Friday, November 21, 2008

the secret truth about programs

do you know what a program is? are you sure? can you tell the difference between programs and data?

the average person probably thinks of programs as being things installed on their computers that they click on and that subsequently open a window on their computer... somewhat more sophisticated users might be aware of such things as *.exe and *.com files on microsoft platforms, the execute bit on linux, or whatever property tells osx that something is executable on that platform... more technical users like programmers are probably familiar with scripts and may even realize that those are also programs, despite them not resembling anything the average user would consider a program... any computer scientist worth his/her salt, however, knows that none of these are the truth...

if you think you can tell the difference between data and code then you actually don't know what a program is... the truth is that there is no intrinsic difference between data and code (thus, if you think you can tell the difference you're deluding yourself)... all data has the potential to be interpreted as code (and thus be a program), all it needs is the right interpreter to treat it as code (either by design or by accident)...

think of what that means for anything that tries to control what programs do or whether they execute... maybe you can control the actual program, but maybe the best you can hope for is controlling the program's interpreter (be it your web browser, word processor, or some arbitrary system component handling a malformed request)... controlling programs by way of controlling their interpreter is a little like controlling programs by way of controlling the user... if the user or interpreter needs a lot of privileges then the program running in his/her/it's context will have those privileges also...

the classic example of how this is a problem in malware is word macro viruses - sure you can prevent microsoft word from manipulating system files, but you can't reasonably prevent it from modifying other word documents and thereby spreading the malware - ms word is supposed to modify word documents, that's it's job...

0 comments: