Slashdot Mirror
The Virus Squad
dncsky1530 writes "Sydney Morning Herald - The Virus Squad - 'A new species has been discovered. So new, it's still unnamed, but researchers are racing to tag it - before it spreads around the world. For the next 10 to 30 minutes, the computer virus or worm is dissected, analysed and identified... "On the day we detected MyDoom, we did another 18 viruses," says Paul Ducklin, Sophos's head of technology for the Asia-Pacific. "There are about 800 new viruses a month. And the unglamorous bit of our work is often the other 798."'"
Actually, common industry usage says that worm is a subset of virus. If you want to use your own terminology, fine, just don't inflict it on others :-)
+Pete
Score:-1, Funny
Some security companies do give back to the community. GRISOFT offers a free version of AVG Anti-Virus 6.0 for single home users. Zone Labs offers a free version of the Zone Alarm firewall.
Do you know of any other companies that offer free anti-viral or firewall software?
"If you unblocked port 135 [an access point Blaster targeted] you would be found by Blaster," Lee says, adding that it would just be a matter of time.
This happened when I installed a (legal) copy of Windows 2000 on my GFs old machine. Boom! Infected with Blaster on the first five minutes on the net, trying to D/L a firewall. Not to speak of the servicepacks... It happened so fast, I thought there was something wrong with the modem drivers, I downloaded via an iBook. I spent a lot of time getting that machine up. But as the family of the GF saw what happened, three persons became Apple converts that evening.
My GF now has an iBook and is more productive on a computer than ever.
There is AntiVir which provides its software free for personal users, however it's in German only. I've used it on my Win2k system for a few years now. As far as I know it doesn't integrate with any e-mail-clients, but it recognized viruses in attachments as soon as I saved them to disk.
Well, just found out they do have an English version...
It's got auto-updates, Outlook add-on module, etc. All good. They want some info in lieu of registration, but it's non-spammy/invasive
You can download it from here if you're so inclined.
Disclaimer: I have nothing to do with Avast, beyond being a quite satisfied user of their software.
How do you know? Without anti-virus software, unless a virus is doing something really obvious, such as rebooting your machine, you're not going to. I always find it amusing when I here people say they've been using Norton/McAfee/Whatever for 5 years and never had a virus. That's not their anti virus software, that's just luck. All they can be sure of is they've never had a virus their package can detect. Anti virus software doesn't make you immune from catching them, it just stops them spreading and (hopefully) makes cleaning up easier.
You can make install CD which includes those latest SP. http://www.betaplace.co.uk/ssp1.asp ;)
(Haven't tried it myself,just read it on news
Windows Security Update CD Obviously it will get out-of-date, but it's a good start...
Interestingly in the UK, I understand that Microsoft have effectively banned computer magazines from carrying copies of the latest patches etc on their cover CDs, preferring users to download from Microsoft directly, which is obviously a major inconvenience for those without broadband.
You CAN do this, it's called Slipstreaming..
- a-sign-saying-"Beware-of-the-Leopard"-in-it switch to pass to the IE updater application, that it will also allow you to Slipstream in IE updates.
I know for sure you can Slipstream Service Packs and hotfixes, but I'm also pretty sure if you find the correct almost-undocumented-hidden-behind-a-door-that-has
DJ kRYPT's Free MP3s!
I am yet to be convinced that there is any integrity or sense of morality in the anti-virus industry. The big boys such as Symantec and McAFraud have lost the plot, they are led by marketing men, and their products are distinctly third-rate. Their support departments also lie. As for Panda, well if you want to completely trash your PC, with unremovable entries in the registry, and everything slowed to a complete crawl, well go right ahead and try.
The fundamental problem with Panda, and others, is due to the very basic design error in Windoze. Instead of relying on the file system to protect .exe and .dll files from corruption, by making them all write-protected, Windoze, a fine piece of incompetently designed trash, only works if writing to critical files is allowed (self-modifying code, maybe?), so Panda hooks each .exe in the registry so it grabs it first and scans it, before it is run, every time. The performance loss is enormous and unacceptable. The Incompetent Convicted Monopolist's System File Checker again is checking critical files in the background to see, too late, if they have been changed. A decent OS, not designed by an over-hyped imbecile, write-protects all system files, in the file system, and does not have this problem.
I have not observed this behaviour with either Symantec of McAfraud, but have found that they simply do not work in certain conditions.
"I was thinking about how to design the "perfect" virus."
.exe and .tar.gz files, uploads itself in their place. Virus knows that people will download the .tar.gz, configure, make, and install it, then run it without even looking at the source code.
(1) Virus intially comes in as an attachment. This is a decoy, we're not going for computers owned by retards this time.
(2) Virus tests for one of the recent linux vulnerabilities. If it gets in, this indicates that we've got someone with a default unpatched install of Mandrake or whatever, who probably imagines they're immune. Plenty of time to proceed.
(3) Virus has a look through the setup files of common FTP programs to obtain website passwords, connects to website, searches for
(4) Virus uploads a set of personal data to a hidden file on that website.
