1
00:00:02,910 --> 00:00:09,520
Well number two if a bad guy can alter the operating system on your computer it's not your computer

2
00:00:09,520 --> 00:00:10,320
anymore.

3
00:00:13,390 --> 00:00:18,110
You should be aware that the operating system basically controls the computer.

4
00:00:18,120 --> 00:00:23,830
This means that many system processes are not in any way controlled or supervised.

5
00:00:23,860 --> 00:00:29,710
For instance this is how kernel drivers work kernel processes cannot be supervised by the operating

6
00:00:29,710 --> 00:00:31,170
system itself.

7
00:00:31,570 --> 00:00:37,330
To achieve that such supervision must take place in the kernel mode and this would allow a hostile process

8
00:00:37,330 --> 00:00:40,210
to gain control over the kernel.

9
00:00:40,360 --> 00:00:48,550
It's a universal principle which is true for all operating system.

10
00:00:48,560 --> 00:00:53,660
You should also remember that operating systems are characterized by high complexity and a large hard

11
00:00:53,660 --> 00:00:54,860
drive footprint.

12
00:00:56,610 --> 00:01:04,620
Newer versions of Windows take up about 10 gigabytes of space and consist of around 60000 files.

13
00:01:04,730 --> 00:01:07,050
Some of those files are very rarely used

14
00:01:12,080 --> 00:01:20,060
in the slide you can see an example of such a file Edlin DXi from Windows Vista.

15
00:01:20,240 --> 00:01:26,500
It's safe to assume that few people knew that this file existed in Windows Vista Edlin is a command

16
00:01:26,500 --> 00:01:28,550
line editor worldwide.

17
00:01:28,690 --> 00:01:31,950
It was only used five times.

18
00:01:31,970 --> 00:01:39,860
Nevertheless it's still a part of the system as you can see the permission inchers list is very restrictive.

19
00:01:40,810 --> 00:01:48,060
Only a trusted installer can modify the file other users can only execute and read it.

20
00:01:48,200 --> 00:01:52,860
The file is protected but if it was modified you wouldn't learn about it.

21
00:01:52,880 --> 00:02:00,540
The protection of all system files would be very costly if someone managed to modify the file Edlund

22
00:02:00,570 --> 00:02:05,320
DXi it would mean that the person had trusted installer permission.

23
00:02:06,020 --> 00:02:10,910
The person who managed to obtain that kind of permission could easily cover up their actions as well.

24
00:02:13,110 --> 00:02:18,210
The situation persists even though operating systems protect the integrity of their components.

25
00:02:20,190 --> 00:02:27,000
For example if you accidentally or purposefully delete some files you can benefit from automatic file

26
00:02:27,000 --> 00:02:29,250
recovery.

27
00:02:29,280 --> 00:02:34,560
Also there is a system process that prevents all users except the trusted installer from overwriting

28
00:02:34,560 --> 00:02:37,310
deleted files.

29
00:02:37,320 --> 00:02:47,090
If these mechanisms were defeated you could no longer trust any component of the system.

30
00:02:47,100 --> 00:02:51,660
The second law is still valid despite all the security solutions we've discussed before.