Cross-OS viruses?

Michael O'Keefe mokeefe at qualcomm.com
Thu Apr 22 09:50:35 PDT 2004 

Stewart Stremler wrote:
> begin  quoting Michael O'Keefe as of Wed, Apr 21, 2004 at 05:20:03PM -0700:
> [snip]
> 
>>Though without full reference material to prove it, virii aren't written 
>>for multiple OSes and left to decide what "infection" routine to run based 
>>on the OS they are running on.
> 
> 
> That we know of. There's no reason why they couldn't be.

No reason ?
Wouldn't the 'binary' format be one reason ? ELF vs W32
When Linux runs W32 binaries natively, then I'll be scared (and turn that 
feature off)

>>                               I'm not even AWARE of a virus for *nix. 
> That road leads to complacency.

I don't think so. Whenever it happens, we'll all hear about it. Where are 
ppl being complacent ?

>>Rootkits, trojan's and worms are much more prevalent than a *nix virus.
> And, arguably, worse.

Very true, but wasn't the question asked

>>Remember, virii place themselves in the binary and get executed when people 
>>ship the program around amongst themselves (in the old days, via floppy, 
>>now via Office products). 
> 
> Or "Hey, run this cool program!" ... or any other sort of 'live data'.
> A P2P execution system would be a fertile ecosystem for viruses.

And is where the next crop of virii are expected to come from.
But again, if they run in the user space and not root space, they won't 
have much effect on a *nix system. But in Windows, the user is root, or 
they've given themselves Admin privelges coz they don't want to switch to 
install "priveliged" s/w

>>                        It would only be through the utter stupidity of 
>>root to allow binaries to be chmod'd go+w so that a virus could insert 
>>itself into the binary, and then in the hope that someone would copy it to 
>>another machine. Just doesn't happen.
> 
> Um, so you're mounting /home noexec, eh?

No. But I don't have /home/dickhead or $PWD in my $PATH for root when 
wandering through dickhead'd home directory in case I pick up a phony 'ls'

-- 
Michael O'Keefe                      |          mokeefe at qualcomm.com_
Live on and Ride a 03 BMW F650GSDakar|          roxus at cox.net      / |
I like less more or less less than   |Work:+1 858 845 3514        /  |
more. UNIX-live it,love it,fork() it |Fax :+1 858 651 1984       /_p_|
My views are MINE ALONE, blah, blah, |Home:+1 760 788 1296       \`O'|
blah, yackety yack - don't come back |Fax :+1 858                _/_\|_,

More information about the KPLUG-List mailing list