A new virus called Simile.D may not be much of a threat to computer systems, but some of its technical tricks could lead to a rethinking of the principles underlying antivirus software. Read the story at C|Net.
Evolving Viruses Threat to Many Platforms
About The Author
Eugenia Loli
Ex-programmer, ex-editor in chief at OSNews.com, now a visual artist/filmmaker.
Follow me on Twitter @EugeniaLoli
What we are worried about is detection taking too long to be useful. If the viruses get so complicated that detection takes forever to detect the virus, than that will cause a problem.
Is this reminding anyone else of Burning Chrome?
Threat? What threat? Is it the so-called virus, or is it the bonehead who does everything as root? Or the bonehead who executes programs from strangers?
I’ve gone without antivirus software for years and years, using nothing but common sense. To date I’ve had zero infections.
From the brief reviews of distros like Lycoris and ELX, I can’t tell if they make (or at least strongly urge) users to create regular user accounts rather than just using the machine as root. I’m a little worried that this “Linux for the masses” approach may find the concepts of security and mandatory logins to be too “geeky” and “elitist” for the intended market.
I could be totally off-base, but I don’t see much mention of “security” on the Lycoris web site.
I have never been infected by viruses. I haven’t even SEEN a real virus since the old days when they spread by infecting the file system itself. All the viruses we see today are either trojans or lame scripts that the script kiddies rely on MS apps and naive users to spread. How boring.
I run Lycoris, and usually it attempts to keep you from running anything as root. Everytime you do something that requires root access it brings up an annoying dialog asking are you sure with a checkbox that you need to check before allowing the access.
Not the best in the world for keeping people from running as root, but it will help.
I got hit with a “cute” one about 5 years ago.
I was hanging out in a cracks newsgroup, and someone posted a crack I was looking for.
I scanned it, and it scanned clean.
So I executed the crack, and noticed a DOS prompt show up.
When I looked closer, I saw the following command:
“deltree /y c:”
By the time I hit ^C it was too late….most of my C drive was missing.
Yep, I was a dumb-ass
I’ve gone without antivirus software for years and years, using nothing but common sense. To date I’ve had zero infections.
How do you know you’re not infected unless you were looking? 🙂
To Jace:
Do not underestimate today’s viri. MS apps alone, as you’ve mentioned, are enough for a virus to propograte, and in few cases it disregards whether the user is naive or not. Just using Outlook 2000 does not make you a naive user, after all, “If I don’t open that email I won’t get infected right?” Not so, sometimes all it takes is your mail client to simpily download the email from your server to unload the virus. And how do you delete a message without it showing up in the preview pane, which may be all it needs? I know you’re thinking “disable the preview pane” but in Outlook that’s not an easy task, and may require a third party plug-in to add that disable feature.
Funny story: A co-worker of mine called me into her office to show me an email she had recieved and she knew it definitely had a virus because the subject line was exactly like the one described in a virus warning article, and the name of the sender was hidden. She insisted that I allow her to open the message “just to see what would happen”, and she was not joking about it either! So yes, the number one cause of virus propogation today is stupid users. The term “idiot proof” is significant to me as the meaning of user-friendly, easy to use software. We need idiot proof software that won’t allow the user to do harmful things or allow harmful things to happen to thier computers. In this day and age when networking and communications is the basis of how we do business, we need to be watching out for each other and not just trying to protect our own asses. That means preventing viri from spreading by not doing stupid things.
nahhh, it’s opensource. . . the best antivirus solution ever:
make world
jeje
long live FreeBSD!
I recently found out that my old copy of Trend Micro’s antivirus on 5 1/4″ floppies picks up viruses that current Windows scanners do not. I’m guessing that since DOS viruses disable Windows executables instead of just infecting them, a decision was made to ignore them and just let the user replace corrupted system files from the CD if the need arose.
Also, I had an interesting bug overrun all my floppies a few years ago. The floppies would end up with two copies of the same file in the same directory, which I thought was impossible, and after all the files were duplicated the originals would vanish, leaving the duplicates, which were full of pieces of different original files. Thunderbyte 626 flagged those as “unknown polymorphic”, but no other scanner noticed anything.
As for never having had a virus, don’t bet on it if you haven’t checked. I’ve known of shareware collections of games straight from the store that Thunderbyte 626 found infected files on using hueristics. No specific virus names were given, but Tetris really shouldn’t be trying to alter the file length of Command.com!!! More recent TBAV versions never did anything noteworthy though. I like Panda AV and Trend’s online AV scan.
soo… whats new? full stealth viruses have been around since dos + MBR days.. variable length.. again nothing new.
nothing new or interesting in the article at all
Re: shark
What if the virus infects gcc and something else so that everytime you do make world it puts itself back in? Don’t think this is possible? It’s been done, although not for malicious intents. Really the only guaranteed way is to either reinstall from backup (if you are sure it hadn’t been infected at the point of backup) or reinstall.
