McAfee Manufactures Virus Threat

The sleaze has gotten out of hand; it's time to roast a group of 20 or so companies whose profits are directly linked to creating fear in their customers, who have to keep discovering new sources of fear to improve their bottom line - or in the absence of new discoveries, keep inventing new sources of fear. Yes, it's time to take on the anti-virus software vendors.

The latest "news" to come out of the AV industry is New Virus Infects Picture Files. McAfee put up their description and made sure to issue a wide-spread press release to stir up some interest. McAfee's spokesdrone fans the flames:

• "Potentially no file type could be safe."
  
  That evolution should make computer users think twice about sending pictures or any other media over the Internet, Gullotto said.
  
  "Going forward, we may have to rethink about distributing JPGs."

Now, if you know much about computing, you may be a little suspicious of this. JPEGs are compressed image files that only contain data representing an image to be displayed, not code to be executed. A modification of that data might screw up the picture of your cat dangling from the edge of the kitchen table you like so much, but it won't turn the image into a potential virus transmitter, because the programs that display JPEGs don't read them with an eye toward executing the code. An image file is just data to be displayed. The line between "data" and "code" is a little bit fuzzy - often particular characters or a particular file can be both data and code, depending on the context of how other code handles it. Or a particular file can include both data and code separately, like a Microsoft Word file that includes data (your text) and code (some macro designed to be executed by Word when the document is opened).

But for JPEGs there's a well-designed standard, and it doesn't include executing code of any sort. If a JPEG-handling program doesn't like the data it sees, it should just stop trying to display the image, not decide to start executing code from the image. JPEGs are mostly harmless.

McAfee's claim of a virus spread through JPEGs requires one essential element: you have to have already been infected by ANOTHER virus transmitted by some actual executable code. What it comes down to is:

Once you're infected with a virus, the virus can set you up to be infected by other viruses.

No shit, Sherlock. Once you have enemy code running on your system, you're toast. A virus could alter Microsoft Word so that opening any Word document at all would erase every file on your hard drive, making every single Word document in existence a deadly threat -- to you, and to you alone. But this isn't a new virus threat of any sort. It isn't a breakthrough. It's a consequence of being infected, not a new method of being infected.

Two weeks ago, we ran a story about a cross-platform virus. Like this one, it didn't really exist in the wild. Like this one, it was mainly a PR ploy (by Symantec, in that case). But we thought it had at least some minimal technical interest as a bit of code that would run under Windows or Linux.

McAfee and Symantec (and all the other AV vendors out there) are waging a PR war to "discover" ever more news-worthy viruses to defend against. To get maximum coverage, your new virus needs to do something unique or different -- make your computer turn green, or infect something previously uninfectable, or whatever it might be. Compare this to Klez, a very basic virus similar in most ways to viruses that have gone before, which is still out there looting and pillaging tens of thousands of computers every day, but isn't ideal for AV vendors because they don't have a monopoly on the cure.

The press is catching on, to some tiny extent at least, that most virus alerts are fictitious and just designed to drum up business for the vendors. But it's far easier to repurpose a vendor's press release and call it a story than to dig into real threats that exist on the Internet, and the causes of those threats. Today, like last year and the year before and five years ago, there are major email-borne virus threats out there. (There are still old-school viruses out there too, transmitted by sneaker-net or by downloading suspicious software, but email is clearly the way to go for the discriminating virus creator.) All the real email virus threats share a few distinguishing characteristics:

• They only affect Microsoft Windows. If you aren't running Windows, you are safe.
• They're usually transmitted by email. If you know enough on your own, or you've had a half-hour class in "Email 101", you should be able to avoid executing random files received by email.
• They auto-execute in Microsoft Outlook or Outlook Express. Microsoft has finally made some progress, after many years, in reducing the vulnerability of their flagship email programs. So if you have a recent or fully-updated version of these programs, you may not be as vulnerable as people running older versions. Nevertheless, this was (and still is, since so many people don't have recent or fully-updated versions) a primary vector.

