"The More free memory you have on your system, the more your system will be vulnerable to security risks"
Balbir Singh
Stated Mathematically
Security risk is directly proportional to the free memory on your system.
Do you think it makes sense?
I will explain my theory in detail in another posting, sometime later.
7 comments:
I beg to disagree - I think the more apps you have on your system, the greater is your risk. And with more apps, comes less free memory...
Neither! I think the more bandwidth on your network, the more vulnerable your system. The network is the computer remember?
Good points both of you. But if you see what's hacked, its usually a resource and without free memory the hack is likely to fail. For the networking part, I think you need to have a vulnerable application to attack.
I think I will try and collect some more data and try to come up with a plot if possible of resources/hacking vulnerability
Agree with Balbir on this,if a machine is hacked, the hacker needs some malicious code to run , now the amount of damage which the code can do is more or less determined by the memory free ???
hmmm... well certainly the malicious code needs to run and needs memory as a result, but I still dont see how more means more damage?
In the networking case if you consider the DOS attack (denial of service), it actually works because of limited buffer! If you allocate more buffer, you probably will delay the death of the service.
So going by that analogy, if you have more memory perhaps you can recover your system faster once the malicious code is detected. (Your anti-malicious code requires to run on memory too!)
Good point Karthik. But will any good malicious program leave enough memory space/CPU for an antivirus to run?
It might do so to go un-noticed. Consider a system with very little free memory, it makes the system harder to exploit if the address space is well protected.
I agree about the anti-virus thing, we need memory to recover from it. May be the system should pre-allocate memory for critical tasks like system recovery (which I think smart OSes do)
The malicious code only needs to exploit the vulnerability (it doesnt have to eat up all free memory unless thats what it wants to do right?).
Besides, the malicious code can always succeed as long as the anti-virus is unaware of it (it doesnt have to cripple it). Most malicious programs only thrive until detected.
I didnt understand the proof.
Post a Comment