Sharpei Virus Written In C# 243
josepha48 points to a CNET article on a new worm written in C# and partly aimed at the .Net framework, excerpting: "On Friday, antivirus companies received a copy of a worm called Sharpei, which is partially written in Microsoft's newest computer language, C#, and designed to infect computers loaded with the .Net framework."
It's NOT a .NET virus! (Score:4, Informative)
The virus is _NOT_ a
Re:It's NOT a .NET virus! (Score:1, Funny)
Re:It's NOT a .NET virus! (Score:5, Funny)
- The virus is _NOT_ a
.net program, it's NOT running on the .net platform and it's NOT messing around with files from managed code.
So, its aRe:It's NOT a .NET virus! (Score:1)
Re:It's NOT a .NET virus! (Score:5, Informative)
Here is a description by F-Secure and it claims that one part of the virus is actually using .NET:
http://www.fsecure.com/v-descs/blunt.shtml [fsecure.com]
Re:It's NOT a .NET virus! (Score:2, Insightful)
The
Unless of course Verisign handed out the keys again.
Anyway, the
Who said it was a .NET virus? (Score:4, Funny)
It's NOT a pink elephant!
Just trying to clear up a potential misunderstanding here: The Sharpei Virus is a worm spread by MAIL via Outlook. It has NOTHING to do with elephants, mammals in general, or any kind of pink lifeform. The virus may overwrite some files if the user has write access to them, but rest assured that you won't have to deal with 10,000 pounds of pink flesh suddenly appearing in your computer room.
Re:Who said it was a .NET virus? (Score:3, Funny)
Ah, so the admin found his pants, then?
--saint
Who even said it was a virus? (Score:2)
Similarly, LSD is capable of demonstrating the incredible new navigation (flight) features of Windows XP, and my assault rifle is useful to demonstrate windows new, millisecond speed shutdown procedure (along with security lock to ensure that no one who is not unauthorized won't be able to boot the machine).
Its the best, isn't it?
I should be on MS's marketing staff.
Outlook strips (Score:1)
Re:Outlook strips (Score:2)
<sarcasm>Must be the new AI feature that automagically separates spam from legitimate mail.</sarcasm>
This last is a pretty broad claim. Seriously, though, what is this and how does it work? Spammers may be the only group on the planet that I hate more than MS (in the 'technical' arena, anyhow).
Re:mass-mailer-blocker (Score:2)
MS: Favorite OS of Criminals Everywhere (Score:4, Insightful)
More successful virus writers use Microsoft compared to any other operating system. You too can be a successful virus writer. Get in on the cutting edge made by a company that knows how to mess with people.
[/sarcasm]
etc.
I just call all of these these Microsoft viruses. Makes life much easier.
social engineering (Score:5, Funny)
Re:social engineering (Score:1)
Re:social engineering (Score:5, Funny)
Re:social engineering (Score:2)
Not sure I'd call this a .NET virus (Score:5, Interesting)
If the attachment is opened, then the worm uses the Outlook address book to send messages--with a copy of the virus attached--to every address in the book. It then deletes the e-mails from the sent folder and removes the copy of itself.
.NET exe files won't run unless the framework is present. They are "dead" exes that do nothing when double clicked. So the question is... is the bulk mailer part native code or
On PCs loaded with Windows XP and other
This *additonal* behavior that affects
Re:Not sure I'd call this a .NET virus (Score:5, Insightful)
You are correct, this is the only part that is written in
The emailing routine is done by dropping a VBS file that enumerates the outlook addressbook sending an email to everyone in there.
This is said to be the second virus that infects
In my opinion, we still haven't seen the first *true*
Re:Not sure I'd call this a .NET virus (Score:2)
Microsoft has made a habit of calling everything it is releasing lately ".NET". If it infected Visual Studio, would it be a
What about Java virii? (Score:2, Interesting)
Re:What about Java virii? (Score:5, Informative)
Re:What about Java virii? (Score:2, Interesting)
What? Java provides a default SecurityManager object which allows pretty much anything. And anyway, if you can subvert the class loader (e.g. by providing your own) you can do anything you like. The only time you'll see a SecurityManager which does anything is inside a webbrowser.
Besides the system policy file installed by default is pretty lax. I quote from the Java SDK docs:
The java.policy file installed with the SDK grants all permissions to standard extensions, allows anyone to listen on un-privileged ports, and...
Jon.
Re:What about Java virii? (Score:1)
However your point still stands; if you run a
Re:What about Java virii? (Score:2)
Huh?
Like?
And anyway, if you can subvert the class loader (e.g. by providing your own) you can do anything you like. The only time you'll see a SecurityManager which does anything is inside a webbrowser.
Can you show me how to subvert the class loader with Java itself?
(I'm not bashing you opinion, I'm really asking the questions. Showing me the links is also welcome
Re:What about Java virii? (Score:2)
Microsoft has made the default system policy for
For instance if you try to run any content off a network drive, it has no access to drives. I just tried it, and I can't even get a local directory listing. You just get a popup box warning that it can't do this.
Re:What about Java virii? (Score:2)
That is a re-assuring.
Re:What about Java virii? (Score:5, Informative)
Why this doesn't happen in Java (Score:2)
1. It has no natural vector. Outlook serves well as a vehicle for socially engineered worms/viruses because it automates the execution of mobile code that arrives in attachments. The recipient only has to click on an attachment, and there is no way to know what it does unless you already know what it is. People using non-MS mail clients have to save an
2. The JRE doesn't have Microsoft's assistance in getting onto every shmoe's machine out there. While XP doesn't currently have
3. The security concerns surrounding Java and C# are quite similar. Either runtime can have a patch applied by wily native code. However, the average target machine will not have a JRE simply because it's a non-MS technology- it's not "part of the OS". (You won't find the old MS JVM on an XP machine.) If it does have a JRE, it will be deployed in the arbitrary directory that the user installed it into, which is unknown to the worm code unless it scans the disk. IIRC Microsoft puts the
4. The people who write worms won't pay any attention to Java as long as C# is around.
Of course, if the executable is running with no security manager in place, you can do whatever you want even if the runtime isn't patched. I can write a Java class that does a Runtime.exec() of anything I want, and send it to you. If you execute it as an application, it has no problems. I don't know personally what security constraints are placed on C# arriving in an Outlook attachment, but I can imagine they would be roughly similar to the constraints browsers place on applets. The fact that security constraints can't easily be placed on incoming native code, and the fact that the
Re:What about Java virii? (Score:2)
Been there, done that, moved on...
There is *nothing* in Java that prevents you from writing viruses if you're running a Java application.
yet another unhackable system (Score:1, Flamebait)
Re:yet another unhackable system (Score:3, Insightful)
You have quotes and references to the same security analysts making both of these claims?
Sharpei? (Score:1, Offtopic)
A worm named after a breed of dogs, cute. Does it get you in the heart?
Read the technical details at Symantic (Score:5, Informative)
The fact that the worm tries to run a C# executable after it has already compromised the machine is not much of a technical feat since it could run anything including a Perl script, Java program, Lisp code, etc as long as the runtimes were available on the target machine.
Disclaimer: The opinions expressed in this post are mine and mine alone and do not reflect the opinions, wishes, strategies or intentions of my employer.
Re:Read the technical details at Symantic (Score:2)
What do you expect (Score:1, Insightful)
Re:What do you expect (Score:2, Insightful)
This worm really has nothing to do with C# (or even
Re:What do you expect (Score:2)
Just curious. I take it the GISSP is like the MCSE, it only requires memorization skills?
You might want to look into GIAC.
Re:What do you expect (Score:2)
M$ doesn't call Sharpei a worm (Score:5, Funny)
Re: M$ doesn't call Sharpei a worm (Score:1)
> They prefer the term "a few wrinkles here and there"
"A feature with a few extra body segments."
VIrus in attachment (Score:3, Insightful)
And guess what? It's implemented in C#. And when run, it will screw up other folders on the system. Imagine, if you will, a computer language, somewhere, that somehow, could not be used to write this virus. I'm drawing a blank, but I'm sure there will be lots of +5 funny responses.
Since my current sig just confuses everyone anyway, maybe I should change it to "$5 for a thousand pages of this!?" and save everyone the typing.
Re:VIrus in attachment (Score:2)
Not to be confused with QuickBasic, which can be compiled.
Re:VIrus in attachment (Score:2)
Proof of concept? (Score:5, Interesting)
The message body is actually a very misleading one though... I mean, who wouldn't wanna speed up Windows by 50% and make it more secure? We can't get that kind of update, even out of Microsoft!
