Slashdot Mirror
McAfee Manufactures Virus Threat
The latest "news" to come out of the AV industry is New Virus Infects Picture Files. McAfee put up their description and made sure to issue a wide-spread press release to stir up some interest. McAfee's spokesdrone fans the flames:
- "Potentially no file type could be safe."
That evolution should make computer users think twice about sending pictures or any other media over the Internet, Gullotto said.
"Going forward, we may have to rethink about distributing JPGs."
Now, if you know much about computing, you may be a little suspicious of this. JPEGs are compressed image files that only contain data representing an image to be displayed, not code to be executed. A modification of that data might screw up the picture of your cat dangling from the edge of the kitchen table you like so much, but it won't turn the image into a potential virus transmitter, because the programs that display JPEGs don't read them with an eye toward executing the code. An image file is just data to be displayed. The line between "data" and "code" is a little bit fuzzy - often particular characters or a particular file can be both data and code, depending on the context of how other code handles it. Or a particular file can include both data and code separately, like a Microsoft Word file that includes data (your text) and code (some macro designed to be executed by Word when the document is opened).
But for JPEGs there's a well-designed standard, and it doesn't include executing code of any sort. If a JPEG-handling program doesn't like the data it sees, it should just stop trying to display the image, not decide to start executing code from the image. JPEGs are mostly harmless.
McAfee's claim of a virus spread through JPEGs requires one essential element: you have to have already been infected by ANOTHER virus transmitted by some actual executable code. What it comes down to is:
Once you're infected with a virus, the virus can set you up to be infected by other viruses.
No shit, Sherlock. Once you have enemy code running on your system, you're toast. A virus could alter Microsoft Word so that opening any Word document at all would erase every file on your hard drive, making every single Word document in existence a deadly threat -- to you, and to you alone. But this isn't a new virus threat of any sort. It isn't a breakthrough. It's a consequence of being infected, not a new method of being infected.
Two weeks ago, we ran a story about a cross-platform virus. Like this one, it didn't really exist in the wild. Like this one, it was mainly a PR ploy (by Symantec, in that case). But we thought it had at least some minimal technical interest as a bit of code that would run under Windows or Linux.
McAfee and Symantec (and all the other AV vendors out there) are waging a PR war to "discover" ever more news-worthy viruses to defend against. To get maximum coverage, your new virus needs to do something unique or different -- make your computer turn green, or infect something previously uninfectable, or whatever it might be. Compare this to Klez, a very basic virus similar in most ways to viruses that have gone before, which is still out there looting and pillaging tens of thousands of computers every day, but isn't ideal for AV vendors because they don't have a monopoly on the cure.
The press is catching on, to some tiny extent at least, that most virus alerts are fictitious and just designed to drum up business for the vendors. But it's far easier to repurpose a vendor's press release and call it a story than to dig into real threats that exist on the Internet, and the causes of those threats. Today, like last year and the year before and five years ago, there are major email-borne virus threats out there. (There are still old-school viruses out there too, transmitted by sneaker-net or by downloading suspicious software, but email is clearly the way to go for the discriminating virus creator.) All the real email virus threats share a few distinguishing characteristics:
- They only affect Microsoft Windows. If you aren't running Windows, you are safe.
- They're usually transmitted by email. If you know enough on your own, or you've had a half-hour class in "Email 101", you should be able to avoid executing random files received by email.
- They auto-execute in Microsoft Outlook or Outlook Express. Microsoft has finally made some progress, after many years, in reducing the vulnerability of their flagship email programs. So if you have a recent or fully-updated version of these programs, you may not be as vulnerable as people running older versions. Nevertheless, this was (and still is, since so many people don't have recent or fully-updated versions) a primary vector.
And that's really it. If you don't run Windows, you're safe. If you have basic email skills, you're safe. If you don't run Outlook, you're safe. That's the story of modern viruses, and fortunately or un-, it's a pretty boring one.
McAfee, and Symantec, and everyone else involved in the anti-virus FUD business: lay off. I mean that literally, as in, "Lay off the people you employ for the purpose of drumming up new virus threats." Lay off the public relations people you employ to say things like, "We may have to rethink about distributing JPGs." Lay off the BS. There's a real market for your product, people who (for whatever reason) are using Windows and/or Outlook, and haven't received the half-hour training course necessary to avoid viruses. You can market to them based on your fast responses to real virus threats - you don't need to manufacture any more.
1) Stop doing stupid things that can cause you to get infected!
2) Trust no one!
3) Throw your computer out the window!
All Your Memory Are Belong To Java
. . . that all this time, the satire about the virus development divisions of anti-virus software companies actually contained a kernel of truth? Who woulda thunk it?
Call (206) 338-5780 COLLECT for information about a genuine BA, BS, MA, MS, MBA, or Ph.D.
I use AVG from Grisoft and just updated the signature file. I am SOOooo glad I use a freeware/shareware product that keeps up with REAL virus and not marketing. As they say here in the U.S. "There ought to be a law..."
"If you are on fire you can just stop, drop, and roll. If you fall into Lava you are just dead." - my 5yr old daughter
Pot! Kettle! Black!
Do you even lift?
These aren't the 'roids you're looking for.
Simple, dont run Windows. Now I'm certainly not so naive to think that you are 100% safe on Linux/*BSD but you are certainly far more sheltered from the types of virii that affect your average Microsoft OS.
siri
In my more paranoid moments, I wonder to what extent antivirus companies are writing virisues themselves.
Malike Bamiyi wanted my assistance.
From this 'article' it seems that Michael is stepping into Katz shoes. The only difference is that Michael seems to have a bit more of an 'edginess' about him (Katz seems more laid-back).
/.?
Add this to his add-on editorial for Warcraft III - is he trying to get a payraise for upping the number of hits to
Attention, AV companies:
You could make some money offering training classes on how to avoid common viruses.
Against misinformation the public via the news channels? I understand they want business, but using FUD techniques will only backfire and cause major distrust among the public.
Would you want to use a product from an entity you don't quite trust?
I am the evil aardvark!
When I first heard about this yesterday, I was thinking "So what? This is the same kind of Windows&Outlook-only virus problem that's been painfully well documented and explained". I saw no point in the FUD coming from the anti-virus people. Good to see someone else makes those observations, and in such a public forum.
-----
Apple hardware still too expensive for you? How about a raffle ticket?
Come to the University of Mars! Classes starting soon!
It's pretty simple to stay safe, and I have repeated this many many times to customers when I worked at an ISP. If you are using Windows or Outlook, do not open an attachment if you don't know what it is. It's very simple. I don't care if it says "This is very important, Bob and you must open this now." Unless you know specifically what it is and you were expecting it, don't open it. There is no need to, and you aren't going to miss out on much.
Of course, in the case of stupid users, there are some steps you can take on the server side to filter some viruses, but it's not perfect. In the end, patch Outlook, and educate your users. You could probably pretty easily drop any potentially executable attachments before they even got to Outlook (which drops many of them on its own).
What?
...they'll be telling us that there's an airborne computer virus, and you'll have to get their new filter for your cpu fan. and we'll continue to go 'uh-huh.'
They only affect Microsoft Windows. If you aren't running Windows, you are safe...
No you are not. Its not what fscking OS you are running, it about what OS and applications are running on the system to which you gave your credit card number and your SSN. Its about what OS your company runs to store the employee databases. You can hide your head in sand and pretend that you are safe ofcourse..
You mean I have to be an idiot to get infected by a virus? I already knew that. Don't open strange attachments, and wear a condom.
-- Adam
Shows what you know. You Linux lusers don't even have Microsoft ActiveJPEG Technology yet?!?
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
I am sure I can prevent my computer from being infected just by using common sense (don't open unexpected attachments, download only from trustworthy sites, etc). Even if I did get infected, I could just re-ghost my drive and be done with it. Sure I have to make current ghost images, but I do that anyway and storage is cheap these days. On the up side, I don't have to take the performance hit of running AV software, and I don't have to deal with constant updates.
A friend of mine who's into conspiracy theories thinks that the anti-virus companies like McAfee also have people writing the viruses - so they can sell "subscriptions" to keep the definitions updated.
I'm reserving judgement on that one until a virus is actually tracked back to an author who's affiliated with an anti-virus company.
But I *do* wish they cut out the FUD. It's bad enough getting my weekly dose of "Delete jdbgmgr.exe from your system! It's a virus!" from my friends and relatives, who then get dutifully pointed to www.snopes.com to read "Inboxer Rebellion," without having people who supposedly know better promoting the same kind of crap.
Specialization is for insects. - R.A.H.
How many years have gone by with the wonder of differences between antivirus software and ante virus software. Most individuals tend to speak broken English and the ante virus lingers from such laziness. Such is terrible.
I'm running Windows and Outlook, and I haven't been infected with a virus yet. It's just common sense... "MY WIFE NUDE.JPG.exe" probably isn't something I want to open. The real anti-virus software is common sense, but there don't seem to be many available copies out there. :-/
say an attacker knows you use a certain program to view JPEGs, or other data/multimedia files. This attacker knows that certain program contains a buffer overflow, and how to exploit it. The attacker can assemble a specially formed file that exploits the overflow and opens a backdoor on your machine, granting himself some level of access to your computer (most likely user level access). Combined with knowledge of a local root hole, the attacker now has root access to your machine (ie, he 0wns j00). The attacker delivers this specially formed file to you in some manner (email, webpage, etc).
Suddenly, this "data" file is now containing a virus, isnt it?
The One Rule Of Chess You'll Ever Need: Don't play someone who carries a kit in their bookbag.
Someone should make a special program to detect and turn off Virus programs! I get a lot of calls from family members complaining about their slow computers, I check it out and they have the defacto McAfee install which checks all email, boot sector and floppy on boot, and (the worst one) EVERY exe before it starts. This causes a horrible delay everytime you do anything! I refuse to install any AV software on my computer simply because I am not stupid enough to open any of these files, and I consider the AV software itself to be a performance affecting Virus.
How soon till it's not limited to FUD in order to create business? How soon till (or perhaps it has already happened) AV vendors channel money to unscrupulous people to write/release viruses?
until this line: "There's a real market for your product, people who (for whatever reason) are using Windows and/or Outlook..."
This article was nice. It was well balanced. It looked like old mikey-boy had actually done some research. It seemed as if it had been spell-checked. Why throw in the Microsoft dig like that? It throws the credibility of the entire article out the window.
The slashdot crew should hire a decent editor. Or even a bad one, for chrissake.
Brant
Argle. Bargle.
There was a Charlie Chaplin movie, silent, made in 1926? that was about a glazier(Charlie) who needed to drum up some business, so he employed a small boy to run around town, breaking windows. The victims of this nefarious window breaking were then offered "discounts" if they purchased charlies services. Odd, how history seems to repeat itself....
Stupid Humans.....
This isn't surprising from the virus protection companies. There have been persistent rumors from years ago where anti-virus programmers released virii into the wild to help enhance their job security. I don't know if there is any verifiable evidence of this, but as this article mentions there is PLENTY of incentive for the anti-virus folks to create threats, both real and make-belive.
What fun is it being cool if you can't wear a sombrero? - Hobbes
IMHO anti-virus software is a virus in itself. I have spent more time trying to install/uninstall anti-virus software than fixing a virus infection.
Most gnarly viruses anti-virus software cannot catch anyway.
Tone it down a little and the 'bots will reply...you're too obvious with this one.
But beware !
Everybody made jokes about the "good times" virus hoax.
But then there was Melissa.
Ok. It worked little differently but in essence it proved that you can spread viruses via email.
You are the dot in slashdot !
"McAfee researchers received the virus from its creator."
Yeah, McAfee!
FRA: STFU GTFO
... unless you're using a Mac. Oops.
Not Windows = Linux, right?
I think the Government, or is that the shadow government, you know the one set up by Bush after Sept 11, the one he did not tell congress about, yes that one. I think the same marketing is being used and will be being used. What was the next step.. oh yes newspeak..
Just because an image file consists of data, if a poorly designed decoder has been written, then if the data is corrupted, you could end up spewing data over stack or even main memory.
If you had some control over what data is written, then you could get the decoder to write out what amounts to a virus, and then get the decoder to execute it (by trashing the stack).
I won't use JPEG as an example, but some lossless compression, such as GIF. Instead of having the image compressed, you could have your program compressed. Decompressing the data would effectively copy the code into some memory location. The difficult bit would be getting the decoder to actually execute it.
Don't forget that such a virus doesn't actually need to spread itself in images; it could be a simple bootstrap loader in the images that downloads a larger virus with its own payloads.
abstraction. Virus companies must PROMOTE
thier product for the good of everyone.
These companies make money by making sure you don't notice any interruption in the use of your computer.
Think, If the average computer user never noticed an interuption wouldn't they one day say "why am i spending this much on an anti virus package that dosen't do anything for me"
Any computer that has a virus can potentially be part of a DoS attack. all of a sudden you're not only losing money on the customers that don't have anti virus packages but on those that get hit by DoS attacks (despite having anti-virus SW)
it is in ALL of our best interests that everyone has an anti virus package. and it is a RESPONSIBILITY of these companies to make sure that they promote knowledge of how much dammage a virus can do.
if symmantec et al. make money in the process SFW ... we need them ... more than you realize
You don't deny that viruses are indeed raping and pillaging peoples machines - and there is a part to be played by AV-company-sponsored warnings. My own experience of this is that my Mum, whose knowledge of computers is small, asked me if they had an up to date virus scanner on their PC.
There is no way that she would have asked this if she hadn't been subjected to popular media stories about viruses, and there is no way that popular media stories are going to be written without the FUD from the AV companies.
It's a necessary evil, and it annoys those in the know but in the end the more people are aware of the threats, the more people will get protected.
If you aren't running Windows, you are safe
If you don't run Outlook, you're safe
Ironic seeing as the author is blasting the AV companies for using the news to push propaganda.
Should almost all home users use another email client or OS I am sure that virus writers would target that, probably with similar results.
http://www.pulse24.com/News/Top_Story/20020613-008 / age.asp
You can't handle the truth.
One statement of yours needs modification:
They only affect Microsoft Windows. If you aren't running Windows, you are safe.
There have been macro viruses which have inadvertently worked on the Mac versions of Word and Excel. I would correct the statement to:
They only affect Microsoft products, primarily Windows. If you aren't running Windows, you are almost entirely safe.
thanks for the plug Its not like the AV companies hyping this up haven't added protection for it too. That was the whole point for hyping it in the beginning.
I've never run any kind of virus checking and in nearly 12 years all I suffered was a small outbreak of FORM whilst at Uni a few years ago.
.exe things that get sent about.
I download all sorts of things, but I always think before I click. I look at the URL's, check I'm not being redirected - stuff like that, and simply don't bother running those Christmas Card
Check out this spam email a bunch of people in my office got yesterday:
s ion: 1.0
-=-=-=-=-
Return-Path: postmaster@salisbury.net
Received: from salisbury.net (12.152.4.9) by myoffice.com with ESMTP (Eudora
Internet Mail Server 3.0.3); Wed, 12 Jun 2002 23:08:21 -0400
Date: Wed, 12 Jun 2002 23:09:46 -0400
Message-Id: 200206122309.AA2564817116@salisbury.net
Mime-Ver
Content-Type: text/plain; charset=us-ascii
From: "postmaster " postmaster@salisbury.net
Reply-To: postmaster@salisbury.net
To: people in my office
Subject: WARNING: YOU WERE SENT A VIRUS
X-Mailer:
X-Mozilla-Status2: 00000000
On 06/12/2002 at 23:09:45 Our special virus software on our servers at salisbury.net
reported that your were sent an Email Virus containing the Unknown Virus in the Unknown File attachment.
The subject of the E-mail was "L Specifies the length". The E-mail containing the virus from kbndl@salisbury.net has been quarantined on our servers to prevent further damage. The virus never made it to your mailbox. (emphasis mine)
Internet Of Salisbury, Inc. provides this service free to our customers while other providers charge
a monthly fee. Though this software should catch up to 99 percent of viruses, a new virus could make it in.
If you are not running Anti-Virus software you should ASAP!
Please Contact N-Techsolutions @ 704-638-2422 or visit their website at:
http://www.n-techsolutions.com Look for the Norton Anti Virus Special! (emphasis mine)
Please do not call Internet Of Salisbury, Inc.
-=-=-=-=-
Not that there was ever any question about sleazy spammers being out there, but this one takes the cake.
Now, if you know much about computing, you may be a little suspicious of this. JPEGs are compressed image files that only contain data representing an image to be displayed, not code to be executed. A modification of that data might screw up the picture of your cat dangling from the edge of the kitchen table you like so much, but it won't turn the image into a potential virus transmitter, because the programs that display JPEGs don't read them with an eye toward executing the code
.exe files. In windows 98/2k you can be infected simply by clicking on a file once (because of the little preview window thing). Holes in Word, outlook, IE, IIS, and even windows explorer have made things completely ridiculous.
No, and HTML readers don't download HTML with an expectation to run the code natively, but it can happen thanks to bugs in IE.
Just like Outlook, the program you deride for its ubiquity, a huge, huge number of jpegs are viewed through the Microsoft libraries. If a hole was discovered in that library, it could be used as a vector for viruses.
The truth of the matter is that if you run windows, there is a real risk of getting a virus from things other then just running
Also, Your list of things not to do to catch a virus reminds me like avoiding pregnancy via the 'pull out' method. Sure it might improve your chances, but it won't 'protect' you in any real sense.
I don't think viruses on Linux have any real future, due to the fact that the most obvious holes would get fixed quickly, but if you run windows you really should get some Anti virus software.
autopr0n is like, down and stuff.
It's been more-or-less common knowledge that McAfee has done this since the Michelangelo scare in 1993.
I recommend going to vmyths.com to read their "rantings" section.
Let me predict that about 50% of the replies in this thread will consist of arguments like "Well even if we did get rid of MSFT products we'd still have a virus problem: look at staoG or Bliss or Ramen or the '88 Internet worm."
Those replies are guilty of a flaw called The Excluded Middle where one argues that a situation that in reality has a spectrum of situations only has the 2 extreme cases. In this case the replies will say that even Linux has viruses and worms (true and probably inescapable for a Turing-complete computer) so doing away with the source of 99.44% of viruses and worms won't solve the problem.
Of course this is crap. I'm still getting hits from Code Red I v2 nearly 10 months after it was released. When was the last time you got a sadmind/IIS hit? The problem isn't to eliminate 100% of all worms chainmails and viruses the problem is to keep worms chainmails and viruses from ramping up the exponential part of the logistics curve.
Quit playing Monopoly with Bill. Switch to one of many non-Microsoft products today.
The sleaze has gotten out of hand; it's time to roast a group of 20 or so companies whose profits are directly linked to creating fear in their customers, who have to keep discovering new sources of fear to improve their bottom line - or in the absence of new discoveries, keep inventing new sources of fear. Yes, it's time to take on the anti-virus software vendors.
Oh, until that last sentence there, I thought you were going to talk about John Ashcroft and the Bush Administration.
Wait until the secret virus development divisions of McAfee and Symantec are exposed.
Another proud carrier of the $rtbl flag
Years ago - early 90s, the AV vendors had cash 'awards' for new virus discoveries.
Therefore, this story is not a big surprise.
Naaaaaaaaaaaaaaaaah
20 or so companies whose profits are directly linked to creating fear in their customers, who have to keep discovering new sources of fear to improve their bottom line - or in the absence of new discoveries, keep inventing new sources of fear.
