Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Virus Writers Look Ahead: Target 64-bit Windows

timothy posted more than 9 years ago | from the yes-ma'am-just-testing-your-alarm-system dept.

Security 205

Ashcrow writes "A new virus, named W64.Shruggle.1318 by Symantec, is being 'tested' on AMD64 machines running 64-bit Windows. While it is not currently a danger to 64-bit Windows users, it does show that virus writers are looking toward the future. The exploitable software in questions is currently unreleased outside of beta. News.com has the full article."

cancel ×

205 comments

GNAA Mops up Aimgirl Survivors (-1, Troll)

Anonymous Coward | more than 9 years ago | (#10053934)

GNAA Mops up Aimgirl [aimgirl.com] Survivors.
AP Wire News, August 3, 2004

Earlier this evening, the GNAA [www.gnaa.us] Internet Infantry Regiment finished a final clean-up of AIMGIRL territory.

The website had previously been the victim of a vicious Gay Nigger attack, featuring recent initiate Tar-Baby as an "unwed teen mother" black operative and Gay gunner Relex blasting the underage emo bitches with suppressive Goatse [goat.cx] fire support, as well as with his own nigger seed. The strike was reputedly a thorough rout of the aimgirl enemy, as all forums are currently disabled [aimgirl.com] , and new registrations have been suspended on the website. [aimgirl.com]

Among the many casualties are several entire threads, scuttled by desperate Aimgirl admins as they attempted to ward off the inevitable defeat at the hands and dongs of the GNAA. A Reuters press report regarding the incident can be found here [slashdot.org] .

Today, the Gay Nigger Infantry executed a daring raid on the aimgirl chatroom [aim] , effectively destroying the last stronghold of the young white bitches. In a statement released by Commanding Officer x_over_ln_x, he remarked that "For too long, these little white whores have been tempting our yet-to-be saved heterosexual brothers. We could not allow the jailbait to continue their reign of pre-teen buggery, as their victims have little to no chance of Gay Salvation". At the end of the attack, the once 42-user-strong chatroom was held by one squad of Gay Niggers, who celebrated their victory by masturbating onto a plate of cookies and chanting "LOL DONGS".

Despite their impressive victory, the GNAA Internet Infantry Regiment (Part of the GNAA Ministry of Flood) will not be sitting on their laurels. At press time, Gay Nigger Scouts are said to be forward-deployed at known anti-nigger websites Gamingforums [gamingforums.com] and Gardenweb [gardenweb.com] . GIIR CO x_over_ln_x refused to confirm or deny such reports, preferring to shoot hot semen over our reporter.



About GNAA:
GNAA (GAY NIGGER ASSOCIATION OF AMERICA) is the first organization which gathers GAY NIGGERS from all over America and abroad for one common goal - being GAY NIGGERS.

Are you GAY [klerck.org] ?
Are you a NIGGER [mugshots.org] ?
Are you a GAY NIGGER [gay-sex-access.com] ?

If you answered "Yes" to all of the above questions, then GNAA (GAY NIGGER ASSOCIATION OF AMERICA) might be exactly what you've been looking for!
Join GNAA (GAY NIGGER ASSOCIATION OF AMERICA) today, and enjoy all the benefits of being a full-time GNAA member.
GNAA (GAY NIGGER ASSOCIATION OF AMERICA) is the fastest-growing GAY NIGGER community with THOUSANDS of members all over United States of America and the World! You, too, can be a part of GNAA if you join today!

Why not? It's quick and easy - only 3 simple steps!
  • First, you have to obtain a copy of GAYNIGGERS FROM OUTER SPACE THE MOVIE [imdb.com] and watch it. You can download the movie [idge.net] (~130mb) using BitTorrent.
  • Second, you need to succeed in posting a GNAA First Post [wikipedia.org] on slashdot.org [slashdot.org] , a popular "news for trolls" website.
  • Third, you need to join the official GNAA irc channel #GNAA on irc.gnaa.us, and apply for membership.
Talk to one of the ops or any of the other members in the channel to sign up today! Upon submitting your application, you will be required to submit links to your successful First Post, and you will be tested on your knowledge of GAYNIGGERS FROM OUTER SPACE.

If you are having trouble locating #GNAA, the official GAY NIGGER ASSOCIATION OF AMERICA irc channel, you might be on a wrong irc network. The correct network is NiggerNET, and you can connect to irc.gnaa.us as our official server. Follow this link [irc] if you are using an irc client such as mIRC.

If you have mod points and would like to support GNAA, please moderate this post up.

.________________________________________________.
| ______________________________________._a,____ | Press contact:
| _______a_._______a_______aj#0s_____aWY!400.___ | Gary Niger
| __ad#7!!*P____a.d#0a____#!-_#0i___.#!__W#0#___ | gary_niger@gnaa.us [mailto]
| _j#'_.00#,___4#dP_"#,__j#,__0#Wi___*00P!_"#L,_ | GNAA Corporate Headquarters
| _"#ga#9!01___"#01__40,_"4Lj#!_4#g_________"01_ | 143 Rolloffle Avenue
| ________"#,___*@`__-N#____`___-!^_____________ | Tarzana, California 91356
| _________#1__________?________________________ |
| _________j1___________________________________ | All other inquiries:
| ____a,___jk_GAY_NIGGER_ASSOCIATION_OF_AMERICA_ | Enid Indian
| ____!4yaa#l___________________________________ | enid_indian@gnaa.us [mailto]
| ______-"!^____________________________________ | GNAA World Headquarters
` _______________________________________________' 160-0023 Japan Tokyo-to Shinjuku-ku Nishi-Shinjuku 3-20-2

Copyright (c) 2003-2004 Gay Nigger Association of America [www.gnaa.us]

Re:GNAA Mops up Aimgirl Survivors (-1, Troll)

Anonymous Coward | more than 9 years ago | (#10054153)

GNAA:

It has come to our attention that you have been obsessing over teenage girls for some time now. After reviewing the relevant facts, our commission has reached the following conclusions:

1. Obsessing over teenage white girls is niggerlike.

2. Obsessing over teenage white girls is completely non-gay. It's so straight you could have sex with a mare with it. Your cover story of protecting is obviously a ruse. The GNAA is perilously close to diluting its trademark homosexuality, and there is clearly grave danger.

3. To reverse the startling trend of apparent subconscious heterosexuality within the ranks of the GNAA, the commission recommends that the GNAA cease all activity on aimgirl and instead find a site populated primarily by teenage boys, and troll them with the goal of gay cyber sex. Continuing to troll a site populated by females reeks of heterosexuality.

4. Obsessing over teenage white girls is a time honored all-american activity, fitting for an Association of America. It is commonly known that the RIAA and MPAA are filled with pedophiles that have sex with underage girls and boys.

5. Based on the above conclusions, it has been determined that the NAA has been upheld, but the G has not. This situation must be rect(um)ified immediately through obsessing over boys.

6. The GNAA, facing reduced publicity and decreased investor interest, must focus on high-profile trolls of respected media outlets, like that apple thing, rather than wasting time on heterosexual abuse of teenage girls.

7. I heard somewhere in the news that there was this guy somewhere, who got on drugs, and ran naked though a restaurant stabbing himself and touching power outlets. Anybody know what happened? This should be right up your alley. (oh, gay pun! because puns are gay! oh, there was another one!)

8. this list is way too fucking long

9. #9 is classified for your protection

10. ???

11. Profit!

12. Why the hell are you reposting AP Wire News from August 3rd when it's like 3 weeks later already? The commission finds the GNAA fristage postage as stale as the cookies in your pants.

13. The commission, being a commission, empowered by said commission to duly determine the findings pertaining to the matters subject to the review of the commission, does hereby endorse the previously articulated findings of the commission.

Thank you,
the Commission for Reviewing Obsessive Trolls Commission of Homosexuality

so what? (-1, Offtopic)

Jimmy The Tulip (770323) | more than 9 years ago | (#10053938)

I am using linux 64bit edition...

Re:so what? (3, Funny)

Amiga Lover (708890) | more than 9 years ago | (#10054003)

A new virus, named W64.Shruggle.1318 by Symantec, is being 'tested' on AMD64 machines running 64-bit Windows. While it is not currently a danger to 64-bit Windows users, it does show that virus writers are looking toward the future. The exploitable software in questions is currently unreleased outside of beta

So... not only did SP2 suffer delay upon delay until its release, we now have to put up with the same delays for our windows viruses?

Re:so what? (-1, Troll)

Anonymous Coward | more than 9 years ago | (#10054046)

> viruses?

It would of been funnier if you spelled VIRII properly.

Re:so what? (-1, Troll)

Anonymous Coward | more than 9 years ago | (#10054066)

It would have been funnier if you could spell properly. Dumbass.

Re:so what? (-1, Troll)

Anonymous Coward | more than 9 years ago | (#10054084)

YHBT. HAND.

Re:so what? (-1, Troll)

Anonymous Coward | more than 9 years ago | (#10054161)

And YOU have not understood that we were trolling on purpose!

Re:so what? (2, Insightful)

JWSmythe (446288) | more than 9 years ago | (#10054156)


It's great, isn't it? We set up 3 AMD64 servers before I bought one for myself at home.

I can't imagine anyone wanting to criple themselves with Windows on such a great platform.