And that's really it. If you don't run Windows, you're safe. If you have basic email skills, you're safe. If you don't run Outlook, you're safe. That's the story of modern viruses, and fortunately or un-, it's a pretty boring one.

McAfee, and Symantec, and everyone else involved in the anti-virus FUD business: lay off. I mean that literally, as in, "Lay off the people you employ for the purpose of drumming up new virus threats." Lay off the public relations people you employ to say things like, "We may have to rethink about distributing JPGs." Lay off the BS. There's a real market for your product, people who (for whatever reason) are using Windows and/or Outlook, and haven't received the half-hour training course necessary to avoid viruses. You can market to them based on your fast responses to real virus threats - you don't need to manufacture any more.

Darn... and I just updated my anti-virus software

[eaddict]

I use AVG from Grisoft and just updated the signature file. I am SOOooo glad I use a freeware/shareware product that keeps up with REAL virus and not marketing. As they say here in the U.S. "There ought to be a law..."

Good article, good idea

[mpweasel]

Attention, AV companies:

You could make some money offering training classes on how to avoid common viruses.

Key points for Windows/Outlook users

[Peyna]

It's pretty simple to stay safe, and I have repeated this many many times to customers when I worked at an ISP. If you are using Windows or Outlook, do not open an attachment if you don't know what it is. It's very simple. I don't care if it says "This is very important, Bob and you must open this now." Unless you know specifically what it is and you were expecting it, don't open it. There is no need to, and you aren't going to miss out on much.

Of course, in the case of stupid users, there are some steps you can take on the server side to filter some viruses, but it's not perfect. In the end, patch Outlook, and educate your users. You could probably pretty easily drop any potentially executable attachments before they even got to Outlook (which drops many of them on its own).

Get With the Program!

[Sloppy]

JPEGs are compressed image files that only contain data representing an image to be displayed, not code to be executed.

Shows what you know. You Linux lusers don't even have Microsoft ActiveJPEG Technology yet?!?

Re:Get With the Program!

[llamalicious]

I'm afraid that you too, sir, are behind the times.

Our current initiative is Jpeg.NET, replacing the aging ActiveJPEG APIs for a faster, more stable virus replicating platform.

-BillG

Re:Get With the Program!

[jesser]

An image can be malicious without containing executable code. For example, the "goatse" images.

Instead of relying on an antivirus program to protect me from those images (do they even detect those images?), I use a user style sheet to make links to goatse.cx brown and crossed-out instead of blue and underlined. Here's the CSS:

a[href*="goatse.cx/"]
{
text-decoration: line-through ! important;
color: brown ! important;
}

bah

[ceejayoz]

I'm running Windows and Outlook, and I haven't been infected with a virus yet. It's just common sense... "MY WIFE NUDE.JPG.exe" probably isn't something I want to open. The real anti-virus software is common sense, but there don't seem to be many available copies out there. :-/

well....

[jeffy124]

say an attacker knows you use a certain program to view JPEGs, or other data/multimedia files. This attacker knows that certain program contains a buffer overflow, and how to exploit it. The attacker can assemble a specially formed file that exploits the overflow and opens a backdoor on your machine, granting himself some level of access to your computer (most likely user level access). Combined with knowledge of a local root hole, the attacker now has root access to your machine (ie, he 0wns j00). The attacker delivers this specially formed file to you in some manner (email, webpage, etc).

Suddenly, this "data" file is now containing a virus, isnt it?

Virus programs are worse than the virus

[Capt_Troy]

Someone should make a special program to detect and turn off Virus programs! I get a lot of calls from family members complaining about their slow computers, I check it out and they have the defacto McAfee install which checks all email, boot sector and floppy on boot, and (the worst one) EVERY exe before it starts. This causes a horrible delay everytime you do anything! I refuse to install any AV software on my computer simply because I am not stupid enough to open any of these files, and I consider the AV software itself to be a performance affecting Virus.

