Domain: totallygeek.com
Stories and comments across the archive that link to totallygeek.com.
Comments · 10
-
Re:Virus vendors eh?
Please, do not pirate closed source viruses. Instead, use open source viruses, which you can get for free.
-
Re:Deja vu...
I was fairly good friends w/ the author of NATAS and helped debug NATAS and some of James' other viruses during their development. I'm the dude that inadvertantly got him fired from his job in Virginia (writing a NATAS cleaner for Norman Data Defense) for coming to visit him after he was suppost to "break all ties with the computer underground" as a condition of his employment.
Around 1994, the NATAS virus stormed computers all around the world. It was the first polymorphic virus. And it was undetectable with traditional means (didn't alter the exes' CRC).
Oh, come on! NATAS wasn't the first polymorphic PC virus. It wasn't even the author's first polymorphic virus (Satan Bug was his first polymorphic virus, and a hell of a lot of fun to read if you know x86 assembler-- good for a lot of laughs). It was one of the first polymorphic viruses to use a polymorphic engine that appended the decryption code to the end of the executable, rather than appending the encrypted virus to the the decryption routine. It was a technique to make the polymorphic engine more simple, though the engine, in the end, generated code that was still reasonably "detectable".
McAffee released a new (experimental?) version of their antivirus, so that it would clean NATAS. Unfortunately, sometimes if you pressed CTRL-C, part of your programs' code would execute randomly (later, they released a completely different version, which effectively cleaned NATAS and similar viruses, without having such nasty bugs).
No, no, no! NATAS exploited a bug in some versions of Thunderbyte's TBCLEAN, which used, at the time, single-step and breakpoint interrupts to trace through an infected program until the virus restored the original execution point and jumped there, at which point it re-wrote the executable back to disk (undoing any relocations on the way) w/o the virus. The author of NATAS found a condition in which TBCLEAN could be made to execute arbitrary code, and added a "payload" to NATAS that, upon "cleaning" by this vulnerable version of TBCLEAN, would simply turn off TBCLEAN's single-step interrupt and the virus would proceed to running normally. Look for the label "anti_tbclean" in the NATAS source if you wanna know more. His Jackal virus did even nastier things when run under the vulnerable TBCLEAN version...
Here's an excerpt from George Smith's book that talks about James/Priest and a little more about his viruses. Take George w/ a grain of salt, I feel strongly that a significant fraction of the later details are crap.
-
Re:Deja vu...
I was fairly good friends w/ the author of NATAS and helped debug NATAS and some of James' other viruses during their development. I'm the dude that inadvertantly got him fired from his job in Virginia (writing a NATAS cleaner for Norman Data Defense) for coming to visit him after he was suppost to "break all ties with the computer underground" as a condition of his employment.
Around 1994, the NATAS virus stormed computers all around the world. It was the first polymorphic virus. And it was undetectable with traditional means (didn't alter the exes' CRC).
Oh, come on! NATAS wasn't the first polymorphic PC virus. It wasn't even the author's first polymorphic virus (Satan Bug was his first polymorphic virus, and a hell of a lot of fun to read if you know x86 assembler-- good for a lot of laughs). It was one of the first polymorphic viruses to use a polymorphic engine that appended the decryption code to the end of the executable, rather than appending the encrypted virus to the the decryption routine. It was a technique to make the polymorphic engine more simple, though the engine, in the end, generated code that was still reasonably "detectable".
McAffee released a new (experimental?) version of their antivirus, so that it would clean NATAS. Unfortunately, sometimes if you pressed CTRL-C, part of your programs' code would execute randomly (later, they released a completely different version, which effectively cleaned NATAS and similar viruses, without having such nasty bugs).
No, no, no! NATAS exploited a bug in some versions of Thunderbyte's TBCLEAN, which used, at the time, single-step and breakpoint interrupts to trace through an infected program until the virus restored the original execution point and jumped there, at which point it re-wrote the executable back to disk (undoing any relocations on the way) w/o the virus. The author of NATAS found a condition in which TBCLEAN could be made to execute arbitrary code, and added a "payload" to NATAS that, upon "cleaning" by this vulnerable version of TBCLEAN, would simply turn off TBCLEAN's single-step interrupt and the virus would proceed to running normally. Look for the label "anti_tbclean" in the NATAS source if you wanna know more. His Jackal virus did even nastier things when run under the vulnerable TBCLEAN version...
Here's an excerpt from George Smith's book that talks about James/Priest and a little more about his viruses. Take George w/ a grain of salt, I feel strongly that a significant fraction of the later details are crap.