Does it include the FBI, the CIA, the Govt?
Me no sig.
Sigh. If anti-virus companies truly are casting about for problems to hype, they should use some of the ones actually around and causing problems for people. Klez comes to mind. I know I'd be a bit happier if people didn't keep sending me Klez emails. Raising awareness of the thing would be a good step toward convincing people to use some anti-virus software so their computers would stop bothering me.
Yep, it's a selfish argument. It's still true.
--Phil (And don't get me started on Nimda.)
355/113 -- Not the famous irrational number PI, but an incredible simulation!
...
# They're usually transmitted by email.
In related news, redundancy is usually redundant.
There's no place I can be, since I found Serenity.
a steady stream of new threats. There was another model for anti-virus
software. One that didn't have a patch model, but it was ignored because
profit driven companies require "revenue streams".
Rather than having a program that removes a virus from your system after
you've been infected or which requires an "inoculation" to recognize
viruses, the other system looks at program activities.
The actions taken by a virus are painfully obvious when you look at them
from a macro point of view (no pun intended). While not a trivial coding
task, it's possible to monitor for these types of action and freeze a
program that would take them. More over, with an ample supply of ram and
CPU, new programs could be tested in a "Safe Zone" the first time they are
run, ensuring that problem programs would be caught in the act.
Unfortunately this type of protection doesn't require incremental upgrades
from Anti-Virus companies and so we're stuck with something that can make
profits rather than something that works pro-actively. Thus is the basic
flaw of capitalism.
I'm lead tech at a small computer store. The massive onslaught of Klez in the wild makes us techs more money per day than a good, strong lightning storm will in a week with modem replacements. People in the general public that aren't in the "know" on computers are deathly afraid of viruses, and generally have no idea how to protect themselves.
Most of the John Q Publics out there buy a cheap computer from *.mart that has MS Windows pre-loaded on it that has virus protection software that will expire in 3 months, or require the end user to manually update the definitions. Most of them have no idea that their protection will run out, or that they need to update their software in order to keep it up to date and protecting them from the latest greatest virus.
So these folks turn to their cousin's brother who knows a bit about computers, and ends up screwing the computer up worse, or finds that they are unable to remove the virus from the computer. That's when they turn to us, and other techs. And they're generally willing to pay good money to get rid of the virus, have up to date protection that actually works installed, and be shown how to keep it up to date for a very long period of time, not to mention given a quick tutorial on what to open in their email and what to delete immediately.
In a perfect world un-educated folk wouldn't be given the option to purchase un-educated software, but until that time comes they need to rely on people that do know something about computers, and on software that can help protect them from their own lack of knowledge.
Duris MUD - The best pkill MUD. Ever.
Being an SA of both Unix and NT servers, and having to sit through negotiations with a certain large anti-virus company who's name we shall not name... They hype it up like your going to walk into your lab and find that your machines have metamorphosed into kobolds and are attacking en-masse.
This is the danger of being a publiclly traded company... you need to make the numbers, no matter what. I wouldn't be suprised if they didn't have a skunk words devision who's whole job is just dreaming this stuff up. What's next, an mp3 infector???
<whine>
I submitted this story twice and got it rejected twice, just to see micheal post it... Thanks...
</whine>
Yes Francis, the world has gone crazy.
Things like this are what happen when the news media are owned by giant corporations. They do not care about truly informing the public, they care about selling papers, ads, etc. And what's the best way to do that? Scary headlines.
50% of the news nowadays is reprinted press releases from companies. There should be some kind of accountability, both for the misleading/false statements coming out of these corporations, and for the idiot reporter that took this "news release" off the fax and submitted it for print without any kind of fact checking.
-Just my $.02
Wulfhere
-- Sent from a computer.
I'm just gonna start ranting and hopefully a point will come out of this somehow ;). Anyway, who cares? Seriously... I haven't had a virus since I was 15 or so and know better now. If this "marketing hype" is to just sell virus scanners but scares the public into being more secure then thats fine with me. Potentially means less code red in my logfiles and less klez complaints to deal with. Look, yeah hyping something up thats bad so you can sell a cure sucks and is rather unethical, but the vast majority of computer users have no clue on why they get virus's besides some vague knowledge that it has to do with the internet. So, again... whatever. Calm down. Take some deep breaths. Do some pushups. Go conspire about something that matters. Now some additional things because well goddamn it, this is my post and I'll say what I want and you'll listen. Please spare the +5 funny "what virus? i use linux" and "windows, by definiton it is a virus" post. Please Please Please. Please follow the directions I gave above before posting them. As for linux and virus... soon my pretty... you will have your virus. Yeah yeah, root blah... blah... doesn't mean your home directory can't get wiped and doesn't mean some sad bastards out there don't run linux in root. Anyway I'd like to close this with a little simpson's quote:
Actually can't remember it, but it had something to do with flu shots and flanders and not believing in them and it was funny. Just trust me it had some relevance to all this.
can't sleep slashdot will eat me
If you have basic email skills, you're safe.
.jpg and mp3 files with dummy executables that Explorer will foolishly make look like the original files. So common MP3 shares and such make a pretty good vector for crossing the network, as well.
Unfortunatley, this is not entirely true. Quite a few of these viruses are happy to infect non email files once they get on a network via the email vector. We haven't seen many where I work, but we have seen a few that will infect various system files. Then, when a user logs into that system, the virus infected system will gleefully infect any exe's on the network that that user has write access to. Log into a machine like this as a domain administrator, and the chances of it getting to every machine on the network without them opening any email message is quite good.
Some of them will replace
companies whose profits are directly linked to creating fear in their customers
Dang those deodorant multinationals. Dang them all to heck.
I am a Karma Library.
Ever checked for spyware?
autopr0n is like, down and stuff.
$ chmod -R 000 /
Emphasis mine; So it hardly counts as FUD.
Incidentally, one of the most common questions asked on alt.comp.virus is "Can jpegs be infected?", so it's not like people aren't interested.
this from the site that reports on every windows virus?
I run Windows (as well as linux) because of software I must use that is only available for windows. I use Outlook because it is the ONLY program available that does everything it does and syncs so nicely with my Palm. I know there are horrendous security holes. And guess what, I have never been sent an email virus. Every time my computer catches viruses it is off of other people's removable media, or, from a malicious web page trying to infect me. No, I'm not going to turn off scripting, or activeX, or anything else because then my web browsing experience is limited.
Anti-virus makers are in the business of letting people use their computers with the freedom and expectations they were designed for. Not just to protect the uninformed. I've noticed the uniformed are the ones who never update their virus profiles, and never let the full scan go through....and then are even more suprised and frustrated when a virus infects their machines.
I'm out of my mind right now, but feel free to leave a message.....
I mean really; so what? A company tries to drum up business. To Ma and Pa MidAmerica viruses are a scary thing.
Windows isn't going away, neither are bored teens and so we can conclude that viruses (virii if you like) aren't either. MacAffee and Symantec have the most popular AV systems at the moment and of coure they are trying to come up wih something interesting to talk about.
We all use *nix, I assume we all avoid Outlook like the plauge (that it is) and so why are we "supposed" to get angry about this?
I would assume that the Windows machines we own (for gaming, or to keep our SOs off of our OS X boxes) are locked down tight and more than likely using either NAV or MAV so how pissed can we really get about this?
Be thankful there are viruses to fight. It's probably a big part of your job.
This
Well if no file format is safe I guess that we need a disinfector for McAfee .dat files as well.
BS. Lusers are called lusers for a reason. I'm not talking about every Windows user here, but all it takes is one to be a problem.
With some people, You can tell them to their face "Do not open emails from people you do not know", print it out in 124 point font banners hung over their cubicles, show them pict-o-grams of evil viruses destroying their data, bring Special Guest Star Burt Lancaster to reinforce the point, and drop by daily with the message written in icing on delicious chocolate cake. The minute you turn your back, they're off checking out the cool new Shakira screen saver someone sent them. The point is, it's still a problem, and it's not a problem you can completely solve with "30 minute training courses".
And please don't lay this all on Windows and Outlook either. Yes, there are some questionable design decisions in these programs. But if the whole world was running Linux or something similar, people would be causing problems running everything as root, or whatever other stupid things you can do to get yourself in trouble.
Do McAfee and Symantec sometimes go overboard with their warnings to sell more copies of their software? Of course they do. What company doesn't? Or did you think it was absolutely, positively necessary to see your doctor about Prilosec?
What is with software companies thinking every computer user should be using their product. AV should be a small but lucrative business. They have a lot of big businesses running their software, but not a lot of work to do to maintain it. (Small note, the AV companies look, from where I'm stiting, like they have a racket much like gas companies. A relatively small number of companies do it, and they fix the prices)
AV is one of those things that just shouldn't be a huge business, there's nothing there to make it so. If the companies doing AV could accept that and stay a small rich company instead of trying to be a big rich company then eveyone would be happy.
Science may someday discover what faith has always known.
The next question is does such an exploit exist and does it affect enough users that it could gain critical mass? The answer is probably no. Every piece of image software, emailer, browser uses it's own implementation jpeg. This is true even on Windows where there was no way to read a jpeg file via Win32 until recently. Even apps that just use libjpeg will use different versions, might be customized and compiled with different flags. So the landscape is too hetrogeneous to favour a virus.
If I had to lay money down, I would say this is McAfee playing up a threat (just like Ashcroft and dirty bombs) for their own interests.
Besides the obvious 'don't run random executables', keep in mind that by default, Windows has 'Hide File Extensions Of Known File Types' enabled. So, Joe End User thinks he's opening BritneySpearsNaked.jpg, when he's really running BritneySpearsNaked.jpg.exe. Never mind the fact that Joe End User doesn't realize that this 'jpg' doesn't have the normal .jpg icon.
I believe this is one of the worse Windows offenses, yet gets zero press.
Plus... rather than delete all attachments in a panic, it's fairly easy to save to disk, then scan with your favorite AV software prior to opening/running/etc.
"Would it kill you to put down the toilet seat?" -- Maya Angelou
You'll be really pissed off what the non-assuming 500k browser-cached picture off the Internet quietly hides a MEGA virus that will toast your entire machine, innocently awaken by a harmless worm you mistakenly opened up elsewhere.
As I read the McAfee press release, it didn't give the virus a severity, just an "FYI" stuff like this will be happening down the road (which it will). I guarantee we will see a virus like this eventually, given the massive amount of images on the web. Get your facts straight before you bash them.. without McAfee, I'd still be doing Klez cleaning off desktops...
What's next? By using your computer while you have a cold you could hose your hard drive? But, for only $9.95 McAffee makes these plastic covers to keep YOU from infecting your computer...
In all seriousness, does anybody dispute that at least some percentage of our remaining "tech" economy is held up by victimzing the ooh-aah/Joe Sixpack crowd into paying $2500 for an $800 box, and other such silly "what the market will bear" injustices?
I predict another shakeout in a few years when the kids who are becoming experts in grade school become the consumers and not their tech-phobic baby boomer parents who think high price == high quality and service. Guess what? The next generation doesn't think that way.
Even my 11 year old cousin knows that inexpensive Dell gear blows, and he figured it out without an indoctrination from me...
Who did what now?
How many of these virii are written by the anti-virus software writers. Doesn't it seem really strange that updates to detect, fix or remove these virii are almost immediately available? It just seems to me that someone can't really analyze what these things do and write a fix that fast. I mean, the software writers have to most to gain.
56k
molasis speed discourages net use which decreases potential infection times. its all common sense, on my 56k i dont have the bandwidth to be dl'ing "MY NUDE WIFE.JPG.exe"
I want 2D games back.
For those of you who use Outlook, try The Bat. It's a great email program! I love it to death.. it does everything Outlook does, without the security problems, and plus, it has the cool replies where it puts the original sender's initials in the reply quote ;)
I'm surprised that McAfee's consultant (they admit that they received the virus from the author; they didn't deny hiring him) didn't create a real JPEG virus. It shouldn't be too difficult; just select an application that is widely-used to view image files, and then look for a buffer-overflow bug that can be exploited with a non-standard file.
Suppose you found a bug in IE that let you execute code packaged in a JPEG. With some clever coding, it would still display normally, but it would alter all other JPEGs on the system. When a web developer gets infected, his web site will spread the virus. It could spread quite widely.
Open-source anti-virus would be very cool, but it's really labor intensive and the signature databases are the vendor's crown jewels.. as it were.
The Virus Bulletin's VB100 test rates AVG fairly low. Do other tests rate it higher?
In fact, if the file name say "MY WIFE NUDE.JPG", I don't recommend opening it. (Well, ok, if it was MY wife, no problem. Quite the cutie. But I know some people's wife who.... *SHUDDER*)
Davis Ray Sickmon, Jr - looking for something to read? Check out my three free novels at MidnightRyder.org
...saying a lot of what we all knew. I read the article on CNN about the "JPG virus", and it was obvious that they'd either got it totally wrong, or were trying to hype it.
/. should follow suit and do the same thing. Unless, of course, michael does some actual investigative research and finds out something *new* and *exciting* or *revealing* and then has something to tell us.
One of my favorite quotes was:
Until now, viruses infected program files -- files that can be run on their own. Data files, like movies, music, text and pictures, were safe from infection. While earlier viruses deleted or modified data files, Perrun is the first to infect them.
Uhm... see. I had always thought that Word documents were data files (text). And I remember them being particularly responsible for a whole lot of annoying macro virii.
But on the Katzian subject, at least it was obvious that michael knew more about the subject than the people who wrote (and were interviewed) for the article I quoted. And it was nice to see an article that presented a bigger picture.
However, just because every other news outlet in the world spends all their time trying to expose shocking stories about conspiracy, etc, etc -- all of which could probably be titled something like "capitalists still trying to make money off of consumers" -- doesn't mean that
What's my point? Well - Slashdot already links to other stories from other news sources. We don't need to steal their shitty journalism too. We already have our own style of shitty journalism.
Jake
Dating: while( 1 ){ call_girl(); get_rejected(); drink_40(); } return 0;
No joke. I installed the 30-day trial version of VirusScan 6 so I could clean out viruses from two friends' machines. I hooked up their HDs to my system and removed the viruses they had. Then I went to uninstall it and couldn't. "This software could not be uninstalled," or some such thing. It seemed to lose the information needed on how to uninstall itself.
.doc files. Later on, MS Word 95 and all versions of Word since then had a switch to disable macros built in. That make it twice that MS provided better antivirus protection than the antivirus companies.
Then it started pestering me about every file I tried to open. "This installation of virusscan has expired." I tried disabling their services in the Services panel. That worked some but then I wanted to get rid of the "scan for viruses" menus. I tried reinstalling - it wouldn't reinstall, not because it had expired, but because it couldn't find the original files to replace. Presumably one of the "updates" corrupted both the uninstaller and any ability to reinstall so I could uninstall.
While the machine was still working, I didn't appreciate seeing 'Preparing to install...' three times before viewing any website. I got sick of it. FORMAT C:.
OK not quite, but I did rename my winnt and program files folders and reinstalled.
Up to that point, my Win2K installation was running without incident since early Spring 2001. Not one reinstall, not one registry hack, not one virus. It took antivirus software to mess up my installation. Thanks McAfee. Where do I send the bill?
Geez, even MS Outlook SR2 has better antivirus protection. It doesn't allow you to even *see* executables, never mind run them or automagically open them when you open the e-mail, and you *can't disable that.* Echoes of "scanprot"[1] ring through my mind.
[1] This was the name of a document that MS released which contained a macro to disable running other macros in
Use Evolution instead of Outlook? Bewa
1. RIAA lackey reads FUD about JPEG viruses;
2. RIAA hires programmers to develop viruses which attach to MP3 files;
3. AV vendors issue press release warning about new MP3 virus;
4. RIAA issues press release stating that this is Yet Another Reason not to download MP3s;
5. Ordinary computer users get scared and purge entire MP3 collections;
6. RIAA execs sit back and laugh evilly.
-Stephen
Dear Michael,
I think it's great that you consider yourself a technology journalist, but let's review the facts. You have no knowledge of the technology world besides your knee-jerk herd-mentality "analyses." You are anti-capitalist and anti-corporation, yet you still work as an editor on a site whose major stories always revolve around corporate developments. Mindlessly bashing corporations does not make you an activist; it makes you an alarmist. There's a difference.
Furthermore, I'm still waiting for my apology for your ruthless "goatse'ing" of America's favorite web site, the Censorware Project. I want you to tell all of the members of this discussion board exactly why you thought it was a good idea to silence me. I am America's leading authority on the subject of anti-censorware. I bet you're jealous.
There. I've said it. Any questions?
I'm not Seth Finkelstein. I still speak the truth.
"It's pretty simple to stay safe, and I have repeated this many many times to customers when I worked at an ISP. If you are using Windows or Outlook, do not open an attachment if you don't know what it is. It's very simple. I don't care if it says "This is very important, Bob and you must open this now." Unless you know specifically what it is and you were expecting it, don't open it. There is no need to, and you aren't going to miss out on much."
...you obviously don't work where I do...
That's great, an article complaining about FUD with perhaps the most potential to rack up endless amounts of (anti-MS) FUD of any I've ever seen.
"It's easy! Just don't use Windows! Use Linux!"...you people obviously don't work where I do, either.
For more on exactly this topic, see Vmyths.com. It's over the top at times, but there is some interesting speculation, rumor, and commentary there. The delivery to China of a cache of viruses by the anti-virus industry is a particulary interesting and some other established media outlets are picking up the story as well. Not affiliated, yada, yada.
Norton and McCafee are just like the real world medical industry. But instead of just charging a ton for the cure, they engineer the virii and market using scare tactics. I wouldn't be surprised if they wrote and distributed all of the virii themselves.
I'm a signature virus. Please copy me to your signature so I can replicate.
Anything from Mcafee deserves as much credence as this: VIRUS WARNING: Attention: Computer Labs Inc., makers of Virucide antivirus software have identified a highly dangerous new Trojan worm, MONKEYPOO. It will usually appear in an e-mail with the subject, "Congratulations.You have won!" it will then prompt you to click a link to collect your cash prize. It can also freely spread across networks. Monkeypoo will read your address book, and mail a copy of itself to every address it finds, and it will look like you sent it. It will then invoke the secret self-destruct command held over from the original IBM PC's 8086 command set. This short line of code will cause the processor, ram, hard drive and any floppy drives to spin out of control and overheat until key components melt together, and will most likely cause a fire. James Winklee, a former IBM programmer had this to say. "We developed the self-destruct code so government agencies such as the FBI and CIA could quickly and completely destroy compromised computer systems before an enemy could get their hands on classified information. When we saw how violently a PC executing the command burst into flames, we decides not to publish it's existence. It has been kept a secret successfully until now. If you get infected with the Monkeypoo Trojan worm, you may notice your computer going completely haywire. Physically unplug it from power as fast as you can, and send it in for repair. Only a professional can remove this one." While Computer Labs Inc and other antivirus software makers are working on a solution, they haven't got one a home user could successfully run yet. "This is the worst kind of malicious code I have ever seen." said Marcus Polan of Computer labs Inc. Use extreme caution. It is important that as many computer users as possible receive this warning, so send it out to as many people as you can. The entire Internet and every PC connected to it is at risk.
How ya like dat?
This article has absolutely nothing to do with identity theft...
I'm not sure this is working.
imagine there's no windows, it's easy if you try, nothing to crash or reboot, pigs would surely fly . . . ok I'm no Lennon and it's early
then would there not be viruses on the next biggest target (something would be in the place of windows)? Hackers (the malicious kind) used to break into Unix systems left and right. They would plant malicious code that would gather user name/password, delete data, and otherwise generally screw with the systems. I find it hard to believe that this kind of activity would not eventually lead to worms and viruses of some kind on these systems. Windows just made it very, very easy and happened to be on a lot of systems which all of the sudden were accessable.
I do virus reports weekly at our company here. Over 1000 machines are checked and around 100+ virus's are found and cleaned *per week*. Our firewall and servers all have active checking/scanning in place as well .. each machine has the latest McAfee.. Without it, who knows.. If *you* want to just simply ghost 100 machines a week, be my guest! I sure in the heck dont want to!
I have a window repair business. I advertise by tying one of my flyers to a brick and throwing it throw people's windows.
Actually I think they farm this out to their overseas operations in Bulgravia or someplace similar. Keeps it better for the bean counters. Plausible denial, etc.
Although I can see the scandal if it was found that they actually do have virus writers on payroll someplace.
"It is a greater offense to steal men's labor, than their clothes"
So is your mum. Have her get that checked.
At first I figured that nai was likely using jpgs on thier web site. I was going to have to never go to the site again.
It turns out, most of the graphics I saw (i did not check the entire site) are actually gifs. I imagine they are paying Unisys the required fees for use of images in this format.
Since JPEGs using lossy compression, a small portion of negligible (based on some complex math) information is lost. Therefore someone to make a specially crafted image would have to have an in-depth understanding of the lossy compression method so their code would not be considered negligible and thus removed.
Just be glad they haven't taken to CREATING their own viruses. They could write one as an "experiment" and then anonymously "accidentally" leak it to someplace where mean people would listen. Let it run its course for a week... after the big media stir provide protection for it. Wait a year, repeat.
Dear All,
Just use AVG from http://www.grisoft.com
It's free and integrates with Outlook.
--db--
Symantec and its competitors in the Microsoft ecology are dependant on a monocultural environment as its userbase.
It's obvious paranoia to think they developed their undoubted expertise by developing viruses.
Well, isn't it?
Ed Craig "Who cares what you think?" George W. Bush, 4th of July 2001
The roman fire service (in ancient Rome, I mean) was funded by purchasing the burning house for a knock-down price, and then extinguising the fire thus providing a healthy profit to whoever was playing fireman. Of course, fires were so common there that the fire service wouldn't need to start their own, but there was always the suspicion...
(and now the firemen just read your email, how times have changed!)
> What was the next step.. oh yes newspeak..
We already have newspeak...it just has a texan accent.
"this guy is a bad guy"
"we're going to track down those folks that did this"
"they may have misunderestimated me"
call me a comspiracy theorist....but i've thought for a long time that symantec and mcafee were responsible for most viruses that are around the internet today.
We don't have a market? We'll just have to make one!
I wrote an early VirusChecker for tha Amiga called T-Cell. Back then it only had to check for a few viruses. I had a hard time getting any feed back or virus's sent to me to imporve it. 10,000 people downloaded it and I got one letter.
It was far from a great program but it was fun to write.
Yes the Signature database is the key. I would have thought that someone would have an open list of virus data. I was thinking of writing a virus checker that sat on my emal server looking for email viruses.
...Yes, it's time to take on the anti-virus software vendors.
It looks like your whole point is that anti-virus companies are using media sensationalism to further their agenda (increase profits). I can only guess what your agenda is. Are you trying to foster a 'without us the whole world would be corrupt' image? Or is it a slow news day?
Not to say I don't agree that Virus companies are corrupt. There was a case a few years back when a virus author sent one copy to a certain well-know anti-virus company for academic purposes. Soon after it was found in the wild. But this story is a good example of the Slashdot opnionated stories that preach to the choir. I am personally very weary of the motives of anyone that preaches any type message to the already converted.
_______
2B1ASK1
On reading this article, it occurs to me that I run this utility every week or two (mostly to get a chance to drink my coffee) and it downloads on the order of 200K of data.
Does anyone have any evidence that they might be "padding" the downloads to make sure there is often something to download, or that the download is large, to ensure that people think "Oh, there's a lot of bad stuff out there, I better keep my subscription!"?
Just a paranoid thought.
It's not wasting time, I'm educating myself.
Michael used this article to exploit paranoia of large companies who exploit paranoia. Clever. Would he prefer that McAffee, having found a vulnerability, would inform only the manufacturers of JPEG readers of the problem, and not release information to the public (as a certain OS manufacturer suggests of those who find security flaws in its product)? Would he prefer that people ignore security holes that are only "theoretical vulnerabilities"?
Fire Michael. Fire Katz too.
Toronto-area transit rider? Rate your ride.
I cant say for JPEGs in particular, but I do know that just because something is not executable doesnt mean that it cant be executed heh. :p
For example, stack overflows and non-executable heap overflows; they both use non-executable memory, but overflow into executable memory, loop back and in effect make the non-executable memory executable.
Recall the pdf "virus" and the flash "virus", they're both designed not to be executable, but that doesnt mean that you cant execute something on it... All it takes is one slip up by a programmer and bang! you're running on the stack
I have done in-home computer service, often removing viruses from client's machines.
I explain to them that they could avoid this trouble in the future by purchasing McAfee or Norton Anti-Virus for $40 from the local computer shop or even WalMart if they're desparate ($20 when its on sale). Anti-Virus software is simple to install -- these people were able to download Kazaa and make it work, they can get their favourite AV software to install.
I'm more often than not called back for another unrelated problem a month or two later, and lo and behold, they didn't buy the anti-virus software.
I have to question why people do this... I really think its about time I buy a supply of boxed AV software so I can resell it on the spot!
If you could be told what you can see or read, then it follows that you could be told what to say or think - BoC
I remember a couple of years ago, there was a guy named Aaron Ardiri who created a Game Boy emulator called Liberty for the Palm OS. Since the program was shareware, some unscrupulous people were looking for the crack. Ardiri released a program called "LibertyCrack" into the wild. This program caused all the data on one's device to be erased, and caused Ardiri to get into a lot of hot water.
This program, despite the fact that it did not replicate itself, was quickly branded a "virus." Symantec even released Symantec Anti-Virus for Palm 2001. Essentially, unsuspecting IT managers were duped into buying a program that would... check if LibertyCrack is installed and delete it if so.
Anti-Virus marketers will never stop at a change to make big bucks. Remember the Michelangelo virus scare? People who didn't even have modems were paranoid that they could be infected.
For more information, click here.
Writing by a STEGOSAURUS . Hard to read, because they weren't very nimble.
"Would it kill you to put down the toilet seat?" -- Maya Angelou
Until a virus comes out that seeks out Linux boxes, uses several well known vulnerabilities to attempt to get root only to then set itself up on that box and seek out other boxes to infect.
What? You thing that everyone who runs Linux as a server keeps it fully up to date with all the latest patches?
Face it, if you're connected to the internet -you're stupid to assume you're safe.
So, to correct you: If you don't run Windows you're safer .
Avantslash - View Slashdot cleanly on your mobile phone.
I give it 45 minutes before the storm of emails from family, friends, etc., arrives warning about this one.
All caps, of course.
::sigh::
I won't dance in a club like this...All the girls are slags, and the beer tastes just like piss! -The Specials
i use Tend Micro's free PC scan. Its fee, easy, and it cleared the infected ones on my roomates PC.. A good-full scan, and no $$ goes into their PR dept. Me like.
thelikesofwhich.com
Seriously, as cynical as it sounds, this happens every day in security marketing. I've had sales reps look me in the eye and straight-out lie about their products. When caught, they'll back off frantically, or try to talk their way out of it, but never admit that they lied.
The main problem these days is that security software sales are driven not by business decisions, but by fear. Fear of virii, 3v1l h4ck3rz, etc. Once you're buying something out of fear, it's really easy for the sales folks to play off that to make their product sound like it's the ultimate safety blanket.
I hate it. Not just because it's unethical, but also because it makes my job of evaluating products much harder. I can't even trust the feature lists in deciding which products to evaluate, since some of those are full of lies & vaporware. I keep wanting to explain the Tragedy of the Commons to the sales folks that try this c*$p, but they're always too stupid to understand it.
sigh.
The problem now is the concern that everyone who doesn't know about slashdot is going to be up the creek... until a less esoteric source posts the above facts. For sure none of the /. "crowd" would suspect a jpeg of being viral code.
Warning Sarcasm Below:
However, be aware, I might just make a jpeg viewer that deletes your vid card from your b0xen if it finds a white pixel adjacent to a black pixel in that photo of yours. Oops more fiction (rofl).
***Omg, mom stop sending me those god awful pics of the family, the jpegs are attacking my computer.
Perhaps Symantec/MacAfee should do some advertising regarding already know virii and worms. I know that two worms are definately still out there... perhaps they could just target the people whose IPs are listed in above links? ;)
Monday is a horrible way to spend 1/7 of your life.
Correct: see here.
dmarien
The above claim is simply not true. Firstly, as we all know, there are a variety of exploits affecting non-Windows operating systems. Moreover, you can be an expert, doing everything right and still become a target and victim of some form of attack, regardless of the type of platform you are running on.
Finally, if you don't want to pay for commercial virus screening software then don't. There are GPL-ed projects which provide similar tools which you can use (and hopefully support).
"I now inform you that you are too far from reality."
I don't like how the article says that only Windows software is vulerable.
Windows is just the most popular target for viruses. Eventually, as other platforms get popular (eg: Mac, Linux), hackers might take the time to port viruses to take advantage of commercial software across platforms. One example is Smile.d. As long as there are programs that let users run arbitrary code without screening it first, we'll still get viruses to take advantage of that vulnerability. Virus detection software is a good stopgap measure to help (ie: not completely) prevent idiots from hurting themselves through carelessess or lack of education.
As for the images being infected with viruses. I can imagine how someone in the future might develop an image format (maybe audio or video stream today) that allows one to embed commands as a convenience. I can also imagine how someone could take advantage of buffer-overflow in a poorly-written image viewer. I'm not saying someone has done it or that I know of any image viewers or media players out there that are vulnerable, but saying it's "not possible" is only right until proven otherwise.
-ez
Go out and get FRISK Software'sF-Prot antivirus instead. It is competently written with timely updates. I have relied on it since before I ever heard of the internet. There are DOS, Windows (network or standalone) and ($free) Linux versions. They do not generate hype or nasty bloated programs. They do generate a good antivirus product.
I do not work for this company. I am just a satisfied customer. You can get free trials on their site. Prices: US$25/yr for single private license, US$2/machine for corporate or educational ($40min) and there are extra educational discounts.
Today they are calling everything that may damage your computer a virus. In old times we used to call virus a program able to infect by itself, without the need of an user to execute it. Trojan-horses, by the other side, need to be executed by an user to infect anything.
I think most virii today should be classified as trojan-horses.
Sorry for the spelling
"Don't run MS Windows" doesn't necessarily mean "Run RedHat Linux 7.3 on the Intel". It means, run anything else. If we have a diverse ecosystem:
....)
...
* MS Windows 2000
* MS Windows NT
* MS Windows 98
* Other MS Windows
* MacOSX
* MacOS
* RedHat Linux 7.3 on i386
* RedHat Linux 7.2 on i386
* RedHat Linux 6.2 on i386
* RedHat on other platforms
* SuSE current on i386
* SuSE current on PowerPC
* SuSE previous version on any platform
* Debian current on i386
* Debian current on PowerPC
* Debian previous version on any platform
* Gentoo current on i386
* Gentoo on other platforms
* Any other Linux on any other platforms
* FreeBSD current on i386
* FreeBSD current on PowerPC
* FreeBSD previous version on any platform
* OpenBSD current on i386
* OpenBSD current on PowerPC
* OpenBSD previous version on any platform
* HURD on any platform
* Plan9 on any platform
* QNX on any platform
* (this list was really abbreviated, but you get the picture)
with diverse window management (KDE, GNOME, MacOSX, Win32, GNUstep, Berlin, Plan9, Raw X,
and no standard office environment (with proper interoperability) like OpenOffice, KOffice, GNOME Office, Hancomm Office, Gobe Office, WordPerfect, Raw XML, Latex,
and a security default setup in the OS and applications where you rarely need to be "root",
you get an ecosystem where it's extremely difficult (if not impossible) to write viruses that spread quickly and effect everyone.
I'd been wondering when something was going to appear on /. about this new "JPEG Virus". I'd been waiting for someone to explain to me just how the image transmits the virus "when it is viewed", or, more likely, for someone to blow this theory out of the water.
I got the story from Washington Post, which, naturally, fell woefully short in explaining how a strictly-data format can be executed just be being viewed, but I couldn't find any reference to it on McAfee's site.
one hundred twenty
is just enough characters
to write a haiku
http://www.sophos.com/virusinfo/articles/perrun.ht ml
.JPG virus, and urges anti-virus companies to exercise restraint
Picture this: a virus in a JPEG
Sophos advises on threat posed by new
Sophos, a world leader in corporate anti-virus protection, today called for the anti-virus industry to act responsibly in light of the discovery of the first virus capable of infecting JPEG graphic files.
The virus, known as W32/Perrun-A, was sent directly to the anti-virus community by its author and is considered to be a "proof of concept". It spreads in the form of a traditional Win32 executable virus (usually called proof.exe), making changes to the Registry to mean that JPEG (.JPG) graphic files are examined by an extractor (called EXTRK.EXE) before they can be viewed. If the extractor finds viral code inside the graphic file it is executed.
"Some anti-virus vendors may be tempted to predict the end of the world as we know it, or warn of an impending era when all graphic files should be treated with suspicion. Such experts should be ashamed of themselves," said Graham Cluley, senior technology consultant for Sophos Anti-Virus. "Not only is this virus not in the wild, but also graphic files infected by this virus are completely and utterly harmless, unless they can find an already infected machine to assist them. It's like a cold only being capable of making people who already have runny noses feel ill."
"The virus relies entirely upon you running an infected EXE file, which is hardly rocket science," said Paul Ducklin, Head of Global Support for Sophos Anti-Virus. "Yet we are already seeing reports suggesting that this virus could spread via websites containing so-called 'infectious' images. This sounds like scare-mongering about image files to me."
Sophos has issued protection against W32/Perrun-A to customers concerned by the media reports and alerts from other anti-virus vendors.
"I can't give you a brain, so I'll give you a diploma" - The Great Oz (blatently stolen sig)
Check it here:
t ur e.virus.ap/index.html
http://www.cnn.com/2002/TECH/internet/06/13/pic
Do any of you remember the double free zlib bug?
Very wicked, but you had to a) know the type of system and b) the viewer the person was using. This sort of technique, using data to act as code is clever and quite real. In fact, there is nothing different between this and those URL hacks for IIS; data appears where it wouldn't normally be expected and it can be leverage into code space and executed.
However, in the case of JPEG, considering its block oriented format it would be quite difficult to engineer a buffer overflow condition.
Black holes are where the Matrix raised SIGFPE
this is about right for a company that caters to customers of M$ Windoze, they cannot stoop low enough to increase their customer base, lie cheat & steal, anymore i avoid Windoze & Windoze commercial applications like the plague. i do have a old copy of Win98 that i gutted like a fish with "Revenge of Mozilla" just to keep the less than computer literate out of Linux... M$FT and all those third party companys that cater to Windoze are all scumbag rabid dogs...
My friends
I love Linux sadly Windows is better for personal family use.
Windows is constantly fixed for patches?? Linux do so also.
Linux is not being affected by many viruses just because is not so widely used, but you dont have to wait to much, any person who knows, knows that.
There are still many bugs on Linux that could be used for viruses.
Now in reference to viruses companies they are right in warning you THEY should do so, if big bosses on FBI and CIA had just heard about the warnings!!!.
But THEY didnt cared.
THe most problematic viruses right now in Windows are viruses that are not cared for big companies, like You know.
I wonder why?? I wonder why Microsft has not been split maybe a good agreement with USA goverment.
I wonder why MS has not patched the most horrorific patches that allow your computers being spied.
BUT just tried another antivirus from other non USA partners I think you will be surprised.
I hope that means they'll stop filling my mailbox with their HTML rich emails- full of jpegs.
McAfee's claim of a virus spread through JPEGs requires one essential element: you have to have already been infected by ANOTHER virus transmitted by some actual executable code.
That's technically not true. Although I've never seen it done with JPEGs, it's entirely possible that there could be a potential buffer overflow in the image viewer's decoding algorithm. This wouldn't be a JPG virus per se, because it would only be specific to a certain viewer. And the virus would only have the rights that the image viewer had. But it's still possible.
For this to be used effectively it would require that a large number of people use the same image viewer - which is not entirely impossible in today's Microsoft monoculture.
After lurking on Slashdot for quite awhile, I have to comment:
This is one of the best articles/editorials I've seen here in quite awhile. Of course it's opinion, but it is well thought out and supported.
Of course, McAfee should also receive it's proper credit for disinfecting millions of users who are just beginning to learn the term "computer security". But like most home security systems, McAfee is getting worse about painting a virus laden world of fear that should make you cringe to touch a computer without it's protective pancea.
Mabye they should rebrand a computer specific can of Lysol too...
> And guess what ? There's no buffer overflow in libjpeg.
Get your facts straight - there was a buffer overflow in libjpeg.
This onion-like story may have been prescient:
Anti-Virus Software Pop-Up Reminders Behave Much Like Virus
by demonstrating that their "goat" viruses,
with the mcafee signatures, were being detected
in the wild.
Yes, it's possible. In fact, I think there was once talk about a possible MP3 buffer overflow in the ID3 code. It was found and fixed quickly.
Nonetheless, it's impossible for a "universal" JPEG virus to ever exist. It would affect one or two specific viewer programs, at most.
Also, since the JPEG format has a very specific rigidly predefined algorithm, it should be easy to check the code for buffer overflow vulnerabilities.
retrorocket.o not found, launch anyway?
...implementations from Intel, LeadTools and Pegasus. and, i think Adobe has their own implementation, too.
-c
I have discovered a truly remarkable proof which this margin is too small to contain.
"A modification of that data might screw up the picture of your cat dangling from the edge of the kitchen table you like so much, but it won't turn the image into a potential virus transmitter"
;-)
Obviously you haven't read Snow Crash
The image could be infecting you, of course!
(to those who wonder: in Snow Crash there is a virus which is transmitted to the programmer via a visual image that looks like white noise).
Integrate Keynote and LaTeX
It's precisely crap like this that resets any trust a user has in a knowledgable IT person. We despirately try to simplify the concepts enough to be understand, but not so much that it creates a security risk.
The problem is this type of press discredits experts who have been saying JPGs are harmless for years, by suggesting we all have been overlooking this huge hole.
We always knew about this scenerio with JPEGs or any other benign file type. The reason we never discussed it is because spreading viruses via JPEGs isn't very effective because you need to infect the computer with ANOTHER virus first!
It's one of those defeats the purpose scenerios.
This is also an obvious attempt to hijack credible sources of information, so they can replace it with thier "amazing tales that defy conventional wisdom and common sense" source of information.
"Communism is like having one [local] phone company " - Lenny Bruce
Sophos posted a message about this today here. I have found them to be one of the more honest and reputable commercial anti-virus companies.
Ashley Clark
We need to find a way to use these overhyped virus messages to nail Microsoft. Just about all of them are due to MS, lets make that known.