Re:Virus programs are worse than the virus

[blazer1024]

What's worse, on every computer I've seen with McAfee virus scan installed when they buy it has a 3 month trial subscription to virus def. updates. So after they've owned their computer for a year, they get the excessive boot delay (and it slows their computer down all the time too, because of "real time scanning"), but they don't get any protection from recent trojans/worms/viruses.

Re:Virus programs are worse than the virus

[Capt_Troy]

No problem, it's 208.47.125.33

Re:Linux. My anti-virus.

[sehryan]

Intelligence is my anti-virus. I have been running Windows for a long time now, and have never been infected with a virus. Why? Because I am careful about what I allow to run on my computer. Linux or Windows, it doesn't matter. If you don't have some common sense, you are going to get burned.

Re:Simple Virus Protection Schemes

[GreatErdrick]

3) Throw your computer out the window!

I would rather throw out Windows out of the computer...

Even spammers are catching on

[artemis67]

Check out this spam email a bunch of people in my office got yesterday:

-=-=-=-=-
Return-Path: postmaster@salisbury.net
Received: from salisbury.net (12.152.4.9) by myoffice.com with ESMTP (Eudora
Internet Mail Server 3.0.3); Wed, 12 Jun 2002 23:08:21 -0400
Date: Wed, 12 Jun 2002 23:09:46 -0400
Message-Id: 200206122309.AA2564817116@salisbury.net
Mime-Vers ion: 1.0
Content-Type: text/plain; charset=us-ascii
From: "postmaster " postmaster@salisbury.net
Reply-To: postmaster@salisbury.net
To: people in my office
Subject: WARNING: YOU WERE SENT A VIRUS
X-Mailer:
X-Mozilla-Status2: 00000000

On 06/12/2002 at 23:09:45 Our special virus software on our servers at salisbury.net
reported that your were sent an Email Virus containing the Unknown Virus in the Unknown File attachment.
The subject of the E-mail was "L Specifies the length". The E-mail containing the virus from kbndl@salisbury.net has been quarantined on our servers to prevent further damage. The virus never made it to your mailbox. (emphasis mine)

Internet Of Salisbury, Inc. provides this service free to our customers while other providers charge
a monthly fee. Though this software should catch up to 99 percent of viruses, a new virus could make it in.
If you are not running Anti-Virus software you should ASAP!

Please Contact N-Techsolutions @ 704-638-2422 or visit their website at:
http://www.n-techsolutions.com Look for the Norton Anti Virus Special! (emphasis mine)

Please do not call Internet Of Salisbury, Inc.
-=-=-=-=-

Not that there was ever any question about sleazy spammers being out there, but this one takes the cake.

Re:Even spammers are catching on

[Sorklin]

Now that is some good spam! Not only did you stop and read it (and even add emphasis), but you respammed all of us!

Wow! I'm impressed.

Ever heard of a buffer overflow?

[autopr0n]

Now, if you know much about computing, you may be a little suspicious of this. JPEGs are compressed image files that only contain data representing an image to be displayed, not code to be executed. A modification of that data might screw up the picture of your cat dangling from the edge of the kitchen table you like so much, but it won't turn the image into a potential virus transmitter, because the programs that display JPEGs don't read them with an eye toward executing the code

No, and HTML readers don't download HTML with an expectation to run the code natively, but it can happen thanks to bugs in IE.

Just like Outlook, the program you deride for its ubiquity, a huge, huge number of jpegs are viewed through the Microsoft libraries. If a hole was discovered in that library, it could be used as a vector for viruses.

The truth of the matter is that if you run windows, there is a real risk of getting a virus from things other then just running .exe files. In windows 98/2k you can be infected simply by clicking on a file once (because of the little preview window thing). Holes in Word, outlook, IE, IIS, and even windows explorer have made things completely ridiculous.

