Windows Vista Tool Targeted By Virus Writers

An anonymous reader writes "Five proof-of-concept viruses that target Monad, the next version of Vista's command prompt, have been published on the web. Monad is a command line interface and scripting language that is similar to Unix shells such as bash, but is based on object-oriented programming and the .Net framework. The viruses' only action is to infect other shell scripts on the host's operating system. They would cause little harm in the wild, but would be relatively easy to modify using the information from the article, said Mikko Hyppönen, the director of antivirus research at F-Secure."

Short on Details

There are always virus writers who want to be the first to write a virus for a new platform.

I don't see what a big deal being the first person to write a virus for Vista is. Oh, first post!

But seriously, this article is very light on the details. I assume that these virus writers found a way to gain administrative rights using Monad, but the article makes it sound like these are just malicious scripts. It might as well be a advanced batch script that can spread it self then del /s /q.

Re:Short on Details

[Zxsw85]

First Virus (tm) is a pride thing. Think about how many viruses are written (slightly modded) by kids just to see how many machines they infect. In the end, this just gives Microsoft a small heads up for whats to come in the future, which just may be a good thing.

Re:Short on Details

[Leeji]

You got it right when you said "it might as well be a batch script." These are just Monad scripts running on the system, just like batch files, perl scripts, Cygwin bash scripts, Ruby scripts, etc.

There is nothing intrinsic in Monad that enables these attacks, aside from it being a new language. In fact, Monad implements several features that help mitigate the dangers of traditional script viruses, as I outline here.

Re:Short on Details

[Owndapan]

I believe Monad/MSH is no longer even a part of the Longhorn release, so it is a bit unfair have everyone jump on it as a Windows Vista exploit. From Wikipedia:

MSH was originally slated to be shipped with Windows Vista, but has since assumed its own release schedule. Microsoft sources have confirmed MSH's first public release will most likely precede the release of Vista and be part of the next edition of Microsoft Exchange, due in the second half of 2006.

Re:Short on Details

[Coryoth]

You got it right when you said "it might as well be a batch script." These are just Monad scripts running on the system, just like batch files, perl scripts, Cygwin bash scripts, Ruby scripts, etc.

Yes but you must remember that F-Secure are a bunch of alarmist gits who will jump at any opportunity to seed panic with regard to threats of viruses, hackers, "cyberterrorists" (if such a thing even exists), and whatever else they can dream up. Read through a decent sampling of their past press releases and you'll get the idea.

Certainly there are potential issues, but I don't think there's really anything to panic about yet.

Jedidiah.

Re:Short on Details

[AdamBa]

You would think from the way it was presented that "these virus writers found a way to gain administrative rights using Monad" but you'd be wrong. All they are, are some shell scripts. You still need to get the user to run them, they run with the same privilege the user has, etc.

Read Lee's post or my post for more opinion.

- adam

Re:Short on Details

[mcrbids]

Yes but you must remember that F-Secure are a bunch of alarmist gits who will jump at any opportunity to seed panic with regard to threats... <SNIP>

What's funny is that f-secure makes f-prot, one of the better cheap-to-free antivirus software packages that works on both Windows and Linux.

What I love about the Windows version is that you can run it on some old P3-450 and still end up with a working machine. Try the same with Symantec and you end up with a paperweight.

Also, F-Prot works on Linux, and I scan some 250,000 emails per day on production mail servers using f-prot, with excellent results.

Sorry their marketing dept. sucks, but it's a good product!

Re:Short on Details

[Negatif]

Nope, FRISK Software makes F-Prot. Not sure if you're trolling or just being misinformed.

Re:Short on Details

[invisigoth]

Just what exactly is in the Longhorn/Vista release, besides a few new pieces of eyecandy (Avalon) and yet another remoting mechanism (Indigo)?

Seriously.

And this is coming from a huge MS fanboy / developer.

Here's the list of dropped features:

• WinFS - The next generation / object-oriented file system.
• MBF - Microsoft Business Framework. A set of .Net class libraries designed to run on top of WinFS

Read more here.

Re:Short on Details

[jacksonj04]

I agree. Originally when Longhorn and winFS was announced I went "Great, a tag-based file system". Then "Oh, the eye-candy alone is going to need 512MB of RAM. That's gonna be disabled by default". By now it's "Meh, I'll wait until VistaSP1 in the hopes that the bugs are fixed and there are actually some new features."

Re:Short on Details

[jacksonj04]

The key thing for two of the modes seems to be the knowledge of where a file came from. So tell me, is this IE only functionality that the file's metadata is tagged as 'downloaded'?

Re:Short on Details

[Cereal+Box]

I don't think that article is saying that Monad is being dropped from Vista, but that it's being released ahead of Vista, and will still be a part of it (where previously it wouldn't be available until Vista shipped).

The most obvious thing wrong with your statement: Monad is part of the Vista beta. If it wasn't shipping with Vista, what's the point of putting it in the beta?

Re:Short on Details

[Sinus0idal]

I didn't see much of a reason to upgrade to WinXP from 2K, and that theory has proven correct since everything I've wanted to run, has. And again, I see no new features here except eyecandy either.. as you say, any good features are now gone.

Re:Short on Details

[biglig2]

Well, it looks like it will have plenty of viruses and security holes...

Re:Short on Details

[IdleTime]

Wow! MS apologistrs are out in force today!

I honestly chuckled when I read the article. Not that I hate MS in any ways, in fact I dual boot and tend to use Windows more than linux due to work. But honestlt, did ANYONE really believe that the next product out of MS would be ANY safer than previous products? I know that is what MS themselves claim they are focusing on, security that is, but with their trackrecord, I'd be surprised if we see less than 250 viruses over the first year or so after they release Vista.

Anyhow, Vista is a product that will never get close to my PC anyway. XP will be the last MS product to find their way to my harddrives. The more I read about Vista, the more convinced I become in regards to how this product is designed to lock you down and let everyone else but you control how YOUR PC work at all time.

Re:Short on Details

[NatasRevol]

Apparently, their marketing department sucks worse than the GP thought!!

Re:Short on Details

[vettemph]

At the very least, keep your exploits quiet until Monad is a release product. thanks.

Re:Short on Details

[Pxtl]

I'm still annoyed by the name Monad. If they're going to release yet another scripting/command prompt system (well, VBScript was getting a little long in the tooth - hell, it was born that way) they could at least not name it something that is already an existing programming concept. "Monads" are already the term for an important concept if pure-functional programming languages.

Re:Short on Details

[Owndapan]

WinFS was in the early builds of Longhorn as well, and that's been dropped too. You'd have to ask MS as to their motivation.

Re:Short on Details

[Hawkxor]

I don't see much of a reason to upgrade from XP to Win2K either..

Re:Short on Details

[Hawkxor]

Sorry, I read that three times and still misplaced the conjunctions. Oh well, I have karma to burn..

Re:Short on Details

[RatPh!nk]

I agree that this is likely no big deal (the first thing that strikes me is how you get the script onto the computer initially) in reality, but as far as in perception this could be bad news for MS.

One of the three pillars of Vista is supposed to be security. To the common end-user this just seems like more of the same insecurity that has come to be synonymous with MS. Also, to those with some knowledge this seems to be another example of something that most people will not knowingly use, turned on (if it is possible to turn off) by default potentially leaving you vulnerable.

I will go with the author of the post and recommend that this is not there (on/active) by default and let those who want it/need it, install it (activate it).

Re:Short on Details

[the_sidewinder]

MSH was originally slated to be shipped with Windows Vista, but has since assumed its own release schedule. Microsoft sources have confirmed MSH's first public release will most likely precede the release of Vista and be part of the next edition of Microsoft Exchange, due in the second half of 2006.

If MSH preceds Vista, it will most likely be in it.
(I also have the Beta 1 of MSH on my WinXP machine)

Re:Short on Details

[Bimo_Dude]

Freudian slip, maybe?

I thougt it quite humorous, and some may even argue that going from XP to Win2K is an upgrade. :)

Re:Short on Details

[Master+of+Transhuman]

Well, I found the article and I WOULD have included it here, but the FUCKING LAME-ASS /. LAMENESS FILTER WON'T LET ME!

The stupid POS /. uses is telling me the CODE lines are too fucking SHORT!

Morons!

WARNING: The below zine will show up on your virus scans with a half dozen viruses and a trojan. Apparently there are numerous virus samples in the zine's files which come RAR'd. You have been warned!

So go here here to download the zine that had the article in it.

Re:Short on Details

[Geek+of+Tech]

"gain administrative rights"... I thought they just gave average users admin rights. I didn't think you had to do anything to gain them.

Re:Short on Details

[Malyven]

I think it is actually an upgrade, could just be that I am biased against MS products (on /. NEVER) and unfortunetly I have to use Windows for work, When I started here they gave me a new laptop with XP, and 3 weeks later I 'upgraded' it to 2k because I was having all sorts of issues, now everything works fine. I would upgrade from XP to 2k anyday,of course then I want to upgrade that to solaris.

Re:Short on Details

[norite]

Heh, me too. It EATS memory and resources, plus there's Product Activation too....No thanks....staying with Windows 2000 as well, I've tried Ex Pee and I *really* don't like it either - most especially that horrid green-blue kiddy crayola scheme that's installed by default....yuk, what a mess!
Yes, I know you can change it, but that's not really the point - I don't want to see it ever. I've lost count of the number of times I've changed the Ex Pee kiddy crayola scheme in internet cafes to the classic view, when I've been away travelling. I suppose though, I might be more inclined to use it if the classic scheme was installed by default...but then again Ex Pee = NT 5.1 and 2000 = NT 5.0 so, not much difference there...but I have noticed 2000 is faster on the same machine over Ex Pee...

The best thing about Windows Ex Pee is removing it from a new computer and upgrading to Windows 2000 :o)

Re:Short on Details

[nazsco]

> There is nothing intrinsic in Monad that enables these attacks, aside from it being a new language

Yep, and HOW microsoft deal with these kind of "atacks"? they pour some hard coded IFs on the code and launch a service pack!

And since this is a new language, it lacks the hardcoded IFs for security.

Morons.

What? Say it isn't so!

[CypherXero]

Microsoft Windows is insecure! More details later, movie at 10.

Re:What? Say it isn't so!

[patio11]

This just in! Running arbitrary code from an untrusted source not a security best-practice!

Re:What? Say it isn't so!

[Ravatar]

Haha, this one deserved the mod points, parent is ignorant.

Re:What? Say it isn't so!

[msim]

this just in, 9/10 home users are "clicky clicky bonzai buddy is cool" idiots.

Oh and didn't you know that 83% of statistics are made up on the spot ;-).

Comments from a Monad developer

[Leeji]

The fact that MSH is used as the execution vehicle is really a side-note, as it does not exploit any vulnerabilities in Monad. The guidance on shell script viruses is the same as the guidance on all viruses and malware: protect yourself against the point of entry, and limit the amount of damage that the malicious code can do.

That's not to belittle the dangers of script viruses, though.

I wrote a blog entry about it here, in relation to Monad.

Re:Comments from a Monad developer

[narkotix]

so in other words, dont run everything with admin/root access by default people!

Re:Comments from a Monad developer

[hungrygrue]

That will be the default as it ships. They can't enforce the idea of limited accounts for regular use because too much legacy software would break. If they were to create a secure operating system, it would break compatibility with legacy apps.

Re:Comments from a Monad developer

[stratjakt]

They've stated that they dont care if legacy apps break, and they proved it (somewhat) with XP SP2, and an anti-spyware tool which kicks the crap out of a lot of old code.

I'm sure I'm not the only developer out there who's had to rewrite some stuff to keep XP happy. And, despite the extra work, I see it as a good thing.

Re:Comments from a Monad developer

that's five solid kicks in the monads of vista

Re:Comments from a Monad developer

[jest3r]

Believe it or not but "Monad" wasn't their first choice. Other names which were seriously considered include: Mesticle, Menis, Magina and Mitoris ...

Re:Comments from a Monad developer

[Osty]

The real question is why the heck they decided to call it "Monad"?!

The short answer: It's a codename. It won't ship with that name. Most likely it'll go with the less interesting "Microsoft Shell" or "msh".

The long answer: Monad and Monads in functional programming (long answer has been diverted to Wikipedia, because I'm lazy).

The non-answer: Get your mind of the gutter, you pervert. Not everything ending in "-nad" refers to genitalia.

Re:Comments from a Monad developer

[starling]

Yabbut if they'd chosen one of those other names the GNU version wouldn't end up being called Gonad.

Sneaky, huh?

Re:Comments from a Monad developer

[dedazo]

The real question is why the heck they decided to call it "Monad"?!

Would you have preferred "Warthy Warthog" or "Sweaty Weasel"?

Re:Comments from a Monad developer

[kfg]

Missing option:

Moobs.

KFG

Re:Comments from a Monad developer

[shmlco]

I don't see why they can't lock it down firewall-style. When XYZ application runs and tries to hit a reserved directory or section of the registry, popup a window saying so and ask if you want to allow it.

You might not even need the popup. My firewall on a couple of machines has a database it can go out to search and see if this application is "known" and should have access.

It might be less secure than a total limited-account-lockdown, but it would be better than nothing. In fact, I think the latest version of ZoneAlarm already has this sort of "inner firewall".

Re:Comments from a Monad developer

[Randseed]

The name at least has some logical meaning. (Though the GNU version is still going to be called Gonad, no doubt. :) I agree that the name sounds kind of stupid.

"The Collaborative International Dictionary of English v.0.48"
Monad Mon"ad, n. L. monas, -adis, a unit, Gr. ?, ?, fr.
      mo`nos alone.
      1. An ultimate atom, or simple, unextended point; something
            ultimate and indivisible.
            1913 Webster

      2. (Philos. of Leibnitz) The elementary and indestructible
            units which were conceived of as endowed with the power to
            produce all the changes they undergo, and thus determine
            all physical and spiritual phenomena.
            1913 Webster

      3. (Zool.) One of the smallest flagellate Infusoria; esp.,
            the species of the genus Monas, and allied genera.
            1913 Webster

      4. (Biol.) A simple, minute organism; a primary cell, germ,
            or plastid.
            1913 Webster

      5. (Chem.) An atom or radical whose valence is one, or which
            can combine with, be replaced by, or exchanged for, one
            atom of hydrogen.
            1913 Webster

      Monad deme (Biol.), in tectology, a unit of the first order
            of individuality.
            1913 Webster

Re:Comments from a Monad developer

[brianimator]

holy shit that's funny....

Re:Comments from a Monad developer

[Hadlock]

They'll end up naming the GNU port "mash"

Re:Comments from a Monad developer

[Oscar_Wilde]

The guidance on shell script viruses is the same as the guidance on all viruses and malware: protect yourself against the point of entry, and limit the amount of damage that the malicious code can do.
 
For those of you who still don't get it: stop logging in as an administrator you idiots.

Re:Comments from a Monad developer

[NubKnacker]

Not everything ending in "-nad" refers to genitalia.

Stop ruining my fun time!

Re:Comments from a Monad developer

[NickFortune]

Yabbut if they'd chosen one of those other names the GNU version wouldn't end up being called Gonad.

Looking at the syntax, I think the GPL version is called Perl 6

Re:Comments from a Monad developer

[BarryNorton]

What's more, Microsoft Research has been very active in the Haskell community, where monads are bread and butter. Perhaps some marketing genius went to one of their presentations and took something away - one word out of context!

Re:Comments from a Monad developer

[timmarhy]

becuase people are retards and would click "no don't allow access" then proceed to whinge to tech support that their internet is broken, nothing works, blah blah...

Re:Comments from a Monad developer

[deaddrunk]

huhuhuhuhuhuhuhuhuh you said nad

Re:Comments from a Monad developer

[Mornelithe]

That list is missing the definition that is most likely to have inspired the name of the command shell. A monad is a type of object in category theory which was adopted by functional programming languages like Haskell to represent units of computation. Essentially, it is an abstraction of imperative programming with side effects that doesn't break the purely functional nature of the language.

Some people at MS have actually been pretty active in the Haskell community, so the word probably came from there in some roundabout way.

Re:Comments from a Monad developer

becuase people are retards and would click "no don't allow access" then proceed to whinge to tech support that their internet is broken, nothing works, blah blah...

OTOH, people are retards and would click "yes do allow access" then proceed to whinge to tech support that their computer is broken, nothing works, blah blah

Re:Comments from a Monad developer

[JohnFluxx]

You should watch the selinux talks (which is a framework for linux to do what you say).

I remember there being a few problems, such as most apps talk to X, so you have to let that through, and then X connects to everything else, so it's like you have a big hole in your sieve.

Also it gets more difficult when you have shared memory etc.

http://www.nsa.gov/selinux/info/faq.cfm

Re:Comments from a Monad developer

[pAnkRat]

That's what my dad allways says:
"A dirty mind is a joy for ever."

I personaly know he is right...

Re:Comments from a Monad developer

[Himring]

Not everything ending in "-nad" refers to genitalia.

Yes, but it is extremely difficult not to snicker when one reads "mo'nad"....

Re:Comments from a Monad developer

[SonicBurst]

"They can't enforce the idea of limited accounts for regular use because too much legacy software would break."

