PDA

View Full Version : New Virus!


funkywhat2
Jan 2, 2003, 09:27 AM
http://news.com.com/2100-1001-978891.html?tag=fd_top

A new virus has struck Windows!

Question: Can Windows viruses strike in VirtualPC?

Wes
Jan 2, 2003, 09:38 AM
Yes they could, but the worst it could do is corrupt your windows disc image.

edesignuk
Jan 2, 2003, 10:48 AM
Yet another good reason for using a Mac ;) ...no one bothers to write viruses for them because of the 'small' amount of machines that would be hit :D

rainman::|:|
Jan 2, 2003, 01:15 PM
My understanding is that no one writes viruses because it's hard to write one for Macs that does any damage... everything is much more secure so there aren't security breaches everywhere to exploit...

:)
pnw

MrMacMan
Jan 2, 2003, 02:36 PM
Originally posted by crazy_will
http://news.com.com/2100-1001-978891.html?tag=fd_top

A new virus has struck Windows!


Well if we reported on all the new ones I bet we could find a new 'win' virus every week, really.

dricci
Jan 2, 2003, 03:45 PM
I'm waiting for somebody to write one for Mac OS X that attacks the new System-Wide Address Book.. it couldn't be *too hard*. Of course I don't *want* it to happen, but it eventually will.

OutThere
Jan 2, 2003, 06:22 PM
maybe it'll bring more switchers;) ;)

Dr. Distortion
Jan 2, 2003, 06:24 PM
Originally posted by W-_-W
Yes they could, but the worst it could do is corrupt your windows disc image.

Beware though, any mac folders/volumes you decide to share in vpc will possibly get infected by pc viruses...

Nipsy
Jan 2, 2003, 06:32 PM
Virii are primarily written by script kiddies.

Script kiddies exploit the GAPING holes in Windows, and thankfully OS X lacks these gaping holes.

There are security problems with OS X (and with every OS), however they are usually beyond the scope of script kiddie talent.

Also, script kiddies will continue to target Windows exclusively until OS X virii make onto CNN. Marketshare means this is unlikely at the moment.

In the future, we may see more Trojans, and more elegant penetrations of OS X, likely perpetrated by disgruntled programmers, however, Virus propagation on UNIX is orders of magnitude more difficut than on Windows, so we'll be likely to see stealthy machine control hacks, or DOS attacks.

I could be wrong...there might be some really smart script kiddies using/hacking *NIX, but I really think teenage gamers are the predominant demographic writing virii, and they primarily use Windows.

Nipsy
Jan 2, 2003, 06:40 PM
Here's a report from someone who thinks that the authors may be getting smarter:
http://theregister.co.uk/content/6/28713.html

ddtlm
Jan 2, 2003, 08:54 PM
Nipsy:

however, Virus propagation on UNIX is orders of magnitude more difficut than on Windows
Oh come on, this is bullcrap and you should know it. Windows does not spread the viruses, the programs do. All OSX needs to participate in all the virus goodness is a program or two with security holes and the ability to execute the same scripts as are run on Windows (such as Visual Basic).

paulwhannel:

My understanding is that no one writes viruses because it's hard to write one for Macs that does any damage... everything is much more secure so there aren't security breaches everywhere to exploit...
Nope.

Nipsy
Jan 2, 2003, 09:25 PM
Originally posted by ddtlm
[b]Nipsy:


Oh come on, this is bullcrap and you should know it. Windows does not spread the viruses, the programs do. All OSX needs to participate in all the virus goodness is a program or two with security holes and the ability to execute the same scripts as are run on Windows (such as Visual Basic).

paulwhannel:


Here's the thing. Windows will accept system level commands from anywhere, and suffers many system level vulnerabilities. Additionally, I am including IE, Outlook Express, and the scripting engine as parts of "Windows", as they cannot be removed, only hidden. Unices use a different model, whereby a hole would have to be found in order to gain access, and then authenticate, and then launch malicious code (for instance via the Apache overflow from several weeks ago). This is not as easy as sending a malicious vbscript to an email client with lax execution policies.

Even with OSA script, and your guard down, it is giong to be much harder to:
Penetrate a UNIX machine
Authenticate within the user space
Exploit malicious code
Propagate malicious code

Here are some things about Windows that make it the culprit:
Open ports a'plenty
Lax execution rules
Weak default settings
Scriptable mail, VB Script, etc.
IIS/ASP memory leak/overflow scenarios

It is relatively easy to make Windows much more secure, but this is easy for me & you, not our dentists, plumbers, etc.

UNIX is harder to penetrate from the ground up. The UNIX community is proactive about security, where the Windows community is reactive. Sure, there were about the same number of exploit warnings last year for linux, Solaris, and Windows. The problem is the Windows warnings came AFTER the damage was done.

The availability of Windows exploit scripts on Google is staggering. Many are less than 100 lines of code. They arrive via e-mail, trojan, etc. and are often able to propagate with 0 user interaction.