Also, Your list of things not to do to catch a virus reminds me like avoiding pregnancy via the 'pull out' method. Sure it might improve your chances, but it won't 'protect' you in any real sense.

I don't think viruses on Linux have any real future, due to the fact that the most obvious holes would get fixed quickly, but if you run windows you really should get some Anti virus software.

Re:Ever heard of a buffer overflow?

[zbuffered]

Also, Your list of things not to do to catch a virus reminds me like avoiding pregnancy via the 'pull out' method. Sure it might improve your chances, but it won't 'protect' you in any real sense.

I think this is a bad analogy. His list reminds me of avoiding pregnancy via the "if it looks like a vagina, don't put your penis in it" method, which is significantly more effective.

McAfee has been doing this since '93

[phsolide]

It's been more-or-less common knowledge that McAfee has done this since the Michelangelo scare in 1993.

I recommend going to vmyths.com to read their "rantings" section.

Let me predict that about 50% of the replies in this thread will consist of arguments like "Well even if we did get rid of MSFT products we'd still have a virus problem: look at staoG or Bliss or Ramen or the '88 Internet worm."

Those replies are guilty of a flaw called The Excluded Middle where one argues that a situation that in reality has a spectrum of situations only has the 2 extreme cases. In this case the replies will say that even Linux has viruses and worms (true and probably inescapable for a Turing-complete computer) so doing away with the source of 99.44% of viruses and worms won't solve the problem.

Of course this is crap. I'm still getting hits from Code Red I v2 nearly 10 months after it was released. When was the last time you got a sadmind/IIS hit? The problem isn't to eliminate 100% of all worms chainmails and viruses the problem is to keep worms chainmails and viruses from ramping up the exponential part of the logistics curve.

Re:McAfee has been doing this since '93

[EllF]

You might want to reconsider your use of logical terminology. The law of the excluded middle does not represent a simplification of a multivariate system down to only two options.

Quoting from Barker's The Elements of Logic: "One well known type of tautology has the form 'P v -P'. This is sometimes called the 'law of the excluded middle', because it reflects the fact that any given sentence must be either true or false, there being no third alternative."(Barker, p. 91, 5th ed.)

Regardless, I can't decipher the point you were trying to make. Yes, most posters are aware that not all virii are due to buggy Microsoft code. Aside from the logic error (which isn't that big a deal, as your point doesn't depend on what you call it), you're saying that such an awareness is flawed, because *other* vectors of infection - which you say exist in any Turing-complete system - merely exist?

Ease up on the tech-speak, friend, and you've arrived at one of the fundamental points of computer security: it is a process, never an endpoint. I don't know anything about virii "ramping up the exponential part of the logistics curve", but I do know that the posters who are aware that other problems exist besides Microsoft vulnerabilites are not guilty of any flaw in their reasoning. Whether they cite past infections, myths, or actual virus problems, they are demonstrating an awareness of the nature of virus infections. Perhaps you'd like to clarify your prediction? :)

The profit model for Anti-Virus software requires

[neo]

a steady stream of new threats. There was another model for anti-virus
software. One that didn't have a patch model, but it was ignored because
profit driven companies require "revenue streams".

Rather than having a program that removes a virus from your system after
you've been infected or which requires an "inoculation" to recognize
viruses, the other system looks at program activities.

The actions taken by a virus are painfully obvious when you look at them
from a macro point of view (no pun intended). While not a trivial coding
task, it's possible to monitor for these types of action and freeze a
program that would take them. More over, with an ample supply of ram and
CPU, new programs could be tested in a "Safe Zone" the first time they are
run, ensuring that problem programs would be caught in the act.

Unfortunately this type of protection doesn't require incremental upgrades
from Anti-Virus companies and so we're stuck with something that can make
profits rather than something that works pro-actively. Thus is the basic
flaw of capitalism.

Klez owns

[dlur]

I'm lead tech at a small computer store. The massive onslaught of Klez in the wild makes us techs more money per day than a good, strong lightning storm will in a week with modem replacements. People in the general public that aren't in the "know" on computers are deathly afraid of viruses, and generally have no idea how to protect themselves.