Actually, they can, and they are. One of the new features of vista (provided it makes it in) is the ability to virtualize both registry settings and certain system folders. I can't remember if they are doing it on a per user account level or per application level, but in effect, legacy software gets its own copy of the registry and certain system files. There is a bit of a description of it here under the User Account Protection heading.

Re:Comments from a Monad developer

[Erasmus+Darwin]

I'm sure Seinfeld fans will be rather annoyed that you left out the ever popular "Mulva".

Re:Comments from a Monad developer

[rockchops]

Or the ever popular Secure Microsoft Shell or SMASH

Re:Comments from a Monad developer

[Jessta]

Inner firewall AKA. user accounts. Personal firewalls are useless. *The default action taken by the tcp/ip stack when a packet arrives on a port that doesn't have a service running on it is to drop the packet. *They waste resources and (because they are a service running with admin privilages) create a possible security hole. Come on people, think.

Re:Comments from a Monad developer

[vertinox]

When XYZ application runs and tries to hit a reserved directory or section of the registry, popup a window saying so and ask if you want to allow it.

The question you should be really asking is "Why should any other program other than Windows OS itself be tampering with the system registry or files?" Good programs adapt to the system configurations or at least asks the user to update it for them (like "You need to update Direct X for this program to run!") and not automatically do it for them. If your program changes something in Windows to something non-standard then who knows what other program's feet you are stepping on in the process.

Re:Comments from a Monad developer

[sgtrock]

Personal firewalls are useless. *The default action taken by the tcp/ip stack when a packet arrives on a port that doesn't have a service running on it is to drop the packet. *They waste resources and (because they are a service running with admin privilages) create a possible security hole. Come on people, think.

Oh, come on! You can't truly believe that leaving any server/desktop/whatever open (esp. when attached to the Internet) with no screening software is a good idea, can you? What do you think iptables and ipchains are for?

Re:Comments from a Monad developer

[yuriismaster]

Secure Microsoft Shell or SMASH

I must have missed that A somewhere... care to point it out?

Re:Comments from a Monad developer

[shmlco]

You're enitrely correct in that "good" programs behave. This thread, however, was discussing software written by developers that don't understand proper behaviour, and as such would break under a locked down, limited access account.

Re:Comments from a Monad developer

[jolar]

For those of you who still don't get it: stop logging in as an administrator you idiots.

Yes, what great advice. Have you ever used Windows without Administrator rights? You can't even view the fucking calendar.

Re:Comments from a Monad developer

[SRS]

With respect to 2.(Philos. of Leibnitz), one of the properties of monads was that they are windowless.

Re:Comments from a Monad developer

[msoori]

You forgot about the other ones that were considred early on... "Msshole", "Mick", "Mussy", "Mrap" and "Mhit" They figured you can always send some one who abuses the Monad to MSHell.

Re:Comments from a Monad developer

[planckscale]

uhuh

heh heh

You said Magina

eeeeeeh

Re:Comments from a Monad developer

[TheSpoom]

I'm sorry, but this would be preventing user stupidity at the cost of a slower OS for those users who aren't stupid enough to let a scripting virus in their system in the first place. Keep virus security where it is already, in virus scanners, and let us have our functional OS that does what we and our programs tell it to do.

Re:Comments from a Monad developer

[shmlco]

How so? A secure OS is ALREADY performing these checks to see if a given user has access privileges to the requested resource. This is just a suggestion for what might could be done should the request fail due to insufficient access.

Or are you suggesting we completely abandon all security on the box itself in the name of a couple of percentage points of speed?

Re:Comments from a Monad developer

[Oscar_Wilde]

Yes, what great advice. Have you ever used Windows without Administrator rights? You can't even view the fucking calendar.
 
The advice is good. It's hardly my fault that Windows is broken.
 
And yes, I have used Windows without administrator rights. I had to do some awful things with ACLs so that a group of engineers could use AutoCAD as normal users but the hardest part of the whole setup was explaining to the engineers why they shouldn't have administrator rights (since almost all of them complained to my boss that they couldn't work without it).

If they had a second account with admin rights the first thing they all did was make their other account an administrator. The second thing they all did was download shit and infect their computers with it. People clearly don't understand why running as an administrator is a bad idea.
 
After a while the edict came down from on high stating "If you're not part of the IT team don't ask for Adminstrator rights" and that was the end of it.

Re:Comments from a Monad developer

[lapaille]

Not everything ending in "-nad" refers to genitalia.

Sure! Like not everything ending in "-litoris" refers to fruits

Re:Comments from a Monad developer

[Jessta]

IDIOT!
iptables is used for routing mostly.

A system running with no networks services is not open. In fact if you get nmap and scan the system you will notice that all ports are closed.

A firewall(gateway/router) is used to route connections between subnets and to restrict network services to certain subnets. This is quite useful when one doesn't have control of all the systems on the subnet.(these systems could run vunerable services, making the network insecure)

But seeing as though a personal computer is not a network(the exception might be that it is a honeynet) you can just disable the network services and save yourself a lot of trouble.

- Jessta

What's the motivation

[HawaiianSophie]

Behind attacking Microsoft?

Re:What's the motivation

So l337 h4x0rz c4n pwn j00!!!!

Re:What's the motivation

[HawaiianSophie]

lol... whatever, Windows is better than Linux. It PWNz0rs it 0000ooo0o0oo0o0oo0o0

Re:What's the motivation

[Spacejock]

Maybe it's because they pound their chests and declare they're the most secure, cheapest, bestest, fastest, etc, etc, even when there's overwhelming evidence to the contrary. When someone gets big-headed it's only natural to poke fun at them, or in a more sinister way, to want to exploit holes & make a big noise about it. It's like throwing cream pies at famous people, to embarass them in public. (Disclaimer: I'm a programmer, not a cracker or virus writer. I've never chucked a cream pie at a Personage before, either.)

On the other hand, if their next marketing campaign had a slogan like 'This OS is almost as polished as OS/X' or 'Vista is almost as secure as Linux' I can see how it might impact sales. However, perhaps if they stopped making outlandish claims in marketing, cracking would be left to the crimanals trying to steal your ID, rather than script kiddies hurling virtual cream pies.

Truth vs marketing. I wonder which will come out on top?

Re:What's the motivation

[dedazo]

Maybe it's because they pound their chests and declare they're the most secure, cheapest, bestest, fastest, etc, etc, even when there's overwhelming evidence to the contrary.

Yeah, it sucks when that happens.

Of course you can always "embargo" all your vulnerability details (see for example bug #294795) - and feel comfortable in your superior position!

Re:What's the motivation

[Jugalator]

Maybe it's because they pound their chests and declare they're the most secure, cheapest, bestest, fastest, etc, etc, even when there's overwhelming evidence to the contrary.

They have never said this about Monad, as far as I can tell.

Note that this article isn't about Vista, but Monad.

Re:What's the motivation

[Spacejock]

True, but the parent asked why people always attack Microsoft, and that's what I replied to.

Re:What's the motivation

[Spacejock]

crimanals??

Sure, I'm replying to my own non-proofed post, but that's one hole of a typo.

Doesn't bode well...

[confusion]

For MS.

But seriously, this is like tipping over someone in a wheelchair. It's a BETA of WINDOWS. Hopefully MS will learn from this before the release, though. I'm not up for a whole new vector of threats against my windows boxen.

Jerry
http://www.cyvin.org/

Re:Doesn't bode well...

[Utopia]

Funny thing is Monad is not even present in Vista beta 1!!!

How the hell this virus writers execute it on Vista B1 is a mystery to me.

Re:Doesn't bode well...

[The_DoubleU]

Monad is not in Vista, correct.
But there is a seperate beta of Monad available. You can install it later on Vista and appearently also on XP (sp2?) and 2003.

Re:Doesn't bode well...

[ozmanjusri]

How the hell this virus writers execute it on Vista B1 is a mystery to me.

Download it from beta.microsoft.com, install it, then run it, maybe?

Re:Doesn't bode well...

[rathehun]

Sir.

As many people have mentioned before.

Collective name for Linux machines = Boxen.

Collective name for Windows machines = Crap.

R.

Re:Doesn't bode well...

[pAnkRat]

It does not have anything to do with it being BETA or not.
The whole content of the article can be condensed to:
"Warning, it is posible to write a virus using the Monad shell."

The same can be said about Perl, C, Java on any platform.
If we should stop feeding the trolls in a discussion,
maybe slashdot should stop posting Troll articles.....

Re:Doesn't bode well...

[zootm]

As others have pointed out, this is not a notification of a vulnerability. The exact same things can be done with Python, Bash, Ruby, Perl... hell, you can even write stuff with the general gist of this with batch files and the DOS command line.

