Larry Osterman's WebLog

Confessions of an Old Fogey
Blog - Title

Beware of the dancing bunnies.

Beware of the dancing bunnies.

  • Comments 57

I saw a post the other day (I'm not sure where, otherwise I'd cite it) that proclaimed that a properly designed system didn't need any anti-virus or anti-spyware software.

Forgive me, but this comment is about as intellegent as "I can see a worldwide market for 10 computers" or "no properly written program should require more than 128K of RAM" or "no properly designed computer should require a fan".

The reason for this is buried in the subject of this post, it's what I (and others) like to call the "dancing bunnies" problem.

What's the dancing bunnies problem?

It's a description of what happens when a user receives an email message that says "click here to see the dancing bunnies".

The user wants to see the dancing bunnies, so they click there.  It doesn't matter how much you try to disuade them, if they want to see the dancing bunnies, then by gum, they're going to see the dancing bunnies.  It doesn't matter how many technical hurdles you put in their way, if they stop the user from seeing the dancing bunny, then they're going to go and see the dancing bunny.

There are lots of techniques for mitigating the dancing bunny problem.  There's strict privilege separation - users don't have access to any locations that can harm them.  You can prevent users from downloading programs.  You can make the user invoke magic commands to make code executable (chmod +e dancingbunnies).  You can force the user to input a password when they want to access resources.  You can block programs at the firewall.  You can turn off scripting.  You can do lots, and lots of things.

However, at the end of the day, the user still wants to see the dancing bunny, and they'll do whatever's necessary to bypass your carefully constructed barriers in order to see the bunny

We know that user's will do whatever's necessary.  How do we know that?  Well, because at least one virus (one of the Beagle derivatives) propogated via a password encrypted .zip file.  In order to see the contents, the user had to open the zip file and type in the password that was contained in the email.  Users were more than happy to do that, even after years of education, and dozens of technological hurdles.

All because they wanted to see the dancing bunny.

The reason for a platform needing anti-virus and anti-spyware software is that it forms a final line of defense against the dancing bunny problem - at their heart, anti-virus software is software that scans every executable before it's loaded and prevents it from running if it looks like it contain a virus.

As long as the user can run code or scripts, then viruses will exist, and anti-virus software will need to exist to protect users from them.

 

  • Vince, as long as users are allowed to add code to the machine, then you're going to need anti-virus and/or anti-spyware.

    There is no PC operating system currently available that can protect users from malicious content that they download. You can lock a machine down to the point where users can't install executable content (on Windows, OSX and *nix), but then the machine isn't a PC anymore, it's a computing resource 100% managed by an IT department.

    If users can download and run executable content, then malicious software will continue to exist.

    I'm not saying that virus scanners aren't another hurdle. But they are a necessary hurdle. So is running with restricted rights, and proper admin/user privilege separation, and sandboxing, and...
  • " but then the machine isn't a PC anymore, it's a computing resource 100% managed by an IT department."

    On this definition most people who have PCs don't need PCs. Many of us would happily accept the occasional visit from (or to) the computer therapist if that meant we were proof against viruses or anything else that makes the system bagadap.
  • Larry, anti-V and anti-S cannot protect against or repair all of the ills caused by any executable you put on your machine. You are avoiding the real issue which is that the OS network services and common applications like Outlook are the entry points for malicious things that get in despite normal responsible use. No one expects someone to repair or protect against the most overt dancing bunny example, they simply want a system that does not usher the bad guys in through the back door.
  • I still think you are misusing the term "virus". Viruses are self-propogating, and in general don't involve users intentionally downloading and executing code.

    The users I have to support who run windows (mainly my family members) in general _don't_ download random EXE files off the internet, nor save them from e-mail. Yet they do need to run anti-viruses and anti-spyware programs. Why? Mainly due to Internet Exploer bugs.

    I think it is perfectly reasonable to make it _extremely_ difficult to install executable programs as a user. Yes, people will complain, but then let them enable it and face the risk. Just because a minority likes to complain is not a good reason to put _all_ users at risk out of the box.

    Relying on anti-virus software to protect you from malicious binaries is just a losing proposition.
  • "I saw a post the other day (I'm not sure where, otherwise I'd cite it) that proclaimed that a properly designed system didn't need any anti-virus or anti-spyware software."

    This is correct. Windows is not correctly designed. Neither is Unix, nor Apples.

    A correct design exists and is practical, but it's fundamentally different from everything we know in practice, and people aren't very good at thinking that far outside of the box.
  • Unrelated to the previous posts, but why do you list "no properly designed computer should require a fan" as an unintelligent comment?

    I consider one of the biggest failings of modern desktops is the fact that they waste so much energy that they require fans.

