Windows Vista Tool Targeted By Virus Writers

An anonymous reader writes "Five proof-of-concept viruses that target Monad, the next version of Vista's command prompt, have been published on the web. Monad is a command line interface and scripting language that is similar to Unix shells such as bash, but is based on object-oriented programming and the .Net framework. The viruses' only action is to infect other shell scripts on the host's operating system. They would cause little harm in the wild, but would be relatively easy to modify using the information from the article, said Mikko Hyppönen, the director of antivirus research at F-Secure."

Re:Comments from a Monad developer

[stratjakt]

They've stated that they dont care if legacy apps break, and they proved it (somewhat) with XP SP2, and an anti-spyware tool which kicks the crap out of a lot of old code.

I'm sure I'm not the only developer out there who's had to rewrite some stuff to keep XP happy. And, despite the extra work, I see it as a good thing.

Re:What's the motivation

[Spacejock]

Maybe it's because they pound their chests and declare they're the most secure, cheapest, bestest, fastest, etc, etc, even when there's overwhelming evidence to the contrary. When someone gets big-headed it's only natural to poke fun at them, or in a more sinister way, to want to exploit holes & make a big noise about it. It's like throwing cream pies at famous people, to embarass them in public. (Disclaimer: I'm a programmer, not a cracker or virus writer. I've never chucked a cream pie at a Personage before, either.)

On the other hand, if their next marketing campaign had a slogan like 'This OS is almost as polished as OS/X' or 'Vista is almost as secure as Linux' I can see how it might impact sales. However, perhaps if they stopped making outlandish claims in marketing, cracking would be left to the crimanals trying to steal your ID, rather than script kiddies hurling virtual cream pies.

Truth vs marketing. I wonder which will come out on top?

How is this different from *NIX shell scripts?

[MagikSlinger]

How is this different than writing a ksh or bash script virus? Ksh and bash script viruses can be just as bad. Heck, remember the Morris worm?

I like bashing M$ just as much as the next ./er, but this might not be their bad just yet.

So what?

[IchBinEinPenguin]

All this proves is that Monad can find and modify text files (and that there are idiots out there who will misuse tools).
About the only way around this is code-signing to prevent modification (yeah, like I'm gonna sign every single perl script I ever wrote.....)

It's not like you can't do this in bash, awk, sed, perl, python, REXX etc. etc.

Re:Not a vulnerability

[dedazo]

Slashdot has a history of reporting user-executed attachments as "vulnerabilities", to the never ending delight of the peanut gallery, who consider that it's Microsoft's fault if I run something I shouldn't have on my computer, but if I do the same thing on any other OS, it's my fault.

Plus, Hakko Mipponen (or whatever his name is) has to make a living scaring the bejezus out of everyone - what better way to get started than with something that's not even really out of alpha?

Re:What? Say it isn't so!

[patio11]

This just in! Running arbitrary code from an untrusted source not a security best-practice!

Re:Not a vulnerability

[dedazo]

Mikko Hypponen

Am I suppose to believe you're him?

But very few of the most widespread viruses in the world rely on vulnerabilities.

Right, and assuming you are Hypponen, how does this affect you (or not)? I was making a comment about Slashdot, not you.

OTOH, assuming you are who you say you are, let me just say that I'm hardly the first person in the world to point out that companies like F-Secure tend to be on the unfortunate side of hysteria when it comes to reporting vulnerabilities. So don't be offended by that, we understand how the business works. It's OK.

Cheers.

Re:Not very sporting.

Please, learn a fair bit about grammar and sentence structure
I would suggest the same for you prior to doing your own flamefest. In fact, it was easy reading the GP posting, but yours had some issues.

And for a final thought, did it occur to you that many of those who visit this site have English as a second, third, or even fourth language? For all that you know, the GP speaks some other language primarily.

Re:Comments from a Monad developer

[Oscar_Wilde]

The guidance on shell script viruses is the same as the guidance on all viruses and malware: protect yourself against the point of entry, and limit the amount of damage that the malicious code can do.
 
For those of you who still don't get it: stop logging in as an administrator you idiots.

Re:PC World has the most sensationalized version..

[Chokolad]

Thing is, msh is not registered as handler for *.msh files, so in order to run the script you will have to execute 'msh.exe script.msh' from the command-line, it will not work by clicking an icon in Outlook Express for example.

Re:Comments from a Monad developer

[timmarhy]

becuase people are retards and would click "no don't allow access" then proceed to whinge to tech support that their internet is broken, nothing works, blah blah...

Re:Short on Details

[invisigoth]

Just what exactly is in the Longhorn/Vista release, besides a few new pieces of eyecandy (Avalon) and yet another remoting mechanism (Indigo)?

Seriously.

And this is coming from a huge MS fanboy / developer.

Here's the list of dropped features:

• WinFS - The next generation / object-oriented file system.
• MBF - Microsoft Business Framework. A set of .Net class libraries designed to run on top of WinFS

Read more here.

Too many Moving Parts

[ajs318]

Why the hell does a command line interface need to incorporate Object Oriented features? This sounds to me like adding features for features' sake.

The more sophisticated you make a system, the more failure modes you introduce -- and the harder it gets to test the edge cases, because there end up being too many edges. You want Obejct Oriented? I'll give you an Object Oriented example. Let's have a "length" type with properties which correspond to its conversion into different measuring units.

var height IsOfType length
reset height
let height = 1.75
print height.feet # prints 5
print height.feet.inches # prints 8.8975
print height.inches # prints 68.8975
reset height
let height.inches = 72
print height.feet # prints 6
print height # prints 1.8288
forget height

It may well be pretty, but outside of any programme dealing with units conversion it's fairly unnecessary. And it contains many programming hazards which would thwart the careless implementor. {BTW, that was a fictitious example; but I'm willing to bet there is at least one programming language out there that actually implements something like it.}

All a command shell really has to do is be able to launch programmes, police the I/O traffic and keep hold of some state information. If it can do all that right, any other functionality you need can be provided by external programmes. That way, everything is kept as simple as it needs to be; you haven't got code cluttering up things that don't need it. If you do build functionality into the shell, there should be a bloody good reason -- usually that reason is that some external programme is getting launched more than its fair share. And in that case you already have the code you need to incorporate and it's been thoroughly tested.

Re:Too many Moving Parts

[MichaelJ]

MS, like virtually all Unix variants, is using a scripting language engine as its CLI. This is no different than Bash, Sh, Tcsh, etc. all of which support functions, etc.

Can you imagine a command-line interface that didn't support aliases, functions, the ability to do more than just launch programs? Even command.com wasn't that limited. My daily experience at work (Linux) would suck if I hadn't been able to customize the shell as I have.

And as for testing - it's not that hard. Since the same language is used in scripts as is interactively, you have a test framework right there.

The first thing I thought when they said MS added OO was that this was like using the Python interactive REPL. It all strikes me as much like Eshell-mode in Emacs.

You are right that as with any technology, the more the power and functionality, the more abusable it is. But a CLI that can only launch programs? Perhaps one could argue that that the model to follow is OS/2, whose CMD language was not nearly as rich as the ReXX scripting language (precompiled into filesystem extended attributes ... sigh), as opposed to the VMS model of the DCL language and CLI. But if you're going to live at a command line, there are things you have to be able to do to the environs of that shell that subprograms or scripts just cannot do for you.

Re:Short on Details

[Owndapan]

WinFS was in the early builds of Longhorn as well, and that's been dropped too. You'd have to ask MS as to their motivation.