On Sat, 22 Jul 2000, Marc Lehmann wrote:
>> However, Windows email virus writers are too STUPID and COWARDLY to ever
>> code such a feature into their creations, so it's not a big concern there.
>
>Actually,
>
>a) dead machines don't spread viruses
True, but just because a machine is infected, does not mean that
the payload has been shot. A virus could spread, and then
activate the payload on any particular action ie:
1) Certain date
2) Certain number of times event X occurs
3) Random number
etc..
So virus spread to a machine does not mean machine is dead
instantly.
>b) it is very difficult to test
Not really. I test dangerous code all the time when coding. Not
dangerous that it will kill the machine, but dangerous that if I
execute the 'finished product' I may have to log out, log in, do
10 things to set my environment back up, etc.. just to try
again. Instead I 'dummy' the program first, test it, work out
major bugs, once I'm sure everything works, I re-enable the
action, and then try it. I'm not talking about malicious code
either, I'm talking about normal code, but code that you don't
want actually HAVING to do something just to test it.
Not that I've written any, but for example: cd writer software.
Do you think cdwriter authors like the author of "cdrecord" tries
to burn a real CD for every new version of his program during
development? He likely uses CDRW I'm sure, but lets say CDRW did
not exist, and lets say CDR disks were $25 each, and he was poor.
Would he continuously fry CDR's? Not likely. You test things,
and you only test on the wire when you know everything else works
and need to test the wire.
In the case of a virus author wanting to write a virus that frys
hard disks via windows email or the outlook timezone bug, he
would write a virus engine that spreads via email perhaps,
infecting machines via the exploit, and then at a given trigger
explodes the HD or whatever. In testing the code while he writes
it, instead of exploding the HD for real, he substitutes a dummy
function that prints "boom" on the screen or whatever. Once the
virus appears to work, then he activates the real boom and goes
on... As long as the real boom has been tested once outside the
virus, it should work inside. Not hard to test at all. Just
need some imagination.
TTYL
-- Mike A. Harris Linux advocate Computer Consultant GNU advocate Capslock Consulting Open Source advocate... Our continuing mission: To seek out knowledge of C, to explore strange UNIX commands, and to boldly code where no one has man page 4.
- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Sun Jul 23 2000 - 21:00:19 EST