UNIX exploit tools enter through more secure doors, FTP, UUCP, telnet, ssh, etc. because the user space is farther from the executable space.
These exploits require active execution by you or the hacker.

The bar is simply higher when compromising a *nix box. It requires more knowledge, and knowledge == skill.

ddtlm
Jan 2, 2003, 09:38 PM
Nipsy:

While you make good points, I have yet to see a widespread Windows virus that does anything that can not be done on a Mac... i.e. resend itself all over, send your files all over, and delete/corrupt everything that you have permission to modify. Far from what is normal for a serious Unix, OSX even offers optional transparent admin accounts to users, which allows many users (and viruses that run under their login) to delete and/or modify most anything on the system.

This is hardly secure, and not obviously better than what Windows 2k/XP can do.

Nipsy
Jan 2, 2003, 09:51 PM
Originally posted by ddtlm
Nipsy:

While you make good points, I have yet to see a widespread Windows virus that does anything that can not be done on a Mac... i.e. resend itself all over, send your files all over, and delete/corrupt everything that you have permission to modify. Far from what is normal for a serious Unix, OSX even offers optional transparent admin accounts to users, which allows many users (and viruses that run under their login) to delete and/or modify most anything on the system.

This is hardly secure, and not obviously better than what Windows 2k/XP can do.

Well, until we see scripted automatic execution of deliverables, without user interaction, the front door is closed & locked.

On windows the front door is closed, but not locked.

The admin (default user) in OSX is indeed a very privleged user. However, core level modifications do require authentication. Additionally, system file deletions are made more difficult within the admin user space, as are deletions of other users files.

I never meant to imply that it is impossible, just that the writers of Klez & CodeRed probably aren't skilled enough to do it. FreeBSD is a damn secure foundation!

iJon
Jan 2, 2003, 11:39 PM
Originally posted by Dr. Distortion


Beware though, any mac folders/volumes you decide to share in vpc will possibly get infected by pc viruses...
It's not like anything will happen. I download viruses all the time from friends where the virus sends it self. I download it, look at it and laugh. It doesnt do anything. I just throw it away in the ol trash can. The only association a mac gets with viruses is forwarding an email to a windows machine that it will actually affect. I still think if macs were used as much as windows we would be hit with viruses every other day. Have you guys heard about that new sercurity hole when downloding music and something to do with windows media player. boy that is great, no more downloading on my pc.

iJon

Les Kern
Jan 3, 2003, 12:19 AM
Originally posted by Dr. Distortion


Beware though, any mac folders/volumes you decide to share in vpc will possibly get infected by pc viruses...

Well, KIND of. Macro's like Mellissa or Marker "A" are still transferable, but only if you open the PC doc in the Mac environment. Macro's glom on to the Normal template and spread thusly. I really don't worry about it. A few months ago I had 16 THOUSAND infected Word docs on my servers (mostly OSX). The only reason I cleaned them up is because some docs are mailed to the poor PC folks. Other than macros, no PC virus gives a hoot about a Mac. But things change. (Helpful Hint: to lock viruses out of the Mac, LOCK the normal template and instruct users to copy/paste-to-new/rename... and NEVER agree to replace the template!)

krhodus
Jan 3, 2003, 05:55 PM
Think, everytime a program installs or even wants to mess with something in the system of os x, it sends a pop-up windows asking for authentication. That is why it is harder to write a virus for OS X.

OutThere
Jan 3, 2003, 06:36 PM
When they were popular I got the HaHaHa virus at least 10 times and the other one that said "Here are the files" or whatever at least 30 times. It was really funny, at the time I didn't know what it was and one of my friends was saying that he really didn't want to get the hahaha virus and I finally realized that it was I virus that I kept getting. If I had had a PC my computer surely would have died 40 times over :cool: :cool:

Nipsy
Jan 3, 2003, 07:56 PM
Here's one to prove my point about Windows insecurity:

There is a new Windows virus called KillBoot:

It is a Word Macro!!!!!!!!
It operates within the Office application space
It overwrites (and renders useless) the master boot record. This means that the drive needs repair from a very knowledgeable user with a ERD.

In UNIX, an application (especially an Office application) can not access NVRAM, cannot modify the kernel, etc.

To attempt this, the Office app (a process of the user) would have to authenticate as root, and screw with NVRAM or kextload (to add a kernel extension, not modify the kernel). This is not an easy task.

Of course, if malicious code secceeded, the fix would be:
Reset NVRAM, via cmd-opt-p-r x 5, or open firmware

or

Repair the OS install

Both easy...

This is soooo difficult in OS X/UNIX, when compared to Windows.

amalling
Jan 12, 2003, 08:22 PM
Originally posted by Nipsy
Here's a report from someone who thinks that the authors may be getting smarter:
http://theregister.co.uk/content/6/28713.html
Thompson notes mass-mailing Windows viruses were largely unsuccessful in hitting corporations in 2002, with the notable exception of organisations which did implement proper filters.

Soo, that means that organisations with proper filters were hit!?
:D :rolleyes: