Slashdot Mirror
Windows Vista Tool Targeted By Virus Writers
An anonymous reader writes "Five proof-of-concept viruses that target Monad, the next version of Vista's command prompt, have been published on the web. Monad is a command line interface and scripting language that is similar to Unix shells such as bash, but is based on object-oriented programming and the .Net framework. The viruses' only action is to infect other shell scripts on the host's operating system. They would cause little harm in the wild, but would be relatively easy to modify using the information from the article, said Mikko Hyppönen, the director of antivirus research at F-Secure."
They've stated that they dont care if legacy apps break, and they proved it (somewhat) with XP SP2, and an anti-spyware tool which kicks the crap out of a lot of old code.
I'm sure I'm not the only developer out there who's had to rewrite some stuff to keep XP happy. And, despite the extra work, I see it as a good thing.
I don't need no instructions to know how to rock!!!!
How is this different than writing a ksh or bash script virus? Ksh and bash script viruses can be just as bad. Heck, remember the Morris worm?
./er, but this might not be their bad just yet.
I like bashing M$ just as much as the next
The bitter lessons of a veteran coder: http://bitterprogrammer.blogspot.com
All this proves is that Monad can find and modify text files (and that there are idiots out there who will misuse tools).
About the only way around this is code-signing to prevent modification (yeah, like I'm gonna sign every single perl script I ever wrote.....)
It's not like you can't do this in bash, awk, sed, perl, python, REXX etc. etc.
Plus, Hakko Mipponen (or whatever his name is) has to make a living scaring the bejezus out of everyone - what better way to get started than with something that's not even really out of alpha?
Web2.0: I love when people Flickr my cuil and digg my boingboing until my google is reddit and I start to yahoo
This just in! Running arbitrary code from an untrusted source not a security best-practice!
Help poke pirates in the eyepatch, arr.
The guidance on shell script viruses is the same as the guidance on all viruses and malware: protect yourself against the point of entry, and limit the amount of damage that the malicious code can do.
For those of you who still don't get it: stop logging in as an administrator you idiots.
The more sophisticated you make a system, the more failure modes you introduce -- and the harder it gets to test the edge cases, because there end up being too many edges. You want Obejct Oriented? I'll give you an Object Oriented example. Let's have a "length" type with properties which correspond to its conversion into different measuring units.It may well be pretty, but outside of any programme dealing with units conversion it's fairly unnecessary. And it contains many programming hazards which would thwart the careless implementor. {BTW, that was a fictitious example; but I'm willing to bet there is at least one programming language out there that actually implements something like it.}
All a command shell really has to do is be able to launch programmes, police the I/O traffic and keep hold of some state information. If it can do all that right, any other functionality you need can be provided by external programmes. That way, everything is kept as simple as it needs to be; you haven't got code cluttering up things that don't need it. If you do build functionality into the shell, there should be a bloody good reason -- usually that reason is that some external programme is getting launched more than its fair share. And in that case you already have the code you need to incorporate and it's been thoroughly tested.
Je fume. Tu fumes. Nous fûmes!