FUNGEN4.CVP   910819
 
                     Hiding in System Layers
 
One additional use that viral programs can make of operating
systems is as a source of hiding places.
 
Anyone who has ever tried to manage accounts on mainframes or
local area networks will recognize that there is a constant
battle between the aspects of security and "user friendliness" in
computer use.  This tension arises from the definition of the two
functions: if a computer is easy to use, it is easy to misuse. 
If a password is hard to guess, it is hard to remember.  If
access to information is simple for the owner, it is simple for
the "cracker".
 
(This axiom often gives rise to two false "corollaries".  First,
the reverse; that those systems which are difficult to use must
therefore be more secure; does not hold.  Secondly, many assume
that restricting the availability of information about a system
will make that system secure.  While this strategy will work in
the short term, its effectiveness as protection is limited. 
Indeed, it often has the unfortunate side effect of restricting
information to those who should have it, such as systems
managers, while slowing the "attackers" only marginally.)
 
"User friendly" programs and operating systems tend to hide
information from the user.  There are two reasons for this.  In
order to reduce "clutter", and the amount of information that a
user needs to operate a given system, it is necessary to remove
options, and therefore, to a certain extent, functionality.  A
user friendly system is also more complex in terms of it's own
programming.  In order for the computer to behave "intuitively",
it must be able to provide for the many "counter-intuitive" ways
that people work.  Therefore the most basic levels of a graphical
user interface system tend to be more complex than the
corresponding levels of a command line interface system, and are
hidden from the user by additional intervening layers (which also
tend to add more  complexity.)
 
The additional layers in an operating system, and the fact that
a great deal of management takes place automatically, without the
user's awareness, is an ideal situation for a viral program. 
Since many legitimate and necessary operations and changes are
performed without the user being aware of it, viral operations
can also proceed at a level completely hidden from the user. 
Also, because the user is basically unaware of the structure and
operations of the computer, changes to that structure and
operation are difficult to detect.
 
copyright Robert M. Slade, 1991   FUNGEN4.CVP   910819
 
==============
Vancouver      ROBERTS@decus.ca         | "If you do buy a
Institute for  Robert_Slade@sfu.ca      |  computer, don't
Research into  rslade@cue.bc.ca         |  turn it on."
User           p1@CyberStore.ca         | Richards' 2nd Law
Security       Canada V7K 2G6           | of Data Security