Eliminating Over-privileged Code
Over-privileged code dates from the time when most programs were either delivered with a computer or written in-house, and repairing it would at a stroke render most antivirus software almost redundant. It would, however, have appreciable consequences for the user interface and system management.
The system would have to maintain privilege profiles, and know which to apply for each user and program. In the case of newly installed software, an administrator would need to set up default profiles for the new code.
Eliminating vulnerability to rogue device drivers is probably harder than for arbitrary rogue executable. Two techniques, used in VMS, that can help are memory mapping only the registers of the device in question and a system interface associating the driver with interrupts from the device.
Other approaches are:
- Various forms of virtualization, allowing the code unlimited access only to virtual resources
- Various forms of sandbox or jail
- The security functions of Java, in
java.security
Such approaches, however, if not fully integrated with the operating system, would reduplicate effort and not be universally applied, both of which would be detrimental to security.
Read more about this topic: Malware, Anti-malware Strategies
Famous quotes containing the words eliminating and/or code:
“A favorite of outdoor alcoholics, connoisseurs and Fundamentalists, these pills turn water into wine. In 10 minutes the most fetid swamp scum in the forest can become modest red, elusive and light on first taste, yet playful—one might say a trifle impudent—on the afterbite. Saves pack space by eliminating need for bulky corkscrew, decanter and bottles. Store pills on their sides in a cool dark place.”
—Alfred Gingold, U.S. humorist. Items From Our Catalogue, “Wine Pills,” Avon Books (1982)
“Motion or change, and identity or rest, are the first and second secrets of nature: Motion and Rest. The whole code of her laws may be written on the thumbnail, or the signet of a ring.”
—Ralph Waldo Emerson (1803–1882)