Most of the John Q Publics out there buy a cheap computer from *.mart that has MS Windows pre-loaded on it that has virus protection software that will expire in 3 months, or require the end user to manually update the definitions. Most of them have no idea that their protection will run out, or that they need to update their software in order to keep it up to date and protecting them from the latest greatest virus.

So these folks turn to their cousin's brother who knows a bit about computers, and ends up screwing the computer up worse, or finds that they are unable to remove the virus from the computer. That's when they turn to us, and other techs. And they're generally willing to pay good money to get rid of the virus, have up to date protection that actually works installed, and be shown how to keep it up to date for a very long period of time, not to mention given a quick tutorial on what to open in their email and what to delete immediately.

In a perfect world un-educated folk wouldn't be given the option to purchase un-educated software, but until that time comes they need to rely on people that do know something about computers, and on software that can help protect them from their own lack of knowledge.

Re:Is AV software really necessary?

[BradleyUffner]

"I am sure I can prevent my computer from being infected just by using common sense (don't open unexpected attachments, download only from trustworthy sites, etc). Even if I did get infected, I could just re-ghost my drive and be done with it. Sure I have to make current ghost images, but I do that anyway and storage is cheap these days. On the up side, I don't have to take the performance hit of running AV software, and I don't have to deal with constant updates."

They key is that the virus scan software tells you when you have a virus. What if you somehow get infected with a virus that gives no outright signs of infection? You could be making your backups for months without relizing that you data was compimized. The virus could have gotten in though some buffer overflow attack, or something that was no fault of your own. Without the anti-voris software you have no idea how far back you need to go for a good backup, or if any of your backups are even good.

Half hour class?

[jayhawk88]

BS. Lusers are called lusers for a reason. I'm not talking about every Windows user here, but all it takes is one to be a problem.

With some people, You can tell them to their face "Do not open emails from people you do not know", print it out in 124 point font banners hung over their cubicles, show them pict-o-grams of evil viruses destroying their data, bring Special Guest Star Burt Lancaster to reinforce the point, and drop by daily with the message written in icing on delicious chocolate cake. The minute you turn your back, they're off checking out the cool new Shakira screen saver someone sent them. The point is, it's still a problem, and it's not a problem you can completely solve with "30 minute training courses".

And please don't lay this all on Windows and Outlook either. Yes, there are some questionable design decisions in these programs. But if the whole world was running Linux or something similar, people would be causing problems running everything as root, or whatever other stupid things you can do to get yourself in trouble.

Do McAfee and Symantec sometimes go overboard with their warnings to sell more copies of their software? Of course they do. What company doesn't? Or did you think it was absolutely, positively necessary to see your doctor about Prilosec?

Buffer overflows

[DrXym]

An exploit could well exist - it requires a prevalent implementation of the jpeg standard to be vulnerable to some kind of buffer overflow. It happened with WinAMP and the MP3 format recently so it could also happen with any other kind of file format.

The next question is does such an exploit exist and does it affect enough users that it could gain critical mass? The answer is probably no. Every piece of image software, emailer, browser uses it's own implementation jpeg. This is true even on Windows where there was no way to read a jpeg file via Win32 until recently. Even apps that just use libjpeg will use different versions, might be customized and compiled with different flags. So the landscape is too hetrogeneous to favour a virus.

If I had to lay money down, I would say this is McAfee playing up a threat (just like Ashcroft and dirty bombs) for their own interests.

Re:Darn... and I just updated my anti-virus softwa

[tony+clifton]

Open-source anti-virus would be very cool, but it's really labor intensive and the signature databases are the vendor's crown jewels.. as it were.

The Virus Bulletin's VB100 test rates AVG fairly low. Do other tests rate it higher?

Re:Linux. My anti-virus.