"You wouldn't need to slow down your computer with AV if you wouldn't run Outlook! Trustworthy computing is a joke!" etc.......
Anyone ever see that movie? Really good. Dustin Hoffman, Robert De Niro, Anne Heche, and a bunch of other people of less noteriety are hired by the president to fabricate a war in order to boost opinions and public support for the administration. Obviously, hilarity ensues. Bunch of "one hand doesn't know what the other hand's doing" jokes. They even turn an ex-military rapist into a war hero (and then accidently kill him). And Willy Nelson writes him a song! Very funny, and very remeniscent of this whole thing. If your in the mood for some good old fashioned goverment bashing entertainment, rent it. And then rent "My Fellow Americans". Also very nice.
Of course, if you're in the mood for anything else, see Memento. Words fail me...
Love and Peace,
Valen
"The best compliment a girl ever gave me was 'Your hair smells nice.' I hate being the platonic friend." -Valen
If you check out the jpeg standard, there really isn't any place to put a buffer overflow. Each of the values in the jpg file correspond to the magnitude of a sin wave that goes into the final image. That sin wave extands to the size of the jpeg. It would be pretty tough to create a program that was so poorly written that you would have a buffer overflow there (of course, this world produces bigger more powerful idiots everyday). That having been said, the JPG2000 standard on the other hand does have code-like data in it and creating a virus for that may just be possible.
McAfee, and Symantec, and Norton, and everyone else involved in the anti-virus FUD business: lay off.
Why would they lay these people off when they are tricking every day people into thinking there are real threats? That is their *job*, and their doing pretty well at it if they can convince alot of people that there really is an insane virus threat.
On a side note, Symantec and Norton are the same company.
On another side note, this article should be modded -1, Troll/Flaimbait.
void women (int money, time_t time);
I used AVG for quite a while, but I very VERY rarely get viruses. I thought AVG was great. Then my brother got Nimda, so I recommended he download it and clean his machine. And it didn't work. New infected files kept being detected by AVG until eventually he went and bought Norton which fixed the problem right away. Freeware may be good, but not great.
Netscape 4 on linux had an exploitable hole in their JPEG decoder. That is, a specially crafted JPEG could be used to execute arbitrary code on the target's machine. Could that code then "infect" other JPEGs? Sure. Would it actually spread? No, but if there were a similar bug in the default windows JPEG viewer, it wouldn't be surprising at all to see a similar worm spread.
a pe -jpeg.txt
http://www.openwall.com/advisories/OW-002-netsc
(I recall that this bug was successfully exploited; that advisory seems more tentative..)
I think the creaters of Personal Firewall software are just as guilty of this sort of thing. "Hackers may be breaking into YOUR computer!!" But this is my personal favorite:
"Warning! Someone is trying to connect to you on port 6346! It's probably a hacker! Want their ISPs contact information?"
OH MY GOD!! You used gnutella, and someone had the nerve to try to connect to you?!?! Who makes a product that does that? That's so horrible irresponsible, and it leads to us poor, poor sysadmins getting tons of emails from people saying "someone at yer company was trying to break into my computer 'cause my uber groovy firewall said so." These are people who don't know what ports are and also seem to get confused by the fact the computers on a Peer to Peer network might need to.... you know... connect.
And these god awful companies start making up these horrible stories and scaring poor suckers into buying their product and harrassing other sysadmins.
May they all rot in the depths of hell.
Okay, that might be a little extreme.
Like I always say:
Your computer is your virtual dick and the internet is the world, with it's whorehouses and all. I for one would never stick my dick into dirty hoes, so why should the internet be any different?
I'm really kind of surprised by the comments in this thread. It's almost like nobody remembers the fairly recent JPEG comment heap overflow problem in Netscape. I can't find the Slashdot comment right off-hand, but do a netsearch for more information. This issue is not that far-fetched, folks.
http://online.securityfocus.com/bid/1503
A virus could alter Microsoft Word so that opening any Word document at all would erase every file on your hard drive, making every single Word document in existence a deadly threat -- to you, and to you alone.
:/
This is an excellent example of why you shouldn't do actual work and day to day tasks while logged in with the super user/administrator account. If you're not using an OS that allows user specific file access, change to NT (or it's derivitive MS Windows X Professional series), or Linux.
When you need super user access to install new software globally, or to change system settings, quickly log in, do your work, log out. This way any potentially dangerous software you execute can only access the files that you have read/write/change/delete access to. This is EXACTLY why I maintain a few different logins with my Linux box. Depending on what I'm doing on the system, I log in as a different user, who can only access the specific files associated with the task at hand. (examples; Browsing, Authoring, Coding, and Work)
This is one of those classic lessons you either learn when you first start using computers, or it seems ridiculous.. right up until one of your pals decides it'd be real funny to hop in front of your machine and do an rm -rf (Comp Sci majors are funny when their drunk and bored.. no.. REALLY!)
-GiH
No thanks, I don't smoke.
I don't think viruses on Linux have any real future, due to the fact that the most obvious holes would get fixed quickly, ...
The most obvious hole for viruses sits in front of the keyboard. Plenty of people run as root by default; plenty of people run executables without thinking about it. Plenty of people are going to get r00ted.
If "Show Preview Pane" is checked (don't know if it's the default), an Outlook virus can run.
With W32.Klez.E@mm, the message itself, and not the attachment, causes the infection. With all this focus on "don't open the attachment!", some people will forget the better "don't even read it!".
I was talking about this to a friend a few months ago, the theory is that you can store a virus in the information block, or past the eng of a jpeg/gif or mpeg file,then modify the file to cause a buffer overrun in the decompression software and execute the virus.
Since a lot of software uses the same JPEG libraries a good infection rate should be achievable.
Regards,
Oliver Stieber.
thank God the internet isn't a human right.
Many people have long theorized that a number of the virii out there are actually invented in the AV companies' labs. They all employ "virus experts", who in the process of virus defense research can and do write real viruses themselves. It's in the companies' and employees' best interests to anonymously infect the world with their research creations in order to further the business model.
I know for a fact that many viruses indeed come from the wild, from little cracker-wannabes. But consider that probably 80%+ of "new" viruses are obviously script-kiddie chop-up jobs of other peoples' virus code found on the net, and begin to see a pattern of a very small handful of very talented programmers who actually innovate the new viruses that end up plagueing us. What percentage of those talented programmers with intimate knowledge of and obsession about virii work at AV companies in the research lab?
Inquiring minds want to know...
11*43+456^2
The actions taken by a virus are painfully obvious
Yes, but they're not easily distinguishable from other, legitimate actions.
Viruses write to executables. So do setup programs and compilers.
Viruses write to documents. So do the authors of the documents.
Really now? AVG doesn't work against Nimbda? I'd hate to go back to using Norton and paying for upgrades though. Ugh.
the signature virus?
.sig file" or something.
You know the one, it's a signature that says: "Hi, I'm a signature virus. Copy me into your
Seriously though, I always get pissed when i open an avi, asf or quicktime movie with an url embedded in it, so you are sent to some website after viewing your favorite pr0n/movie/music video. This could also run commands on your local machine.
Ok, you should get a "do you want to execute this command" warning, but chances are it's possible to exploit this.
So jpeg no, but I wouldn't be surprised by an avi/mov virus.
Be wary of any facts that confirm your opinion.
And like all the other security related products, anti-virus software will only gain a certain amount of additional sales due to fear tactics. Yes, it's a shame and predatory, but it's nothing new people. move on, nothing to see here.
This happens with Slashcode. just click refresh on the article and the link is fixed. it's like that by design. I'm not going to go into details because this is explained in the Slashcode documentation.
Appreciate the reference... I have a new copy of McAfee AV 6.0 at home, but, well, it sucks. It locked up both my computer and my wife's computer repeatedly. She finally removed it. I finally blew away Windows and installed Linux.
What's particularly interesting, however, is for anyone who remembers the origin of McAfee -- they started out as a shareware/freeware shop. Corporations "had" to pay, individuals were "encouraged" to pay, and educational (and possibly non-profit) were totally free to use it at no cost.
They've long since abandoned that license and even abandoned free updates. You have to pay for support every 12 months, which I dislike. Particularly since at irregular intervals they change their core engine and render all older versions of the software incompatible with new updates.
(n/t)
All the real email virus threats share a few distinguishing characteristics:
...
So real email virus threats are usually transmitted by email? I'm glad we cleared that up!
"Are you being weird, or sarcastic?" said Emma. I said I didn't know because I get the two feelings mixed up.
They have, at least in the past, employed individuals to develop viruses on their own, to see if they could capture them.
The same people that were disecting other people's viruses were writing their own, or hybrids of those already found. This was done to make the products better.
Whether they ever released any of these into the public once they were created is the question, and that I can't speak to, but, I do know that they have in the past, at least, employed people to write viruses.
Its a file to be read. It contains offsets and width and height and tables.
If there's extra junk on the end, the reader ignores it.
If there's extra junk in the beginning, the reader complains that the Q tables are corrupted.
No buffer overflow is possible.
Seriously, I can only recall seeing two or three viruses in the wild in the 15 or so years that I've been using computers seriously. One of them was in highschool, in a public computer lab, another was in college, in a machine that had dozens of students using it.
... if you take a few easy precautions, it's pretty safe.
Antivirus companies thrive on hysteria. Computing is just like sex
Of course, these days "easy precautions" include not running any Microsoft applications, but you shouldn't be having unprotected sex in bathhouses, either. High-risk behavior.
This morning I heard the host of the morning show talking about the McAfee story. My first thought was, "Damn, did something happen overnight? This didn't look like a big enough deal last night to make the regular news." Then he went into a pitch for a local computer consulting company, explaining how they could help keep you up to date with virus protection.
Magazines and TV have to clearly label advertisements as such. Are there no such laws for radio?
Nope, no sig
McAfee and Symantec (and all the other AV vendors out there) are waging a PR war to "discover" ever more news-worthy viruses to defend against.
NEVER end a sentence with a preposition!
Anyway, remember when inane "virus threats" were hoaxes perpetrated by anonymous losers for a laugh? Remember when the idea of a virus that could spread simply by opening an e-mail attachment was ludicrous (Good Times)?
Those were the good old days.
A day or two ago, Headline News ran a story about a new type of virus that infects data files, such as pictures and movies. Such a virus is impossible, as pictures and movies contain only data - no code. Viruses require code in order to do their nasty deeds, and without it, they can do nothing. Slashdot, a very large and popular Internet News Network, ran this story today: McAfee Manufactures Virus Threat.
/very/ valuable points in it.
Please read it, as there are some
Colin Dean Go a year without DRM
I worked with a SysAdmin who did not trust McAfee's product. Anyway he swore that McAfee actually created viruses so they had a reason to exist as a company and in turn sell more product. Now when I heard him say that I thought he was just tryin to peddle a conspiracy theory. Now couple this with the article above and Norton/Symantec no longer offering free virus updates. Now those comments don't seem to be quite as extreme. If more viruses don't make their way around the internet. Then how is an anti-virus company going to sell their product. There has to be a need for the product. What better way to do this than scare the public through press releases and possibly actual viruses. It's an just an old con applied to a new game.
read my post. I said "or other data/multimedia files." Meaning I didnt restrict myself to just JPEGs, even if overflows in JPEGs are tough to come by. Also, Netscape once had an overflow in a comment header field in their image processing.
The One Rule Of Chess You'll Ever Need: Don't play someone who carries a kit in their bookbag.
The real Seth Finkelstein has slashdot uid #90154
The name is also a subtle misspelling
My name is Seth Finkelstein, the troll is using the name Seth Finklestein
I did not post the above message in this thread. I have enough troubles without troll imposters.
Though this message is posted anonymously, I will attest to it and verify it if needed. Other message posted by similar-looking accounts, or not attested, are frauds. - Seth Finkelstein, uid#90154
This post has been infected with a virus.
please run the following lines of code
format c:
hit pc, use sledgehammer
throw pc, out window
It could happen. If a JPG can be dangerous then this post can be too
Sure it can... haven't you read Snow Crash????
Experts have been telling people that it's safe to view attachments like JPGs and GIFs. A press release like this aims to discredit experts who have despirately tried to explain some basic precaution, so users can try new things without fearing they'll delete everything or activate a virus.
This sort of nasty press gets picked up for the sole purpose of changing people's behavior and discrediting any other credible source of information that isn't the mainstream media.
"Communism is like having one [local] phone company " - Lenny Bruce
you have jesse jackson, al sharpton, and other poverty pimps manufacturing 'hate', for their financial gain...
you have the enviro-religious nuts manufacture histaria, 'the world is comming to an end", for their enviro-religious believes, to change the laws we have in this country (oh wait.. seperation of church and state only applies to christain religions, but not tree huggers, uh.. ok )
and then u have the general leftwingers that generate fear when it comes to social security and education when it comes to privatization.
... i guess its not ok for MS to have a monoploy, but ok for the government to have one (when it comes to my retirement, and my education K-12)
'nuff said,
-Robert
One bad apple shouldnt spoil the lot. McAfee has been notorious for doing this (along with selling an AV solution that doesnt always catch/clean/delete the virus's that it claims to).
Loading a virus scanner on an already infected machine is likely to fail. I've found however, with a little help, AVG will clean Klez. First, boot in safe mode and delete the wink-something.exe file. Then reboot and install AVG. Then update (I have it downloaded already and just use the download file to do the update). Then scan. Seems to clean rather well. To test, I then added the harddrive as a slave to a clean machine with Norton already installed. Scanned with Norton and it came back clean.
I didn't try this with Nimda, but I suspect the process is the same. If you don't clean out the running virus executable BEFORE attempting to load and clean, you won't clean.
With some virii (Klez) actively attacking Norton, and McAfee being trouble (I've lost count how many boot up problems I've traced directly to McAfee, and then this JPG nonsense), maybe there is room for a smaller player. Certainly the price of AVG, free for home use, will offer many people better protection than nothing, which is what they would other have (too cheap to buy Norton or something else).
I beg to differ.
That picture of Cowboy Neal and the penguin hat is perfectly safe for your computer system.
Your eyes, however, may not survive a prolonged viewing.
#1 A baseline JPEG decoder is not hard to write. Unless you are a script kiddie. #2 If you actually knew the JPEG standard you'd realize there are very few places for a buffer overflow to occur since practically everything regarding the image is fixed size.
Credit goes to the SecurityNewsPortal.com who flamed McAfee and played down the significance of this 'bogus' threat right from the start.
c ri pt/csNews/csNews.cgi?database=JanO%2edb&command=vi ewone&id=16
http://www.securitynewsportal.com/cgi-bin/cgi-s
The ones who need their asses kicked are the news services that helped give McAfee a ton of free advertising and scared a ton of people with their bogus alert.
"The sleaze has gotten out of hand; it's time to roast a group of 20 or so companies whose profits are directly linked to creating fear in their customers, who have to keep discovering new sources of fear to improve their bottom line - or in the absence of new discoveries, keep inventing new sources of fear." Sounds like: The news media Pharmaceutical industry Military-industrial complex Insurance industry etc., etc. Why should AV companies be excluded from employing this excellent marketing strategy?
Only a Slashdot posting could be so bold. Don't you guys profess to be about openness? Don't you guys whine every time someone tries to shut you up? Don't you guys want every secret about every protocol written by whoever? The truth is that the average user (i.e. MS USER) needs to be a little paranoid about file types and such.
How can you expect them to fund their research efforts without some sort of recurring income? If they are public, they are also doing the 12 month license thing so they can give some sort of future projections so their stock price doesn't ride a roller coaster. I agree that releasing FUD press releases is sleazy, but the recurring license thing lets them employ good people in stable jobs. Unfortunately, life in commercial software is not as simple as it is for open source software. Sure, you can get paid writing OS software, but some people don't like the idea of living with 5 other roomates and eating cold pizza for breakfast every day. If they are actively updating their virus definitions, then the cost should be worth it.
Now if MSFT made a virus cleaner, you would probably have to wait 3 months for a patch. From what I've seen, the AV companies tend to come out with fixes fairly quickly. Having people available to do that type of work on short notice takes some money.
... and at one time there was.
... corporate rights to lie are not (unless more than an average number of justices have been smoking crack of late).
... i.e. the only way there will ever be a remote chance for the free market to work as intended (and as it is advocated to supposedly work).
It was called "truth in advertising," which has gone completely by the wayside. Corporate speech is not the same as individual speech, and is NOT entitled to the same constitutional protections.
Individuals' rights to lie may be constitutionally protected
I am not normally one to advocate new legislation, but in this particular case it is sorely needed.
We need firm, explicit, unequivocable laws requiring truth in advertising and marketing (and yes, that includes press releases), with real punishments, involving real sums of money (and/or real jail time) for those who violate the law. It is the only way corporate entities like McCaffee will ever be forced to modify that sort of behavior, and the only way consumers will ever have even a remote chance of making an informed purchase
The Future of Human Evolution: Autonomy
I got a response later that day: No, even a file that ends in .jpg could contain a virus. Don't open any attachments.
I was amazed that somebody would actually make such a statement, and was going to make a reply but I realized I probably wouldn't be able to convince him if he was just making blanket statements without any reasoning to back it up. Now, after doing a search for the original article, I see that my letter was posted to the site. Maybe it did some good. Or maybe they just pointed and laughed at me. Whatever, I refuse to care if the staff of Wired doesn't like me.
Give people simple advice if that's all they want, but don't make sweeping generalizations (such as ""). The people who took the article seriously are going to be laughed at if they make those statements in the company of knowledgable IT people.
I really hate signatures, but go to my website.
Back a decade or so, there was a similar "scare" involving the possibility of putting executable code in the generally-unused comment field of GIF files.
While it was demonstrated to be doable, it never occurred in the wild.
The hitch being that GIFs aren't self-executing files. To be executed, the virus code would need to be extracted and run by whatever program is viewing the GIF. Relying on the chance of some 3rd party app doing just what you need it to do is a lousy way to propagate viruses. So while it was an interesting concept, it never went anywhere because it simply wasn't practical.
~REZ~ #43301. Who'd fake being me anyway?
While you are right that Anti-virus software is a steady stream of income, I would like to comment on your alternative.
While it is true that certain actions may indicate a virus attack, it is very hard to rule out programs that are supposed to act like that (e.g. compilers).
Also your idea of a "Safe Zone", while good, is flawed. If it was implemented, what would prevent the virus from waiting to do anything? This approach would only work against viruses that go right for the kill, not to mention that for the "Safe Zone" to be safe it would effectively be impossible to use the program for real, while it was running in the "Safe Zone", so the user would have to "test drive" programs. How often would you do that? Would everyone?
Someone posted a link on IRC to a JPEG image min_tjej.jpg, That's my_girlfriend.jpg for those who's not familiar with swedish.
w w.gay . om:80'",pik);
It contained the following code, wich was instantly executed by IE 6.
var pik;
var temp;
function test(temp) {
pik = temp * 100
setTimeout("window.location.href='telnet://w
}
for (i=0;i
1000 , how thoughful to not make an endless loop.
A link to the code, edited to only run once.
http://peterj.freeshell.org/code.jpg
I dont know the reason for a webbrowser to execute code in a file that ends with JPG, Maby it's a way of IE to work even if a user has put the wrong file ending.
Still I think IE is the best web-browser and i would use it on all platforms if it was available.
W3C's web-browser Amaya
will not execute code in JPEGS , but then http://www.w3.org/ is one of the few pages that will display correct in that browser.