Interesting. (5, Interesting)

London Bus (803556) | more than 9 years ago | (#10053940)

I hadn't realised that there were sufficiently many fundamental changes to a 64-bit system as compared to a 32-bit system that meant that a virus written for one wouldn't work on the other. What's so different? How does a different integer or word size affect the functioning of a virus so greatly, when interoperability is such a priority?

Re:Interesting. (5, Informative)

random_culchie (759439) | more than 9 years ago | (#10053962)

Well I'm sure its a concern when they are trying to cause stack overflows and the like.
Since the memory is shifted around in bigger chuncks they will have to readadjust their code to pump more useless data to reach the memory address they want.
Many exploits / worms are made with specific memory locations in mind inorder to inject malicious code into them.

Re:Interesting. (5, Informative)

vi (editor) (791442) | more than 9 years ago | (#10054126)

A virus doesn't need any stack overflow as it spreads by the user executing infected programs.
The techniques you describe are usually used by worms.

Re:Interesting. (-1)

Anonymous Coward | more than 9 years ago | (#10053999)

Different instruction sets would be one major difference... Unless written in VBS of course.

Re:Interesting. (4, Interesting)

dagoalieman (198402) | more than 9 years ago | (#10054005)

As I understand it, and I hope if I'm wrong someone does so and gets a +5 mod... I'm going to be very general and semantic, I'm sure you'll see the point, but details as always are better. :)

While software is made to be compatible, and Windows has code written into it to help with compatibility, as well as the processors have extensions. Windows also has code in order to take advantage of the 64 bit processor abilities to their fullest. While there's compatibility options available, most of the code that Windows executes was made for 64bit CPU (I should say most of the *compiled* code... I'm not sure how much of a rewrite was needed for porting, as opposed to compiler changes.)

With new code comes new holes, obviously. And the same can be said for third party softwares- that new code which takes advantage of the processors to its fullest will have some new code (extending through compilation, of course).

I would say, though, it wouldn't surprise me to find out that the programs themselves are really quite incompatible, but the files themselves are written for maximum compatibility. Pop one in an email, and it works on a 32 bit based machine I mean.

As an aside, I wonder if this is an attack on AMD's compatibility, or 64 bit code in general.. I note that the article mentions AMD with specitivity, not Intel.

Re:Interesting. (1)

billywiggins (684711) | more than 9 years ago | (#10054209)

basically, the virus runs faster thus allowing Window$ to crash sooner.

It's a good thing (-1, Flamebait)

thewldisntenuff (778302) | more than 9 years ago | (#10053941)

these idiots have nothing better to do other than cause havoc for other people....Yes, MS software is some of the most vunerable out there, but what good does it do to contribute to the downfall of the (computing) society.......

Burn them at stake! Lynch'em! Make them watch Liza Minelli!

-thewldisntenuff

Re:It's a good thing (5, Funny)

Anonymous Coward | more than 9 years ago | (#10053978)

Burn them at stake! Lynch'em! Make them watch Liza Minelli!

Your humanitarian side is showing through. Please make them watch Liza Minelli first, not last.

Re:It's a good thing (1, Insightful)

Anonymous Coward | more than 9 years ago | (#10053980)

"contribute to the downfall of the (computing) society"

Bzzt!!

The computing society as a whole is doing just fine, thx.

The retards still running MS software connected to any sort of network are the only ones doing any 'falling down.'

Re:It's a good thing (3, Insightful)

MvD_Moscow (738107) | more than 9 years ago | (#10054119)

Who modded this insightful? I am on windows, I have no problems whatsoever, I don't even have tracking cookies and I haven't been hit by a virus since 1999 or something like that. So quit calling people retards just because they are using windows in a network environment! P.S. I have nothing against linux, I would love to switch but there are no drivers for my USB PPPoE modem for linux. I am not even talking about driver problems on BeOS (which I consider better than linux).

Re:It's a good thing (-1, Troll)

black mariah (654971) | more than 9 years ago | (#10054121)

So really what you mean is...

"Those of us that get sexually excited by compiling kernels and tend to play with ourselves while reading Linus Torvalds interviews are doing okay, but the people that use computers for things other than making their online penis bigger are completely fucked."

Re:It's a good thing (0)

Anonymous Coward | more than 9 years ago | (#10054186)

Ahhh, as opposed to people to think they know everything because they have Maya on Windows (as used in... ZERO VFX production pipelines) and yet still manage to spend a large part of their day posting pro-MS flamebait on slashdot. Whatever mental problems you are experiencing that could lead to subconcious links between masterbation and linus, help is availiable and it really is nothing to be ashamed of; please seek professional advice.

Re:It's a good thing (0, Offtopic)

black mariah (654971) | more than 9 years ago | (#10054313)

Umm... I don't have Maya. I fucking hate Maya. Whatever the case, there are tons of places that use Maya on Windows. Mostly game companies and small VFX houses (not all VFX are in movies. Have you watced TV lately?).