As far as we can tell, and this includes a reply from a writer of Monad elsewhere in the discussion, this is an alarmist article proving little other than the fact that Monad is a shell scripting language.

Re:Doesn't bode well...

[gg3po]

...this is like tipping over someone in a wheelchair.

Correction... It's like tipping over a shifty multibillionare -- that evicts little old ladies from their apartment in order to bulldoze it and put up a shopping mall, all while amusing himself by pulling the wings off flies -- in his wheelchair.

Not very sporting.

[WindBourne]

I would think that people would quite going after all Windows. After all, there is not that much sport shooting ducks in a barrel. And it will be at least another decade before these ducks learn to fly.

Re:Not very sporting.

Please, learn a fair bit about grammar and sentence structure
I would suggest the same for you prior to doing your own flamefest. In fact, it was easy reading the GP posting, but yours had some issues.

And for a final thought, did it occur to you that many of those who visit this site have English as a second, third, or even fourth language? For all that you know, the GP speaks some other language primarily.

Re:Not very sporting.

[Shaklee39]

grammer

or spelling for that matter.

Nothing serious i must say

Something which requires you to execute a script on the computer is not a virus. Think if you execute a bash script in Linux and it goes on and put itself in all your bash scripts, would you call it a virus?

This is actually nothing, it simply prepends/appends or put itself in the middle of existing MSH scripts. It is equivalent to, if you run a binary on your machine, it can attach itself to all the binaries on your machine.

On top of that, MSH by default on let digitally signed scripts to execute hence once infected scripts on execute. This is not really a threat at all.

Re:Nothing serious i must say

[Keeper]

Something which requires you to execute a script on the computer is not a virus. Think if you execute a bash script in Linux and it goes on and put itself in all your bash scripts, would you call it a virus?

No, I'd call it a trojan that infects my system with a virus.

Re:Nothing serious i must say

[zlogic]

>Think if you execute a bash script in Linux and it
>goes on and put itself in all your bash scripts,
>would you call it a virus?
I certainly would! The thing does something without my permission, and what it does is not patching the bash scripts but modifying them.

Re:Nothing serious i must say

[emurphy42]

MSH by default on let digitally signed scripts to execute hence once infected scripts on execute.

Okay, the poor grammar here is actually significantly interfering with our ability to understand your intent. From context provided by other messages, I'm guessing you meant:

"MSH, by default, only lets digitally signed scripts execute; hence, once infected, scripts won't execute."

Re:Nothing serious i must say

[Dachannien]

http://en.wikipedia.org/wiki/Computer_virus

That's not to say that these scripts are any different than a Bash script in a Linux environment. But they are viruses.

As for the digitally-signed scripts, how do I write my own scripts? Presumably I have to digitally sign them before I can use them, if what you say is true. What's to stop a script from getting other scripts/executables that it modifies re-signed through that same mechanism?

Re:Nothing serious i must say

[phantomfive]

Wow, has the whole world forgotten the difference between a Virus and a Worm?

However, I have to agree that this is not exactly newsworthy.

Re:Nothing serious i must say

[Omega+Blue]

Something which requires you to execute a script on the computer is not a virus.

Huh? Are you saying all those nice viruses that come with e-mail messages aren't viruses? Afterall, they all require an uninformed user to execute them on a Wintel box.

Re:Nothing serious i must say

[cyclomedia]

they're called Trojans:

A virus spreads iteslf by infecting existing files (e.g. executables)
A worm spreads by exploiting system vunerabilities directly
A trojan is malicious code pretending to be something else (e.g. britneyspearsnaked.avi.exe)

Often trojans will be used to install worms, which in turn propogate their "parent" trojans. Which is analogous to the facehugger/geiger-alien method of reproduction.

Re:Nothing serious i must say

[LimoWreck]

> > Think *if you execute* a bash script in Linux and it > I certainly would! The thing does something without my permission, and what it does is not patching the bash scripts but modifying them. sounds like your permission to me

Re:Nothing serious i must say

[LittleBigLui]

Think if you execute a bash script in Linux and it goes on and put itself in all your bash scripts, would you call it a virus?

Yeah, if it's self-replicating it's a virus. See here.

Re:Nothing serious i must say

[usrusr]

Most likely, signed scripts will have invalid signatures if they are modified, which is half the point.

I really love how you say "most likely" in the context of signature hashes. Nice and simple understatement for "very very most likely (but not entirely sure)".

Now managing trust is as complex as managing user permissions and imho offers more of a "single point of failure" than the latter, but it's good to see another powerful tool.

Re:Nothing serious i must say

[phoenix_rizzen]

Which is what a virus is. It spreads itself from one binary/script to another.

Too many people nowadays confuse "worm" with "virus". A virus infects (appends, prepends, or copies itself to the middle of) binaries on the same system, mainly through an infected binary being executed.

A worm just copies itself to other systems using network connections of some kind. These spread by multiplying and creating new copies of itself.

Re:Nothing serious i must say

[Lord+Ender]

You have confused "virus" and "worm." This IS a virus. How old are you? Don't you remember DOS viruses?

Re:Nothing serious i must say

[Haeleth]

As for the digitally-signed scripts, how do I write my own scripts? Presumably I have to digitally sign them before I can use them, if what you say is true.

Right. You create yourself a certificate (free, if you don't need it certified by a commercial entity), and then you sign your scripts with it.

What's to stop a script from getting other scripts/executables that it modifies re-signed through that same mechanism?

Well, either it won't be signed (so it won't run unless you're stupid), or it'll be signed but not with a certificate you trust (so it won't run unless you're careless). So it shouldn't be modifying anything in the first place. But even if you're stupid or careless, I assume it can only sign things with certificates it has access to, right? Which, unless you're both stupid and careless, again won't include any certificates you trust.

How well it will work in practice remains to be seen. But as it stands, it sounds to me like it'll be at least as secure as Linux.

Ah... Linux, where even smart people regularly run scripts they've downloaded from the internet, as root, without checking what they do -- they just take it on trust that "sudo make install" will not install a rootkit, and get away with it because virus writers know that exploiting actual vulnerabilities in an operating system is considerably more effective than trying to get people to jump through hoops to run malicious scripts.

Re:Nothing serious i must say

[phoenix_rizzen]

And for those that like links and backing up statements and all that other jazz: Wikipedia Article

Pay particular attention to the first couple lines, and then the Definition section. :)

No surprise here

[zappepcs]

I'm sort of surprised that it didn't happen earlier.

What would really be a surprise, pleasant one at that, is to see a F/OSS program actually plug the holes in Vista before it can sink?

Re:No surprise here

[weicco]

sudo rm -rf / Wow! I wrote proof-of-consept virus for every UNIX and Linux. I'm a 3117 hax0r you know.

This just in!

[TummyX]

Monad can be used to write scripts that do stuff!

Re:This just in!

[stratjakt]

I cant wait for the OSS guys to clone this capability of "doing stuff" in bash or perl!

How is this different from *NIX shell scripts?

[MagikSlinger]

How is this different than writing a ksh or bash script virus? Ksh and bash script viruses can be just as bad. Heck, remember the Morris worm?

I like bashing M$ just as much as the next ./er, but this might not be their bad just yet.

Re:How is this different from *NIX shell scripts?

You obviously haven't seen the calls in module os.system:

• os.system.bsod()
  
• os.system.crash(program)
  
• os.restart()
  
• os.add_clippy(program)
  

Re:How is this different from *NIX shell scripts?

[Tim+C]

That was my first thought.

Essentially, any time anything is being executed on a system, and that thing has a known/knowable format, it's going to be vulnerable to viral infection.

Re:How is this different from *NIX shell scripts?

[Macka]

What a load of hypothetical nonsense. To quote from the end of that article:

At this stage, Unix shell script malware as such is more targeted at the specific machine - currently it doesn't spread its code to other machines natively. So far, it couldn't survive on its own.

Yes I remember the Morris worm (1988). It had nothing to do with scripts as it exploited holes in programs that were hanging open on the net. Holes that have long since been closed. Also back then use of firewalls apart from at the corporate gateway were virtually unknown. It also attacked only DEC VAX and Unix boxes. There's zero chance that could happen again today. Firewalls and NAT routers are too common now, and the types of vulnerability it exploited are very well understood and very well managed.

Re:How is this different from *NIX shell scripts?

[Antique+Geekmeister]

Few shell scripts run by users allow you to modify all the rest of the shell scripts on a system. Apparently, in Monad's excuse for a security model, they do. Remember, .NET had Peter LaMacchia, the author of Microsoft's .NET book, *resign* as project lead because of the security stupidities they were inserting into it.