-
Cannot trust Microsoft
Nobody believes that Microsoft focuses on security. Nobody.
They do, and they market that very well. I recently saw an eighteen-wheeler pull through major cities showcasing Microsoft security products. Every business owner I spoke with that has had considerable expenses due to Microsoft's insecurities was amazed at their products. What I find most interesting is when a peer of mine went to a Microsoft propaganda seminar, they suggested the purchase of a Linksys router/firewall to place before their high-dollar security system. When asked what OS this equipment used, the speaker proudly mentioned Linux.
The problem is age-old though. Viruses and Trojans would seemingly not exist without Microsoft. Certainly, there would not be a need for anti-virus products because the numbers would be manageable enough via infrequent patching. Therefore, Microsoft is the problem. -
Virus/Trojan problems for Microsoft go way back
For those interested, check out this source code. Virus and Trojan problems seem to just gravitate toward Microsoft products. So, Microsoft is the problem.
-
Virus Source CodeFor those interested, check out the Virus Source Code Database. As for the article, I don't think that making virus authoring easier is any concern. Why not make the software impervious to virus attack in the first place? I mean, the design of DOS, Windows, and now Windows XP does little to stop malware, viruses, trojans, spyware, etc.
-
Virus Source CodeFor anyone interested, check out the Virus Source Code Database. For historic reasons, it is worth taking a look at, whether you are into Assembly, Pascal, C, or others on Unix, DOS, Windows, Mac, etc.
-
Easy of Linux vs Complexity of Windows UpdatesOnce a Linux system is properly configured, there really is not much to keeping it up and going. I would much rather place a computer novice on a Linux system than deal with that user on a Windows machine with all its updates against spyware and viruses.
-
Re:Fidonet.
Well, you could set up local clouds/nodes, and node maintainers would be responsible for handing out IP space within their node, as well as linking nodes together, probably via a tunneled link through their personal broadband connection.
Note, that all you're doing is linking nodes via broadband (rather than via modem through the phone networks) - you don't have to link up to the greater internet, and in fact, for liability purposes, you probably wouldn't (except maybe for receiving and getting e-mail for registered users within your node.) You could also cache outside content by demand, so local users could browse static information.
By abstracting node linkage, you could have nodes linking to each other via broadband, via long-range repeaters, a really long cat5 wire, ethernet over barbed wire, or even modems (either landline or Ricochet wireless.) The nice thing about the topology is you can probably borrow the entire network structure from the original Fidonet, replacing the PPP linkups with the link-agnostic node linkage protocol, and slap some limited tcp/ip services on top of it.
So, if you don't have a direct link to the greater internet, what good is a node? Well, you can put together a pretty nifty distributed file library, exchange news and mail without having to hop outside of the local network, members within a given wireless cloud can game against each other, and if there's sufficient bandwidth, game against other nodes, essentially a hybrid between a fidonet node and a distributed virtual LAN.
The coolest thing about this would be the creation of a shadow infrastructure that could route around damage, such as a major backbone collapsing, or fees and censorship. Once the citizen-maintained infrastructure was in place, even if the internet was shut down (either because of war, cyberattack, or because commercial interests have destroyed it), we'd still have pieces that could easily link up and provide service to members of the citizen-net.
I wouldn't be surprised if someone already has a project like this... SO POST LINKS if ya know of any! -
Some LinuxI have some instances of companies I work with using Linux over Windows:
- One bank uses 3 Linux workstations for document scanning, using Tummy Software xvscan. The images are set in a PostgreSQL database, and retreivable bia a web browser. They purchased this system with the custom software saving over $15,000 compared to the cheapest Windows solution they could find.
- I know of a bank that uses Star Office on Linux for Microsoft Office training machines. Having Linux on the computers keeps the trainees from loading software, and the two office suites are similar enough for basic training. There are ten training workstations.
- A law firm that uses two Linux workstation, a Mac, and Appletalk/Samba on Linux for a server. They also have custom database applications for billing and client records.
- A financial planner that has a Linux Internet gateway that later turned into a PostgreSQL database for stock tracking and analysis. He still uses Windows for his workstation, but in addition has a Linux computer using the quote program to get stock quotes.
- A pet store using Linux exclusively for point-of-sale and server. He replaced an old SCO system, and did not buy a monitor for his server, so he connects with his vt320 terminal.
- An outdoor advertising company has replaced two Windows computers with Linux, and are loving them. They don't know anything about Linux, but like the stability of their applications, and they saved a bundle.
My company has been working on custom Linux applications to replace Windows. I hope there are many chances in the future to suggest Linux.