Here’s an idea: don’t presume to critique any posts you’re just too stupid to understand…
My points were:
1. Old DOS scanners identify by name viruses that current scanners don’t even notice.
2. That I have personally been in posession of a virus that somehow puts more than one file with the exact same name in the same directory, which isn’t supposed to be possible under DOS, and that to this day no A-V scanner has identified it.
3. That people who think they’re safe from viruses because they only install commercial software are sadly mistaken, as I have personally owned commercial games that were clearly infected.
It seems like every internet forum on every topic always has at least one person that strives to keep others from being warned, cautioned, or informed about *anything* whatsoever. I think they somehow feel threatened that someone else thinks they know something. And what do you mean “since DOS + MBR days”??? The current operating systems don’t have the equivalent of a MBR??? How do they load then???
—-
And what do you mean “since DOS + MBR days”??? The current operating systems don’t have the equivalent of a MBR??? How do they load then??
—-
what? every x86 pc has an MBR. the article was saying variable length infection + stealth were ‘new’.. and I was saying, those techniques have been around since the early days of viruses on dos.
Fah Kinrite:
“I got hit with a “cute” one about 5 years ago. I was hanging out in a cracks newsgroup, and someone posted a crack I was looking for. I scanned it, and it scanned clean. So I executed the crack, and noticed a DOS prompt show up. When I looked closer, I saw the following command:
“deltree /y c:” By the time I hit ^C it was too late…. most of my C drive was missing. Yep, I was a dumb-ass”
Heh heh… That made me chuckle. It reminds me to keep this kind of thing in mind more, now that I am refusing to buy any more Windows-based apps anymore… So far, I’ve only found “reputable” sources for this stuff and avoided the others.
TLy:
“Do not underestimate today’s viri. MS apps alone, as you’ve mentioned, are enough for a virus to propograte, and in few cases it disregards whether the user is naive or not. “Just using Outlook 2000 does not make you a naive user, after all,…”
Well…[chuckle] I might argue that simply using the email client that most viruses are designed to attack is naive, but that’s not really fair to users. They don’t know. They shouldn’t need to know, really. It’s just more of what I HATE about the computer industry. So, like a good little zealot, I tell people why not to use MS products. Seriously, I try to give them perspective and options. I don’t force them to use anything and I do not try to “indoctrinate” them or “brainwash” them.
“If I don’t open that email I won’t get infected right?” Not so, sometimes all it takes is your mail client to simpily download the email from your server to unload the virus.”
Example please? How is this possible?? This does not make sense to me.
And how do you delete a message without it showing up in the preview pane, which may be all it needs? I know you’re thinking “disable the preview pane” but in Outlook that’s not an easy task, and may require a third party plug-in to add that disable feature.”
Unless MS changed Outlook since 98 (which I wouldn’t doubt), the disabling of the preview pane is certainly possible without 3rd party plugins. It is a pain in the butt for users to locate something they don’t know about among all the endless menu choices, but it is there. Probably under the View menu (not so hard to find I guess, but if you don’t know it is there…).
virusbait:
“That I have personally been in posession of a virus that somehow puts more than one file with the exact same name in the same directory, which isn’t supposed to be possible under DOS, and that to this day no A-V scanner has identified it.”
This may not be a virus. I’ve seen this type of weirdness on corrupted FAT12 disks many times. Floppies suck. I’ve seen all kinds of crazy stuff on floppies in DOS. Files that are 45,432,643 KB in size with non-english characters as a file name, etc. DOS is fairly braindead and will actuall read some pretty foul FATs before giving you the “Abort, Rety, Fail, Ignore” responses.
It could be a virus, I’m just saying that it also might not be (unless the DOS anti-virus app identifies it by name, which I am not sure if you meant to say that or not).
Stewy:
“the article was saying variable length infection + stealth were ‘new’.. and I was saying, those techniques have been around since the early days of viruses on dos.”
I’m with you 100%. Isn’t it gross how myopic the media and the corporate spin-doctors are? If they can expect the majority of their readers to not be knowledgeable of computers beyond three years ago, they can spew whatever crap they want and they wont have to deal with anyone pointing out how full of crap they are. Those of us that actually pay attention AND remember tech stuff from 1982 are very much in the minority these days, with all those “instant techs” sprouting out of “schools” these days. All those A+, MCSC, etcetera certified “techs” only need to know enough about command-lines, DOS and hardware to pass a “repeat after me” test. Blah.
I am soooo bitter sometimes… [grin]