Those who are saying "Viruses only affect Windows" have fallen slap into the AV-Vendors PR campaign. No doubt the imminent anti-infection kits for Linux will be distributed seperately as Anti-virus and Anti-trojan. Keep feeding the confusion, Symantec needs you.
:)
Its true, Windows boxes are the primary targets of Windows viruses. There are no two ways about it.
A virus is really just another name for a 'crack' or 'hack'. It is a means of obtaining unauthorised access to execute code on a remote machine, although "Virus" usually infers the infections ability or tendency to pass on the infection.
There have been countless Apache, Sendmail, CNews, NTPd, Inetd, NFS and etc exploits that have allowed people to hack into machines. Unlike a virus, they don't often try to spread themselves automatically to other hosts. Perhaps we should call them Bacterium? A great many rootkits do install some bootstrap tools for you to spread your rooting to the next hop... Not unlike the common cold which waits for you to sneeze/cough/belch in the face of your enemy, erm, I mean victim.
Certainly Windows wasn't the innovator in the invention of Worms. Its convenient to call them Virii when they affect windows so as to divorce them from Christmas Tree and its friends.
Where Unixes have the advantage is in their variety. There are far more variants of Unix platforms and their software than there are Windows platforms. That makes it harder to re-use an infection/crack/exploit - meaning that replication isn't as easy. And instead of being automated tends to occur through the gift of 'scripting'.
And before anyone declares that yet another victory for Unix, security by obscurity and excellent through incompatability are arguments that sound wonderful until you see that everyone is looking at you very oddly and you realise what you've just said
-- A change is as good as a reboot.
I would be much more surprised to hear about a buffer overflow in libjpeg than I would in a hand coded jpeg routing from w00tb0y embedded in some random RPM somewhere.
WinXP is not comperable becuase its closed source.
I have discovered a truly marvelous sig, unfortunately the sig limit is too small to contain i
There is a part to be played by AV-company-sponsored warnings, I'll give you that much. But it doesn't have to be in the form of deception. This kind of thing does the public little good and it alienates people who know the truth. The place that those warnings has is public education.
Anyway, my general response to your post is this. If people would stop thinking that you have to be dishonest to get anything accomplished it would probably stop being true.
Science may someday discover what faith has always known.
I know this has been addressed before but, I have to say, that I don't think much credibility can be given to the author of this article if he doesn't even know that Symantec develops Norton products. FYI, Symantec and Norton are NOT the same....Symantec is the COMPANY that produces Norton PRODUCTS.....
Thats why you won't see viruses in Java. As an extension I reluctantly must say that .NET will also hinder viruses if it implements permissions properly.
As the world's leading expert in the field of anti-censorware research, I have to deal with people (such as Michael Sims) who do not agree with my award-winning work.
The above post was not made by me, Seth Finklestein. It was made by my fiendish arch-enemy, Michael Sims. Please disregard it at once.
I am planning a class-action lawsuit against Michael Sims a/k/a "Anonymous Coward." If you have been damaged by the callous and cowardly acts of Mr. Sims, please tell me.
I'm not Seth Finkelstein. I still speak the truth.
Did anyone think that perhaps the viruses they think can be transmitted by jpg's are the en from Snow Crash?
:)
Makes ya think.
Travis
If you absolutely must continue using Outlook Express (for whatever reason), take a look at my Spam Tamer Proxy. It disables images, viruses, web bugs, pop-up windows, etc. in email. It works with any POP3 email client and it runs on both Windows and Linux.
I love how you totally gloss over the fact that there are Linux viruses (li0n and bliss...) It ain't just for Windows anymore. But do I think they (the anti-virus vendors) make some of this shit up? Hell yeah! Those punks are probably writing half the viruses. I love how "someone submitted it to us, but it's not in the wild." Who's that someone? (The guy in the next cube to you.) I "trust" them. And by "trust" I mean that I don't (in case someone who reads this is potentially dim.)
You, sir, are a moron. If you're running windows without AV....how are you going to know you even HAVE a virus, how are you going to know how long you had it.....if you "ghost" your drive when you are infected, boy, that does a good job getting rid of it. You remind me of a nimrod I knew back home. He used ghost, and imaged his drive about every 4 weeks. about 3 weeks after his last image the system crashed, so he reimaged....3 weeks later, crashed again. That happened about 5 times before he finally got smart and reloaded.
/. would remind me of customers at work.
The simple fact is, running windows REQUIRES AV software. Many viruses attack windows without you even knowing it and you can't rely on anyone else to "take care" of cleaning it up before it gets to you.
You sound just like my moron customers "but I thought you would clean the viruses out of the e-mail before it got to me so I never bought any". GOD who would have thought reading
Be sure to look out for the new halitosis worm!
In case you don't get the allusion, listerine invented a disease called halitosis and claimed that Listerine cured it--very much like what today's anti-virus industry is doing.
Now, they use it as a scientific-sounding term for bad breath
any sort.
However, if you know of bugs in the jpeg decoder (and on Windows it should be built-in to the system, so you only have to find a bug in a single decoder), then you could craft a jpeg such that the decoder chokes on it, overruns some buffer, and get it execute code that way (same method as with any other buffer overflow really). I'm sure Michael meant well, but they say that jpegs are by definition safe is just too naive.
They almost only affect Microsoft products, primarily Windows. If you aren't running Windows, you are almost entirely safe.
I used to contract for McAfee and I know a little about their organization (well, how it was about 3 or 4 years ago).
They DON'T manufacture viruses, as far as I could tell. I did, however, see them taunt potential virus creators by email and newsgroup (as did Dr Soloman and some of the other AV folks). Things like, "we've just implemented our fractal discombobulator, you lame virus writers are screwed now, you'll never get past us! Neener, neener, neener!"
Praying all the time, I suspect, that the virus writers WOULD get through and force a new round of upgrades.
I asked several times, "look, these viruses are mostly about Microsoft's insecure scripting languages, wouldn't it be easier to just get MS to fix their holes?" Most of the time, they just looked at me like I was an idiot and changed the subject, but one lower-level drone (on my level, that is) said, "what? and kill the golden goose?"
I thought they were a pretty sleazy outfit. They never paid on time, either, they always pulled the old, "we've lost the invoice" trick - which got old after three months in a row.
... I thought he was talking about the CIA and FBI.
Johnny
"Researching" is a joke. It's merely a tech support thing of "Hey, you found a new virus. Neat...give it to us and will put it in the definition file." Nevermind CLEANING the virus; the only solution for every virus problem nowadays is deleting the file. Virus cleaning used to be sort of an artform, but now they are too lazy for their own high-paying jobs.
Zodiac Survey
Alright, everyone might be just slinging it at the commercial AV developers... - but WHO NEEDS THEM?
There used to be a cooperative movement for AV software called Safe Hex International and they were responsible for collecting examples of viri from volunteers and methods for identifiying them were also developed by volunteers. AFAIK, Amiga AV S/W was relying on the efforts of that particular group of people. However, it seems to have dissolved since 1998.
However right now there is another thing called
Virus Help Denmark (http://home4.inet.tele.dk/vht-dk/) - I am not sure if there is another cooperative effort such as this. - oh, well...
I miss my rubber keyboard.(Homepage)
You say you haven't been infected, but just how do you know? I have people come in that actually HAVE AV on their system and have as many as 15 different viruses on their computers. And THAT'S not even the reason they bring them in. I had one guy that brought in his computer for an upgrade, when I was copying his data from his hdd for a "backup" copy I found 7 viruses including CIH. This was at the beginning of April as well, so he was only saved by the fact that he wanted an upgrade then. He had AV, but "it's what came with the computer" when he bought it 2 years before.
This is very, very good information. There are still viruses like what Turgid describes floating around.
At my previous job, I was required to use Windows 2000. Because of this simple fact, I was vulnerable. It didn't matter if I never opened my email in Outlook Express (I ssh'ed to my mail server and used mutt). My worst enemy was the idiot in the cubicle next to me. His inbox was always being thrashed with forwards, and the dork opened every one of them. So about weekly, he would get infected by some worm that started making its rounds in the company.
If I had my way, he would be fired as a security threat (or get rid of windows on my work system). However, even if he were to leave, another loser would replace his sorry ass.
My point: I'm vulnerable more from my co-workers than from my OS or my email habbits. I need the anti-virus software to protect me fro them. I can get infected (thanks MS) just by being on the same network as these ID10T's.
Besides, I have MIPs to spare. I can waist them on NAV.
You don't know much about computing. Let an expert explain it to you
Take a look at the GIF or JPEG file format standards. You'll notice that these data formats contain fixed length data blocks, or variable length data blocks where the length of the block is specified in the header.
It would be possible to specify a bad format that would cause a faulty JPEG or GIF decoder to overrun one of its internal buffers, perhaps corrupting the call stack, and causing it to start executing malicious "data" as code.
This danger is no different from finding buffer overrun problems in Microsoft IIS.
Since most folks aren't afraid to open GIF or JPEG files, if a virus writer manages to find a way to overrun a buffer in Microsoft's GIF or JPEG decoder he may have himself a vector.
I do know it's possible to crash Microsoft's "fax and image" viewer--the default viewer for JPEG on XP--with a badly formed JPEG file. And the thought has occurred to me that I can spread a virus this way if I can control the ovverrun.
It's certainly not as easy as using and IIS data ovverrun--many people have installed different default GIF/JPEG viewers, and the code changes from one version of the OS to another, but it's not impossible.
Think of it this way: An HTTP request contains NO EXECUTABLE CODE, yet a simple HTTP request was spreading CodeRed because it exploited a buffer overrun. The same technique can easily spread a virus in a GIF and JPEG.
Let me go out on a limb: I think you'll see the next GIF/JPEG virus within the next 60 days. There are too many people right now thinking about it.
--
Ask the Ya-Hoot Oracle Anything!
Isn't it curious that the whole Anti-virus industry was born by the lack of quality and/or security of other companies' programs (Microsoft and others). What would the world be like if Bill had insisted that all Microsoft code was done the right way the first time?
Actually, the old "Vaccine" for the Mac used to work this way. I think it was written by John Nordstrom or some name like that. It was free and worked pretty go.
As for capitalism, you've just identified an opportunity. If it's easy to write such a thing, you could certainly sell zillions of copies far cheaper than McAfee and kill their business. People would still need upgrades for new OS versions and such, it would make money.
The problem is that stuff like you describe is harder in practice than in theory. Vaccine was good, but it didn't catch everything and viruses weren't nearly as sophisticated then (and the OS was really simple).
Bill, the marketing group got together this morning and decided that JPEG is to technical a term for the sheep... I mean "consumers" (haha right?) so we're going with "MyPicture" instead. We feel it will put this action item to bed going forward with our value-added best practice methodologies.
The Maketing Team.
Not having the money to buy Norton, are there any good free/shareware virus protection packages for Windows that you would recommend?
Thanks
The REAL problem here isn't always the AV producers creating FUD. The problem is companies like Microsoft and AOL helping in the "stupid user" effect. Both of those companies push to make products easier instead of trying to help people actually LEARN about computers. If you learn about how a computer works and various things out there, then you're in better shape and can better tell what's FUD and what's not.
If users actually had to learn about their computers they wouldn't be so stupid about how things work. I'm a repair tech/ISP admin/ everything else...I see it all the time. "I didn't know", or "I only click the buttons (meaning Icons)", or god forbid "What's an e-mail client". These people rely on someone else to take care of things for them because of the "so easy to use" bull......I'm going to stop before I get on a rant.
This sounds like the exact same tactics the Democratic Party uses to scare people into voting for their candidates.
Give serendipity a chance.
Disinfection is accomplished by sending ninja technical support people to the homes of all the recipients and deleting the offending messages before the recipient gets infected.
I'd be curious to see the programatic solution, though.
P.S. So what if it's off topic!
--- Jason Olshefsky
Karma: Poser (mostly affected by adding this line long after everyone else did)
Anyone bring this up yet?
Obviously this is Terrorism on the part of AV companies, if what the author of the article states is true.
Macaffe is creating terror by telling us that our machines are in danger when they actually arent.
Wheres the military tribunal for Macaffe and their PR dept?
You Matt, are a Moron.
Please consider consulting here before your next post.
And I so loved the Matt Dance , you broke my heart.
If we don't fight for ourselves no one will.
Most AV software already has a scan optional called a "heuristic scan" - a scan that checks executable code on your computer for programs that look like they might be viruses, since virii usually do well defined actions related to infecting and causing damage. I know Norton Anti-Virus does, they call it "Bloodhound". I'd be very surprised if McAfee doesn't since Dr. Soloman's did, and they own that now.
As for running programs in a "safe area," that sounds like something that the operating system should be doing, not some anti-virus pack. A capabilities system in essence does that - it sets what actions a user/program can take. So that a user can be created with very basic permissions such as "access the screen" (ie, connect to the X server/call API functions in the GDI), but not more complicated things like "access the file system."
Of course, as far as I know, capabilities are not wide spread yet although I believe there is work to try and implement them in the upcoming Linux 2.6/3.0 using the new plugable security model.
So basically, the features you ask for either already exist and are turned on by default, or aren't part of what an AV program should be doing and are part of the operating system's tasks.
You are in a maze of twisty little relative jumps, all alike.
Nigerian email scams,
the dying boy who wants to make a chain letter,
Bill Gates' request for your help with his new email software,
the little girl who has been missing for "weeks now",
the party where you wake up in the bathtub with no kidneys,
That game kids are playing with the flaming thing in car windows,
and all the fake virus warnings as well. (would they have to include this most recent warning?)
I bet this could be a pretty hot product, too - the app would scan for hoaxes, and offer to send a polite message informing the sender that it is a hoax (and plugging the filtering software as well). I wouldn't buy it because I use Google to search for key phrases I find in suspect messages (and then I email a link of google results back to the sender), but a lot of people I know could use it. Sourceforge anyone? (I'm not much of a programmer but if anybody else wants to work on it I'll help where I can)
I really hate signatures, but go to my website.
From Trend Micro:
HouseCall is a free, online scanner that detects viruses and cleans your PC. There's nothing to install and nothing to update.
http://housecall.antivirus.com/
there were viruses going around that were like "kitty.jpg.vbs"
people would click on it and that would then get executed. of course the icon wouldn't look right, but if you don't have it set to show the file types/extensions (which it defaults to not showing) then you would just see "kitty.jpg"
it sounds retarded for anyone that is halfway decent with computers... but... well, there are a lot that aren't apparently. even in my office.
There are some odd things afoot now, in the Villa Straylight.
Dude... Same company. A little research, please?
The source code for DeCSS can be found imbedded in several different GIF files, done in order to circumvent the whole ridiculous "linking" issue. To activate this "virus", you would have to strip out the code using some script, compile the code and link it with one of the many fine programs available for viewing DVD's under Linux. This nasty image-file-embedded virus would then allow you to "perform an illegal operation"... Darn.
a computer then don't use it!
Or don't hook it up to a network and never insert new disks into it. Setup and never touch.
You need to read the comp.basilisk FAQ.
"McAfee and Symantec (and all the other AV vendors out there) are waging a PR war to "discover" ever more news-worthy viruses to defend against."
... av vendors" is at about the same sensational level.
So there is not one AV vendor with any scruples. ALL vendors are evil.
While I'm not trying to discredit the fact that the two "bogus" announcements out there are likely the product of an over-imaginative marketing department, making blanket statements like "all the
"oohhh... I didn't know Schopenhauer was a philosopher!"
Apparantly their "advanced streaming format" can carry the codec, which gets auto-installed into media player with little or no user intervention. Not sure if there's a major security hole lurking there, but it seems rather dangerous.
PJRC: Electronic Projects, 8051 Microcontroller Tools
Gee, Why don't you try this:
:)
<a href="http://fucksociety.ca/chasey.jpg">http:// fucksociety.ca/chasey.jpg</a>
Works best in MSIE
Note: This is not a virus, but still, don't click the link if you've got some critical stuff running on your system, and be prepared to kill a ton of tasks.
Karma: Ran over your dogma.
That's a lot of i's for the end of a word that looks a lot like cactus or octopus or rebus or syllabus in it's singular form. Oddly enough, like those others, the plural of virus doesn't have all those i's at the end. It's just plain "viruses", man.
I could see where it might be "viri", maybe; catci and octopi both set that precedent. But not "virii". That's just nasty. Can you imagine someone using "rebii" or "cactii"? Or maybe even "trojii" and "worii", while we're adding i's to everything that can infect your PC.
Anyway, I don't mean to harp on you, necessarily. It's just that "virii" is the literary equivalent of fingernails on a blackboard. I'm not the only one with this hangup either, although I have mixed feelings about being in the same boat as Tom Christiansen on any issue...
-B
Ash and Hickory, straight-grained and true, make excellent bludgeons, dandy for the cudgeling of vegetarians.
Reading email recently I had a good laugh. There was a .sig at the bottom that said
"Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system http://www.grisoft.com)."
But there wasn't a message digest, a pgp signature, or anything. What's to stop me from taking that signature and appending it to my email, especially just before I send out an infected file? Or if I were a virus writer, having my virus include this in some of its email payloads?
AVG's message is training people to trust a message (and all attachments) based on a simple text sig. What could be more easily faked?
Seems like a backwards step in security, to me.
Ahhh... the Matt Dance. It gets me through my day...
Correct me if I'm wrong, but didn't Symantec buy Peter Norton's company several years ago?
"Politicians are interested in people. Not that this is always a virtue. Fleas are interested in dogs." P.J. O'Rourke
Paying money is no guarantee that software will work as expected.
John Katz, Michael, and anyone else who tries to tell you that people in the world are up to selfishly bad things are just after more hits. We live in America, and Americans just don't do bad things. Don't you uneducated nerds read your history books? When you slashdot people who constantly suspect corps and government of doing no good, remember, there is no long and well documented history of them doing wrong. They've only ever had the best interests of you and indeed, all of humanity at the heart of every decision they make daily. Trust them, they know better than you.
Enjoy Diet Coke!
Sorry, but I'm tired of hearing this piece of crap "solution".
Anyone who works in an ourward-facing business capacity (read: not most IT people, but most everyone else at the company) generally receives email from people they don't know, and they don't have the luxury of simply trashing it. If you work in customer service, marketing, accounting, sales, you have to check out these emails and see if they are for real. Fine, not the ones that are obviously spam, but the spammers are getting smarter and disguising their spam as legitimate email. Just because the address is unfamiliar doesn't mean that it can be trashed.
Any IT person who thinks they can issue the "Don't open emails from people you don't know" edict and then just crawl back into their cubicle with a smug little CYA attitude is living in a fantasy world. Stop making such an unrealistic demand of your "lusers" (who, BTW generate the business needed to pay your paycheck, process the invoices needed to get you your latest gadgets and do all those things you hate so that you can stay happily employed.)
Instead; treat with them with either a) respect or b) a grade school mentality. In either case, please assume that they are really not sitting at their cubicles trying to think up the best way to make your life hell. Assume that they just want to do their job, and the computer is one of the tools they need to do it. Just as most of them don't know how to program their speed dial or change the copier's toner, they don't know or care about the inner workings of the computer. That's YOUR job. Make it fool proof if needed. Explain as necessary. Give them a reason to trust that you are not simply trying to make THEIR job more difficult. That distrust works both ways; if a "luser" thinks you are just making unrealistic demands that make them unble to do their job, they're going to ignore you and do what they need to do to get their job done, and you're left with cleanup duty when something goes wrong.