    Hopefully we will soon move back to a world w/o fans. In fact I think computers should have _no_ moving parts. Much higher reliability. Thankfully the vast majority of computers int the world today don't have fans, only desktops and servers do, so there is hope.
  • One of the problems with more intelligent users is that they merely fall prey to cleverer bunnies.

    Recently, I happened to get a PayPal scam email while I was bored, and opened it (in my text-mode email program), and couldn't see an obvious scam about it -- it was a "You just paid $650 for this vulgar thing, here's your receipt", with no obvious "click here if this is a mistake" link. This raised my curiousity, and so I saved the source of the email to a file, and pawed through it, and discovered that all the usual "About paypal" and such links in it were fake. Hmm. Wonder what they've got at the back end of those, then? So I went to the root of the site, first, and discovered an apparently legitimate orthopedic shoe company. The actual link involved very odd subdirectories, though -- I'm guessing the shoe company's server had been hacked -- so then I tried the actual link, to see what it was, and how plausible a fake it was. It came up blank.

    And my anti-virus program popped up to say, "This file that just got dumped in your browser's file cache? It's got this exploit in it...."

    Oops.

    Luckily it was an exploit for a different browser than the one I use, but still. A dancing bunny, disguised in plain obvious sight. And I fell for it.

    (And, Larry, I have to say that I like the term "dancing bunny" a lot better, so I'm glad you kept it.)
  • Vince, I was hoping someone would notice that one :)

    It comes from an industry luminary who designed a computer with this design philosophy. Unfortunately, the tolerances for this computer were such that putting a piece of paper on top of the computer would cause it to melt down.

    Low power consumption and low heat are wonderful goals. But to say that a computer is flawed because it has a fan...
  • Larry, your post is crazy. Why should code being executed by the web browser (or a process spawned by the web browser) such as in your example be allowed to write to the registry or to the hard drive?
    If the user wants something to affect the state of their computer then it's perfectly fine to get the user to do one step of extra work (i.e. browse to the folder where the executable was downloaded to and run it) as it is not something very often.
    The user has every right to expect the code to show the dancing bunnies, but not to overwrite random files on their hard drive.
  • LarryOsterman said: Low power consumption and low heat are wonderful goals. But to say that a computer is flawed because it has a fan...

    Very strange example. I agree that a proeprly designed machine should not burn up if thermal constraints are over-loaded, but how does this in anyway say that machines must have fans? I agree with the luminary. Any machine with a continuously operating fan is poorly designed.

    My primary machine is a G3 600MHz iBook running Linux. Except in _extreme_ cases (ambient room temperature above 90 degrees and running cpu-intesive task) the fan in it does not come on. The machine is completely silent except for the hard-drive noise. It is great. Contrast that to most of the windows machines I've had the misfortune of using; often even when idle the fans on them are so loud you have to crank up the soundcard volume if you want to listen to music. Poor design.
  • But your ibook has a fan. In the eyes of that luminary, it's a flawed design. It should be able to handle all normal use without it.

    Rob: Who said anyting about the web browser? The user received an email that said: Save this java file on your hard disk and run it. When the security popup comes up, be sure to click "yes" or you won't see the bunny. On some machines, you'll need to disable the firewall, to do that, you do this.

    And they quite happily do that, and install the root kit.
  • Dear Reader of this Blog:

    To see dancing bunnies, go to Home Depot and buy a sledgehammer. First smash your computer case with the hammer a few times, then smash yourself on the head with it. If you do it properly, you'll see dancing bunnies!
  • Now you are just being rediculous. If apple wanted, they could have created my iBook without a fan, and had it do CPU throttling or some other heat mitigation measure. It was probably a bit more cost effective to have an emergency fan. You are quoting this visionary out of context. Was s/he against the noise of the fan? Against moving parts? Did it look ugly in a clear case?

    I also too think it is a bit of a failure that my iBook has to have a fan, but am willing to live with the fact because I need it so rarely.

    Just because something is not easy with current technology does not make it laughably rediculous to call for its elimination.

    If I really must have fan-free computing I'll fire up my Apple IIe or my old Cyrix 486 box which both survive just fine with passive cooling.
  • Roger, read this script. Look what it says. It says, "Rabbit gets klunked, rabbit sees *stars*." Not birds, STARS.


    It's not dancing bunnies, it's dancing STARS.

    It's my understanding that the visionary in question believed that passive cooling should be sufficient for all computers.
  • Here's a free version of a software product for end users using Windows Desktops that uses virtualization to solve end user problem of dancing bunnies

    http://www.greenborder.com/downloads/tdThankyou.html
Page 2 of 4 (57 items) 1234