Anyway, it's a joke. Laugh.

well thats great (3, Funny)

twenty-exty-six (772817) | more than 9 years ago | (#10053945)

It sucks to be Microsoft knowing you are the #1 target for these people. I wish they didn't make it so easy...

Beta testing (5, Funny)

Anonymous Coward | more than 9 years ago | (#10053949)

Where can I sign up for beta testing!?

Re:Beta testing (2, Funny)

Johnny O (22313) | more than 9 years ago | (#10054123)

Just install windoze - nuff said...

Re:Beta testing (5, Funny)

Riktov (632) | more than 9 years ago | (#10054216)

With viruses, beta testing signs up for YOU!

It makes me wonder.... (-1, Redundant)

vi (editor) (791442) | more than 9 years ago | (#10053953)

whether 64 bit virii are more dangerous as they can access more data and make caluculations more quickly.
The author could include sofisticated data analysis, sealth technology and even artificial intelligence into the virus. This would give in the long term a breed which would be unpenetrable by common AV software. However, for the survival of the virus strain it might be very likely that the damage functions will be removed for better survival...

Re:It makes me wonder.... (1, Funny)

Anonymous Coward | more than 9 years ago | (#10053971)

what?

1. You're an idiot.
2. It's Viruses, not Virii.
3. You're an idiot.

Re:It makes me wonder.... (0, Offtopic)

black mariah (654971) | more than 9 years ago | (#10054134)

what?

1. Yeah, he probably is.
2. It's a fucking slang term. Get off your fucking pedantic dumbass high horse.
3. You're an idiot.

Re:It makes me wonder.... (4, Informative)

MoonFog (586818) | more than 9 years ago | (#10053977)

The same CPU also gives AV software the same increase in speed etc. So it's just business as usual for AV, the war between the virus makes and the Anti-virus makes continues no matter what architecture the underlying structure has.

Re:It makes me wonder.... (0)

Anonymous Coward | more than 9 years ago | (#10053989)

um... wtf are you on about?

What is the parent smoking? (0)

Anonymous Coward | more than 9 years ago | (#10053996)

What you said make no sense and bairly brushes on reality!

Re:It makes me wonder.... (1)

goonies (227194) | more than 9 years ago | (#10054027)

I don't think 64bit will bring up a new era of hyperintelligent virii. There is still the limitation of size. Small virii spread easier and hide better. Huge hyperintelligent virii would need like whole rootkits to hide themselfs

Re:It makes me wonder.... (0)

Anonymous Coward | more than 9 years ago | (#10054171)

Virii again :)

I wonder what the current stati of the virii are?

Re:It makes me wonder.... (-1)

Anonymous Coward | more than 9 years ago | (#10054181)

You're a twat

Re:It makes me wonder.... (-1, Redundant)

Anonymous Coward | more than 9 years ago | (#10054029)

The correct plural is "viruses"

You sir have a pet peeve (0)

Anonymous Coward | more than 9 years ago | (#10054096)

Because you didn't comment on "caluculations", "sofisticated" and "sealth".

Re:It makes me wonder.... (1)

essreenim (647659) | more than 9 years ago | (#10054169)

Yes, I use an Athlon64 currently running a standard 32bit OS. The article is trying to say in a round about way that virus writers want to get in on the 64 bit game. Yes, I do think the backwards compatible proc's like mine and the Opteron and Intels new proc are going to be more susceptible by 0.0000000000000000000000000000000000000001% more than a normal x86 processor. Big swing...
Nothing to see here. Besides I won't be running XP 64 bit edition ever anyweay, so I dont care. Im not even going to use my extra 32 bits until Slackware bring out a 64 bit OS of there own, and I hope they are in no hurry, and do it the Slackware way - properly.

Re:It makes me wonder.... (1)

MikeDX (560598) | more than 9 years ago | (#10054287)

The start of that comment remided me of the old "microsoft bashing poem" of old..

64 bit virus on 32-bit extensions and a graphical shell for a 16-bit patch to an 8-bit operating system originally coded for a 4-bit microprocessor, written by a 2-bit company that can't stand for 1 bit of competition.

I always suspected (3, Funny)

aussie_a (778472) | more than 9 years ago | (#10053960)

but now I know. It IS those damn virus protectors making the viruses. I always said if there weren't any viruses the virus protectors would be out of business and they wouldn't allow it. This is the proof.

Re:I always suspected (1, Funny)

Joff_NZ (309034) | more than 9 years ago | (#10053994)

well, I, for one read the first part of the summary, as A new virus named W64.Shruggle.1318, by Symantec

Re:I always suspected (1)

mattkinabrewmindspri (538862) | more than 9 years ago | (#10054256)

That explains a lot...