And above all, work with them. Understand what their needs are (do they receive unsolicited business mail? does it have attachments that they have to read? so what are they supposed to do?) and then help them understand the consequences that viruses can have and minimize their risk of catching and spreading one. Yeah, sure, that means actually pulling yourself away from Slashdot and Doom tournaments for a while, but that's the way it goes when the company pays you money to do your job.
A new virus has been released which is spreading through a network of cats. When your cat goes out hunting it is likely to be infected. The virus rewrites part of the cats brain to add a 'trgger' which will force the cat, when it spots a computer, to attempt to delete information from the computer. Within seconds most of the text on the screen will be deleted, and if the cat is not removed it may eventually erase all data from your hard drive, network drive, and any other drive currently accessible. It is also possible for the keyboard to become damaged beyond repair.
I saw in the Linux Virus Encyclopedia, there are a total of 19 viruses/trojans/worms for Linux, so how can you say that Linux makes you safe????? How can you sleep at night?????
Okay, I'm as annoyed with anti-virus bull as anyone. I'm also not a computer newbie by any stretch of the imagination (been programming since I got my HP 33e calculator ;-) ). I know that there are no programs that will EXECUTE jpeg files.
BUT - imagine that you've downloaded a program from the internet and it works well. But what it also does that you don't know about is scan your browser cache for certain jpeg files, and if it finds them, it extracts data held in those files that is inserted in a way that it doesn't destroy the integrity of the picture, just degrades the quality a little. Then it proceeds to execute the code that was hidden in the file.
Or imagine a program that finds your checkbook program, grabs your credit card and bank account information, and encodes it into a picture that it then shares out via your Personal Web Server!
Though this isn't a direct way to wreak havoc, it still have potential!
Just my $0.02
There was another one called Gatekeeper that was a bit more advanced. It had a set of actions, and you'd tell it what could or could not be done, and from which programs. An impressive piece of software.
"Sometimes a woman is a kind of religion, she can save your soul & set you free from all your sins" - Bad Examples
If you don't want to look at your wife I'll look at it for you and let you know what I see.
(yes I know the filename isn't referring to *your* wife)
this nation, under God, shall have a new birth of freedom. -- Lincoln, Gettysburg Address
Viruses in JPEGs? How about lethal Godelian images? See COMP.BASILISK FAQ http://www.nature.com/cgi-taf/DynaPage.taf?file=/n ature/journal/v402/n6761/full/402465a0_fs.html
I'm not an expert on exactly how and when a file's MIME information gets parsed, but I know enough that I don't totally discounted the possibility of a trojan or virus masquerading as a JPG.
.exe, I'll know something is amiss. And I DO think the major AV vendors are some of the worst FUD mongers out there. But I also think it pays to be cautious, and not shrug off the possibility of a threat entirely just because it is couched in a lot of overblown hype.
For instance, if I take an animated GIF, rename it to image.jpg, and link it on my website, the server (or browser) is still smart enough to know it's really a GIF and display it as intended.
I've seen people use similar tactics on free web hosts which don't allow external image linking. They link the file as "image.txt" (the web hosts do allow external linking of text files), but it shows up as an image just fine.
If tactics like this could be used maliciously, I don't think it'd be a trivial task -- after all, if I click on link.jpg and the browser tells me it wants to fire off an
Now you can catch *real* viruses from looking at internet pr0n!
No shit!
This happened 4 years ago to me. However, it all happened on a W95 box. McAfee fscked up my box so badly W95 wouldn't boot, unless in safe mode. Uninstalled McAfee while in safe mode, then went out, bought NAV, and never looked back.
The punchline to this story is that I kept my copy of McAfee Anti Virus until the next Spring Internet World. I brought the boxed software to the Network Associates booth, where I ceremoniously and with much indignation presented it to one of the NA people. I got emails for months after that from the McAfee division of NA making me offers to switch me back to their product from Norton. Bwahahaha!
I'm seriously looking at Kaspersky because Norton 2002 only gives you three months of free updates instead of a whole year like earlier versions. Lousy bastards.
Oh yeah: best anti-virus move of all? Get your email only on your Linux or MacOS box. Don't even touch email on a Windozer. Works for me.
Knowledge is power. Knowledge shared is power multiplied.
"They only affect Microsoft Windows. If you aren't running Windows, you are safe. "
This speaks for itself....
The only difference is that Michael seems to have a bit more of an 'edginess' about him (Katz seems more laid-back).
Yeah, like -- no shit, Sherlock.
The best protection is install the antivirus in the server. Most antivirus apps can run in linux.
,sendmail and others.
amavis
will call the antivirus from postfix
viralator
scan the files downloaded with the web proxy squid
Both are worth install.
"That's Tron. He fights for the Users."
Call them up, threat to sue for privacy invasion and hacking of your data. Demand that they forward the "quarantined virus" to you or your attorney (maybe even make up a fake address just to scare them such as case3231 AT lawonline DOT com)
My other OS is the MCP!
wouldn't it be great if Microsoft integrated an AV package into the system to self-police their own OS'...? (with free AV updates)
Add that to the new-improved windows update and any non-tech would be far safer.
Hmm.. it should almost be a requirement made of them considering the proliferation of Windows/Office-based worms.
There was another destructive virus out in europe around the same time as Klez, yet it never got mentioned on McAfee/Symantec sites.
If you truly think that a global switch from Microsoft OS'es to Linux would prevent viruses, you've isolated yourself from the common user.
Linux viruses would be prevelant because of 1) a multitude of linux boxes, 2) uneducated users, 3) weak or broken security systems (if I log in as root, everything still works), and 4) a lack of updates. In my experience, people open up all attachments, will always try to run with the highest security priviledge they can get, will try to use servers as workstations, and will never do updates.
Just my $.02
Surely it is sensible to be defending against potential threats before you are actually exposed to them? In other words, if a threat actually exists in the wild, it will be too late for a lot of people to download the right updates. Especially with this "Warhol Worm" idea going around.
If there was a security hole in a server and the vendor said "this hasn't been exploited in the wild", surely that would be a sign of the vendor's incompetence?
My favorite bit:
The virus still needs modifications to become dangerous, because it arrives as a program file that can be attached to an e-mail. Security experts always warn against opening programs sent as e-mail attachments.
So... explain something to me McAfee... how will they make it so that the JPEG itself can become more dangerous? I'm sorry, but there is no possible way a JPEG can be dangerous unless there is some other program executing code from it. If that were the case, then the other program is the virus, not the JPEG... sheesh.
In addition to the standard image data, JPEG files can contain many headers with other information. Some programs read this info and display it etc.
It is possibable that by placing the right data in the right header, one could cause a particular image displaying program to execute arbitrary code.
If you have a good AV, avoiding e-mail viruses is fairly simple and doesn't take much time. Simply don't use OE and always scan EVERY attatchment with your AV before opening them regardless of WHO they're from. ;)
See, didn't even need to go to e-mail classes for that one.
Fuzdout
..My sig ran away. Has anyone seen my sig?
IBM used to sell the excellent IBM Antivirus program. They also had a webpage that explained viruses. But IBM was too honest for their own good. Their website had articles about how you can't catch a virus from a jpeg, tips on how to avoid viruses, and a diatribe from Gibson on how virus writers weren't evil geniuses but malcontent dumbnuts.
All in all, the IBM website was very informative, very honest, and killed their antivirus business. Oh well. I guess MacAfee, Norton and all the rest think dentists are stupid for telling their customers to brush their teeth.
A Government Is a Body of People, Usually Notably Ungoverned
By a strange coincidence, "mostly harmless" is exactly the same descrption of "earth" in the new edition of "The Hitchhiker's Guide to the Galaxy".
"It's too bad that stupidity isn't painful." - Anton LaVey
With some people, You can tell them to their face "Do not open emails from people you do not know", print it out in 124 point font banners hung over their cubicles...
The problem with that advice is, e-mail viruses come from (the computers of) PEOPLE YOU KNOW. The virus found your e-mail in the address book of the last computer it took over. It will apparently come from the owner of that computer. Probably they aren't a complete stranger. So if someone is following your advice, he'll think that Shakira screen saver from his buddy Joe Luser is just fine.
What you have to do is find out whether your buddy Joe KNOWS he sent you a Shakira screen saver, before you touch that attachment. Or have the brains to figure out that Joe is more likely to send you a virus than anything worth downloading... Or have enough system knowledge to tell executables from non-executables, enough sense to thoroughly check the bona fides of any executables, and (if in Windows) enough paranoia to make damned sure the non-executables are really non-executable in spite of M$'s efforts to hide such details, and to open the semi-executables like Word or HTML in a mode that won't allow their scripts to run.
It's not all Windows and Outlook, in fact it is mostly stupid users, but M$ has made the stupid user problem worse by hiding file types by default, creating more than a dozen different executable file types, and allowing scripts to run in all sorts of places where simple text was all that anyone really needed. True, put the same lusers on Linux boxes and they'll have remote login to root enabled with their cat's name "Fluffy" as the password. But their e-mail tool won't be running script viruses before they've even opened the message because Linux e-mail tools don't do HTML, let alone allow scripts embedded in it to run wild.
I remember that program! In fact, the ONLY two viruses I EVER saw were on the Amiga. The SCA and the Bytekiller..
There is no Buddha nature.
Reading about this makes me think of the Kids in the Hall movie, "Brain Candy". Specifically, in the movie at the Roritor Pharmacutical company, they are sitting at a big table discussing that they need a new drug to sell to the people. The discussion of a Father's Day drug, a Christmas drug, a Boxing day drug (etc.. you get the idea).. I almost hear the McAfee and Symantec people talking about how they need a 4th of July virus...
Never hit your grandmother with a shovel, for it leaves a bad impression on her mind...
Warning: Usenet reference: .jpg into a virus without compressing it in an .exe [sic]
:P
This is all "Later Ron"'s doing.
He's finally discovered how to turn a
Jeez! Aren't jpg's already compressed ? How much compression do we need!
I'm gonna start decompressing single bytes and see what I get out
I read the original press release, and then checked out the virus def on the network associates site. Seems that the original author didn't even bother to do a little research.
.EXE trojan on your computer that chancge the windows shell/open hook for .jpg files to execute the .EXE file.
What this in fact does, is drop a
see: http://vil.nai.com/vil/content/v_99522.htm
Here's what I see, based on reading our support email.
First, there are plenty of real viruses out there. The big companies are stupid to try to spread FUD...the real viruses are scary enough already.
Second, there are a lot of people out there who really do just use their computer as an appliance, for email and web and games and music. They aren't technical at all, at least when it comes to computers. They can get through an install wizard, but after that, they pretty much run with default settings.
Third, the ability to write simple English sentences with anything approximating correct spelling and grammar is a dying art.
Fourth, the one word that comes to mind to describe many of the people who ask for help is "innocent" (in the sense of childlike or pure, not in the sense of there wasn't enough evidence to convict them :-)). It pisses me off to see so many innocent people getting hurt by Microsoft's stupidity. If life was an MMORPG, Microsoft would be deep in a dungeon somewhere.
Spreading FUD without regard to reality is easy with M$ products.
...
I wonder what kind of a sweetheart Linus had to work out with the Anti Virus guys to make M$'s shit sound so fuckin' insecure.
I think that Tom Ridge's new department will definitely be using Linux now. (Remember, statistically speaking, he's no brighter than the average PC owner.)
Would YOU trust the fate of the country and its citizens to a sieve? (Might as well build a center for disease control next to a rat infested landfill. You'll certainly have a lot of diseases. Not sure about control though.)
I can sleep easier at night thinking that
MSBPodcast.com The opinions expressed here are my own. If you don't like 'em... Think up your own stuff.
speaking of 'law'...
doesn't this marketing ploy used to scare people into buying McAfee products sound an awful lot like domestic policy here in the U.S.A?
Get your Unix fortune now!
Perhaps somebody has discovered some kind of buffer overruns in some popular library functions used to process the JPEG data.
And that's really it. If you don't run Windows, you're safe. If you have basic email skills, you're safe. If you don't run Outlook, you're safe. That's the story of modern viruses, and fortunately or un-, it's a pretty boring one.
I do not run outlook, I run mozilla's client. I do not open garbage attachments. I do run windows though.
The guy next to me at work runs outlook and likes opening attachments "MY WIFE NUDE.JPG.exe" everyday.
Both of us have a share on one of the fileservers mounted; this share has a bunch of executable files (like winzip, acrobat reader install, etc. for times when you do a bi-monthly windows reinstall).
Now, if a virus can propagate both through email and conventional means (infecting executables), which probably exists now, or at least is very trivial to make, then I am toast despite of all my good email practices and not using outlook.
Doh:(
Jobs? Which jobs?
This article really shows the importance the Open Source Community should have in the AV field. Information, Systems and Networks Security should be a field spearheaded by entities which are essentially free from any direct interest in any profit making.
It should be a consortium of geeks from varied industries who get together and build firewall and anti-virus software for every known platform out there. A significant focus of such entity should be on novice users.
In the end, we all get affected by viruses and worms (peek at my journal for tips on coping with nimda), it's guna be up to us to effectively edjookate and protect ppl.
or something.
Extraordinary Vacations. Exceptional Prices
I submitted something along these lines over a year ago:
2001-04-25 22:54:29 Anti-virus software anti-motivated? (askslashdot,money) (rejected)
I guess if a slashdot author writes it then its ok.
AVG is ICSA Certified. Period.
I used to work for the International Computer Security Association, now TruSecure. Go to the Labs, Anti-Virus links to find certified products. They do AV Software testing. I've seen how the testing labs are run and read the certification requirements (very stringent). If a product earns an ICSA certification, it's as good as the rest of the certified products. Everything else between certified brands of AV products is just user oriented bells and whistles.
I buy the cheapest ICSA certified AV product I can find because I know it's as protective as the more expensive ones.
I JUST GOT AN EMAIL! It said to do a search on my root directory for a file called COMMAND.COM If I find it, I was to open a DOS window and type "FORMAT C:" to rid myself of the virus! *WHEW* I'm glad I found that bit of information! (Moral: Use a bit 'o common sense!) --Da Noof--
There may be a buffer overflow issue with BMP files. Try making one 64K pixels in width, one pixel in height is sufficient.
Then view the image.
Then go to the recent documents menu. Crash!
And crash every time you reboot too, until you remove the file via dos, cause windows keeps trying to look at it.
I emailed Microsoft about this problem a year ago and they still have not released a fix for it to my knowledge.
I've recommended AVG to many people. I haven't had any problems with it, like I've had with Norton and McAfee. It doesn't take a huge hit on performance. And it is really easy to update: no manual app restart or reboot needed.
- Eric, InvisibleRobot.com
Last time I called McAffee for tech support, the phone was answered by a honey-voiced young woman who introduced herself as Melissa.
No wonder people think viruses are everywhere.
AVG doesn't add those messages to Netscape or Mozilla. And you can turn them off for Outlook.
But I do agree that they shouldn't be on by default.
- Eric, InvisibleRobot.com
What's the fundamental difference between sending data to a network interface to get that program to execute the virus, and sending data through a network interface to some other internal program to get it to execute the virus?
Welcome to the net of 1000 lies. Upgrades are scheduled soon that should bring us to the 10,000 lies mark.
Now what makes you think all those programmers working for IBM, Yahoo, etc and working on OS projects are so poorly paid that they can't afford their own apartments? You're kinda weird. Especially for knocking cold pizza for breakfast.
That being said, AV software is *exactly* the sort of thing that OS is not good for, because AV software is not really a product, it's a service. Services need to get paid for.
Expanding a vast wasteland since 1996.
Write a hand-crafted JPG that exploits common image viewers. Photoshop, built-in image viewers in MSIE, ACDSee.. if you have the executable that hundreds of thousands of other people have on their own machines, then learn how to break a JPG file in such as way as to cause an exploitable condition.. well.. duh!
What they're doing is just lying^H^H^H^H^Hmarketing.
- "History shows again and again how nature points out the folly of men" -- Blue Oyster Cult, 'Godzilla'
I think I read somewhere that most of the new virus defs are submitted by the "whitehat" virus writers (you know, the ones that write them for educational purposes and the virus is usually one step away from being actually functional). In addition, I'd be shocked & amazed if the AV ppl didn't have some programmers writing new virii. As a preemptive measure (but good for FUD, too).
jred
I'm not a mechanic but I play one in my garage...
I've been running my internet enabled computer 3 years now without a virus scanner of any kind installed and I've only had one instance of a virus and I was about to reinstall anyway (it was a windows install, you understand...).
I remember getting viruses every week when I was BBSing way back when. Now-a-days, virii just don't seem to pose much of a threat. I'm not totally sure why. Since I don't run outlook, I haven't gotten even one email virus.
It seems the McAffee world view, born in the wild west of BBSing, just doesn't jive with the reality of virus threats today. My advice to them is to return to their roots as a small shareware file scanner. That might actually be useful given the glut of bloat-ware virus scanners out there.
ac23
Sorry. The link for "halitosis" in my previous post is wrong. The correct link for"halitosis" is right here.
(For ease of reference, here's the link for "Listerine".)msq
blog
Even though the plural of virus is viruses, I could understand you saying viri instead (since the plural of cactus is either cactuses or cacti and the plural of octopus is either octopuses or octopi). But virii? Thats just waaaay to many 'i's.
Think about it. McAfee and Symmantec LIVE on FUD. While I believe they do offer a useful product, they profit greatly on inflating the danger level and inflaming the imagination. Marketing 101, not Email 101, teaches that principle. Create a Need, Sell a Product.
Even more importantly, I believe their FUDmongering (maybe I should patent that word...) only creates a "market" for all the virus-writers. If viruses didn't get the hype and attention, there would be far fewer scriptkiddies out there hacking away.
--Brandon / Split Infinity Music
Your sensitivity to an obviously true statement shows how small *YOU* really are!
Yes. Almost. A "lot" can be a piece of land, but it can also be a measure of quantity, as in we bought 2 lots of whatevers. A more parallel construct would be a thimbleful.
It really is time that we all take up arms against a sea of mixed metaphors.
If you are using Windows or Outlook
... then stop using Outlook. No, I'm not kidding. Outlook uses the same HTML rendering code that Internet Explorer does, doesn't it? That makes it vulnerable to many of the frequently discovered, slowly patched security holes that IE has run across over the last few years.
People need to be taught not to run untrusted executable files, true... but what good does that do when they can be vulnerable to a system compromise by just looking at the preview pane of an infected email?
A program with an unchecked buffer can be exploited by maliciously crafted data. Yes, this is true. But this is a problem with the program, not the data format. The program is not supposed to interpret the data as code, but because of a bug in the program, it did. So while this exploit of a program bug may result in becoming infected with a virus, I would not call it a virus itself, from the standpoint that this is something you fix not with anti-virus software, but by patching the buggy program. But regardless, this is a tangential issue to the article.
This release is claiming that jpegs themselves are dangerous. Without mentioning a single program containing a vulnerability that might be exploitable by an "infected" image file. Saying a jpeg can infect you with a virus is as idiotic as saying that reading email can infect you with a virus -- until such time as some idiot decides jpegs/emails should be able to contain code.
When it is discovered that IE has a buffer overflow exploitable by a malformed URL, does the press release say "Internet URLs contain viruses; AV vendors promise updates soon" No, it says "IE Vulnerability discovered, MS promises update soon".
This is nothing more than the Good Times hoax, propogated by a supposedly (and formerly, as far as I'm concerned) respectable software vendor.