(5) Virus goes through the ~/Mail folder, looking for username/password combinations mailed to the person by clueless companies such as maplin.co.uk, who email peoples' passwords in cleartext. Stores a list of all the data it's collected so far.
(6) Virus sets up a backdoor, using port-knocking so that none of the "respond to virus with portscan" tools can find it.
FreeAV (AntiVir) is another one. Wasn't Avast! one of Microsoft's takeovers? Free for home users makes sense if it's going to be included in a Service Pack later. I don't suppose they still have a Linux version? I think a lot of companies will have to move more into the Linux/xBSD server arena with their products...
Forget thrust, drag, lift and weight. Airplanes fly because of money.
F-Prot antivirus is available for free for home users, and runs on Linux, Windows, BSD, DOS and Solaris. For the Unix-based systems, there is a nice GUI front end called xfprot.
Smoothwall is a "best-of-breed Internet firewall/router, designed to run on commodity hardware, and to give an easy-to-use administration interface to those using it. Built using open source and Free software, it's distributed under the GNU Public License".
Follow me
If the average person in front of a computer had an office suite with VB scripting turned off by default (typing up your homework in Word doesn't require it anyway), and the OS only executed files that were saved to disk and needed the execute permission turned on explicitly (I think Windows using NTFS has this option, but it's always on by default), then the "mouse clicking fools" wouldn't be doing so much harm. This is something that only the OS vendor can fix.
Follow me
A completely passive method (will not piss off local admins) is to run port monitoring software on your PC and watch port 3127; Any machine trying to connect to port 3127 is likely to be a Mydoom infected machine. Telnetting to port 3127 on one of these machines will get a login prompt, which indicates an infected zombie monitoring that port for commands. I ran portsentry on a Linux box (had to edit the config file to watch 3127) and within a couple of hours found three infected machines on our local network.
You do know that having 2 firewalls offers nothing more than having one, don't you?
Who modded this up as *insightful*? Translate this to biology: "parasites are exactly the same thing as biological viruses except at a bigger scale -- instead of merely infecting cells in one body, it (sic) infects bodies in a group (or city/colonly/ecosystem, etc)".
Worms and viruses are both forms of malware, but they are not the same! They may have similar qualities, but they are not "exactly the same". Here's the critical difference -- a virus is not executable by itself. It is just some executable code that knows how to spread itself by infecting other executables (or in some cases, documents that contain executable code, like Word macro viruses). This is analogous to the biological world, where biological viruses are not full (as in independent) life forms (as I understand at least), but just a small amount of DNA in a container cell that knows how to infect a cell and replicate itself. A worm, like a parasite, is a distinct executable (organism) that just happens to need a host in order to run and spread. They are both bad, but they are distictly different.
And the original poster is right -- there hasn't been a large scale outbreak of a real virus in quite some time (probably a combination of malware authors getting lazy, virus scanners getting better, and viruses being more difficult to transmit over the Internet).
"Save the whales, feed the hungry, free the mallocs" -- author unknown
Interesting point about viruses being a type of parasite. I'm not a biologist myself (any more than high school Biology), but I can see why you would say that. I was referring to larger, multi-celled parasites in my example.
However, you didn't take issue with my assertion that a biological virus is barely alive, and it essentially a bunch of specific DNA in a container. This is much like a computer virus and the biggest distinction between a virus and a worm (though at some point, this analogy becomes stretched). A worm is a piece of malware that is a complete program that is run by the startup scripts (or registry keys) of a system and gernally spreads from one machine to another across a network. A virus is a piece of malware that "infects" other programs and gets *them* to run the virus code whenever the program is run. A computer virus cannot run by itself and generally spreads from program to program (possibly over a network). Of course, a specific piece of malware could exhibit qualities of both (such as a worm that expoits a hole in a server is somewhat like a virus), so the lines can become blurry.
Email "worms" come in two variants -- worms and trojans. Email worms exploit a flaw in the mail handler or mail reader to propogate without user interaction (your brain-dead mail client example). They could be considered true viruses if the exploit was run entirely inside the process space of the exploited program (and didn't download the actual worm code and run that). The second type (MyDoom fits into this category) is a trojan. Much like the Trojan Horse, a trojan program is a program that looks like it should be one thing, but is in fact another. The user is the exploit in this case, and should possibly be beaten with a LART. Trojans are by far the easiest to write, and there is no real defense at the system level against them, since the system must assume that when the user says to run this program, they really want to run this program (though poor interfaces may make it easier to run a trojan).
To get to your question, worms and especially trojans are more independent in computer terms because they execute as separate processes. You say that yourself when you state that the computer virus is only active when you run the infected program. A worm or trojan is active from when it is started. It may use an exploit to get to that point, but that is the crucial difference. This also means that the original program isn't "infected", and thus won't run the malware code if you run the program later (i.e., Outlook won't run MyDoom every time you start Outlook).
HTH!
"Save the whales, feed the hungry, free the mallocs" -- author unknown