Also remember, Microsoft's security models are not based on allowing the minimum privileges necessary to complete an operation. Due to the way they handle hardware, especially video, they can't be or they'd break huge amounts of their own most basic software, and they weill never get free of these issues. All the Anti-virus layering on top of MS is basically a band-aid for those vulnerable, easily punctured arteries of system access left exposed so that software can easily tap them. They are firm believers that they can patch any hole or set of holes after the fact, rather than building in the security in the first place.

Re:How is this different from *NIX shell scripts?

[Antique+Geekmeister]

I remember it too. There's a good chance it could happen again: it would have to spread via HTTP, SMTP, and SSH vulnerabilities to use ports that aren't blocked on gateway systems, rather than telnet and rsh, and woould perhaps also require probing VPN setups to gain access from infected machines to corporate networks. But a better built package more aimed at damage could easily replicate its password guessing and replation capability and cause quite a lot more damage today. People should be concerned about this stuff. It's amazing how Morris never spent a day in jail, but instead is now a professor at MIT ( http://pdos.csail.mit.edu/~rtm/ ). Gee, writing destructive worms that ruined systems worldwide, and help ruin your father's career as head of the NSA must really be work which MIT wants to foster as part of their "ubiquitous computing" developments. That's just what I'd look for as part of the computing in my home!

Re:How is this different from *NIX shell scripts?

[CaymanIslandCarpedie]

Also remember, Microsoft's security models are not based on allowing the minimum privileges necessary to complete an operation. Due to the way they handle hardware, especially video, they can't be or they'd break huge amounts of their own most basic software, and they weill never get free of these issues.

Never get free of these issues? I don't think you are quite up to speed on Vista. Here is a high level look at some of the security improvments in Vista.

The part most directly related to your claim can be found under the "User Account Protection" heading, but here is some if it:

Today, many Windows users run with administrative privileges in both the enterprise and the home. Running as administrator results in a desktop that is hard to manage and has the potential for high support costs. Deploying desktops without users being administrators can result in cost savings because a non-administrative user no longer has the ability to accidentally mis-configure the network or install an application that might affect system stability. Running without administrative privileges is challenging today, as many applications fail to run and end users get frustrated by the inability to perform common tasks such as adding printers. In Windows Vista, the User Account Protection initiative introduces fundamental operating system changes to enhance the experience for the non-administrative user. For example, in the enterprise context, a mobile laptop user will be able to set a WEP key to attach to a home wireless network, install a printer, download and install application updates, setup and configure a VPN (Virtual Private Network) connection, and perform many other standard tasks, all while running as a non-administrator.

By default, Windows Vista runs most applications with limited permissions, even if the user logs on to his or her computer with administrative privileges. This won't stop users from performing administrative tasks that you've granted them permissions to perform. When users attempt to perform administrative tasks, Windows Vista explicitly asks them to confirm their intentions or provide administrative credentials, depending on the policy setting that you've chosen. You can also control this feature with Group Policy settings.

If users log on as standard users, who are not members of the Administrators local group, they can still run most Windows Vista applications without additional rights. Although there will be some exceptions, most applications will run equally well under either the administrator account or a standard user account.

For those times when you do need administrator privileges, you don't have to click Run As because Windows Vista automatically prompts you, as shown in Figure 1.

Some applications will not run on Windows XP without administrative privileges because they attempt to make changes to file and registry locations that affect the entire computer, such as C:\Program Files, C:\Windows, or HKEY_LOCAL_MACHINE. Registry and file virtualization in Windows Vista redirects per-machine file and registry writes to per-user locations if the user doesn't have administrative privileges. This enables standard accounts to run applications that need to write to areas of the registry or file system that only administrators can access.

Now we'll have to see how well this is all implemented. I'm sure like any MS 1.0 product (or any 1.0 product in general really) there will be some issues, but it seems the days that your complaint remains valid could be numbered.

Re:How is this different from *NIX shell scripts?

[CableModemSniper]

Per-user registry virtualization? Schweeeeeeet.

Re:How is this different from *NIX shell scripts?

[Antique+Geekmeister]

It may have improved, I'd be pleased. But they're still vulnerable to the graphics admin privilege problem. Lots of applications absolutely need excessively high levels of privilege to talk to the display, and there's no fix in that yet, and own't be until MS is prepared to throw out every Office application they're written and all Windows computer games.

Re:A Windows beta is exploitable??

[yRabbit]

Why? Do you prefer the release versions of Windows to be vulnerable instead? ;>

No Monad.

[faldore]

Monad's not going into Vista/Longhorn, hadn't you heard?

Re:No Monad.

[faldore]

http://www.microsoft-watch.com/article2/0,1995,182 6007,00.asp?kc=MWRSS02129TX1K0000535

Re:No Monad.

[AndroidCat]

Vista/Longhorn has no Monads, there's a shock. whistles the Colonel Bogie March...

If you want...

[nuntius]

I can mail you a Slackware boot disk. It will cure all of Vista's problems, before it is even released. :)

That said, a lot more people would plug Windows holes (if for no other reason than to rid the world of zombies)... if MS would just free the source. But that would probably make poorly-written Perl code look good. ;)

NO WAY!

[stiefvater]

never mind the virus-

windows now has a decent shell?!

will wonders never cease?

K.

Comment removed

[account_deleted]

Comment removed based on user account deletion

It still is a beta after all.

[zwilliams07]

Give M$ some time to work its magic, then there will be plenty of holes and viruses for all!

Re:It still is a beta after all.

[superpulpsicle]

Monad rhymes with "More Ad". That should sum it up lol.

OMG a shell!

[shawnce]

http://www.macworld.com/news/2005/08/04/vistavirus es/index.php

OMG a shell! it like does things! and without a mouse!!

Re:A Windows beta is exploitable??

[william_w_bush]

Wow! Now I get a choice?

From the Article:

"Five proof-of-concept viruses that target Monad, the next version of Microsoft's command prompt, were included in a recently published virus writing magazine, according to Mikko Hyppönen, the director of antivirus research at F-Secure."

I'm certain this comment will pit Slashdoter against Slashdoter, but with all the so called "free speech" that is actively being censored one subject at a time today, why is it that these people aren't under the sociopolitical microscope for publishing this kind of information?

Furthermore and looking at the situation from a different angle, not long ago I heard (or read, I can't remember which) someone in the government refer to the writing of malicious code and hacking of computer systems (especially crucial and/or sensitive ones) was to be considered an "act of terrorism." Now tell me, if I or anyone else can be arrested for training people how to commit "acts of terrorism" in the real world, why hasn't this applied to the digital world as yet?

Re:From the Article:

[awkScooby]

Now tell me, if I or anyone else can be arrested for training people how to commit "acts of terrorism" in the real world, why hasn't this applied to the digital world as yet?

For one, because to train people how to write anti-virus software, they need to be trained in how viruses work. For another, it's hard to draw a legally clear line that won't prevent security researchers from creating better systems. To make systems better, they need to test them, which means they need to attempt to exploit weaknesses. One of the fundamental parts of research is publishing results so that they can be reviewed by peers.

It's one thing to write about how to make pipe bombs, car bombs, etc, and quite another to set up a school where you train people who you are then going to send out to actually perform terrorist acts. If there weren't such a distinction, Tom Clancy could be thrown in jail for writing about terrorist acts that could be replicated by real world terrorists.

I think you'll find that you still can pick up a copy of "The Anarchist Cookbook", so clearly it's not illegal to write about how to commit violent acts, or construct weapons to assist in attacks.

In the case of this virus, it is not malicious, and is a proof of concept to show that the new shell is not a magic bullet that solves all your security problems. Hopefully this is early enough before Vista is released that MSH won't be embedded into all sorts of things where scripts auto-run, like what we had with VBS in Office documents, and such. If that is the outcome, then the publication is a very positive thing.

Re:Oopsie!

[jmking1]

That's exactly the reasoning people used in support of Firefox before 1.0 was released. I don't see why it can't be used for any beta software.

Oh, and just for completeness, vulnerabilities have been found in Firefox since 1.0, so the argument that only Microsoft releases "beta" (read: vulnerable/insecure) code as production-level software doesn't work either.

So what?

[IchBinEinPenguin]

All this proves is that Monad can find and modify text files (and that there are idiots out there who will misuse tools).
About the only way around this is code-signing to prevent modification (yeah, like I'm gonna sign every single perl script I ever wrote.....)

It's not like you can't do this in bash, awk, sed, perl, python, REXX etc. etc.

full circle wtf ?

[bxbaser]

I must be getting old when i see the full circles everywhere.

when windows 95 came out the windows zealots where so quick to point out "no more haveing to type in dos windows is better than everything" now they will say "we have a shell windows is better than everything"

Re:full circle wtf ?