[AVee]

True, it helps, but dropping Outlook (Express) for any other mail program of your choice will have largely the same effect.

Re:Conspiracy?

[corian]

Ever hear of calligraphy? Its a process of hiding data into pictures, and lots of it.

Calligraphy? I thought it involved writing fancy-shmancy letters with a special pen or brush.

Do you mean, perhaps, "steganography"?

Aww crap

[lokki]

I give it 45 minutes before the storm of emails from family, friends, etc., arrives warning about this one.

All caps, of course.

::sigh::

Want to tell McAfee and Norton NO MORE?

[Jucius+Maximus]

Then don't buy their products. Vote with your dollars by spending them elsewhere.

Go out and get FRISK Software'sF-Prot antivirus instead. It is competently written with timely updates. I have relied on it since before I ever heard of the internet. There are DOS, Windows (network or standalone) and ($free) Linux versions. They do not generate hype or nasty bloated programs. They do generate a good antivirus product.

I do not work for this company. I am just a satisfied customer. You can get free trials on their site. Prices: US$25/yr for single private license, US$2/machine for corporate or educational ($40min) and there are extra educational discounts.

Re:Everything was going just fine..

[DNS-and-BIND]

Well, let's be fair. Once upon a time, there was no such thing as an email virus, and a great way to have some fun was to email someone with a message saying, "If you're reading this, you've been infected with a virus!" or some such. Then, Microsoft discovered the internet and wrote an email client, and now the old-fashioned method of spreading viruses by infecting a file and uploading it for public consumption is completely defunct. All viruses that make the news are spread by email attachments.

Re:Darn... and I just updated my anti-virus softwa

[fatwreckfan]

I used AVG for quite a while, but I very VERY rarely get viruses. I thought AVG was great. Then my brother got Nimda, so I recommended he download it and clean his machine. And it didn't work. New infected files kept being detected by AVG until eventually he went and bought Norton which fixed the problem right away. Freeware may be good, but not great.

Actually, JPEGs have been dangerous in the past...

[Tom7]

Netscape 4 on linux had an exploitable hole in their JPEG decoder. That is, a specially crafted JPEG could be used to execute arbitrary code on the target's machine. Could that code then "infect" other JPEGs? Sure. Would it actually spread? No, but if there were a similar bug in the default windows JPEG viewer, it wouldn't be surprising at all to see a similar worm spread.

http://www.openwall.com/advisories/OW-002-netsca pe -jpeg.txt

(I recall that this bug was successfully exploited; that advisory seems more tentative..)

Re:Darn... and I just updated my anti-virus softwa

[Zathrus]

Appreciate the reference... I have a new copy of McAfee AV 6.0 at home, but, well, it sucks. It locked up both my computer and my wife's computer repeatedly. She finally removed it. I finally blew away Windows and installed Linux.

What's particularly interesting, however, is for anyone who remembers the origin of McAfee -- they started out as a shareware/freeware shop. Corporations "had" to pay, individuals were "encouraged" to pay, and educational (and possibly non-profit) were totally free to use it at no cost.

They've long since abandoned that license and even abandoned free updates. You have to pay for support every 12 months, which I dislike. Particularly since at irregular intervals they change their core engine and render all older versions of the software incompatible with new updates.

Re:Simple Virus Protection Schemes

[jedidiah]

Your assertion is effectively nullfied by the fact that much smaller niche operating systems have had their share of viruses. If a system is fundementally insecure, SOMEONE will start writting virii for it.

It doesn't really matter how widespread the platform is.

Re:Simple Virus Protection Schemes

[KC7GR]

>>3) Throw your computer out the window!

Alternatively, let a moving truck do it for you. ;-)

A while back, I read this story (don't remember where -- I think it may have been 'Computer Stupidities' on rinkworks.com or some such place) about a fellow who wanted to network his PC with that of a friend who lived in an apartment directly across the street from his window.