The enemies of Democracy are
McAfee Manufactures Virus Threat
And that's really it. If you don't run Windows, you're safe
You people really DON'T review these submissions anymore, do you? This article claims that these companies are purposely manufacturing fear. That there is no legitimate threat out there. This guy is an uniformed idiot. How soon the first cross platform virus is forgotten. Or maybe you don't know how many machines I get to fix are infected with Klez.
"Potentially no file type could be safe" -Is there anything NOT true in this statement? Gven the tenacity of some of the crap out there, it's not only true, but the fear IS FULLY JUSTIFIED.
"That evolution should make computer users think twice about sending pictures or any other media over the Internet, Gullotto said." -This is not sensasionalism!!! It's the damn truth! Ask any Admin whether they want you playing around with attatchments on an unsecure system!
"They're usually transmitted by email. If you know enough on your own, or you've had a half-hour class in "Email 101", you should be able to avoid executing random files received by email." -How many people are AOL users? That alone should tell you there are people who simply DON'T know anything about email, hacking or viruses. The Novices and viruses exist and THAT is why companies like McAfee exist. If everybody was a pro like this person thinks everybody should be, they would have gone bankrupt years ago. It's like that guy down the hall who is the resident SQL Server pro and therefore expects everybody to have his level of knowledge.
In the end, this guy is right, it is fear driving the market. But it's legitimate; for that one day one of your users will somehow (and it always happens) circumvent your safties and downloads a virus. It's a need driving the market, not foundless fear, you dumbass.
You need a FREE iPod Nano
1) No virus company in its right mind will ever purposely write a virus. Its stupid from a business stand point. You just need one incident where it gets hold of the media and your company is done.
2) Any file can be infected but infection does not mean it will be spread. Most virus are smart enough not to infect a non-executable file, but there are old virus which will.
3) McAfee has a policy to note any virus outbreak whether its high or low. The division which discloses this information when I was working there was not the same as the marketing division. I won't speak for the marketing division.
4) Virus writers will sometimes target anti-virus companies to get publicity. I have heard of two when I worked at McAfee who would create a virus but never release it in the wild just to see the anti-virus company make a statement or a signature for it.
5) There are unix virus out there, linux virus out there, bios virus out there. There is just a hell of a lot more Windows virus out there. One engineer told me that the main reason there are more Windows virus is because of the amount of Windows OS used. Another told me, its because of the inherent security model in Unixes that prevent infection. In any case, I would say Windows virus are 99% of the virus in the existance.
You've not found a flaw in capitalism, my friend. You've found a business opportunity.
...is that I heard this story being propagated yesterday on Cnet Radio. These guys, these "technology experts", surely ought to know better. Despicable.
I had something similar show up at home a few days ago. IIRC, Klez grabs the subject line for its mail from a random (?) message in your inbox, so it must've gotten lucky to go out identifying itself as something that'd remove itself. (I think my copy called itself a Nimda removal tool.)
(Of course, I run qmail and mutt instead of Exchange and Lookout, so Klez has been little more than an inbox-filling annoyance for me.)
20 January 2017: the End of an Error.
How is this off topic? Maybe your penis is only 1 inch long.
I think the expression "false dichotomy" is more appropriate, instead of the "excluded middle".
In fact, they are now just the opposite. Individuals pay much more than large corporations.
Actually, there was an interesting thread on one of the SecurityFocus mailing lists a few days ago (forget exactly which list). The thread was about 'spoofing' PGP/GPG signatures on messages.
Basically, the core of the argument was that most people don't bother to verify the signature, either because they don't have PGP/GPG, or because 'it looks authentic'. Essentially, it's quite easy to social engineer ANY message so that it looks 'authentic' (whether you're faking PGP signatures, or a virus-scan message, etc).
This is all just a (potential) advanced form of social engineering.
- Jester
On the Mac a decade or so ago there was an anti-virus application, don't remember it's name. It vetted each application that ran against a set of actions that it was allowed to do. Who choose which program had what rights? Why the user did.
If you made a dangerous choice, it would warn you, but it would also allow you to proceed anyway. Worked pretty well, and took up a lot less of the CPU cycles than a scan everything before you open it virus checker does now.
So resedit, e.g., was allowed to change anything, but I had it set to read only, and only the user was allowed to alter that setting.
I think the guy may have a valid point. This process was later replaced by innoculations, which were a bit faster, and still pretty secure. (innoculations: Checksum the application at a time when it is known to be good. Checksum the application again whenever you run the program.)
Now, a lot of this used the Mac's resource fork, so it would need to be adapted for use on a file system that didn't have one. But that doesn't seem to be to be a difficult thing to emulate.
I think we've pushed this "anyone can grow up to be president" thing too far.
I'll say it once, I'll say it again, McAffee are the ones generating the viruses. If they can generate a good one first and release a fix for it just as fast then wouldn't that benefit their revenue stream and PR to the world? I'm not saying they write all of them but I bet a good chunk comes from them.
Virus = autoreplicating piece of binary or interpreted code.
If you find an exploit that lets you execute arbitrary coe, that's, well, an exploit, not a virus.
I have to whole-heartedly agree. These companies do nothing more than to prey upon people's insecurity and stupidity. Notice that nearly all AV manufacturers also have their own personal firewall software. Which, I might add, over 90% of home PC users don't need. (I can understand the use of such software on some computers in a corporate environment.) But, as a Technical Support representative whose supported everyone from Network Admins to Application Developers to End Users, I can (with a fair degree of authority) say that this crap does nothing more than cause it's users problems! (Why on earth would you expect A/V software to cause problems when installing an infrared adapter? Well - it just so happens to do so!)
n/t == numbness and tingling?
It's been said before, but if you look at Exchange and Outlook as just being an email server and client, you're missing the point. Of course, most people who run Exchange and Outlook never use the other stuff, but that's not the fault of the programs.
.H variant of Klez doesn't use other subjects...it has a list of subject structures, some of which are indeed designed to trick the user into thinking it is a protection/removal tool.
The
What I think is great is the sender address spoofing...I've got a journalist friend who, by nature of his work, has his email address plastered on a lot of his articles. He gets 15-20 automated messages a day, telling him that he sent a Klez-infected message. The downsides of (not very big) fame, I suppose...
"That's Tron. He fights for the Users."
[Sorry for AC post, already have 50 karma points]
:) That's how the game works...don't fuck with your sysadmin.
Anyone who works in an ourward-facing business capacity (read: not most IT people, but most everyone else at the company) generally receives email from people they don't know, and they don't have the luxury of simply trashing it. If you work in customer service, marketing, accounting, sales, you have to check out these emails and see if they are for real. Fine, not the ones that are obviously spam, but the spammers are getting smarter and disguising their spam as legitimate email. Just because the address is unfamiliar doesn't mean that it can be trashed.
Here's a better solution: Only open attachments that you are EXPECTING. If Accounting from the San Diego office sends you an earnings report every week, fine. But if someone sends you a screensaver from out of the blue saying "I expect you would like it," then guess what...it's a fucking virus!
Of course, there is nothing better than vigilant virus scanning with updated virus definitions (I recommend F-Prot...free for personal or educational use). At my firm, we do a network-wide scan for viruses once a day. Our employees have been instructed to use common sense in opening e-mail, and each of them has a copy of F-Prot for Windows, so they can scan as well.
Of course, that doesn't stop Mr. or Miss Click-Happy-Luzer from spreading viruses. Those people usually wait a few days before we attend to their needs.
Buffer overflow != virus.
If I ever saw a self-replicating buffer overflow infecting files and/or systems, I'd find it rather interesting.
That this is a two part virus and you already need to be infected with one part of it that embeds special instructions in the registry, for the virus to actually work. Note, that this part of the virus isn't a picture but must infect another file, possibly accompanying the picture, or hiding in another place.
From McAfee AV labs:
This appending virus is the first reported JPEG infector. It is multi-component +in nature, requiring an extractor file to extract (and execute) the virus body +from infected JPEG files.
Infected JPEGs are unable to replicate on non-infected machines - ie. machines +without the extractor component installed (hooked in the Registry).
McAfee products running the 4185 DATs (or greater) with program heuristics +enabled, detect both the virus body (11,780 byte PE) and its extractor +component as virus or variant W32/Alcop@MM. This virus is a proof of concept and it has not been seen in the wild.
(http://vil.nai.com/vil/content/v_99522.htm)
This virus sounds pretty stupid to me, why go to all of the trouble distributing the payload in pictures if anti virus software already can tell if an executable is infected by the "extractor" part. However, the extractors relatively small size may make it easy to hide in other applications without antivirus software being able to detect it... Still smells like hype though.
Isn't Bulgravia where bull gravy is made?
Actually, I tell my users (not LUSERS) that, when they recieve an unexpected attachment from anyone, they shoud call that person and thank them for it before they open it.
That way they learn the other person hadn't sent
them anything and both parties detect the virus.
Yes, the L stands for Language, a markup language, not a programming language. English is a language too, but that dosn't mean it will run on a computer
Even with ECMA script, a web site should never be able to exicute native code on the system, but sometimes they can due to software bugs.
It's true that JPEGs don't contain any code to exicute, if there was a bug in a jpeg rendering library, then it might be possible to create a virus using this bug.
autopr0n is like, down and stuff.
You know, not all viruses will damage your system, some are just intent on spreading, and stay hidden from the user.
And I disagree that it's like using a condom. A condom is a physical thing that actively prevents anything from going through. Actually, antivirus software is more like spermicide. Anyway
"pull out before cumming" or "only do it after your wife was on the rag" are general practices you can follow for not getting a woman pregnant, just like Michael's general practices for avoiding a virus. It might lower the risk, but it won't actually stop a virus that works around those
There could be viruses for Linux out there, someone could find a hole in Eudora; a virus could come with 'regular' software (look at the vs.net article above), etc. None of those things would help you if you came across such a virus.
autopr0n is like, down and stuff.
Don't Symantec's Norton AntiVirus and McAfee both have holes to let Magic Lantern barge right in?
I think these vendors should be considered only partially trustworthy.Memory fades over time. So I might have this wrong - feel free to correct me if so. But as I remember it...
McAfee is one of those success stories that would have been unlikely without the Internet. They offered their AV product for a free download. However, if you wished to get updates, you had to subscribe. The Internet allowed widespread downloads (and easy updates). And McAfee managed to add a new twist to the "razor and blades" model to make anti-virus more a service than product.
At least, that's what got them going. They grew. They were bought out. They changed.
Yeah, it's a pity we don't live in a non-capitalist country. Everybody knows how much better those are at preventing computer viruses... :-)
I play Nerd-Folk!
Yeah none,
No seriously, If you need to scan your system. Go to http://www.housecall.antivirus.com and have them scan your system via your browser. It's quick, easy, doesn't hog resources, and most importantly it's free!
DP
read my post about sodomy, blind idiot. you're just too retarded. dont post here untill you know how to spell 0v3rf10\/\/. Neway U got child porn on your computer!! HAHAH. Amusing what /. reveals sometimez...
Of course, this means that all your desktop icons will have .ink extensions, but so what?
Tech Public Policy stuff
Peter Norton and The Boys, kickin' back and cookin' up new viri...
"We need one that's got that old school class... Little bit of trojan, utilizes end-user's resources to spread itself... yeah, yeah, good... It'll replace their exe's with itself... Fun little zombie refernce with that... And for the twister, you guys are gonna love this, it breaks their existing AV software and makes it impossible for them to uninstall it without tearing through the registry!"
{General applause and chuckling around a long smoke-wreathed table}
"It's gonna be a good quarter, guys... Now I'm off to do another one of my "stare into camera with inhuman eyes till I scare the hell out of 'em" photo shoot for the cover of Norton Antivirus 2003."
Not only does God definitely play dice, but He sometimes confuses us by throwing them where they can't be seen. -Hawking
Here's a better solution: Only open attachments that you are EXPECTING. If Accounting from the San Diego office sends you an earnings report every week, fine. But if someone sends you a screensaver from out of the blue saying "I expect you would like it," then guess what...it's a fucking virus!
But if you are a copywriter and someone sends you an email out of the blue with a Word attachment saying "Please send back comments by the end of the day."? You may work with a few different client companies marketing/PR firms and don't recognize the name. You can't tell if it's legit or not. You're not EXPECTING it but heck, you get 5-10 attachments per day that you don't expect and have to deal with as part of your job. If you had to call and leave a voice mail to check the validity (because no one evers answers the phone) of each attachment you'd never get your job done. And what if it's a virus that fakes the sender and it IS from someone you know? It's virus time, and please don't try to blame the user (or anyone except for the virus writer) in this situation.
2 ounces of commen sense, and, yes, as you mentioned, good, updated virus protection will solve a lot of the virus problems. But not all.
My point is only that it's impossible to make hard and fast "Don't open" rules when it comes to random emails and attachments. And it bugs the heck out of me when those types of rock solid edicts come out of the IT department with a "and if you open them even after we told you not to, it's all your fault, don't come crying to us!" closing. It just burns my butt and smacks of a cover-your-ass mentality. Life goes on- business goes on- and things happen. Mimimize the problems by working with the users and realizing what they have to do LEGITIMATELY with unsolicited emails and attachments to get their job done.
And string the rest of the dopey users who can't resist the screensaver, joke and bowling elves emails up on a wall as an example to all...
McAffee, Norton, Trend Micro, etc. are still miles behind the Bulgarian virus writers of over decade ago. But what happens when they catch up? Its only a matter of time when you have a multibillion dollar a year industry working at it. They're going to be even better than some proto-cyber-terrorist-wannabe kid in a soviet sponsored junior college ever dreamed of. Someday.
Yet another altruistic geek that knows everything about all topics computers has weighed in with his heavy hand.
Let me join in as well.
Michael, you are a pretentious idiot.
The virus writer sent this sample to the AVERT team at NAI. NAI or McAfee did not manufacture this virus. This virus is a proof of concept.
This virus has a low risk assesment.
The correct English plural of virus is viruses. Please consult any good dictionary before making up words. For the purists, in Latin, there is a rarely-used plural form: virus, viri (neuter) (Forms: almost always restricted to nominative and accusative singular; generally singular in Lucretius, ablative singular in Lucretius) The point of this is that even in Latin the form "viri" is rarely used. The singular form is used in most every instance. (This is from the Oxford Latin Dictionary.) So, when considering the Latin: "virii" is incorrect and "viri" was almost never used.
Not all technologists are network technician monkies.
In my own work, I engage in research for the DoD; I am also responsible for drumming up new business (white papers, research proposals, etc), tracking my time, maintaining systems, making business decisions, implementing code.... etc. This is in a company of about 40 people, most of whom are likewise engaged.
Back when ILoveYou hit, some retard forgot to update the company's email virus filter, so it got through. And of course, being morons, just about everyone in the company opened the fucking attachment. This is a company full of people who MAKE ANTIVIRUS SOFTWARE, and the virus probably hit us harder than many other companies. Rumor has it that a good number of customers actually received the virus from contacts at McAfee. After the outbreak came under control, messages were sent out saying that nobody was to mention this to *anyone* outside the company, or they'd be fired. That's right...they didn't fire the people who executed the virus, because most of those people were top management. No -- they fired the people who talked about the outbreak.
It was also widespread knowledge within the company that our AV products sucked complete ass. There was a corporate policy that required all employees to run the latest version of McAfee VirusScan on their computers, but very few people in my department did, because the latest version sucked. We all ran an older version that was better (and some of us used competing products that we trusted more).
Ironically, my boss (who wasn't a moron) once told me that the only AV product he trusted at all was Kaspersky Anti-Virus.
According to the McAfee entry, you need not only the payload in the jpeg file (that sounds reasonable) but an extractor to be on the computer already (also reasonable). But it's also ridiculous design. All the payloads in the world will be useless without the extractor, and that's the 'real' virus here - as long as you protect / remove the extractor, the payloaded jpegs will lie there just being slightly stranger jpegs. Nobody's said so far if the jpegs are simply inserted, meshed, or even one-bit stego'd with the payload - that would render a slightly - maybe imperceptibly - altered jpeg - the entry says the jpegs they saw were 11K bloated with the payload. I remember basically not being able to discern a pretty substantial stash of data in PICT files with the old Stego program on the Mac.
I still have a question with them seeming to have a harem of virus authors who send them stuff - hoping this is a collection of trusted white hats. But if you wanted to employ a stable of kiddies who can think up some pretty far-fetched schemes like this one to keep you rolling in definition updates, it would look a lot like this.
Sure, jpegs are all over the place in the web, but that's negated by the sheer number of different images - the reliability of getting a particular jpeg to deliver your particular payload are astronomical, and without doing the math, the delivery method can seem very close to moot. IMHO this is a real stretch in terms of eventual effectiveness as a virus. But it's late on a friday - braver souls might do the math and correct all these conjectures.
"Win treats sysadmins better than users. Mac treats users better than sysadmins. Linux treats everyone like sysadmins."
A program designed to read JPG's is going to be designed to deal with a stream of data of unknown length and of unknown structure, beyond being a valid jpeg. For this reason, a jpeg library should be more resistant to buffer overflows in jpeg files than, say, an FTP daemon with dozens of obscure buffers, any one of which could overflow and be used to execute code with the authority of the FTP daemon. I mean, if your graphics library is going to have a bug, having it in the graphics file buffer is a really obvious and bad place that would probably cause many, many problems incidentally before anyone decided to use it as a viral infection route.
BMP format is so simple that you wouldn't normally look for a vulnerablity there. But there's a BMP subformat which contains run-length-encoded 8-bit color mapped images. The decoder is in the NT kernel (dumb), and can be induced to do a kernel level buffer overflow.
I reported this years ago; I don't know if it's still in NT 4 or later Microsoft operating systems.
I kinda sorta recall being able to download updates for free. That would have been pre-internet, so it was from their BBS. Ah, the good old days.
Display some adaptability.
IMHO, it offers an AFAIK new method of supplying instructions to a trojan/backdoor like program, and using the viral aspect of infecting other (generally unsuspected and un-inspected) images, as a worm-like method of distributing your instructions. All it needs is the trojan (here called "the extractor"), which would do nothing more then executing the code that some image provides.
Looking at it that way, then yes, the extractor is the weak point, the point to intercept and disable this thing. But we all know that there will always be machines that can be infected. And the infected machines then offer a general entry point for different sets of malicious instructions. It may be different code for each infected image you receive, it only needs one well crafted 'extractor'.
I do realise that this is not a very efficient way of doing evil things. There is no guarantee if or when your commands will be executed. There is still the task of getting your infected image file to enough systems that you can be reasonably sure that some of them will have been infected with the extractor. But... for some evil things there is no need for immediate results, for some things this method might not be very efficient, but only just efficient enough.
Is it revolutionary? No, I think not. There is still the extractor executable to intercept, which would be just another entry to the virus signature database. But the virus/trojan/worm combination possibility is at least interesting. Discuss.
karma capped
Sorry, but that would be like altering a paperback book to play in my DVD player. It would take MUCH more work on the DVD player than on the paperback.
It's simpler than that, don't use Outlook. Try Balsa, Pine, Mutt, Mozilla or exim. They all do the job.
I resent your presumption and the way you blame the user. At work I've had several Outlook viruses autoexecute with NO ACTION ON MY PART. Would you call me a stupid user? In fact, you should never call any user stupid because their software screwed them. It's the program's fault that it can be broken not the users. The programer should consider all possible user actions and have well defined error code responses to them, especially when they are going to sell the silly code as a non modifiable binary.