Re:I always suspected (1)

zr-rifle (677585) | more than 9 years ago | (#10053995)

Now that's just silly. It's like blaming firemen for setting peoples houses on purpose.

a little naive (2)

HBI (604924) | more than 9 years ago | (#10054013)

This has happened before.

Re:I always suspected (2, Insightful)

polecat_redux (779887) | more than 9 years ago | (#10054132)

It's like blaming firemen for setting peoples houses on purpose.

...or like blaming cops for unjustified assault and/or murder... that's just silly.

Re:I always suspected (1)

trentblase (717954) | more than 9 years ago | (#10054001)

That's how I read the summary too. It looks like it's just an unfortunate choice of words to hyperlink. The virus was "named by Symantec" not "developed by Symantec". Unless that was supposed to be funny. In which case I'll recalibrate my sensors.

Re:I always suspected (4, Insightful)

tonyr60 (32153) | more than 9 years ago | (#10054050)

Yes, but....

Maybe I am too much into conspicy stuff, but I have the idea that it is in Symantec's best interests that their clients believe that even the new, upgraded OSes need virus protection.

So they are going to look VERY hard to find reasons why 64 bit XP needs new anti-virus tools.

la cosa nostra (4, Funny)

polecat_redux (779887) | more than 9 years ago | (#10054140)

Symantec: The internet is a dangerous place these days - overrun with all sorts of viruses, worms, and malware. But, for only $79, we can see to it that your computer is safe. Without us, who knows what might happen to you...

This just in... (3, Funny)

AnimeFreak (223792) | more than 9 years ago | (#10053964)

...a virus has been created for the 68000! Virus writers are thinking in the past! It's called W32@Lame.

Re:This just in... (1)

Zorilla (791636) | more than 9 years ago | (#10054074)

Speaking of which, what was the lowest common denominator architecture for the old-school Michelangelo and Monkey B viruses? My guess would be the 286, but I have to imagine that there were still some even older 8-bit PCs in use around in the early 90s.

Re:This just in... (1)

BarryNorton (778694) | more than 9 years ago | (#10054303)

Well, Michelangelo's strictly a PC-style DOS virus (http://en.wikipedia.org/wiki/'Michelangelo'_compu ter_virus [wikipedia.org] ) and Monkey B (Simian B) a real virus (perhaps I'm missing something ;) but there were floppy disk (bootsector)-based viruses on Z80B-based machines...

Re:This just in... (1)

Ziviyr (95582) | more than 9 years ago | (#10054130)

Windows running on a 68K proc?

How about A32@Lamer_Exterminator or something more plausable instead.

Phew! (4, Funny)

MisterLawyer (770687) | more than 9 years ago | (#10053981)

While it is not currently a danger to 64-bit Windows users, it does show that virus writers are looking toward the future.

Phew! I was worried that all those hordes of current 64-bit Windows users would be at danger.

Re:Phew! (3, Funny)

mkosmul (673296) | more than 9 years ago | (#10054194)

While it is not currently a danger to 64-bit Windows users, it does show that virus writers are looking toward the future.
Maybe the virus is also a beta, so it still lacks some functionality the retail version is going to have.

Re:Phew! (0)

zonker (1158) | more than 9 years ago | (#10054208)

yes, but we will only know for sure when sp2 of the virus emerges...

This shows once again (5, Insightful)

Anonymous Coward | more than 9 years ago | (#10053983)

that Windows is just targeted because it is so popular, not because of inherent security problems.

After all Windows 64-bit is allready installed on millions and millions of machines so it is only natural that hackers attack it instead of those few machines that run 64-bit Linux.

Oh, wait...

Nevermind.

Re:This shows once again (1)

Johnny O (22313) | more than 9 years ago | (#10054128)

yup - how LONG has 64 bit systems been around? ;-)

Re:This shows once again (2, Funny)

richie2000 (159732) | more than 9 years ago | (#10054146)

yup - how LONG has 64 bit systems been around?

Well, apparently 20 minutes [slashdot.org] is all it takes.

(Yes, I noticed the pun and for the record it did make me smile. Come back when you've defined a LONGBOOLEAN in Modula-2 and we'll talk. :-)

Re:This shows once again (1, Insightful)

Jarlsberg (643324) | more than 9 years ago | (#10054237)

I know you're being sarcastic, but consider the fact that while there aren't that many people using 64 bit Windows now, it will be adopted widely a few years down the road, and *totally* outnumber the user base of 64 bit Linux users. If the perception was different, people would be at work targetting present and future Linux distros right now.

Re:This shows once again (0)

Anonymous Coward | more than 9 years ago | (#10054280)

Ah, so now it's not only the market share that is responsible for something being targeted but the projected future market share.

Interesting.

Re:This shows once again (1)

ZorbaTHut (126196) | more than 9 years ago | (#10054307)

Yes. Does this surprise you? I don't remember anyone saying that wasn't a factor - it just hasn't been particularly important until lately, since there were no operating systems that fell under the category of "not popular now, but obviously popular in the future".

conspiracy? (4, Insightful)

rixdaffy (138224) | more than 9 years ago | (#10053993)

Sometimes it is almost as if antivirus companies hire people to write all those "proof of concept" virusses, just to make sure that they don't loose any marketshare and they have another good reason to have their spread through press releases...

Ricardo.

Re:conspiracy? (2, Interesting)

Anonymous Coward | more than 9 years ago | (#10054007)

"almost"?

I have seen several virus warnings in computer mags that go "This virus has currenly not been spotted outside of $ANTIVIRUSCOMPANY's labs".

Well, how did it get in there, if not from the outside? It was made in there.

Re:conspiracy? (3, Interesting)

Anonymous Coward | more than 9 years ago | (#10054082)

Unless it somehow infected their computers or their systems were targeted maybe??? I know of a few virus authors who turned from black-hat to white-hat instead of spend time in jail, that isn't a bad thing. Where will you find the really great, if misguided geniuses? John Carmack wanted to be a phreak in the early bbs days.

Re:conspiracy? (5, Informative)

flonker (526111) | more than 9 years ago | (#10054149)

Virus writers will frequently submit their own virus to the AV companies, to get it listed in the AV software. They don't release it into the wild, out of ethics, but they get some ego gratification and acknowledgement. When AV companies claim they detect a huge number of viruses, most of the viruses they detect have never been seen in the wild. It's a good thing too, as most viruses in the wild are very simple things. Some proof of concept viruses can be extremely hard to detect and remove.

I believe you mean... (1, Funny)

Anonymous Coward | more than 9 years ago | (#10054179)

just to make sure that they don't loose any marketshare

Upon whom will they loose market share? Or did you mean that they will lose market share?

You, sir, have been served.

Regards,
Anonymous Coward, Esq.

Maybe this is a good thing. (4, Funny)

qualico (731143) | more than 9 years ago | (#10054000)

"The virus supports vectored exception handling to avoid crashing during infections."

Maybe this is a good thing.
Those viruses will show developers how to write better code. :->

Seriously though, vulnerabilities will grow in proportion to the complexity of our systems.

The more complex the plumbing (1)

Travoltus (110240) | more than 9 years ago | (#10054059)

the easier it is to gum up all the works.

I think Mr. Scott said that in one of the Star Trek movies?

Donald Duck (-1, Offtopic)

Anonymous Coward | more than 9 years ago | (#10054008)

In other news, Donald Duck is looking forward to a SCREAMING SQUIRMING ORGASM as he gets off to Daisy Duck pr0n on his 64-bit computer.

Re:Mod parent up (2, Informative)

Lord Bitman (95493) | more than 9 years ago | (#10054076)

though AC'd, probably in anticipation of moderation by people who dont get the refrence, parent is not a troll. It's actually a refrence to an early (not /too/ early, I wasnt around back then) virus which I managed to get infected with on Windows 3.1 (no, I dont use antivirus software to this day, I just dont trust every floppy I find in a computer lab anymore... and no, I dont really still use floppies)
deserves at least a 0, funny. I mean, it's not that funny, but it's not a troll.

Re:Donald Duck (-1, Offtopic)

Anonymous Coward | more than 9 years ago | (#10054078)

You mean like this? [216.127.90.77]

Re:Donald Duck (-1, Offtopic)

Anonymous Coward | more than 9 years ago | (#10054081)

duckjob.wav [ainop.com]

oldschool (5, Informative)

prockcore (543967) | more than 9 years ago | (#10054009)

This is an oldschool virus, it works by appending itself to the end of an .EXE, the Linux "proof-of-concept" viruses worked this same way.

MS actually has some safeguards to prevent this thing, but it could use some minor tweaks to make it even better.

I propose that XP should require you to create a user account by default.

I propose that all software should be distributed as .MSI files instead of .exe installers. (They work the same, double click the .MSI and it runs MS's Installer, but the MSI can't run arbitrary code.. it works like an RPM in this regard).

The installer should prompt for the Admin password and install the .exe so that only admin can write to it.

Any .exe not installed by the MS Installer should be marked as "dirty", and windows should refuse to run it.

This would prevent this type of virus. Coupled with XP64s support for NX, you'd actually have some semblance of security.

Re:oldschool (3, Insightful)

Dogers (446369) | more than 9 years ago | (#10054073)

..causing Jonny Public and his family endless grief, making them stick to windows 2000 or 98.