[abradsn]

Actually, we still think a gui is better. But, we want the flexibility of a shell now that we hear all of the unix/linux hackers complaining about the lack of a good shell.
As an avid script writer, I have to add that I wish everything had a good api or script interface. I think that all along Microsoft missed the point here. They tried to patch things up with com interfaces, wmi, and so on and so forth. I think that the assemblies in .net and a standard rtti such as reflection has improved things a million fold, and actually finally paved the way for improving this whole arena.
One day, I hope to just type in a search term into a dialog box, and get back the library and the API call that I need. I get sick of looking through horrible (sometimes nonexistant) documentation for something that the computer could just present in a clear manner.
By the way -- Does anyone know of a linux tool that performs this search for all libraries on a linux machine?

Re:full circle wtf ?

[noamsml]

actually, I think the correct phrasing is "windows has shiny iCons, it's better than everything!"

Re:full circle wtf ?

[TeknoHog]

"Those who don't understand Unix are condemned to reinvent it, poorly."

Re:full circle wtf ?

[kiddygrinder]

Nah, it's just people learning as a whole. At the start it was shell is better, then people realised they could have a fully functional gui that did nearly everything a shell could, so they decided that if we take it to the next level we could produce a gui so good it could do everything with a little bit of clicking. Now people (By people i mean mostly microsoft and apple) are realising that gui is good for some things (simple file manipulation, image manipulation, desktop publishing etc etc), and shells are good for others.

Re:Not a vulnerability

[dedazo]

Slashdot has a history of reporting user-executed attachments as "vulnerabilities", to the never ending delight of the peanut gallery, who consider that it's Microsoft's fault if I run something I shouldn't have on my computer, but if I do the same thing on any other OS, it's my fault.

Plus, Hakko Mipponen (or whatever his name is) has to make a living scaring the bejezus out of everyone - what better way to get started than with something that's not even really out of alpha?

Monad does support code signing

[Leeji]

Actually, code signing does partially solve this problem, so that's one of the avenues we've taken. See my post about it (although I feel like a whore for posting it again.)

That said, once you have a code signing infrastructure to save you from untrusted script publishers, your signing keys become the attack point. Malicious code can create another malicious script, and then sign it with your keys. To prevent that threat, always password protect your signing keys. When you do so, Windows brings up a dialog asking for your permission before it signs the file in question.

Leibnitz is rolling is his grave

[calculadoru]

Quoth the wise man in his treatise Monadology (1714):
"There is also no way of explaining how a monad can be altered or changed in its inner being by any other created thing, since there is no possibility of transposition within it, nor can we conceive of any internal movement which can be produced, directed, increased or diminished within it, such as can take place in the case of compounds where a change can occur among the parts. The monads have no windows through which anything may come in or go out. The Attributes cannot detach themselves or go forth from the substances, as could sensible species of the Schoolmen. In the same way neither substance nor attribute can enter from without into a monad."

And they they've managed to attack them??? Oh, the humanity...

More Windows viruses?

[Lisandro]

Awwww, crap guys. Let it go already. It's a bit like kicking a crippled at this point.

Virus writers...

[dbolger]

Well I guess they've really got Microsoft by the monads now, eh?

Highest form of wit! ;)

An Example of One of the So-Called Viruses

[AdamBa]

This is the verbatim text of one of the five viruses:

$name_array=get-childitem *.msh
foreach ($name in $name_array)
{
if ($name.Length -eq 249)
$my_file=$name.Name
}
}

foreach ($victim in $name_array)
{
if ($name.Length -ne 249)
{
copy-item $my_file $name.Name
}
}

All it does is find every .msh file and replace its contents with itself. That's it. You could do it with a .CMD file in any version of Windows (and of course in any other scripting language).

The other scripts get a bit more complicated (insert at a random spot in the file, etc) but that's basically it. There's no new vulnerability exposed by Monad.

- adam

Re:An Example of One of the So-Called Viruses

[sankyuu]

Reminds me of the concept DOS "virus" during grade school:

copy con pacman.bat
@echo off
for %a in (*.bat) do if not %a = %0 copy %0 %a
echo Game over!
^Z

Except I've never bothered to write viruses 0:-)

Re:An Example of One of the So-Called Viruses

[Spoing]

Hell, I wrote a batch file way back when called reboot.bat. Guess what it did? :)

It only used a few lines; a set of echo commands to create a .com file followed by a line to run that .com file.

Now, it won't work because the reboot sequence -- jumping to the end of the bios and poking in the string 123 -- is now trapped by any protected mode OS. That, and I don't even know if headerless .com files are valid anymore under XP's CMD.EXE.

Re:An Example of One of the So-Called Viruses

[sankyuu]

That, and I don't even know if headerless .com files are valid anymore under XP's CMD.EXE.

Heh, they still work!

C:\>debug test.com
-u100
3583:0100 B409 MOV AH,09
3583:0102 BA0901 MOV DX,0109
3583:0105 CD21 INT 21
3583:0107 CD20 INT 20

Well, any OS that ships with some development tools would more or less permit trojans and virii. :-/

PC World has the most sensationalized version...

[AdamBa]

Right here. "Microsoft's newest operating system in beta only a week, but already leaky." Eeek!! It claims the viruses "take advantage of a new command shell, code-named Monad, that is included in the Windows Vista beta code". Only problem is, Monad is not included in the Windows Vista beta code. Then it talks about how they "take advantage of security vulnerabilities in the new command shell". Like the ability to run scripts?

- adam

Re:Not a vulnerability

[dedazo]

Mikko Hypponen

Am I suppose to believe you're him?

But very few of the most widespread viruses in the world rely on vulnerabilities.

Right, and assuming you are Hypponen, how does this affect you (or not)? I was making a comment about Slashdot, not you.

OTOH, assuming you are who you say you are, let me just say that I'm hardly the first person in the world to point out that companies like F-Secure tend to be on the unfortunate side of hysteria when it comes to reporting vulnerabilities. So don't be offended by that, we understand how the business works. It's OK.

Cheers.

Re:PC World has the most sensationalized version..

[aztracker1]

That's the same issue with email attachment virii... the OS is actually capable of RunningStuff(tm). I mean, sure have the prompt/warning (for a while, didn't norton do this with every script that used the filesystemobject, then they used the ado text object, next it will be something else.. I mean as long as an OS is usable, and the user is a privileged user, it is vulnerable from the user.

I'm glad that low privilege users will be a focus in the new version, but the ability was there since nt3.x iirc, and nobody really focused on it, and 3rd party software was so badly written, you couldn't do much with it a lot of times. Another issue, is you can't change many UI settings as an unprivileged user in windows, this pisses people off... fix that, get developers to write their software for proper use, and a lot of these issues will fade.

Misleading topic

[Jugalator]

It should be "Windows XP/2003/Vista Tool Targeted By Virus Writers". It won't just be for Vista. The tool is also still in early beta, and I'm not even sure what the script did; is it a script like "rm *", or does it exploit any actual vulnerabilities? There's too little info here to know if this is anything to call news or not...

Monad will also not be included with Windows Vista RTM.

Hey -- Give MS a break!

[l0ungeb0y]

First off -- credit where it's due, it took a few days for these to show up. Unlike the mere hours it took before.

Big pat on the back to all you Windows coders out there in Redmond!

Second and most important, these are only shell scripts meant to be executed in Monad -- not some nasty Outlook/IE infecting VB script that spreads like super-flu.

No... those wont babies wont be hatching till NEXT week.

I'd say this is a marked improvement in Windows Security overall. Bill must be proud right about now.

Re:PC World has the most sensationalized version..

[Jugalator]

"Only problem is, Monad is not included in the Windows Vista beta code."

It will probably not be included in the final Windows Vista code either.
It'll be a separate, downloadable tool for all MS OS'es since Windows XP.
I'm still looking for the connection to Windows Vista here...

Re:A Windows beta is exploitable??

[the_womble]

Do you prefer the release versions of Windows to be vulnerable instead?

I do actually. I get opportunities to say "well what do you expect if you use Windows?" to people that way.

Of course, to be fair to MS, in this case the article is BS.

You've got your chocolate in my penut butter.

[LaminatorX]

Combine the power and flexability of Unix-style scripting with the robust security of a Microsoft environment. As long as the millions of less savvy users are all operating within least-privalege account model this should be great.

Interesting...

[That's+Unpossible!]

Monad is now a "Windows Vista Tool." And just 2.5 months ago, Slashdot indicated Monad wouldn't be in Windows Vista (then codenamed Longhorn).

So when Monad is considered a feature, it won't be in WV, but when it is a problem, it's magically back in there.

