Bring back write lockout

[BowCatShot]

Back in the days, the ancient days, of mainframes and computer rooms, the disk drives and the disks themselves were separate items. The disks, having limited capacity, had to be frequently removed from the drives, and replaced by other disks depending on which applications were being run.

Now the drives all had this physical switch, typically called write lockout, that, when thrown, would block and prevent any write operations to the disks. Seems to me that today having such a switch either on the disks or on the pc's would go a long way toward stopping the spread of viruses, trojans, malware, etc. Any thoughts?

[Randicus Draco Albus]

A more effective measure would be to teach people to not download from unknown sources by clicking on an .exe file. It would also be cheaper and more convenient than creating and replacing hardware. The spread of viruses and malware is due more to user habits than to hardware design.

[BowCatShot]

I don't see how that would be more effective. I'm not an expert on all of the different ways that viruses etc. are spread around but I do know that clicking exe's is not the only way. Also how would you go about "teaching" people. Would you conduct classes? Would they be free? Would they be mandatory?

[Randicus Draco Albus]

I don't see how that would be more effective. I'm not an expert on all of the different ways that viruses etc. are spread around but I do know that clicking exe's is not the only way.

But by far the most common way.

Also how would you go about "teaching" people. Would you conduct classes? Would they be free? Would they be mandatory?

Microsoft could invest a little of their enormous profits in an awareness promotion campaign, could they not?

[debil]

Microsoft could invest a little of their enormous profits in an awareness promotion campaign, could they not?

I kek'd.

[Randicus Draco Albus]

I kek'd.

Does that mean something like I laughed very hard?
(I do not know internet/text message shorthand, so that is my best guess.)

[BowCatShot]

Microsoft could invest a little of their enormous profits in an awareness promotion campaign, could they not?[/quote]

And given enough thrust pigs could fly.

[Randicus Draco Albus]

I answered your question about what could be done to teach people. I did not suggest Microsoft would ever do it. Your idea seems to be designing new hardware and replacing all existing hardware with it. How much thrust would that need? Or at best, a major modification to all OSes. Still a lot thrust.

[cynwulf]

I don't see there being much of a use case for write protection (i.e. physically/or electrically disabling the heads from writing to the disk - e.g. as with floppy disk drives) these days, as modern operating systems continually write data, when caching, using swap, writing log files or in some cases optimising the disk(s) or indexing files.

In the case of windows and malware it's very simple - those operating systems are almost never set up securely to begin with - that's why they're a ripe target and that's why there is a multi billion dollar anti virus industry which is making a living out of it's shortcomings. Even the most basic security principle of privilege separation is a lost cause on windows. Even where security features have been implemented, they're either turned off by default and hidden away or can only be configured in the un-bastardised premium releases of said OS. Security is not even a secondary concern for Microsoft, as it probably is at least with most Linux distros.

Privilege escalation is as ever one of the main issues. NX bit helped tremendously with this with later supported hardware, but of the x86 class CPUs, AMD64 was the first to support it in the hardware, hence Microsoft's much vaunted NX support (DEP) in Windows XP, was of course limited to 64 bit capable CPUs and came along in service pack 2 (2004 - around about the time other OS started implementation if I recall correctly). Users with 32 bit CPU's (the majority back then) were unprotected due to the lack of software emulation (which at least two projects for Linux and OpenBSD had already provided a year earlier). To make matters worse most windows binaries were not built with DEP support, so in fact it became useless and the web is littered with guides for how to turn it off...

This is pretty much typical of all windows security - it becomes an annoyance and the user (who is of course running as root) just turns it off - same with "security center", same with UAC - pop up windows, 'information', warnings, reminders and nagging galore...

I don't think a throw switch on the user's laptop/pc is going to change that. It would make the system unusable to the average person like to the affected by viruses - i.e. the average windows user.

In the virus infested world of windows, the best switch the user has at their disposal to secure their system is the one that turns off the power...

[BowCatShot]

I don't see there being much of a use case for write protection (i.e. physically/or electrically disabling the heads from writing to the disk - e.g. as with floppy disk drives) these days, as modern operating systems continually write data, when caching, using swap, writing log files or in some cases optimising the disk(s) or indexing files.

I dunno. Systems like knoppix which run from the cdrom seem to work pretty well.