They ran a regular 10Base-T crossover cable from one computer, out the window and across the street, straight into the friend's window and then into their computer. I guess they thought they were high enough up, floor-wise, that vehicle traffic in the street below would not be a problem.

They were soon proved very wrong. The setup worked just fine until, one day, this guy's computer literally flew straight out the window in mid-type (his friend's computer was saved when the network cable snapped). It seems that a good-sized truck, with a nice tall exhaust stack, had passed by and snagged the network cable as neatly as any fighter jet's arresting hook would snag the braking cable on an aircraft carrier.

Is that taking 'mobile computing' just a bit far, or what? ;-)

Argh-"Don't open email from people you don't know"

[chrisvr]

Sorry, but I'm tired of hearing this piece of crap "solution".

Anyone who works in an ourward-facing business capacity (read: not most IT people, but most everyone else at the company) generally receives email from people they don't know, and they don't have the luxury of simply trashing it. If you work in customer service, marketing, accounting, sales, you have to check out these emails and see if they are for real. Fine, not the ones that are obviously spam, but the spammers are getting smarter and disguising their spam as legitimate email. Just because the address is unfamiliar doesn't mean that it can be trashed.

Any IT person who thinks they can issue the "Don't open emails from people you don't know" edict and then just crawl back into their cubicle with a smug little CYA attitude is living in a fantasy world. Stop making such an unrealistic demand of your "lusers" (who, BTW generate the business needed to pay your paycheck, process the invoices needed to get you your latest gadgets and do all those things you hate so that you can stay happily employed.)

Instead; treat with them with either a) respect or b) a grade school mentality. In either case, please assume that they are really not sitting at their cubicles trying to think up the best way to make your life hell. Assume that they just want to do their job, and the computer is one of the tools they need to do it. Just as most of them don't know how to program their speed dial or change the copier's toner, they don't know or care about the inner workings of the computer. That's YOUR job. Make it fool proof if needed. Explain as necessary. Give them a reason to trust that you are not simply trying to make THEIR job more difficult. That distrust works both ways; if a "luser" thinks you are just making unrealistic demands that make them unble to do their job, they're going to ignore you and do what they need to do to get their job done, and you're left with cleanup duty when something goes wrong.

And above all, work with them. Understand what their needs are (do they receive unsolicited business mail? does it have attachments that they have to read? so what are they supposed to do?) and then help them understand the consequences that viruses can have and minimize their risk of catching and spreading one. Yeah, sure, that means actually pulling yourself away from Slashdot and Doom tournaments for a while, but that's the way it goes when the company pays you money to do your job.

Is Windows a virus?

[Lord_Slepnir]

".... you have to have already been infected by ANOTHER virus..."

"They only affect Microsoft Windows. If you aren't running Windows, you are safe. "

This speaks for itself....

*bollocks*

[Cally]

Disclaimer: I work for McAfee, on our VirusScan anti-virus product. I've read various internal discussions about this thing, and the threat it poses. I've met, and spoken with, Vinny (Gullotto), the AV expert quoted in the /. story.

This is NOT a hoax, or FUD. There IS FUD in the A/V industry, but this isn't it. The press release does a bad job of explaining why the JPEG virus is a big deal. However it DOES say (clearly) that this virus is not a danger in itself - it's a proof of concept. Without going into more detail than would be prudent, *please* believe me when I say that there are significant reasons (a) why this PoC virus is significant, and (b) why virus writers will be exploiting concepts from this virus to make Very Bad Malware. Hey , why should it bother me, I run Linux! Well *i* run Linux too, in fact I develop my code on Linux; it will affect us when the world's NSP backbones are choked with worm scans, ARP requests and buffer-overflowing HTTP requests. This IS going to happen. And, whatever Sophos would like you to believe, this is NOT a case of NAI/McAfee whipping up a hype over nothing. I can't say anything more, but I'm going to take the chance of losing my job by not posting anonymously in order to emphasise how much I mean this.

It's sooooooo frustrating knowing things about this and not being able to talk about it...