Slashdot Mirror
Viruses, Trojans And Worms -- Unplugged?
An Anonymous Coward writes: "This two-part article at Wireless NewsFactor examines the risks of malicious code on wireless platforms and what companies can do to combat potential threats. The gist of it is that wireless viruses/worms/trojans are unlikely to spread unchecked, and it digs pretty deep into why that is the case."
I am the best! Get it in ya!
Oh well, back to dowloading pr0n...
Pr0n K1ng
I got some worms in here.
If they can unplug viruses and trojans, can they unplug the trolls from Slashdot? Now that would be useful!
oo oo oooooo oo oo
oo oo oo oo oo oo
oo oo oo oo oo oo
oooo oo oo oo oo
oo oo oo oo oo
oo oo oo oo oo
oo oooooo oooooo
ssssss ss ss ssssss ss ss ss
ss ss ss ss ss ss ss ss ss
ss ss ss ss ss ss ss
ssssss ss ss ss sssss ss
ss ss ss ss ss ss ss
ss ss ss ss ss ss ss ss
ssssss ssssss ssssss ss ss ss
With Sun's creation of the KVM and MIDP, would it be possible to spread a virus to all the supported platforms? I suppose the virus still needs an 'in' though.. so it may not be possible.
How, damn you?
Why doesn't someone write an email virus that includes the alogirithm to decode DVDs? Then everyone would be breaking the law! Yeehaw! Breakin' the law!
we'll all learn so much by reading this, bravo slashdot.
Of once, with the ILUVU virus, we had a person re-infect their machine, becuase they downloaded the virus in their e-mail into their palm. When we cleaned the machine for her, she synced up her palm and put the e-mail back. The lady was stupid enough to click on it a second time.
=================
Unix is very user friendly, it's just picky about who its friends are.
Also, many portable devices aren't easily programmed, and some cannot be programmed without physically modifying the device. Sure you can download a dev kit for your PDA, but not that many people know how to code for them. Cell phones are even harder to write code for. That means bugfixes and patches are going to be slow or non-existant, leaving them even more vulnerable to security exploits.
Finally, the userbase of most cellular phones and PDA's aren't exactly the most technically saavy people out there. Most users of these devices are ignorant yuppies who could care less about security issues of the WAP protocol vs. Bluetooth. These people don't care/don't know better. All they want to do is talk to their girlfriends/write a grocery list while they're driving home in their BMW or SUV. Most, if not all cell phone users are simply too ignorant to care about security.
Slashdot: Open Source, Closed Minds.
Sorry, I really am. It's just that kind of day. (We won't waste a +1 on this one. :P)
-- http://frobnosticate.com
Come on, Timothy.. According to my book Requisite Puns for Journalistic Headlines, it clearly states that :
When writing a headline listing three items followed by an exclamation, the exclamation must always be "Oh, my". No exceptions.
Alex Bischoff
HTML/CSS coder for hire
Then, your signature insults the minds of Slashbots...
Brings a tear to my eye.
I can say one thing, I can deal with my computer at work being dead half of the time because my lovely co-worker down the aisle "accidentally" opened an attachment and unleashed the BLOB on our network...
But when my cell phone starts working randomly, Sprint and I are going to fight. =)
jrbd
Let's see when the clever media use these terms regarding wireless malware:
"air-borne virus"
"pegasus" (flying trojan, oh never mind)
"Quetzalcoatl" (you can figure it out)
More prosaic:
"wireless worm"
"Code Infrared"
oooooo oo oo ooooo oo oo oo oo ooooo oo oo oo
oo oo oo oo oo oo oo oo oo oo oo oo oo oo
oooo oo oo oo oooo oooooo oo oo oo oo oo
oo oo oo oo oo oo oo oo oo oo oo oo
oo ooooo ooooo oo oo oo ooooo ooooo oo
Trojan horse goes on the offensive
Well, now I know why I deactivated ActiveX on all Win-boxes I use, and never missed it, except when trying to use the Windows-Update-Function: to update you Win-box, you first need to make it insecure by enabling ActiveX...
ms
in the very first paragraph. Anything that can be programmed can be programmed to do bad things. In my opinion, wireless opens up a new door. Since all devices must communicate over open air, they're easily sniffed. Just wait until someone figures out how to HIJACK a packet and trick the wireless device into thinking it's contacting a trusted host when in fact it's exchanging packets with a trojaned host. Then you open up a new attack angle. Suddenly you're downloading a spreadsheet to your PDA that's not a spreadsheet, it's an Excel macro virus.
IMHO this article is really arrogant. It's still a well known fact that unplugging your computer is the only true security, connecting it via wireless is opening up the channel even wider.
