we have things like data execution protection, but I’m thinking of the sort of process that not only helps block illegal code (and there are billions of ways to do that already, from firewalls on in) but also examines tentatively proper but shady activity and quarantines accounts and freezes processes mid-execution if necessary. Admin’s Assistant, if you will. :D

    • oh yeah, and googling “w or x” presents dozens of code and algebra papers. :D

      • Sorry, this: http://en.wikipedia.org/wiki/W%5EX

        The other idea… Well, you can’t just *stop* a process like that all the time without possibly throwing the rest of the machine into a really weird state. It’d simply take a whole lot more separation. Stuff which can be done on more trusted OS’, but not on Windows machines.

        • Cool link, I get what you mean now.

          Yes, I imagine such processes would require both more advanced hardware and a capable operating system to handle.

          While that is true abotu stopping a process, there should be some sort of weighting mechanism – I am certain there would be occasions in which a reboot would be far, far preferable to allowing illegal code to run.

          • What do you think a good number of windows blue screens are? ;)

          • Are we comparing this hypothetical number with the average number a person might get in a week? :D

            *kidding*

            That is another thing I’m curious about – error recovery. Fortunately, you rarely have such critical systemic errors without a hardware flaw these days, but even so – there’s a processor in there, and unless it itself is inherently flawed, I want it to determine where the problem is and re-route, restart necessary drivers that may have failed (unless they fail again, and then step back further, etc). Hell if it’s a dual processor system, even a processor error shouldn’t totally FUBAR it.

            I want a computer that is smart about its own body, essentially, that will keep running while the SysAdmin is running around freaking out about the fried circuit.

          • Big iron can do this kind of thing. Not PCs. :\ It’s just simply too expensive… And with the biggest ‘problem’ of Windows being it’s phenominal backwards compatability, it’s unlikely to see this sort of change any time soon. But, it would be nice…

          • *sigh* I would not expect to see such a feature from Microsoft, but, unfortunately, it would be of little use without their cooperation.

          • Oh, I think MS would do it, if they could. The problem is, it would take a HUGE redesign, and there isn’t likely to be a return on that investment.

          • I don’t know, I mean think of the marketing (even if it isn’t entirely true, even in this context): The end to freezing computers. The end to “worry” about hackers. I’m sure they could work up a froth over that’n.

            Well, we’ll see what happens if linux ever pulls off a Firefox.

          • What, gets 9% of market share? ;)

          • No, gets high profile businesses suggesting their end-users switch to it, like firefox has with any business concerned with IE flaws. Market share is fairly irrelevant these days – it’s all about image.

          • The problems for large businesses run across when considering a switch to Firefox generally are:

            1) No incremental way to patch Firefox as vulnerabilities are identified. (And there are a lot of them.)
            2) Internal corporate apps which just don’t work quite right with Firefox, especially things which use custom ActiveX stuff.

          • *smiles* again, I’m talking about image here, not the actuality.

          • Hardware

            What you speak of cannot be a purely software based solution. Intrusion detection is big nowadays. We can do it with our email system, for starters enabling the three strikes your account is locked rule.

            However that will NEVER happen because of mgmt.

            I’m very security conscious, and I know of many ways of stopping attacks. It requires an attack to occur though.

            That being said, I give you these things:

            1. It cannot be ANYTHING from Microsoft. Period.
            2. It will NEVER be proactive. You simply can’t predict the future. You CAN prepare for the inevitable.
            3. You can’t have security without being somewhat more involved/difficult to use. People (for the most part) are not willing to give up ease of use for better security.

            When is the last time you changed the PIN on your ATM card?

          • *grin* I refuse to answer that question because it may compromise my Sovereign Security.

            You don’t think it might be possible to, say, even have a dedicated intrusion detection processor that could react to ill-defined threats? I’m not talking 100%, here, I firmly agree with the idea that anything sufficiently complex can be broken.

            I also agree that if it MUST come from MS, it WON’T. Universal acceptance, though, requires sponsorshop from the monopoly company.

            As for the latter point… that’s simply true. *shrug* Nothing can be done to change that – if people are still that way in THIS environment of Terrorist Doom, then I doubt even WWIII would convince people to enable the lockout rule.

Comments are closed.