novicew said:After all no operating system is safer today. This applies to OSX as well.
Just heard about “Leap -A” virus targeted at OSX 10.4.X. According to many anti-virus software firms the threat which course by this virus is not regarded major as it requires user intervention in several stages before it attacks the system.
But this could be the beginning of a new era for virus developers. I guess their understanding of intel processors are much more than PPC processors. Therefore writing a virus targeting future generation of intel based macs can be way more higher.
stridey said:First off, Leap-A is a trojan. Not a virus. Second off, it doesn't target Intel, so Intel PPC has nothing to do with this. At all.
PlaceofDis said:the architecture (ie Intel or PPC) doesn't make a difference when making a virus. i virus is software-based code. its knowing Windows vs. OS X vulnerabilities that is the difference, and how to exploit them. the switch to Intel makes no difference.
O my. I don't know what to say. I am sorry to tell you but THERE IS VIRTUAL PC FOR PPC ONLY, it does not exist yet for intel. Second any virus designed for XP in a x86 will also run in virtual PC for PPC. Same code different architecture. Explain this one please?novicew said:I think it does. Imagine if you install a Virtual PC running windows on an intel based Mac. If the Windows system become infected by a virus, it's propergation can be easily executed if you have only one platform. As the hackers have more access to intel based processor information their workload will be less.
Right. To illustrate, I was playing around with this and can get a perfectly good OS X virus going using Python or Perl. App bundles make this really easy. The only place where a small universal binary might be helpful is in the form of a tiny setuid helper app, to eliminate the dependency on the default admin user situation. It would be trivial to integrate this into a widely distributed warez installer or drag-to-install program (say, a prerelease version of some Google product) and spread the love.PlaceofDis said:the architecture (ie Intel or PPC) doesn't make a difference when making a virus. i virus is software-based code. its knowing Windows vs. OS X vulnerabilities that is the difference, and how to exploit them. the switch to Intel makes no difference.
novicew said:I know that certain ppl call it a trojan because it doesn't selfpropergate . But my sources of information are macworld and BBC. If you carefully read the comment by Sopho, ("Anti-virus software maker Sophos takes issue with this description, claiming this is the first ever virus for Mac OS X.") you will know what I mean.
MacSA said:I can't believe how excited Sophos are geting over this.......
Of course they're exited. They might sell lots of additional antivirus software licenses if they hype this enough. 🙄 😉MacSA said:I can't believe how excited Sophos are geting over this.......
gekko513 said:Well actually it does make a difference if it's PowerPC or Intel if we're talking about viruses that overrun the buffer, corrupt the heap or exploit similar low-level vulnerabilities in buggy software.
The differences aren't huge, but they could make a difference. The PowerPCs separate data and instruction cache is an additional obstactle that the attacker has to get past in a buffer overrun situation.
Then it's sometimes important for the attacker to be able to write meaningful machine instruction without using forbidden string character. The forbidden characters will depend on the protocol. Since the machine instructions are different between PowerPC and Intel, this may be easier or more difficult. I'm not sure which.
The PowerPC has no one byte machine codes, and the machine codes need to be aligned. That can make it difficult to reliably execute malicious virus code.
I would also guess that the difference in function calls and other details between the two architectures can make it more difficult or easier to for example jump to the malicious code that the attacker wants to execute.
For trojans and worms that don't exploit any low-level vulnerabilities, the architechture doesn't make a difference. That's true.
The NX bit adds an additional layer of protection, but there are several pieces in the system that has to work together to make it work. For one thing the OS needs to support it. If you read more about it you may be surprised. It doesn't mean an end to buffer overruns. It's just another hurdle in the way of the attacker.Timepass said:Minus the fact that intel I believe has put in a hardware side way of protecting agaist that and preventing it from happening. I know for a fact the AMD chips that run on socket 754 and above have that procetion built in hardware side and that was over 2 years ago and I rememeber intel stating they where planning on putting that in there chips as well. I think in 2 years they would of finished that. The chips them selves do not allow that to happen so buffer over run is no longer a problem. So that stupid little fear can go way. The chip set up does not make a diffence to a virus, trojin or any thing else.
DaftUnion said:What is a virus?
A computer virus is a small program written to alter the way a computer operates, without the permission or knowledge of the user.