Vulnerability Development mailing list archives
If virii are so dangerous, why is the internet still runing?
From: dinsmoc () MEDIAONE NET (Christopher Dinsmore)
Date: Mon, 8 May 2000 00:23:11 -0400
If virii are so dangerous, why is the internet still runing? Because for the most part, virus writers arent very good programmers... Or at least the famous ones that is. I know for a fact that there are lot's of very nasty little bugs out there that no-one ever hears about unless they get infected. Ingenious things really, written by incredibly smart people to do a very specific thing, steal information, but those viruses never get the attention of a Melissa, or the recent "Love bug". In fact neither of the two examples I mentioned were really viruses at all in the classic sense. A computer virus is strictly defined as any code that replicates and distributes itself without direct user interaction. Melissa was in essence a macro based virus, which only affects users running programs using those macro type functions. Unfortunately since most people check their email using Microsoft Outlook, or Outlook express, which of course use those functions, that means most people are susceptible to Melissa type virii. "Love bug" is even less of a virus. It's a very simple visual basic script. Anyone with a cursory knowledge of visual basic could have written that code. Strictly speaking these bits of what in the securty industry are known as hostile code or "malware" are amazingly easy to write. More than 90% of all virii that I have seen are written with astonishingly bad code. Inifnite loops, bad memory allocation, bad cleanup. Essentially just very poor programming. In fact, if you belive Robert Morris, the programmer who wrote the first major "internet worm" that's exactly what happened to him accidentally. He was trying to write a program to map and test the internet, and because of some really bad code he had written it took down 80% of the worlds servers instead. But if that is the case why isnt the entire internet always in a total shambles? Two reasons. First, there are a goodly nubmer of people who know not to open suspicios files. Most virii can only be spread by opening or executing an infected piece of code. And second, most people with the skill to program good virii aren't interested in doing so. If they are that good, and want to program virii, then they are also smart enough to make their code undetectable. The second someone knows they have a virus, you can't do anything useful with it. All you can really do is annoy someone. Assuming they kept good backups that is (thats a discussion for another time.) Yes folks, really the only thing keeping the internet from a total meltdown is that the people who have the programming skills necessary to take the entire net down, really arent interested in doing so. They like the net, they use it for their work, their play, and their lives in general. Not only do they not want to take the net down, they tend to activley hunt down anyone who does. The real problem becomes, what happens when someone who truly hates the net, say the government of Myanmar for example where it is illegal to even own a modem without a license, pays a skilled and slightly insane programmer (we all know a few of them) to write a truly nasty piece of code that could take down the entire net. As Michael Zalewski said in his post "I don't really thingk I love you" it is not even very difficult to write a program that replicates itself, runs it's instructions, which may even be downloaded from another location, then erases all traces of it's own existence once it's finished. I have read literally dozens of explanations, papers, specs et al about how this can be accomplished. My whole take on this, and the reason I'm wiritng this is becasue I believe we need to develop technologies that will allow us to deal with this kind of malicious code. Not only that but it is our responsibility as security professionals to educate our users in the proper practices for preventing, or at least reducing the impact of this type of program. Okay, rant over. flame on .... Christopher Dinsmore ============================ The eyes may be the windows on the soul But the word is the doorway to the mind ============================
Current thread:
- Re: I love you Author evidence ?, (continued)
- Re: I love you Author evidence ? Drexx Laggui (May 07)
- Re: I love you Author evidence ? Bobcat Felidae (May 09)
- Re: I love you Author evidence ? Sen_Ml Sen_Ml (May 09)
- Re: I love you Author evidence ? Erik Debill (May 07)
- password-protected zip files (was RE: Administrivia #8704) Michael Wojcik (May 07)
- Re: I love you Author evidence ? Christofer C. Bell (May 07)
- Re: I love you Author evidence ? Trevor Schroeder (May 07)
- Re: I love you Author evidence ? Lynn Baier (May 07)
- Windows NT 4.0 and Sendmail 3.0.1 for NT Brian DuRoss (May 08)
- Re: I love you Author evidence ? White Vampire (May 08)
- If virii are so dangerous, why is the internet still runing? Christopher Dinsmore (May 07)
- Re: I love you Author evidence ? Joe (May 07)
- Re: I love you Author evidence ? Blue Boar (May 07)
- Re: I love you Author evidence ? White Vampire (May 09)