On Sun, 5 Jan 2003, Abhir Joshi wrote:
Why allow any program to access almost any part of the file system and then use antivirus software to guard against it? Let every access to a file be authenticated by the kernel according to the privileges of the program, thus making it very difficult to write a virus (except for the security holes that might be present in the kernel). But having some security holes (getting constantly fixed) is definitely better than having no security at all at the file system level.
AFAIK 386 gives you the reqd previlege levels
Kernel is the highest and User/App the lowest Now how is kernel to decide (if it had powers/facility) whether program is virus or not?
e.g. a simple shell script like
rm -rf * or cat < /dev/null > *.txt
maybe useful for someone or virus for others
not, but how often does it occur. It is observed that systems running GNU/Linux crash much less often than those running Windows OSs.
Agreed