There is no reasonable defense against an idiot with an agenda
:wq
Windows 2000 Professional is the operating system for desktops and notebooks for all sizes of business. Windows 2000 Server is an entry-level solution for running more reliable and manageable file, print, intranet, communications and infrastructure services. Windows 2000 Advanced Server includes additional functionality to enhance availability and scalability of e-commerce and line-of-business applications.
The article has a spokesperson from Palm explaining why worms are unlikely to spread between wireless devices running PalmOS, but despite mentioning wireless devices running CE doesn't give any information as to whether or not it's vunerable. Does anyone have any hard information as to protection levels within the syncing process on CE? (The existence of third-party virus protection software would seem to indicate that they weren't high.)
GROGGS: alive and well and living in
Do you have them?
Finally, they agree with me.
Send your friends messages of love at fuck-you.org
A few days ago when I was at my mother's work, she asked me how to deal with a copy of the Love Bug which for some reason arrived at her computer. Nothing special, right? Except for this: the mailer is Netscape, the OS is Solaris, the computer is Sun SPARC and my mother is a very experienced UNIX developer/maintenance programmer.
What's the moral of this story? Obviously, the particular problem in this case was the global hype surrounding the Love Bug and its consequences. This hype made my mother abandon the usual UNIX reflex (if it's Microsoft it has nothing to do with me), and treat this problem as real.
It seems to me that the global problem is ignorance. People do not know what viri are; they do not comprehend the concept of a remote exploit; many of us do not have a clear understanding of system security.
I think the proper solution would be to educate people through the mass-media (BTW, it's time for the TV networks to get someone who knows both what a worm is and how to pass on his knowledge to other people). Additionally, security training could be added to all those hi-tech management courses PHBs attend - maybe they'll absorb a few bits (or bytes).
Literacy in various subjects was the driving force of many important reforms and revolutions throughout the human history. It seems to me that some knowledge could improve immensly the computer security culture that we know today.
There are numerous initiatives to use cell phones as trusted computing devices: for micro payment (and even paying large sums), for authentication purposes, for tracking disabled people (in conjunction with GPS, for example), for emergency calls. People even think of using them in the context of legally binding digital signatures.
These applications assume that cell phones are reliable devices, which keep secret data secret and operate without hickups until the battery runs out. So far, none of the initiatives has really gained momentum, but will people stop to reconsider what they are doing when cell phones become more and more similar to general-purpose computers, with fully-fleged browsers showing web content on tiny displays, possibly even including a EMCAscript interpreter?
I don't think so, and the results could be devastating.
I you won't shut up I'm gonna slap you like the bitch you are -- as soon as I remember my password!
Did you notice this spin?
Malicious code can replicate more easily when more hosts are available, so virus creators tend to focus on widely used platforms. (That is why few viruses exist for wireless platforms right now -- and why more viruses plague Windows platforms than Mac or Linux platforms.)
Obviously Windows' market penetration is the ONLY reason Unix/Linux platforms have essentially no viruses while Windows has so many it's spawned an ENTIRE INDUSTRY of virus-protection software. The organization and quality of the software and the number of people looking for and fixing bugs have absolutely NOTHING to do with it.
So if a lot of people abandoned Windows for Unix, Linux, or OSX virus writers would write viruses for them. Since only popularity matters, they'd succeed as easily with those other operating systems and app suites as they do now with Windows. So viruses would be just as much of a problem as they are now. So don't bother to switch.
Subtle, isn't it?
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
...it's absolutely true.
- Value. The number one reason to move to Windows 2000 Professional is the overall value it offers your business. As this list proves, Windows 2000 Professional can help you reduce costs through improved management and increase productivity through improved reliability and ease of use. For example, analysis conducted at Credit Suisse First Boston predicted that using Windows® 2000 Professional could reduce the firm's directly related IT costs by 15 percent, as well as improve employee productivity by cutting computer-related unproductive time by as much as 41 percent. For more about return on investment, see these reports from Giga Information Group, Inc. and Arthur Andersen.
- Reliability. An essential requirement for business users is a personal computer they can count on. That's why Windows 2000 Professional includes fundamental improvements--such as modifications to the operating system core to prevent crashes and the ability for the operating system to repair itself--that make it the most reliable desktop operating system Microsoft has ever produced. On comparative reliability tests conducted by ZD Labs, the average system uptime of Windows 2000 Professional was over 50 times that of Windows 98 and 17 times that of Windows NT Workstation 4.0.
- Mobility. Mobile computing is simpler and more efficient with Windows 2000 Professional. This means you can work anywhere, anytime while also saving time and increasing productivity. As described in these news articles, "Finally, a Notebook OS" and "Mobile Users In Love with Win2K", Windows 2000 Professional offers mobile users key productivity and time-saving features, including the ability to hibernate and restart the system without a reboot and the ability to easily take files and folders offline.