The truth is, no one knows for sure if Monad will be in, and this "virus" is just a fucking shell script.

Everyone, type rmdir c:\ and pass it along.

Re:Interesting...

[Jugalator]

It gets even funnier in this further bastardized version at CNET -- another contradiction right in the first paragraph:

"Virus writers are targeting a new Microsoft tool that will be part of Windows and is set to ship as part of the next Exchange e-mail server release."

Again, the topic there is also misleading; this isn't about Vista, this is about Monad. Monad will be released for three operating systems, not one. And I hear now it's not even a vulnerability.

So bloody what ?

[polyp2000]

As much as i despise microsoft and avoid using windows at whatever cost. They have not released Vista to end users yet. The purpose of a beta is to find out what the problems and issues are and resolve them. Wait until they release a final before criticising I am sure there will be plenty of viruses and bugs to get excited about then! (How else are they going to continue shipping their AV software ?)

The Monad

[payndz]

In the comic series The ABC Warriors (specifically the story 'Black Hole'), the Monad was a bloated, ruthless manifestation of all human evil that attempted to destroy the Earth by corrupting and overloading the incredible technological achievement that linked humanity together.

But I'm sure that's just a coincidence.

Re:The Monad

[msoori]

From Wikipedia... http://en.wikipedia.org/wiki/Monad "The Monad is the Chinese symbol of duality in nature." I think M$ chose it to signify the duality of being secure and insecure at the same time.

Gist

[headkase]

Monadology seems to be a protoscience towards the understanding of the fundamental building blocks of the universe. Today we call things Quantum back then it was essences. Notice how consciousness is described as an attribute of matter instead of an emergent artifact which in a real sense does not physically exist within our Universe, it only logically exists like calling a collection of cells a "glider" in Conways Game of Life.
My 2 cents anyway.

Here's the very Squashed version with the important text reproduced here:

All the plenum of the universe is entirely filled with tiny Monads, which cannot fail, have no constituent parts and have no windows through which anything could come in or go out. Every Monad is different and is continuously changing. All simple substances or Monads might be called Entelechies, for they have in them a certain perfection and a certain self-sufficiency. As they have some perception and desire, they may be called souls, but animal Souls are accompnied by memory. In dreamless sleep our soul is like a Monad. The knowledge of necessary and eternal truths distinguishes us from the animals and gives us Reason. Truths of reasoning are necessary and their opposite is impossible: truths of fact are contingent and their opposite is possible. When a truth is necessary, its reason can be found by analysis, resolving it into more simple ideas and truths. The final reason of things must be in a necessary substance, which we call God. God holds an infinity of ideas, and chooses the most perfect ones. Each simple substance has relations which express all the others, and, consequently, that it is a perpetual living mirror of the universe; though it represents more distinctly the body of which it is the entelechy. Each portion of matter is like a pond full of fishes, where each drop of its liquid parts is also another pond. Thus there is nothing fallow, nothing sterile, nothing dead in the universe. All the parts of every living body are full of other living beings, each with its dominant entelechy or soul. Thus there never is absolute birth nor complete death. Minds are images of the Deity, capable of knowing the system of the universe, each being like a small divinity in its own sphere. Whence the totality of all spirits must compose the City of God, where no good action would be unrewarded and no bad one unpunished. If we could understand the order of the universe, we should find that it exceeds the desires of the wisest men.

Re:Not a vulnerability

[defsdoor]

The real issue is that Microsoft - with Windows - made it too easy to run just about anything without the user knowing just what it is that they are running. They even had an option - set by default - to hide the file extension from the user - which was also honoured by outlook.

How/if this will change in the latest round of "new user inerface - give us your money" from Microsoft we will just have to wait and see.

(Does longcock/vista still have that side panel that eats 20% of your desktop ?)

i dont see why this is news....

[Madd+Scientist]

1) it's a scripting language
2) assume you already have command line access

a "virus" at this point is trivial... just append the code to append itself at the end of every file it assumes is a script for this command line.

this is like batch file viruses that format the drive... it isn't anything special, it's just a matter of getting the mark to run the file. nothing to see here.

Re:i dont see why this is news....

[Xhargh]

It is a virus since it appends itself at the end of all other programs of the same type (scripts) automatically (just run an infected script). To actually do any damage are normally not required for a virus. A batch-file that formats the drive is more like a trojan than a virus.

Re:i dont see why this is news....

[anno1602]

this is like batch file viruses that format the drive

That assumes root access besides CLI access.

Re:i dont see why this is news....

[Madd+Scientist]

agreed... but this whole article doesn't even assume a payload. it's like saying that a suitcase bomb could make it through security because you've already proven that an empty suitcase can get through security. again, this is just stupid propeganda.

Re:i dont see why this is news....

[Madd+Scientist]

also, i was referring to old WINDOWS batch file viruses which didn't even have the concept of a root user.

Re:Not a vulnerability

[dedazo]

The real issue

The real issue is that I do not want a case-sensitive file system, or one that requires me to do all sorts of command line incantations to run a script. It's not my fault that Joe User and his 1,000,000 friends are stupid.

In any case, I can send you a tarball with the execute bit turned on and ask you to unpack it and run the REAL COOL ANNA KOURNIKOVA SCREENSAVER!!!, and chances are you'll do it. Chances are when Linux hits the "big time" there will be something slightly more functional than FileRoller out there. Chances are you'll give me your root password if I ask for it nicely. Chances are your assumptions or superiority are unfounded. People got infected with worms that came in on password protected zip files. Do you think you can engineer away user stupidity? That's scary.

to hide the file extension from the user

Bad design call, yes. OTOH, I could care less, I always turn it off.

Does longcock

OMFG, you're hilarious.

Re:PC World has the most sensationalized version..

[Chokolad]

Thing is, msh is not registered as handler for *.msh files, so in order to run the script you will have to execute 'msh.exe script.msh' from the command-line, it will not work by clicking an icon in Outlook Express for example.

Re:PC World has the most sensationalized version..

[aztracker1]

fair enough.. I don't consider it a big issue in and of itself.. it's a scripting language, it's usable.. that's the point of it.

Virusproof Windows.

[Kaenneth]

If Microsoft made Windows completly immune to viruses, spyware, and the like, they would be immediatly sued by every dying for-profit anti-virus company, just like Netscape did.

I must say it...

[numbware]

CRIPPLE FIGHT!

Too many Moving Parts

[ajs318]

Why the hell does a command line interface need to incorporate Object Oriented features? This sounds to me like adding features for features' sake.

The more sophisticated you make a system, the more failure modes you introduce -- and the harder it gets to test the edge cases, because there end up being too many edges. You want Obejct Oriented? I'll give you an Object Oriented example. Let's have a "length" type with properties which correspond to its conversion into different measuring units.

var height IsOfType length
reset height
let height = 1.75
print height.feet # prints 5
print height.feet.inches # prints 8.8975
print height.inches # prints 68.8975
reset height
let height.inches = 72
print height.feet # prints 6
print height # prints 1.8288
forget height

It may well be pretty, but outside of any programme dealing with units conversion it's fairly unnecessary. And it contains many programming hazards which would thwart the careless implementor. {BTW, that was a fictitious example; but I'm willing to bet there is at least one programming language out there that actually implements something like it.}

All a command shell really has to do is be able to launch programmes, police the I/O traffic and keep hold of some state information. If it can do all that right, any other functionality you need can be provided by external programmes. That way, everything is kept as simple as it needs to be; you haven't got code cluttering up things that don't need it. If you do build functionality into the shell, there should be a bloody good reason -- usually that reason is that some external programme is getting launched more than its fair share. And in that case you already have the code you need to incorporate and it's been thoroughly tested.

Re:Too many Moving Parts

[MichaelJ]

MS, like virtually all Unix variants, is using a scripting language engine as its CLI. This is no different than Bash, Sh, Tcsh, etc. all of which support functions, etc.

Can you imagine a command-line interface that didn't support aliases, functions, the ability to do more than just launch programs? Even command.com wasn't that limited. My daily experience at work (Linux) would suck if I hadn't been able to customize the shell as I have.

And as for testing - it's not that hard. Since the same language is used in scripts as is interactively, you have a test framework right there.

The first thing I thought when they said MS added OO was that this was like using the Python interactive REPL. It all strikes me as much like Eshell-mode in Emacs.

You are right that as with any technology, the more the power and functionality, the more abusable it is. But a CLI that can only launch programs? Perhaps one could argue that that the model to follow is OS/2, whose CMD language was not nearly as rich as the ReXX scripting language (precompiled into filesystem extended attributes ... sigh), as opposed to the VMS model of the DCL language and CLI. But if you're going to live at a command line, there are things you have to be able to do to the environs of that shell that subprograms or scripts just cannot do for you.