DMCA, Hollings, Palladium. What might have sounded like paranoia is now common sense.
So what's your point?
You need a FREE iPod Nano
I didn't know I was trying to win something.
Point of article: Anti-virus makers are simply feeding on the fear of a dying industry.
My Point: Remember that next time you see another virus alert on slashdot.
If it makes you feel any better; Sure Tex, you're the winner. Feel better?
You need a FREE iPod Nano
Linux is free of Virus unless Microsoft decides to make Microsoft Office Linux Edition.
This would add Linux to the existing Virus Replication Plaforms:
- MS-DOS
- DR-DOS
- Windows (all versions)
- MacOS
Virus Free Platforms:
- Linux
- Unix
- Java
- IBM OS/2 (?)
Since it was funny, I won't consider you an anal typo bastard today ^__^ As for the help desk, I should be so lucky. But noooo... I have to disassemble over-engineered Imacs (G3s particularly), Laptops and PCs (the latter being cake). Perhapse I am a bit to close to the problem, but here's the very distilled essence of my great and magnificent knowlege and wisdom:
Point of article: Anti-virus makers are simply feeding on the fear of a dying industry.
My Point: Remember that next time you see another virus alert on slashdot.
And hey, I'm even willing to concede that most of the viruses are Windows based... But then, more people use Windows more than any other operating system. Security hole arguments aside, of course more viruses reside on Windows. As far as the virus threat being manufactured? Sure, why not. Whatever you want to believe. In all seriousness, I'm curious... Running a virus scanner per chance on a regular (or irregular) basis?
As for companies spreading FUD, of course they do. Won't even begin to dispute the fact. But that doesn't automatically negate the fact that viruses are a threat, sometimes annoying, sometimes serious.
It's good to hear you have more than 5 friends as well ^__^
You need a FREE iPod Nano
I've never heard of a virus company, much less had one do anything nice for me. Come to think of it, I've never had any comercial software company do anything for me.
You do understand the nature of AV makers and the futility of bothering them. Telling Norton, McGaffe, and who ever to behave is about as good as telling M$ to stop making buggy code.
Your appreciation of makers of obsolete garbage, however, is mystifying. No one needs windows, so no one needs anti virus software. I don't need Windows, nor does my wife. If we can get along without it, anyone can. Advertising dollars spent promoting Windoze and the AV it requires are pure waste, the last thrashing of a dinosaur that's evolved in all the wrong ways.
DMCA, Hollings, Palladium. What might have sounded like paranoia is now common sense.
What do you mean "Darn... and I just updated my anti-virus software"?? You should be doing it every day -- sometimes twice a day. At work we're hooked into F-secure's auto-update with a server/client system running. At home, my PC automatically checks for updates every time I dial into my ISP. Updating is a constant process, not one you only bother about when someone issues a press release.
What surprises me is that the 'exploit' is so pathetic. There's really no need for a pre-existing helper app.
Knocking over MySpiffImageViewer.exe with malformed data that leads to a buffer overflow is not so different from knocking over sendmail or named with malformed data and a buffer overflow. The key difference is that you need to push the JPEG to the victim, and trick them into opening the file, whereas mail and DNS servers sit there waiting for data. Once you get someone else's machine to process your data, a buffer overflow is a buffer overflow, and if you can execute arbitrary code, the machine is yours.
Sendmail et al may run as root, but on a Windows box, everything has 'root' privileges so the possiblities are not so different.
Build stuff. Stuff that walks, stuff that rolls, whatever.
English 101, not everyone speaks it.
English 102, not everyone cares.
English 103, press makes the grammar.
Stop being an ass.
That last part was directed to me.
Intelligence is a matter of opinion.
And this is the precise problem I have with AV companies. They're reactive.
Every day a new virus will come out and slip through the AV nets until a new definition is released. It should be the case that the virus software could recognise a virus before it's known.
In the olden days a lot of heuristic engines were developed to do this; but they tended to be poor because they couldn't deal with highly polymorphic assembly language very well.
Whilst I accept that recognising a code is equivilent to the halting problem it should be reasonably trivial to recognise one of these modern day 'mail viruses'. After all it should be just a case of looking for applications which contain their own SMTP server.
Perhaps you could cobble together a quick n dirty (tm;) AV program just by adding some rules to one of the freeware firewall applications which are common under windows. Remove the GUI and just recognise a virus as something which does nslookups + port 25 connections ...
Don't worry, my fustration with iMacs is mainly geared toward the guts, not the OS itself. Beautiful design, fairly robust OS, horrible engineering. The G4 is nice though...
Now only if everybody used slackware =p You of course realize you're implying that Anti Virus thrives only because Windows exists... Heheh...
You need a FREE iPod Nano
This is NOT a hoax, or FUD. There IS FUD in the A/V industry, but this isn't it. The press release does a bad job of explaining why the JPEG virus is a big deal. However it DOES say (clearly) that this virus is not a danger in itself - it's a proof of concept. Without going into more detail than would be prudent, *please* believe me when I say that there are significant reasons (a) why this PoC virus is significant, and (b) why virus writers will be exploiting concepts from this virus to make Very Bad Malware. Hey , why should it bother me, I run Linux! Well *i* run Linux too, in fact I develop my code on Linux; it will affect us when the world's NSP backbones are choked with worm scans, ARP requests and buffer-overflowing HTTP requests. This IS going to happen. And, whatever Sophos would like you to believe, this is NOT a case of NAI/McAfee whipping up a hype over nothing. I can't say anything more, but I'm going to take the chance of losing my job by not posting anonymously in order to emphasise how much I mean this.
It's sooooooo frustrating knowing things about this and not being able to talk about it...
"None are more hopelessly enslaved than those who falsely believe they are free." -- Goethe
I use AVG and totally agree. I thought the same thing and turned that feature off the first time I saw it. It's really just advertising anyway.
*f-prot*
Nuff Said
Boy if the OpenSource IJG jpeg decoder used by Microsoft for IE is shown to have a buffer overrun bug, 90% of the slashdot population will have to commit suicide after all the bile they have poured out about unsafe Microsoft.
That would suck.
All the real email virus threats share a few distinguishing characteristics:
They're usually transmitted by email. If you know enough on your own, or you've had a half-hour class in "Email 101", you should be able to avoid executing random files received by email.
Whoa... do you mean to tell me email viruses are transmitted by email????? No! It's a lie! A lie I tell you!
Hypocrisy is the 8th deadly sin.
A story that has always formed the basis of my philosophy on the virus issue...
Back when I was a nipper I read a story about a farmer in England who had a problem with moles digging up his front lawn once. He called in the mole catcher to deal with the problem, but afterwards a servant came and told him that calling in a professional mole catcher was a bad idea, because they would only catch the adult moles. The baby moles would be left where they were in order to grow up, so that the farmer would need to call the mole catcher again to get rid of them. The servant's advice was to either try and relocate the moles to an area where they wouldn't cause so much damage, or for the farmer to poison them himself.
In nearly 8 years online, with normal usage including IRC, I've only had two viruses. Thr virus problem truly isn't as bad as most people believe...and by downloading virus software, with the lack of regard that companies seem to have for people's privacy these days, I wouldn't be surprised if you were actually getting spyware inside programs that were supposedly meant to be getting rid of such things...it's worth thinking about.
NIMDA, or so I read, can infect websites such that if you visit them with old versions of IE your machine can be infected. Also, Outlook executes junk in email by default. So throwing out Windows is the best answer or at least not using Outlook and IE.
Of course, I'm a UNIX/Linux bigot anyway. Personally,
I think Windows and all its minions are pretty shabby products whose predominance causes alot of misery.
If you keep touching a hot stove after your parents told you not to, you're an idiot. Plain and simple. While the "don't come crying to us" edict is elitist, if your your IT people tell you "don't open any suspicuous-looking attachments," and you do, it's your fault. And you'll also anger your IT people. That's not a good thing.
You can say that it's the IT guy's responsibility to clean up after the users, but fact is, the IT guy doesn't need you. He could work elsewhere, go into self-business, or code away. You need the IT guy, unless you know how to properly configure a server.
It's not hard to scan for a virus or to tell if the e-mail you got is from a legitamite contact or not. If you can't do either, you should be stuck behind a typewriter with the rest of the lusers.
um, yeah, and then you make the arbitrary code infect something else.
They're right about every file format not being safe. There hasn't been a JPEG trojan/virus yet, but it's theoretically possible against some PNG viewers due to the libz bug, and someone did make a trojaned mp3 for one of the early Linux mp3 players that worked due to being able to overflow a buffer in the player, and pine due to buffer overflows in their mime could actually get an email virus without requiring you to try running any executable code. There are plenty of overflows in IE's past when reading HTML (not misimplemented security, overflows) that could allow an attacker to run code on your system just from viewing a page too. Any program that deals with foreign data is a potential security hole, regrdless of if that content is designed to be executed.
Yes, I've recommended ZoneAlarm to many people, and I have been using it for a long time now, even with my NAT broadband router protecting me from incoming attacks. ZoneAlarm also prevents unwanted outbound traffic, unlike many other products.
- Eric, InvisibleRobot.com
Who give these events the most credibility... They're the ones who run every attachment in e-mail, and don't even know how to enable the "show known extensions" feature in their folder properties, and often run attachments with hidden shortcut properties (such as picture.jpg.pif, et al, which exectutes the viral code)... The antivirus folks are capitalizing on this, of course...
Frankly, it's getting to the point where requiring people to take a one year course and get a license to operate a computer seems all the more feasable and even nessesary...
Just because you can mod me down, doesn't mean you're right. Shoes for industry!
Quite a while ago Microsoft released a nice patch called 'Outlook security update' for Outlook 2000 that recognized and blocked any executable code. This was a true sysadmin's relief: once you have it on users' machines, you're safe as it just couldn't be turned off. But you needed an SR1 service pack for MS Office installed to apply it. And once Office XP was out, the SR1 magically disappeared from Microsoft's download section.
I have a little story for you. The point doesn't come until near the end, so be patient.
.exe's! And she scanned the files.
/., is very grateful that she has Norton on her precious Dell. Why? Her semi-computer-literate mom, and her mom's computer-illiterate fiance, and that fiance's e-mail-forward-perpetuating, half-computer-literate daughter all use her beloved Dell. And when she tries to explain stuff, they get confused. So she doesn't know if they're competant enough to avoid suspiscious e-mails... she does know that none of them have discovered Outlook yet. XD
... I really hate it when people make something look like something else for a quick buck.
Just over three years ago, on December 27th of 1999, the day after her 12th birthday, Squirt got a computer.
Squirt had an IQ of 103, and loved to learn, but besides that, she was fairly normal for her age. A little more mature, maybe, but she was still a naive little kid. Most importantly, she was computer illiterate.
Squirt started up this computer (Windows 98). Squirt paid no thought to the fact that this computer had no Antivirus software. She was scarecely aware of the existence of antivirus software.
Squirt surfed away, never encountering a problem. After a few months, she discovered e-mail! She deleted Outlook Express, because she never used it. Squirt began happily e-mailing away via Alloymail, gURLmail, Boltmail, and finally Yahoo! mail.
Two and a half years later, Squirt had changed her nickname to Wolfbane and got a new computer.
Wolfbane, however, needed to transfer some old files to her new computer.
Her new computer, a Dell Dimension 8100 series, which she's still proud of to this day, had Windows ME and came with Norton Antivirus!
Wolfy put these files onto a floppy and then put that floppy in her Dell's hard drive. Some of these files were
VIRUS FREE.
In two and a half years without an antivirus program, a teenage girl, not even in 9th grade, DIDN'T GET A SINGLE VIRUS! In fact, the closest thing she got was a prank page that said "You have a virus" via a javascript alert box to EVERY VISITOR TO THE PAGE.
And this child, though naive and originally computer illiterate, had the IQ of an average adult, give or take ten points at first, more later (IN fact, at her three year anniversary of being a windows user, her IQ was 124, and is currently 126!).
The lesson? Antivirus software isn't as necessary as these companies claim. Stuff isn't as vulnerable as they claim. But since idiots think it is, and idiots are most likely to succumb to virii... go figure.
Of course, this child, who currently goes by watashiwananashidesu at
So, antivirus stuff and propaganda aren't completely useless, and I feel a lot safer with Norton. But the idea of Proof of Concept viruses make me mad, when marketed as REAL threats. Don't post it like it's a wild threat if it ISN'T!
Serious, I scoured the Norton and McAfree or whatever sights for signs of a CURRENT threat from this JPG stuff, and couldn't find one. Yet it was promoted like it was a current problem, when actually it's just an idea that might come into play a month or two down the road.
I just hope my mom, uncle, and aunt don't see those articles.. @_@
Someone else *may* have already posted this, but a while ago on one of the securityfocus mailing lists, it was shown that code could be entered into a JPEG which would cause Windows XP to reboot itself, so I would have thought that worse could be done given time and effort.
I heartily agree with you in general terms. However, Windows is mainstream, and it is very difficult to live without it; and antivirus software is quite advisable for most people. Not using AV software, however, is not so terrible as driving without brakes, as some would say. How long can you do that: five minutes, half an hour? Well, you can live without AV software for years, as I have done... and I have never been infected, and I have never infected anyone. (And there are days, these days, when I receive about 10 copies of the Klez_H worm!) For the complete story, see my article: http://www.idg.net/idgns/2001/02/15/OpinionHowToAv oidAntivirus.shtml
I just wonder that how many virii have McAfee, Symantec etc manufactured that attack their competitor's products disabling them? When I installed McAfee VirusScan 6, it "suggested" that I should uninstall a component of my Norton Systemworks... Making your competitors' products look bad could be really good for your own business. And programming more viruses would help tremendously to keep the whole anti-virus sector in business.
As we know Unix based systems are basicly virus resistant.
As it is this leaves Windows and Palm Os. Take the precaution of turnning off the IR on your plam and your reasonably safe. Leaving Windows on desktop, PDA and server the only virus security risk.
Microsoft will eventually have to adress the problem rather than ignore it...
Probably with some silly half considered system.
But viruses aren't the unstopable all powerful programs pretended to be in TV shows and movies. Even a sloppy effort is good enough.
Chances are Microsoft already has this system laied out. They aren't in any hurry as it's not a big consern right now.
But they know it could be.
Big anti-virus companys however don't have it so easy. If Unix systems dominate the market or if Microsoft kills the viruses on the Windows famaly they are out of business.
I don't actually exist.
We should build something like this into Linux!
Let's see:
* The kernel handles file I/O
* The kernel either implements or controls the memory protection features of the system
* The kernel handles network I/O
* The kernel is open source
Built-in AV could be a nice selling point. Futhermore, when virus writers start focusing on Linux, such features will force them to depend on the stupidity of the user (rather than the flaws of the system).
...and much more effective than any certification.
Got time? Spend some of it coding or testing
I run Linux. I forwarded a copy of a virus message to a (Linux) mailing list one day - the text was amusing - and forgot to strip off the infected attachments. Needless to say, the fact that the message `originated' from a non-virus-running Linux box didn't help the 4 or 5 Windows users who didn't have up-to-date virus scanners running at the time.
Got time? Spend some of it coding or testing
LindowsOS runs as root and is now being sold with some WalMart computers. Oops.
Got time? Spend some of it coding or testing
I've never, EVER gotten ANY fabricated virus alerts from Trend Micro. Ever. All their pattern files are usually updated within 12 hours of a virus alert. They don't force you to purchase new versions every year -- you can continue to update pattern files on your old copy of PC-cillin 98 even today, albeit the program isn't as advanced as PC-cillin 2002. And it's cheap! It's only $40 for unlimited pattern and program updates, and only $20 to upgrade from ANY old version. I'm surprised more people don't use it...but then again, I'm really not, since the only computer I've ever had it bundled with (granted, there are only two computers I've ever purchased and not built) was Alienware, and that was back when they were still an infant company. (I'm not sure if they still bundle PC-cillin or not.) In any case, call this a shameless plug, but for all intents and purposes, PC-cillin is the superior virus scanner. (It also includes POP3 scanning, so even those running Microsoft Outlook are safe from all but the bleeding-edge virii.)
[insert witty comment here]
The corporations have to make good to their shareholders somehow. What were you expecting?
The theory of relativity doesn't work right in Arkansas.
It's been said before, but if you look at Exchange and Outlook as just being an email server and client, you're missing the point. Of course, most people who run Exchange and Outlook never use the other stuff, but that's not the fault of the programs.
If all you need are an email server and client, then that's sort of the point.
And if all you need are an email server and a client, then you're better off getting tools that do one job and do it well.
Luckily I haven't been exposed to Bloats apart from horror stories.
Most viruses nowadays are actually trojans. How would you CLEAN a trojan? There's no data in there to salvage. And I can't imagine studying and detecting fingerprints of morphing viruses is a simple matter either. But to you, all commercial software is a joke, isn't it. Yet, you pirate it anyway....
Jesus man! Get on a Stairmaster ya pudgy bastard!
It's true that virus code sitting in jpeg file doesn't run on it's own. However, it's a great way to move large payloads of viral matter to pcs and THEN execute it with a program capable of extracting this code, a bootloader basically!
As a techdesk monkey at like local college, I can say that Klez is a bitch to get rid of.
Actually, www.sarc.com provides a free klez removal tool, which will fix all executables, etc. which were infected by klez.
I do agree with your viewpoints however, I think you need to do a bit more research and redirect your feelings.
The Virus you are referring to is called W32/Perrun, and isn't a true virus, in my opinion. If somebody is saying that you have to be infected with a virus to be vulnerable to W32/Perrun, then they are mistaken. You do however have to have the "infector" on your machine. The "infector" is nothing more than an EXE file with potentially malicious intent. This infector could launch viral code, some type of DOS/DDOS attack or pretty much anything else. The current infector will by default infect another JPEG image on your machine. It is not like a typical virus that has a built in replication method and will spread from JPEG to JPEG.
The JPEG itself only has a small modification that causes it to call the "infector" Which as stated above could contain a malicious payload. This will corrupt the JPEG as you mentioned, but the JPEG its self does not contain anything harmful.
AntiVirus companies such as Mcafee (Network Associates) have released press releases, but do you blame them? This is the first time this has been done, ever! I am personally glad they notify the public, rather than keep it a secret like one of the other software giants (Microsoft) that only tells about problems when their arms are twisted. The majority of hype comes from the local media. On the 13th the local channels were teasing their news casts with "If you trade family pictures on-line, you need to beware of a new computer virus." Never once did they mention that the virus was not in the wild and was submitted directly to Network Associates as a proof of concept from the author.
I think this is where you should target your frustrations. There is already enough trouble in the IT world and we are just starting to recover. Let's focus on the news media as we all know they over hype everything.
Well, it's a good day to run Lynx, that makes my running Linux, checking my mail with Pine or Elm (which aren't subject to many viruses), and using Lynx, which doesn't have graphics support in it.
Tibbon
tibbon.com
I find it interesting that MS users speak about things that they have no understanding of. It's a common trend. Try reading a book. When you have a thorough understanding of the hows and whys behind viruses and microsoft products, you'll understand why you come across so stupid.
The most important thing any republican needs to know.
There is no country called Bulgravia.
Neither did Alien54 state that there is.
I wouldn't choose to use Scientology terms to give an example, but Bulgravia is actually defined as a geographical area, more info here.
One of the bashers actually indicated that he can use google, only not very well...
Are you a grammar Nazi? I'm trying to improve my English; please correct my errors!