Computer System Crashes Are Intolerable

Real computer Operating Systems (OS) do not crash because of application programmer mistakes. Real OS's use a small piece of hardware that is part of every modern computer called a Memory Management Unit (MMU), which (when properly programmed by the OS) protects the OS from the applications, and the applications programs from each other.

How?

When a real OS starts up an application program, the OS also programs the MMU to enforce a memory partition for the application program. If the application program later attempts to access or change any piece of RAM that is not assigned to it (i.e. anything outside its assigned memory space), the MMU stops the attempt, and triggers an interrupt to the OS. The OS can then kill off the offending application program, without crashing the entire system.

This simple mechanism is what is behind "protected mode" OS's, like UNIX, Windows NT, OpenVMS, Linux, etc.

Why?

The reason that this mechanism is necessary is that applications programmers make mistakes from time to time, and thus do their programs fail. However, it should never be possible for an application program to crash a computer system; that it is possible to do so is a failure either of OS design, or a bug in the OS (even systems programmers make mistakes).

Viruses

Then, of course, we come to programs which intentionally fiddle with other parts of a computer system; the malicious ones of these are called viruses or trojan horses (depending upon mechanism). Having the memory protection which can be provided by an MMU doesn't entirely mitigate the threat such programs pose, but such protection goes a long way toward making it very hard to write an undetectable virus.

When was the last time you heard of a virus that attacked UNIX systems? Viruses for Windows, Windows95, and MacOS are common; so common, in fact, that there is a burgeoning "anti-virus" software industry selling "solutions" for this problem. Take note, however, that none of the vendors of anti-virus software are talking about how the OS one runs has complicity in permitting a virus to run rampant through a computer, wreaking havoc.

Culpable Vendors

If the systems companies (e.g. Microsoft, Apple) were to rewrite their OS's to use protected mode (i.e. modify their systems software to turn on the MMU and set up protected regions for all applications and the OS), a large part of this threat would vanish (alas, along with the fear-generated revenue for the anti-virus software vendors...).

In short, this is also a computer security issue. How can you trust your computer if the OS you run allows any random program to modify any part of the system it wants to?

Long Overdue

There have been MMU's in CPU chips (built-in; not a separate chip as they were in the earlier days) in the Intel CPU chip family since the advent of the 80386 (i386), in the Motorola 68000 family since the 68030, and in all RISC chips (e.g. IBM/Apple/Motorola PowerPC, MIPS, Sun SPARC, Hewlett-Packard PA-RISC, DEC Alpha, Motorola 88000).

We're talking about the mid-1980's here. Over a decade ago.

This means that the non-protected mode OS's (e.g. Microsoft DOS, Microsoft Windows95, Apple MacOS) have had to write code into their OS software to specifically turn off the MMU in the systems those OS's run on.

This is inexcusable. It's scandalous. It's time to let the OS vendors who peddle insecure, unprotected systems that their bloatware is not longer acceptable.

The World Wide Web

To make matters worse, Internet users are unknowingly downloading potentially dangerous programs every time they visit a wide assortment of web sites. These programs are written in the JavaScript programming language and are embedded in otherwise normal HTML web documents. These programs are immediately run in the user's Netscape or Microsoft web browsers without the user's prior permission.

In a typical PC, this is not a safe thing to do, no matter what protestations Netscape may make about how carefully they have secured their JavaScript language interpreter; if they've made only one exploitable mistake, your computer can be at the mercy of someone else.

JavaScript must be eradicated from the web.



Erik Fair <fair@clock.org>
May 17, 1996
updated December 4, 1998