Re:Proof of concept? (Score:2, Insightful)
What holes? Stupid users or allowing those stupid users to open attachments? Should Microsoft release some kind of version of Windows that doesn't allow stupid users to execute whatever they want?
I don't think so, people should just stop executing unknown e-mail attachments.
Already happened (Score:3, Funny)
Granted, the patch also does some useful things like changing the profile under which email is viewed to Restricted Sites Zone, thus disabling active scripting, etc.
And if some user still insists on running that
SSSCA Impact on Viruses (Score:4, Funny)
If it goes through, virii would definitely fall under the category of 'interactive digital devices'.
It will be illegal to write or transmit a virus unless it contains 'approved security measures'.
Any attempt to circumvent a virus' protection mechanism, or communicate to others the nature of a virus or possible defences against it, will be a criminal offence punishable by law
Re:SSSCA Impact on Viruses (Score:2)
If we could then project that theRIAA are an illegal cartel and that we are trying to act in self defence
There is one oft overlook aspect to the legal system (at least in the UK) and that is that a jury does not have to return a guilty verdict even if they have been convinced that the defendant committed the act. It is quite within the power of a jury to return not guilty if they think that the law is unjust or unjustly applied. Maybe someone should try that defence sometime and see if they can make it stick!
Re:SSSCA Impact on Viruses (Score:2)
Re:SSSCA Impact on Viruses (Score:4, Interesting)
That makes no sense whatsoever. An "interactive digital device" is a piece of hardware, as defined by the SSSCA. Unless you know something about computer viruses that I don't, they hardly qualify as such.
Even as software, they are highly unlikely to contain the likely-to-be mandated digital signature. And that's the scary part: Microsoft is promoting digital rights management as an anti-virus solution (among other things). Part of the .NET infrastructure is providing the
ability of each software component to be signed.
Thus the SSSCA dovetails quite nicely with
Microsoft's need for better security.
And it gives them the opportunity to get even
more leverage over non-Microsoft software
(not just virunses). Who do you think will
control the certification process necessary to
get a signature?
Re:SSSCA Impact on Viruses (Score:2, Funny)
1. A computer program intended to replicate itself throughout multiple computers without the user's consent.
2. A licensing condition applied to computer software which allows users to understand and modify the programming code used.
3. virii, pl. Computer programs written without the express support or approval of Microsoft Corporation or its strategic partners, which threatens national security by undermining Microsoft's ability to control the global use of software in personal computers.
(Source: Microsoft - New Employees' Orientation Handbook)
Worm with a virus payload (Score:5, Informative)
" On PCs loaded with Windows XP and other
The
Great Advertising (Score:1)
If no one attacks or cracks a software it's mostly not worth anything. To believe that it can't be successfully attacked is naive anyway.
Overall, viruses bring free publicity and prove the point that the product is a roaring success.
BTW: Who wants to be left out when all your friends have been hit by the new naughty Kournikova virus? There will be little left to discuss over a few beers.
Re:Great Advertising (Score:3, Funny)
Wow.
It's not a virus (Score:1)
Please. (Outlook team: Please don't execute everything I click on)
Also. Don't send me messages that are really just plain text in either html or word document format.
Re:It's not a virus (Score:2, Funny)
Re:It's not a virus (Score:1)
Of course in the email program I use (KMail), you have to save the executable and set the permissions to executable before any execution happens.
Re:It's not a virus (Score:2)
Security hole in PHP allows arbitrary code to exe! (Score:1, Informative)
For PHP3 flaws contain a broken boundary check and an arbitrary heap overflow. For PHP4 they consist of a broken boundary check and a heap off by one error.
For the stable release of Debian these problems are fixed in version 3.0.18-0potato1.1 of PHP3 and version 4.0.3pl1-0potato3 of PHP4.
For the unstable and testing release of Debian these problems are fixed in version 3.0.18-22 of PHP3 and version 4.1.2-1 of PHP4.
There is no PHP4 in the stable and unstable distribution for the arm architecture due to a compiler error.
We recommend that you upgrade your PHP packages immediately.
Eat that, Microsoft haters.
Re:Security hole in PHP allows arbitrary code to e (Score:1)
When was the last time microsoft announced a security problem before there was a known exploit in the wild?
D.