The general public are stupid and would not even be able to handle that level of security! They'd want to know why their new mouse cursors can't be installed, why their IE search bar needs a password, etc, etc

Re:oldschool (4, Insightful)

prockcore (543967) | more than 9 years ago | (#10054100)


The general public are stupid and would not even be able to handle that level of security! They'd want to know why their new mouse cursors can't be installed, why their IE search bar needs a password, etc, etc


Good. It's time for the general public to suck it up.

If the general public can handle OSX (and presumably they can), then they can handle this. OSX installers require the admin password.

Re:oldschool (1, Insightful)

samael (12612) | more than 9 years ago | (#10054195)

It's time for the general public to suck it up.

Nobody ever made money with that kind of attitude...

Re:oldschool (0)

Anonymous Coward | more than 9 years ago | (#10054225)

Yeah, in the good old days, when the general public contracted a virus they just had to sit on it. Nobody else'd be bothered.

Now with everyone having megabits connections, everyone gets fucked in the ass when the general public, the fuckers, don't take care of their trojan infested wankboxes.

Sorry 'bout the language. But the general public consists entirely of fuckwads.

Re:oldschool (3, Insightful)

iainl (136759) | more than 9 years ago | (#10054107)

I was almost with you, right up to the "Any .exe not installed by the MS Installer should be marked as "dirty", and windows should refuse to run it" comment.

I understand your concern, but this would break compatibility with absolutely everything, which would be enough to make people avoid upgrading. I agree that it would make virus-writers lives more difficult, but its at too high a price on the user's experience.

Maybe an alternative would be an Admin-controlled "install mode" - drop into that, and for the duration of the session anything can be installed, and will automatically marked as 'good'. Disconnecting from the network while that is running would obviously be handy, too.

Re:oldschool (1, Informative)

Anonymous Coward | more than 9 years ago | (#10054147)

Actually, starting with XP SP2, all heap and stack memory are marked NX by default.

Re:oldschool (2, Informative)

LiquidCoooled (634315) | more than 9 years ago | (#10054151)

If you impliment everything exactly as you say, then viruses and trojans will just get packaged inside msi files.

As long as there are executable entry points, malicious code will unfortunately always find a way to run.

The best we can do is limit the damage they can cause, and requiring users to run in user space has been proven to be a good defence. Granted, its not foolproof at the moment, but we have to build on what works.

Re:oldschool (2, Informative)

Anonymous Coward | more than 9 years ago | (#10054159)

An MSI file can't run arbitary code? You're kidding; the Microsoft Installer Engine has an entire scripting language and full access to the registry and filesystem. MSI files created with installer creation tools such as Install Shield have their own, even more powerful scripting capabilities; you could write a complete application with it if you were perverse enough.

I agree, forget Joe (L)user (5, Interesting)

panurge (573432) | more than 9 years ago | (#10054166)

W64 is an opportunity to move away from the whole "the system has to be insecure because Joe Sixpack is stupid" syndrome. If OS X can drop down a window asking for an admin password before installing updates, so can W64. W64 will be supposed to be a professional OS, for Turing's sake. Why can't MS simply use a few $$ of the billions to produce a nice "read this first" poster to explain to newbies how their nice new security system works, and how it will make using the computer so much more pleasant?

Tinfoil hat time: perhaps all the FUD about SP2 problems, users unwilling to update etc. is just being put out by spammers and malware merchants.

I agree there is a problem, especially with people who think they are creative. I'm afraid I was positively delighted when the author Louis de Bernieres lost the first 60 pages of his new novel becaue he had failed to make a backup, and complained that he didn't expect to have to make backups, he wasn't a computer expert (or words to that effect). People need to understand that failure to learn the basics can result in pain and distress.

Re:oldschool (5, Informative)

mlock (648386) | more than 9 years ago | (#10054293)

> I propose that all software should be distributed
> as .MSI files instead of .exe installers. (They
> work the same, double click the .MSI and it runs
> MS's Installer, but the MSI can't run arbitrary
> code.. it works like an RPM in this regard).
Sorry, doesn't work.

MSI files can embed DLL's, and these can be called during setup.
http://msdn.microsoft.com/library/en-us/ms i/setup/ adding_launch_to_the_customaction_and_binary_table s.asp

Like the post-conf scripts in RPM and DEB :-)

Re:oldschool (0)

Anonymous Coward | more than 9 years ago | (#10054321)

Wouldn't a solution to a lot of virus damage be to ensure that the OS never actually deletes any files - instead it would work like a source version control system? Aren't hard drives big and fast enough for this nowadays? Perhaps require you to be admin to actually delete files should you need to?

Wow! Beta Viruses! (1, Interesting)

ArbiterOne (715233) | more than 9 years ago | (#10054038)

Speaking of proof-of-concept (RTFA), could this be the first virus to attack a product that's still in beta?