- Manageability. Windows 2000 Professional is easier to deploy, manage, and support. Centralized management utilities, troubleshooting tools, and support for self-healing applications all make it simpler for administrators and users to deploy and manage desktop and laptop computers. These improvements pay off in reduced costs, as illustrated by this Eastman Chemical total cost of ownership analysis.
- Performance. The advancements made throughout Windows 2000 Professional are accentuated by the operating system's speed. As shown in ZD Labs tests running the most popular business applications, with 64 MB of RAM, Windows 2000 was 32 percent faster than Windows 95 and 27 percent faster than Windows 98. It is also significantly faster than Windows NT 4.0 on configurations with 32 MB of RAM.
- Security. Windows 2000 Professional provides comprehensive security features to protect your sensitive business data, both locally on your desktop computer and as it is transmitted over your local area network, phone lines, or the Internet. With its support for Internet-standard security features such as IP Security, Layer 2 Tunneling Protocol, and Virtual Private Networking, Windows 2000 is so secure that banks, such as Credit Suisse First Boston, use it. For some organizations, such as the law firm Dorsey & Whitney LLP, security is a key reason for moving to Windows 2000.
- Internet. The familiar user interface of Windows 98 combined with all the capabilities of Internet Explorer 5, makes using the Internet and your local desktop a unified user experience, as described by PC Magazine. This user interface, combined with integrated search capabilities, makes it easier to find and use information locally and on the Web.
- Usability. As described in this Windows 2000 Magazine review, Windows 2000 Professional combines the power and security of its predecessor, Windows NT Workstation, with the traditional ease of use of Windows 98. It also provides more wizards, a centralized location for common tasks, and menus that adapt to the way you work.
- Data Access. When you use Windows 2000 Professional in conjunction with Windows 2000 Server, you can take advantage of IntelliMirror technologies. By letting you store your important information and desktop settings on a central computer, IntelliMirror lets you work on any computer attached to your network as if you are at your own desk. The centralized management savings made possible by Windows 2000 IntelliMirror technologies are one of the reasons WFofR, Inc. is using Windows 2000 Professional.
- Hardware. Windows 2000 Professional lets you take advantage of new hardware devices, such as those with universal serial bus (USB) and IEEE 1394 (Firewire) connections. In addition, support for existing hardware makes Windows 2000 ideal for companies, such as Panasonic, that want to standardize on a single operating system across their organizations.
How To Get Windows 2000 Professional: Convinced? Choose from the following to move to Windows 2000 Professional today:Ahem.... WRONG!
Apache and Linux both have source available. Therefore, it should be MUCH easier to figure out how they work than IIS/Win2K. Apache/Linux is deployed across more web servers than IIS/Win2K. Therefore, more people should write viruses to the more popular program.
So then why is CodeRed (I,II,III,IV,etc.) for IIS/Win2k? Because IIS/Win2k is a funnier target. It's more fun to stick a thumb in Bill's eye than in Linus' eye.
Jesus was all right but his disciples were thick and ordinary. -John Lennon
now that will be a virus worth propagating!
Which means they are more likely to know something about security. Or that their sysadmin does, and a competent admin can /home/$USER but nothing else (software wise).
(a) protect the system. eg You could mess up
(b) Backup the system, incase $USER doesn't follow the rules.
(c) Pass on knowledge of what to do and what not to do. (Which sometimes is real pain in the butt, depending on the person!)
ANY sysadmin should do this, as should every user (at least b and c). In my experence, Windows Sysadmins are not as likely to do the above as Linux Sysadmins.
___
.-""""-. (/ / /\_/ .---./ / / / / / /
.' _/ \/ .^. // /| \ over
_////
/ \
|
\ C' '>'| /
'; - / /
__)---;/`
_.-' \`"""`|
\ -;'| |
'-._/-.