Re:Security hole in PHP allows arbitrary code to e (Score:1, Insightful)
Code Red
Code Blue
Nimda
ILOVEYOU
Papa
BadTrans
Anna
And this list continues.
Sharpei exploits a "hole" in Outlook that was patched over two years ago. If you don't patch, you're still vulnerable, so what do you do short of driving across the country and cramming patches down people's throats? Do you think everyone in the world has already patched their PHP problems? Can you answer that question?
Re:Security hole in PHP allows arbitrary code to e (Score:2)
.net and gnome... (Score:3, Insightful)
in some ways either "wins." if the main linux
otoh it will "lose" - anti-virus companies will be against linux for taking away their product stream. and if the same security flaws show up then it removes a major distinguishing item from a linux desktop.
Re:.net and gnome... (Score:1)
.NET is not an unfeasable technology simply because it was developed by Microsoft. From what I have seen on the DotGNU Portable.NET [southern-storm.com.au] environment on *NIX, C# bitcode is able to be executed with low overhead. You could be fooled for thinking you were executing native binaries.
Re:.net and gnome... (Score:2)
Wording (Score:4, Funny)
Something about the wording suggests to me that this worm is intended to target only very stupid people. Does anybody reading this actually have friends who write emails like that?
Re:Wording (Score:1)
4 reinstallations done so far.....
Probably not the case with most people that read slashdot but there are millions of users that are just "plain users", they don't care for programming / development / OS's etc etc ...
they just use the PC for mail, browsing, chat and NOTHING MORE(for the simple reason that is all they need really).And they feel 100% safe for having their antivirus updated.
So if a friend says: Hey, use this, it will get better, why not ?!?
And imo it's not a matter of stupidity, a person that sells cars has a better chance of making a better bargain when buying a car. (no 100% direct analogy to the subject in this example:)
Re:Wording (Score:2)
If that is so, then somebody stands to make a killing by distributing bogus "subscribe to Slashdot" emails with their paypal account reference. :(
Re:Wording (Score:3, Informative)
> friends who write emails like that?
No, but I have 15,000 users who might.
So where's the java virus? (Score:1, Troll)
And what about perl!?
Terrible .NET Virus (Score:2)
With the proper diligence, and a competent admin -- NO computer should ever be infected with the
Only a boob could ever allow such a thing to occur.
... heheh now this is a meme I like... if only i controlled the Media, I could infect billions with this simple mind-virus.
Muahahahahhahah
Re:Terrible .NET Virus (Score:2)
Yes and the same could be said about most UNIX systems. It takes a little intelligence to prevent your machine from being taken over by virus, worms, or trojans, buffer overruns or other exploits.
Something most /.ers here seem to miss is that not all computer users are as computer savy as many of the readers here. Many computer users WILL grant permission to a program to run on their machine. They will execute a file even if they do not know who it is from. While this article may not be 100% accurate, as most never are, it points out that .NET is not even out 'in mass' and people are already looking for ways to exploit it. This may actually be good for windows as it will hopefully make them find more ways to tighen the security and 'dummify the system' so that user xyz does not screw up their system just by click on a file. Like integrated virus scanner.
Personally I'd go with what I call 'registered execution'. This would require that programs that are 'registered' could execute code to do certain task. If you wrote a macro on your computer it would become registered, but if you sent that macro to someone else it would not and they would then be prompted to run that macro and if they wanted to register it. Then when virus abc is sent to user xyz and the user click on it the OS pops up a message of the program you have tried to execute is not registered, it wants to modify registry settings and blah blah. While this is not 100% foolproof, it could help in reducing virus spreadding.
Someone here compared perl to VB. I almost fell out of my chair laughing at that comparison. Perl is not embedded in email applications on UNIX or windows like VB is in Outlook. Perl is not part of an office application that is used by 90% of computer users (of course with China moving to Linux that number will change). Perl is a script and the number of virus that are spread uusing perl vs VB is tiny. perl can be used for buffer overruns and hack attacks, but then so can VB and C/C++ or even Java.
"and a competent admin"
If you have ever done system administration or IT support and had to support end users then you'd know that many of these people probably should not even be using computers at home. The point is that the .NET framework WILL be attacked by virus, worms and/or trojans and at some point they will spread.
Hmm maybe /. doesn't hate all my posts after all....
it's a Trojan horse actually ... (Score:4, Informative)
The article doesn't get any of the terminology right, so I wouldn't put too much stalk in anything they say.