Actually, this doesn't really make a lot of sense. If the entire point of a virus is to cause widespread destruction, then doesn't it make more sense to write a virus for 32bit computers?

Re:Wow! Beta Viruses! (3, Informative)

random_culchie (759439) | more than 9 years ago | (#10054068)

Ìf you did RTFA you would see that the virus was a proof of concept released on an antivirus newsgroup.
In other words these people have discovered the problem and given it some publicity by making a basicly useless virus. Their intent is not malicious
Its like the first virus for the .NET platform. It existed just because it could.

Viruses (3, Interesting)

Un0r1g1nal (711750) | more than 9 years ago | (#10054051)

Although I thoroughly disagree with these malicious programs, and any virus of any discription, they do encourage people to create neater code and to develop better code that is invulnerable to these kinds of exploits. One could always hypothesise about how much we may or may not have developed programming code without having to spend money on prevention of these exploits.

Re:Viruses (3, Informative)

DrSkwid (118965) | more than 9 years ago | (#10054117)

and any virus of any discription[sic]

If you had any sense you'd notice that the "virus" in question was written by anti-virus people as a way to demonstrate a vulnerability of the w64 platform.

Do you find road car crash tests equally repugnant?

One could always hypothesise about how much we may or may not have developed programming code without having to spend money on prevention of these exploits.

As long as there are systems there will be exploits; be it computers, social security, passports, education - such is the way of the dragon.

Re:Viruses (2, Informative)

morzel (62033) | more than 9 years ago | (#10054340)

Although I thoroughly disagree with these malicious programs, and any virus of any discription, they do encourage people to create neater code and to develop better code that is invulnerable to these kinds of exploits.
Dude... It's a virus [wikipedia.org] , not a worm [wikipedia.org] .
You can write your code as secure and neat and clean as you want, that doesn't protect you from a virus that injects some code into your compiled executable.

Operating systems may be part of the solution, but IIRC we are weary of proposed solutions (ie: TPC).

Yay! (0, Offtopic)

unixmaster (573907) | more than 9 years ago | (#10054085)

Yay for portability!

Beta tester not need to apply (2, Funny)

freitasm (444970) | more than 9 years ago | (#10054099)

This mal"ware" will probably have a better beta test cycle than most of the soft"ware" released these days. It'll be idiot proof, so anyone can get infected...

- No need to call us, we'll infect you.

Malware-by-email is *HISTORY!* Interested? (-1, Offtopic)

iamcf13 (736250) | more than 9 years ago | (#10054104)

Complete details here [slashdot.org] and here. [slashdot.org]

Bryan Taylor
iamcf13@hotpop.com
SpamByte code: 7
(see http://www.cf13.com/game-over-spammers.htm )
http://www.cf13.com/press-release.htm
All email containing unwanted content will be summarily deleted or reported as spam.

Re:Malware-by-email is *HISTORY!* Interested? (0, Offtopic)

kormoc (122955) | more than 9 years ago | (#10054191)

wonderful, you'll just spam forums to get rid of spam...

what a great solution...

typical (2, Insightful)

Anonymous Coward | more than 9 years ago | (#10054150)

As usual, there are few calls to shoot the damn writers of the viruses ... the true problem.

If it wasn't for the criminals, most windows 'problems' wouldn't be an issue at all.

before you whine at me, and incorrectly call me flamebait for disagreeing with your somehow more enlightened views about the great good those virus writers do with their vandalism ...

what do you think of grafitti? do you like it when you look outside in the morning and see some bastard's tag painted on your building?

You fools treat viruses the same way that most cities (and those fools that call it 'art') treat grafitti ... leave it to the owner of the building to take care of the vandalism instead of tracking down and cutting the hands off the criminals that did the damage.

Damn! (1)

Linwood (652814) | more than 9 years ago | (#10054258)

And I thought 64bits was the god sent answer to virii, script kiddies, and 'Please Insert Disk' errors I keep getting! *grumble*

In unrelated news... (3, Interesting)

MickyJ (188652) | more than 9 years ago | (#10054274)

...anti-virus company profits are down.

Sourcecode (4, Funny)

MikeDX (560598) | more than 9 years ago | (#10054275)

I bet the code is something like this:

while(windows) {
infect();
}

Virus made by Symantec ? (1)

thrill12 (711899) | more than 9 years ago | (#10054306)

..oh no, I missed the "named by" bit.
Makes you wonder though...

Nintendo? (0)

Anonymous Coward | more than 9 years ago | (#10054314)

When I Hack and port Windows 64, to my N64, will
I have to worry about a virus wiping my Zelda and
Mario saves?

Security (0)

Anonymous Coward | more than 9 years ago | (#10054341)

http://cryptome.org/ncs-cryptome.htm

I feel safer already!
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...