Re:Not a vulnerability

[ookaze]

Slashdot has a history of reporting user-executed attachments as "vulnerabilities"

Wrong ! That's actually Windows executed attachments which are vulnerabilities.
Users don't want to execute anything when they click on something that Windows tells them is a picture, for example.
So Windows fool the user, and worse, Windows do things that the user never wanted.

to the never ending delight of the peanut gallery, who consider that it's Microsoft's fault if I run something I shouldn't have on my computer, but if I do the same thing on any other OS, it's my fault.

Like I said before, what you say is completely out of place. What you describe just does not happen in other OS, that's why. In case you did not understand, I'll take the example of Linux mail clients :
- No one of them tell you an attachment is a picture when it is an executable, even if it is called boobs.jpg.
- No one of them will execute the attachment when you just click on it.

Plus, Hakko Mipponen (or whatever his name is) has to make a living scaring the bejezus out of everyone - what better way to get started than with something that's not even really out of alpha?

I thought it was a beta ?!!!
But it's good to know that now, you can experience what Linux users feel when MS do the same stupid FUD that this writer does.

Monad

[SilentSheep]

Hasn't Monad been dropped from the Vista/Longhorn Feature list?? I thought that it as just going to have the same/similar CLI as Windows XP? and Monad was going to be an 'upgrade' some time in the future?

Everything that was once, will be again...

[Spoing]

"As for not running scripts in the current directory, Monad follows a policy similar to that of Unix shells: we do not run them, unless you explicitly ask us to. This prevents malicious scripts (with names such as dir.msh, or get-childitem.msh) from intercepting your otherwise innocent attempt to list the files in that directory."

As time goes on, they keep reinventing bits and pieces of Unix.

These people are smart

[springbox]

Apparently they haven't been around things like BASH enough because it's not very hard to write a similar "virus" in BASH script

Help me understand....

[Himring]

1. It's like a batch file and therefore doesn't count as a virus.
...but viruses started out as batch files and wiped a lot of harddrives.

2. Microsoft can't be held responsible because shell scripts can be written and ran in *nix/*nux too, so what's the big?
...but Windows has a long history of MSTD (Microsoft Terminal Disease) wherein everything is accessible all the time because they built an OS (nay, an NOS) on the principle of "everything is accessible unless explicitly stated otherwise." No other NOS has done this -- no serious one that's broadly used -- so Windows viruses, no matter what they are, have been very egregious.

The issue, to me, is whether or not Microsoft has finally figured out to really seperate the kernel (if they've ever really developed one) from what the user has access to. The reason viruses, malware, whatever, have never really bothered *nix/*nux/Netware is because of the basic principle of denying everything unless explicitly stated otherwise.

Our old Netware guys here still joke and laugh about the insanity that is Windows and security issues around it that a symbiont industry thrives on. Never did, or have, other NOSes generated such a special security area in the free market....

Re:Help me understand....

[raind]

Of course the practice of running all apps as administrator is still widely used, when it's perfectly feasible to run most if not all programs as a regular user. That's a shame.

Re:Help me understand....

[Himring]

I can remember the first time I fired up bitchx as root and it said something like, "running bitchx as root is just stupid." I was like, "wow, cool...."

No! I don't believe it!

[Luscious868]

Bugs and security holes in a beta? No! It's impossible. Not that Microsoft gets the benefit of the doubt anymore, but let's at least wait until the product is out of the beta testing phase before we begin harping on it for bugs and security flaws. Unless, of course, the flaws exist because of fundamental problems with the design of the product (a la Internet Explorer). Then by all means, pile on!

Monad

[hoborocks]

Here was my first thought (it's obvious i didn't get much sleep last night)

Monad kinda sounds like it's a daemon related to a female...something that most geeks probably don't know much about....I bet this is a hoax...

Maybe it's time for sleep again.

Reminds me of that great Kennedy line...

[solomonrex]

OSS developers combine Northern charm with Southern efficiency.

uhm, yay?

[Kurayamino-X]

He found a hole in a peice of BETA software...
last I checked the entire point of BETA sofware was to find holes in it.
ZOMGWTFBBQ he did exactly that! Whooptie fucking do!

you have earned yourself a cookie! go report it to whatever bug tracking sceme they're using and feel proud. or, do something tantamount to screaming "LOOKIT ME! I'M EVER SO SMART!" into a bullhorn while dancing naked with undies on your head in the middle of times square...

Straight from the horses mouth

[xfmr_expert]

From a Dec. 2004 "chat": Q: How is security addressed in Monad? A: This is a very board topic. We spend a lot of time on security. One of the common questions is "are we reintroducing script attacks?". We are doing a number of things to mitigate those exposures. 1) we will not have a doc handler for .msh files (this means that you won't be able to double-click a .msh file and have it run). 2) We'll have a policy that only allows signed scripts (from people you trust) to run (we'll then make it easy for you to sign scripts).

Re:Not a vulnerability

[AdamBa]

Mikko, how do you explain the quote you gave: "The only surprise here is that it came so early...It's been eight days since the beta of the operating system was out." Monad has been out for a while, and is not even in the Windows Vista beta. Yet you are obviously implying that someone took the Vista beta and started pounding away and in only eight days found a vulnerability.

I don't see how you can defend this as anything except pure sensationalism.

- adam

Hmm

[CableModemSniper]

Why do I get the feeling that this is the Monad equivalent of
$ echo "#!/bin/rm -rf" > ls

and probably not nearly as dangerous as the article makes it sound.

.Net sandbox?

[slapout]

similar to Unix shells such as bash, but is based on object-oriented programming and the .Net framework.

I thought that the .Net framework was supposed to prevent malicious code by sandboxing things.

.NET Dead?

[fiber0pti]

Didn't Microsoft recently admit that .NET was a failure? If so, why are they including it in the core of Windows Vista?

Re:.NET Dead?

[TummyX]

Are you retarded?

humour-challenged mods

[subtropolis]

why is this modded insightful?

It's comparing Apples and Oranges.

[zmollusc]

The vulnerabilities found are just a function of how popular the system is in the real world. Microsoft is a victim of its own success.
If Linux had as huge an installed base as Microsoft Vista then we would see all the script kiddies exploiting and 'owning' Linux boxes.
(c)2007

It's a security best practice

[Leeji]

It's a security best practice in a multi-user system, so I'm not sure what your point is. It was in Unix long before it was in Windows, but that doesn't change anything. The flow goes both ways.

That said, Monad does offer many things that make it incredibly unique as a shell. You can try it for yourself, or simply read commentary from people who have. There are a lot of unix geeks (myself included) that really think it is a lot of fun. I have a lot of Monad examples on my blog, should you be interested.

This is news?

[WheelDweller]

Am I the only one to have seen every release of Microsoft since CP/M? Must be.

OF COURSE the virus writers already have a jump on the product before the beta is done. You don't really think 8,000 viruses this year so far, just *happen* do you?

The cycle continues.

The release.

The press proclaiming that it isn't selling. A handful of corporations jump on it for the same stupid reasons one can only make when earning more than a million dollars each year. (corporate stupidity).

Then comes the inevidable "We're going to stop supporting old release X" when more jump on board.

Just as people are getting settled in, OH! It's time for a new Office and maybe Works! The old ones are grossly incapable of doing simple math and are seriously lacking 'cool', so the herd begins to turn and shed their cash.

There are still people running DOS, ya know. And Wfw. And Win9x. They're happy as long as they don't use the net. (So they're safe)

When will corporate America and the man on the street tire of being surprised at this rope-a-dope?

Monad

[AnalogBoy]

is more akin to the bastard child of wmic and cmd; at least the beta i last saw was.

Wait my friends

[lord_rob+the+only+on]

It's just a beta product. All flaws are not fixed yet.

I suppose you all remember when Whistler (codename for windows XP) came out, it was full of bugs and security holes. This is normal, it's a beta. Now we all know that Windows XP is stable and secure as hell *cough cough*

Well, this explains MS's name change better...

[cmdrwhitewolf]

Because this certainly confirms that windows virus's have a new VISTA to exploit!

Re:Would the Study of Monad scripting be....

[Anomalyst]

Mynecology?

turing machines considered harmful

[spongman]

• turing machines are universal.
• thus: you can write a self-replicating, propagating program (virus) in a turing machine.
• thus: the virus can be ported to any turing-complete system.
• thus: the only way to secure a system is to make it turing-incomplete.
• or: any reasonably useful system is susceptable to viruses.

History repates it self....

[jonfr]

Sure, Microsoft will fix some holes on the way to the final product. But given there past history, there are going to be new viruses for Windows Vista the day it comes out, along with new type of spyware . The same old story.