\(-\
|-----//|
| (/ |
I | | | Now
love | ; | bend
black|
people| _/ T / nigger
| | | |
| | |__|_
|__| '-.__)
\__)
*goatsex *goatse& nbsp;x*goats&n bsp;ex* ;& nbsp;&nb sp;g ;& nbsp;\&n bsp;/&nb sp;\&nbs p;o ;& nbsp;\&n bsp;|&nb sp;|&nbs p;a /\\\--__\\&nbs p;:  ;e ;\ _.--------.______\|| g .C___)__ ____(_(____>|/&nb sp;a ;|C____)/  ;\(_____>|_ /t ;e ;\____)`----&n bsp;--'& nbsp;|* // |& nbsp;|\& nbsp;|t // \__/\___/  ;| |s // || |& nbsp;|e
\n g& nbsp;&nb sp; 
\n o/\ 
\n a|| 
\n t|`.&nbs p; |& nbsp;|&n bsp;:&nb sp;t
\n s` |& nbsp;|&n bsp;\|&n bsp;|&nb sp;s
\n e\ |/
\n x\ \/_--~~& nbsp;~--__|\&n bsp;|&nb sp;x
\n *\ \_-~&nbs p; ~-_\&nbs p;|*
\n g\_ 
\n o\ \______//_____ (_(__>\|&nb sp;o
\n a\
\n t/\ 
\n s//\|&nb sp;C_____)&nbs p;|(___>&nb sp;/\s
\n e| (_C_____)\______///& nbsp;_//\ 
\n x| \|__\\________ _//(__/& nbsp;|x
\n *|\ 
\n g|\_&nbs p; ___\/_&n bsp;&nbs p;_/|g
\n o| &n bsp;/|&n bsp;|\&n bsp;|&nb sp;o
\n a| |& nbsp;/&n bsp;\\&n bsp;|&nb sp;a
\n t|
\n s|
\n e|
\n x| |& nbsp;|&n bsp;||&n bsp;&nbs p;|x
\n *goatsex *goatse& nbsp;x*goate&n bsp;x*
\n
I would think that virus, worm Trojan etc. protection would ideally be performed at a lower level that the application interface.
To explain what I mean, these wireless devices will have a common communications protocol, and possibly nothing or very much more in relation to the UI, presentation, you know user stuff. Say nothing of the actual, Um, activate LCD node 23h-87v, and check to see if this cell is paid for.
Any good anti-viral developer would realize that the best place to nip this sort of thing in the bud would be in a clean area. There's nothing to say that a worm that rot-13's your contact list or something of the like will actually be able to wipe your activation codes after sending them to heroin dealers in Detroit.
The easiest place for a virus to work and propagate is at a high level, such as outlook in the windows world, and this will probably be true in the wireless world.
There's nothing that says that Ericsson, Nokiea, Motorola, Sony, Tom, Dick, and Harry have to use the same underlying chipset to perform these tasks. I've never heard of a standard in all cell phones WAP chip!
If AV vendors concentrate on these particular chipsets, to say Norton NokieaAV for example, they will better be able to handle this threat. Only interface with the network like messaging would to receive updates.
That said, the less easy; more work, more hassle, more coding area of wireless virus writing, should concentrate on the underlying chipset to do the same job. What good is an AV product if it can't be updated, or worse yet can't be installed! I wouldn't be suppressed if the memory cores of these devices, being that they contain activation codes, are just as hard to re-program as DirecTV HuCards.
The place to get it done is at the chipset level, talking in native code, not protocol code. Find a back door before manufacturer-X finds it, and you're set.
Any AV vendor will also have to do a good job of preventing back doors in their code as well, so it's probably bound to be a large mess.
So... could we call WinXP a virus? Even people with brains (nonM$users) will feel the damage. :))
This will be bigger than the W2K bug
Is it just me or does the story reek of 'riding the public interest'? A story of little to no meaning that is just one more way of throwing the nasty virus scare at the public... to rehash what is possible at heart just another rehash story to remind us of the news that was (is) CodeRed (and other worms/viruses that made the mainstream).
Don't get me wrong... I realize that this is a very real issue. But assuming for a second that any software on a device that ever communicated with the outside world (via disk xchange, bbs, net, etc) is and likely always will be a possible victim to a virus/worm. With that in mind what is this article really saying? Its software and its online, of course its might be suspectable to a currently undiscovered exploit. I'm not saying it should be ignored... but is this news or just another media attempt to scare the public and/or rehash an old story?
It appears to me the only 'news' of the story is this preemptive strike, antivirus software. Now I have certainly never been the most paranoid geek in the world, but having antivirus software on a critical system seems to me more of a good step then a strike of any sort... it is not preemptive, it is delayed. I think a quote from the artical by Rob Rosenberg sums it up well... "The threat is quite simply that people won't use antivirus software on the devices, won't use security software, won't use proper passwords,"
Alas.. isn't that ALWAYS the problem? Again I ask.. is this really news?
'..that kernel panicked like a nun in a crack house!'
test
01
02
03
04
05
06
07
08
09
10
11
12
13
14
15
16
17
18
Important Stuff:
Please try to keep posts on topic.
Try to reply to other people comments instead of starting new threads.
Read other people's messages before posting your own to avoid simply duplicating what has already been said.
Use a clear subject that describes what your message is about.
Offtopic, Inflammatory, Inappropriate, Illegal, or Offensive comments might be moderated. (You can read everything, even moderated posts, by adjusting your threshold on the User Preferences Page)