It is neither a virus or a worm, though they seem to think the two terms are interchangeable
It is a trojan horse. As a point of education:
1) A Virus attaches itself to a host program, and does not necessarily require user interaction to infect additional files (e.g. it may attach to an OS device driver or other system program.) It may be attached to an application, but no coaxing is done to get the user to run it. It simply waits for the user to do so, and then goes about it's business.
2) A Worm is a stand alone program that makes it's way through a system
3) A Trojan horse is a program that is sent to an ignorant user, and requires them to run the program. It may appear to be a program of another sort - hiding it's behaviour - or it may immediately and blatantly do it's thing. Solicitation like the E-Mail body is always a component of a Trojan horse. The fact that it is an E-Mail attachment in no way makes this a virus. It spreads only with the help of user interaction and involves the direct solicitation of said action. It is fundamentally undifferentiated from an E-Mail asking someone to download an
Come on folks
Re:it's a Trojan horse actually ... (Score:2)
I dare ya to walk into the next room and ask that attractive young AA if her computer has a Trojan.
In the common vernacular, "virus" has become the superclass for all these subclasses that you describe. Maybe /. should nitpick and choose the appropriate subclass, but I take no offense if they don't. However, these people that were correcting /. and saying it was a worm apparently deserve to be corrected by you.
As far as I'm concerned, if it's on my computer, and I don't want it there, it's a "virus". Now, if I were at a technical conference discussing these things then I'd take pains to be accurate.
Re:it's a Trojan horse actually ... (Score:2)
"I dare ya to walk into the next room and ask that attractive young AA if her computer has a Trojan. "
Actually, I have social skills, so I would make sure she knew what I meant before I asked the question; there is nothing daring about it. BTW - Is an AA anything like a 'weeping young devotchka'?
"In the common vernacular, "virus" has become the superclass for all these subclasses that you describe. "
In the 'common vernacular' people run around claiming to write good (when of course when can only write well, or not so well, etc...) It was common 'knowledge' that the sun revolved around the earth in Copernicus' day
"As far as I'm concerned, if it's on my computer, and I don't want it there, it's a "virus". Now, if I were at a technical conference discussing these things then I'd take pains to be accurate. "
Perhaps you were unaware that Slashdot is a technical forum???
Re:it's a Trojan horse actually ... (Score:2)
In the 'common vernacular' people run around claiming to write good (when of course when can only write well, or not so well, etc...) It was common 'knowledge' that the sun revolved around the earth in Copernicus' day ... you could just ask anyone on the ancient Slashot site. So my question is this ... do you have any actual valid point to make?
Yes. There is a time and a place for technical jargon. You are confusing the "common vernacular" with "common mistakes". "Write good" may become acceptable over time as language evolves, whereas the position of the Sun is an objective scientific fact.
Efforts to use precise technical jargon all the time will actually result in ineffective communication. Judging when and where to use what kind of language is an important skill. It might be more convenient for you to use multiple words that convey fine shades of meaning, but you stand a good chance of losing your audience when you do that.
This reminds me of the whole "cracker" vs. "hacker" debate. You know who won that, and you should know why.
Perhaps you were unaware that Slashdot is a technical forum.
Chuckle. LOL.
Re:it's a Trojan horse actually ... (Score:2)
""Write good" may become acceptable over time as language evolves, whereas the position of the Sun is an objective scientific fact."
"Write good" is never acceptable except to those who are members of the ignorant set, in which you are clearly a proud member.
"Efforts to use precise technical jargon all the time will actually result in ineffective communication. Judging when and where to use what kind of language is an important skill."
I would only add that you really should begin acquiring such skills at some point, preferably before you reply to another of my posts.
"This reminds me of the whole "cracker" vs. "hacker" debate. You know who won that, and you should know why."
Indeed, it is a rough analogue to the 'nigger' vs. African-American debate. You can tell the ignorant one by the term he or she chooses.
Re:it's a Trojan horse actually ... (Score:2)
Your contentiousness is exceeded only by the irony of your .sig.
Re:it's a Trojan horse actually ... (Score:2)
"Your contentiousness is exceeded only by the irony of your
I see what you mean. Clearly someone with a truly open mind would believe whatever you say, no matter how completely off base you are. Those with a truly open mind would never correct anybody no matter how absurd their coments are, because having an open mind means believing everything you hear, no matter how contradictory. The irony is just overwhelming.
Either that, or you truly are a trolling ignoramus. I'm open to that possibility as well, of course.
Re:it's a Trojan horse actually ... (Score:2)
"The definition of a virus is a program/code that replicates."
You couldn't be more wrong. The term virus was biological before it was technological. Just as the biological analogue requires a host to survive, so too does the technological virus. Just because enough people misuse a term - and some of them are "in the anti-virus field" doesn't change it, any more than the fact that, while many people claim to write good, it is only possible to write well. Sorry chumly.
"A worm is a program/code that can spread by itself (yes, even if a user must click on it to begin with, it's still a worm)"
Hmmm
"A trojan horse is a program that disguises itself as something, and does something different. However, the virus/worm definiton has presidence over the trojan definiton. Therefore, if it spreads or replicates, it's NOT a trojan "
When replication requires user interaction, it isn't a worm
" Sorry for posting this anon... but I don't want my username to be known, because the things I say on slashdot are my ideas/opinions, and not those of my employer."
What the hell does that have to do with anything ??? Your Slashdot login name obfiscates (or should) any corporate affiliation already. Clearly your excuse is exactly that!
Re:it's a Trojan horse actually ... (Score:2)
" Actually a worm can also be a set of programs (or program segments, and one could argue in this way the segments are attached or communicate to each other. "
True enough. I probably should have said 'stand alone application' but it sounds a bit funny. Many people refer to Word or Excel as a program rather than an application, and that is the (albeit incorrect) manner in which I used the term.
.NET Security (Score:4, Informative)
You will notice that the host EXE being sent over email is native x86 code, NOT MSIL. Therefore, it has no security permissions of note.
If you were to attempt to write a pure-C# virus and mass-email it, you wouldn't get very far as the user would actually have to tell the framework to grant execute permissions to the downloaded code.
I even have to grant permissions to the files I myself write with Visual Studio.NET; they won't execute by default.
Lastly, Outlook 2000 w/security patches and Outlook XP both automatically disallow the user to download or execute EXE attatchments, period. Unfortunately, this makes it a hassle having to ZIP all EXE files before sending them (and VBS files, etc.), but that's a small price to pay to protect us from idiot users. My only complaint with Outlook security is that Outlook Express does not do this by default.
I think Microsoft is doing a better job these days; they still have things to address of course. Sometimes I think people just misunderstand though... calls for the removal of VBScript are like asking *nix distributors not to ship Perl with their installs; its kind of silly.
Fortunately, with XP Home, you don't have a bunch of home users running as Admin all the time; I think that's a big key right there.
Cnet/XDnet Bias in reporting (Score:2)
But i have to take the
Now to look at at that in another way.
1. Systems vulnerable to this are 2 years behind the curve - if you still allow
2. Not keeping virus scanners up to date is asking for it
3. These guys simply did the invitable and made a virus in the new language - its been done with every language and OS platform since computers began and will no doubt continue.
I dont want to attack anyone but i would suggest that we might all be benefited by spending 5 minutes researching before we comment (and to the anti MS crowd - if you cant be bothere finding out the truth dont comment - to be honest the attacks on every mention of microsoft is getting tedious and pointless and i suspect is driving people away from open source - enough is enough - you dont like MS - they are evil - we know so dont keep telling us)
It depresses me that the level of technical discussion of anything non linux on here is lower than a snakes arse - i wish we could see the same passion that is applied to Kernal Updates applied to other areas.
Editors - check your sources please !!
Re:You knew it was going to happen (Score:2, Funny)
call it .Net (Score:2)
Re:Another Outlook worm (Score:5, Insightful)
Oh, and before you say that they *should* do this, firstly think about people who may have a legitimate reason to want to download a virus[1] and secondly, think of the accusations of monopolistic practices - I can't see Norton, McAffee et al taking that without a fight.
Back to the subject, what else can Microsoft do about blatant user stupidity in the face of so much publicity about email viruses over the past year?
[1] I wrote a website that allowed users to upload documents available for public download. Being a community spirited sort of chap I included a server side virus scan, and needed a copy of a virus in order to test it was working. I was sent a copy of I Love You in the end by a friend. See, I really did mean there are legitimate reasons.
