First IA64 Windows Virus Released 479
NinjaPablo writes "W64.RugRat.3344 has been released as a proof of concept virus. It is the first virus which will only run on Windows on the IA64 platform, and uses APIs from 3 native DLLs to avoid crashing applications. It infects files that are in the same folder as the virus and in all subfolders. The author of the virus has also written other concept virii in the past."
Re:so... (Score:1, Insightful)
Hopefully he made a backup of himself recently.
wow--oldskool (Score:5, Insightful)
Incidentally, you could probably limit your vulnerability if the program was installed by an Administrator but only run by users without write permission, or if you removed write permission from programs that you run in your own folders.
The really cool thing is that it's written in IA64 assembly code. That sounds like quite an impressive feat. From what I hear that is far worse even than the PPC64 assembly code I usually write.
Re:What are the legal implications? (Score:3, Insightful)
Seeing as this is Windows, it was less of a security measure and more of an invitation.
Re:There's no such word as "virii" (Score:5, Insightful)
*barf* (Score:4, Insightful)
Re:There's no such word as "virii" (Score:5, Insightful)
It's called slang, and it's evolving and changing all the time. Were these people to use "virii" in an official capacity, such as in a company-wide memo, or an academic paper, there would be a problem. But this is Slashdot, for crying out loud. Get over yourself and have a little fun.
Boxen (Score:1, Insightful)
Re:There's no such word as "virii" (Score:1, Insightful)
For a website that is full of "geeks" you sure do pride yourselves in talking like a bunch of undeducated morons.
This may be knit picking... (Score:5, Insightful)
From NTDLL.DLL the viruses uses the following 3 functions LdrGetDllHandle(), RtlAddVectoredExceptionHandler() and RtlRemoveVectoredExceptionHandler(). The virus supports vectored exception handling to avoid crashing during infections.
Yes, the virus uses three DLLs. It also uses a routine to avoid crashing itself while infecting the machine... it does not look like the virus cares about crashing other applications.
The thing to pay attention to here is that this is a fault tolerant virus. I have seen more and more effort lately (Sasser for example avoids shutdowns to help it propagate) from authors trying to make their creation survive.
IA64 = Itanium or AMD's x86-64? (Score:4, Insightful)
When palladium comes out and someone writes a virus that can escape it's sandbox, infect executables (which I'd imagine would involve resigning them) and spread, I'll be impressed.
Re:There's no such word as "virii" (Score:3, Insightful)
And whenever I see a
What about spending your time convincing people of more important issues like [insert anything else here]?
Re:There's no such word as "virii" (Score:2, Insightful)
someone must have mistyped (Score:3, Insightful)
someone must have mistyped that from this...
"Train employees not to open attachments unless they are expecting them. Also, do not execute software that is downloaded from the Internet unless it has been scanned for viruses. Simply visiting a compromised Web site can cause infection if a certain browser's vulnerabilities are not patched.
Re:There's no such word as "virii" (Score:3, Insightful)
Re:There's no such word as "virii" (Score:5, Insightful)
Flame Central (Score:4, Insightful)
Okay, just to collect all of the Microsoft trolls in one thread:
How can Windows ever be secure when exploits are released before the OS is available?!
It seems to me that Microsoft can't design a secure OS. After talking about security for more than 2 years, their latest incarnation is even less secure on its release date than Windows 95!
Microsoft: the Day Zero Exploit(tm) company
How is this a virus? (Score:3, Insightful)
From the article:
"The SfcIsFileProtected() function of SFC_OS.DLL is used to avoid infecting executables that are protected by SFC (the System File Checker)."
Any sensible XP64 installation would not allow system files to be write accessible to anyone but the Administrator.
It's as if I wrote a c program that used fopen() and write() to destroy files, then declared I wrote a virus for linux. Whoo hoo.
Re:There's no such word as "virii" (Score:3, Insightful)
Nope, you can't wipe out the word "virii". It just keeps spreading. As soon as one guy uses it around his two friends, it spreads to them. Then they each use the word around two other friends, who catch it. At this point it stops for a while, since those seven geeks don't have any other friends. But then one of them posts it online, and it spreads to hundreds of others.
Despite your efforts to stop it, the word "virii" will continue to spread to more and more people, like some sort of computer "worm".
Re:There's no such word as "virii" (Score:3, Insightful)
What determines what is a word is NOT some definition of correctness. Useage is what defines the language. So if enough people were to use virii as the plural of virus it would be so.
This is pretty much a summation of the statement a language expert and senior editor of a well known, dictionary (who's name escapes me), said during an NPR interview a few months ago.
I'm shure if you looked around you could find pleny of examples of words that started out as manipulations by a subset of the population that gained popularity and are now considered regular english.
'Hacker', for example, is one such word twice over at least. It started as a reference to people who used hand axes to make furniture.
now look where that word is used.
Mycroft
Re:Who's the retard? (Score:3, Insightful)
no dowt you can figur aut what this sentance is ment to meen two but that doesnt meen its not ridled with tyops. It's irritating to have to translate someone's text into English before I can read it (more accurately as I read it). If you want to communicate you should make every reasonable effort to achieve correctness of language. If you want to argue the descriptive-vs-prescriptive nature of dictionaries then feel free to substitute the word 'consistency' for 'correctness'. That is consistency with others, not self-consistency. 'Virii' has nowhere near enough support to be considered a meaningful word.
Using a word to annoy people is not a pleasant behaviour whether or not you agree with them on this one issue.
More descriptive? At best 'virii' carries the same meaning as 'viruses'. At worst it carries no meaning. 'Viruses' follows standard English rules of pluralisation - again, if you object to prescriptive language feel free to substitute the word 'conventions' for 'rules' - so that anyone who knows the word 'virus' can discern its meaning. 'Virii' follows no standard rule, not even the imaginary Latin rule that spawned it.
Of course it does, because that version ('viri', not 'virii') at least sounds like it could be a real word like in the common Latin '-us' becomes '-i' rule (note that this isn't a general rule for Latin words; see elsewhere for where this perception comes from).
Re:A matter of perspective... (Score:3, Insightful)
I'm not going to attempt to refute all of your arguments (and perhaps I can't anyway), but I think your analysis lacks a bit of perspective as well.
For example, IBM's mainframes for most of their existence were not connected to anything outside of IBM so if there were buffer overruns etc, they could not be exploited. Even today, it's likely that most mainframes are not directly connected to the Internet but are on a private net within an organization. In addition, knowledge of the architecture of a mainframe is more obscure and thus it takes more effort to exploit any holes. Finally, the administration of mainframes is performed more carefully then the average Windows box (or Linux box, for that matter).
The bottom line is that you can't just talk about relative numbers of exploits, you have to take the entire environment and history into account to determine relative security or quality.
Surely if MS had been willing to throw away backward compatibilty and make Windows as hard to administer and use as Unix they could have created an OS that was at least as secure as Unix (It's not rocket science after all.) The reason they didn't was that that's not what their customers wanted and they would have lost a lot of their business if they had.
Now their customers are becoming more interested in security over ease of use and they have been making changes in that direction.