Slashdot Mirror

← Back to Stories (view on slashdot.org)

Windows Vista Tool Targeted By Virus Writers

Posted by CowboyNeal on from the infectious-diseases dept.

An anonymous reader writes "Five proof-of-concept viruses that target Monad, the next version of Vista's command prompt, have been published on the web. Monad is a command line interface and scripting language that is similar to Unix shells such as bash, but is based on object-oriented programming and the .Net framework. The viruses' only action is to infect other shell scripts on the host's operating system. They would cause little harm in the wild, but would be relatively easy to modify using the information from the article, said Mikko Hyppönen, the director of antivirus research at F-Secure."

5 of 293 comments (clear)

  1. Re:Comments from a Monad developer by stratjakt · · Score: 5, Insightful

    They've stated that they dont care if legacy apps break, and they proved it (somewhat) with XP SP2, and an anti-spyware tool which kicks the crap out of a lot of old code.

    I'm sure I'm not the only developer out there who's had to rewrite some stuff to keep XP happy. And, despite the extra work, I see it as a good thing.

    --
    I don't need no instructions to know how to rock!!!!
  2. How is this different from *NIX shell scripts? by MagikSlinger · · Score: 5, Insightful

    How is this different than writing a ksh or bash script virus? Ksh and bash script viruses can be just as bad. Heck, remember the Morris worm?

    I like bashing M$ just as much as the next ./er, but this might not be their bad just yet.

    --
    The bitter lessons of a veteran coder: http://bitterprogrammer.blogspot.com
  3. So what? by IchBinEinPenguin · · Score: 4, Insightful

    All this proves is that Monad can find and modify text files (and that there are idiots out there who will misuse tools).
    About the only way around this is code-signing to prevent modification (yeah, like I'm gonna sign every single perl script I ever wrote.....)

    It's not like you can't do this in bash, awk, sed, perl, python, REXX etc. etc.

  4. Re:Not a vulnerability by dedazo · · Score: 4, Insightful
    Slashdot has a history of reporting user-executed attachments as "vulnerabilities", to the never ending delight of the peanut gallery, who consider that it's Microsoft's fault if I run something I shouldn't have on my computer, but if I do the same thing on any other OS, it's my fault.

    Plus, Hakko Mipponen (or whatever his name is) has to make a living scaring the bejezus out of everyone - what better way to get started than with something that's not even really out of alpha?

    --
    Web2.0: I love when people Flickr my cuil and digg my boingboing until my google is reddit and I start to yahoo
  5. Re:What? Say it isn't so! by patio11 · · Score: 5, Insightful

    This just in! Running arbitrary code from an untrusted source not a security best-practice!

    --
    Help poke pirates in the eyepatch, arr.