Re:Another Outlook worm (Score:3, Insightful)
1. sandbox any executable
2. introduce an executable bit into the file system so that downloades CANT auto execute
that's 2 things off the top of my head.
Re:Another Outlook worm (Score:1)
If a user receives an executable and it won't run either because it is in a sandbox, or it is flagged as non-executable (when you open an attachment in Outlook it gives a warning and the option to save it or run it, default being run. Wouldn't this be the same as just greying out the Run option in effect, if not implementation?) then the user will simply save it, then execute it with full permissions. Remember, these are the users who are still sending requests for my linux box's cmd.exe webpage, who open files asking for their advice, and who try several times to look at Anna Kournikova's breasts before giving up.
You can either make it impossible for a user to run an attachment (and lose functionality) or let them burn themselves, and unfortunately others. I used to think the third option was to educate the users, but I've given up on that one.
Re:Another Outlook worm (Score:2)
I feel slightly sorry for Microsoft. I used their products in a LAN environment and these features did actually come in handy. They've been exposed by a transition from (relatively) trusted clients to untrusted clients which is a massive paradigm shift. Unix, oth, has had untrusted clients in mind since not long after it's inception (that security was not in mind at the start still reveals itself and plenty of situations).
Of course MS are hobbled by being a desktop OS provider. Thin clients booting across a network where real file permissions and a sensible built in backup procedure protect the time sharing device from malicious clients [bell-labs.com] make the most security sense I think.
Re:Another Outlook worm (Score:2, Informative)
Re:Another Outlook worm (Score:2)
Re:Another Outlook worm (Score:2)
EICAR Virus Test file (Score:2, Informative)
It wasn't necessary though; every virus scanner should react to the EICAR anti-virus test file (she here [eicar.org]). So if any of you ever need to test a virus scanner and have some management guy brething in your neck and raving about how using a real virus can compromise security use the EICAR file. Just mail him the virus personally by another mail gateway after that just to prove your point
fsm
Re:EICAR Virus Test file (Score:2, Funny)
Re:Another Outlook worm (Score:1)
As for contributing to the distribution, it goes something like this:
Points to note include the fact the virus was not sent in executable form, and could not have been executed unless the key was compromised. Also, that the virus never left a linux server. It was chmod 000 and only myself or root could change that. It only existed on my system for as long as it took to perform the test. Also, the very first action taken by the web page if a virus was found was to unlink the file in the tmp directory. Not set a flag, display an error, but delete the file from the server, and then carry on.
Actually, I think I should labour a point here: It never existed on a platform that could execute it
The only safer way would have been to use the test file which the helpful other poster provided a link to.
PS. As for being in the user base, I'd rather not, I like being paid large sums of money for being a developer thank you.
PPS. It wasn't a community website, the community can rarely afford this sort of site.
PPPS. IHBT?
Re:Go to sleep Timothy (Score:3, Funny)
My god you're right! Timothy has has less than 3.5 hrs between posts for the past 24 hrs! A quick breakdown of Timothy's postings:
March 03 3:15 AM [slashdot.org]
March 03 6:47 AM [slashdot.org]
March 03 8:29 AM [slashdot.org]
March 03 11:59 AM [slashdot.org]
March 03 12:22 PM [slashdot.org]
March 03 12:57 PM [slashdot.org]
March 03 2:16 PM [slashdot.org]
March 03 3:56 PM [slashdot.org]
March 03 5:19 PM [slashdot.org]
March 03 5:35 PM [slashdot.org]
March 03 5:46 PM [slashdot.org]
March 03 7:47 PM [slashdot.org]
March 03 10:35 PM [slashdot.org]
March 03 11:11 PM [slashdot.org]
March 04 3:17 AM [slashdot.org]
I say go for another 24 and then see what happens, turn it into a sort of geeky endurance test or something.
That won't work either (Score:3, Insightful)
Of course the upside of that, is that it only takes very little effort to prove, that Windows is a virus [google.com], and that every OS writer at Microsoft should be put against the wall and shot.
What kind of analogy is that? (Score:2)
That makes no sense. Car theft and security have no direct logical relationships with computer operating systems. Your analogy is twisted out of shape. You should have said
"unix is to microsoft as lojack is to idling a car in south central LA."
Re:C#? (Score:2)
C-sharp. Or the enharmonic equivalent, D-flat.