Sunday, June 08, 2003

What's on YOUR computer?

You and I are both computer pros, right?  We have a pretty good idea of what's running on our machines...both in terms of services, and resident programs, and so forth.  The thing is, 90% of the people out there don't.  Maybe we should try and do something about that.

Figuring out what's running on your own machine is a complicated task, especially under Windows.  The various Unixen make the ubiquitous ps displays available, where you can find out a good deal of information.  To have any hope of identifying what's going on there, though, you have to be an expert.  There just isn't any way around that.

Things are worse under Windows.  Processes can hide themselves from the task manager, so they're not visible there.  Many kinds of services can be started and running in your system.  They won't show up in the task manager as anything other than svchost.exe, which doesn't do anybody much good.  You have to play "point and click" in the services manager to try and figure out what they are.

There's no way to monitor what internet resources are being used by which programs on a Windows box, unless you install something like the "ActivePorts" tool.  And even if you install that, you really can't tell what a lot of process are actually doing with your internet connection.  And, of course, you'll have N processes whose only identification is svchost.exe. 

I don't like this whole thing.  Reputable software vendors like Real are increasingly putting crap onto people's systems as a part of their normal installations -- crap like New.NET, or whatever.  It appears that whatever ethical boundaries used to be in place against screwing with a user's machine simply aren't there any more.  Software installer can and will alter basic system functionality without giving you anything more than a footnote in a click-wrap agreement.

I find that unacceptable.

Since we're not going to be able to persuade the world to act in an ethical manner any time soon, we need OS-level defenses against this kind of thing.

I've advocated the "ring" approach before...there needs to be a kind of "virgin" system that sits underneath every OS installation, something that cannot be touched.  We can then maintain layers on top of that, creating and snapping off new branches of software, new "rings", new areas of work.  We can then see, in detail, every piece of software that's running in a given branch.

There shouldn't be any more "RunOnce"-style registry entries in Windows.  All those holes should be utterly plugged.  The only way that the system should permit some program to be run at startup is if it passes a set of checks for identity and signing (if they want it to be automated), or if the user agrees and permits the program to run.  If the user makes that choice, it should be reconfirmed at a later time.

All these mechanisms must be protected at the OS-level from having their "clients" (those rogue programs) corrupt what they do.

What it all points to is this -- you cannot trust your own computer any more.

Do you know that there is nothing running on your machine that engages in behavior you do not approve of?

I believe that it is no longer absolute (and hasn't been for some time) to say that a user controls the data on our own computers.  I think we need to take some of that back, if for no other reason than we need a little self-defense.


1:38:42 PM    


© Copyright 2003 Ross Judson .
Last update: 7/3/2003; 3:02:03 PM .

Click here to visit the Radio UserLand website. Valid CSS! Subscribe to "Java Etc." in Radio UserLand. Click to see the XML version of this web page. Click here to send an email to the editor of this weblog.