Beta

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

The Art of Computer Virus Research and Defense

timothy posted more than 9 years ago | from the should-come-with-a-gun dept.

Security 100

nazarijo writes "I think by now we're all familiar with viruses and worms. It may have been a term paper diskette chewed up by a virus back in college, a family member's computer infected with the latest worm, or your email inbox clogged with a mass mailer of the week. But how do AV researchers dissect such malware, especially when virus writers have devoted so much time to avoiding detection and perfecting their craft with self-decrypting viruses, polymorphic shellcode, and obfuscated loops. Haven't you wanted a peek into how that's done, and how you would analyze such a monster that landed in your computer? Well, Peter Szor's book The Art of Computer Virus Research and Defense (TAOCVRD) has been gaining lots of critical acclaim lately for filling that gap, and rightfully so. (Before we begin, however, I should make one thing perfectly clear: I was a technical reviewer of this book. I enjoyed it when I read it originally, and I'm even more pleased with the final result. And now on to your regularly scheduled review.)" Read on for the rest.

TAOCVRD opens with Part 1: Strategies of the attacker. Here we get to start to think about malicious code from the original ideas and viewpoints of its makers. Chapter 1 opens up with various games of the classic computer science world, including Conway's Game of Life and Core Wars, which is still fun after all of these years. From this we can start to think about computer viruses as a natural extension of other self-replicating computer structures. What's great about this chapter is that you can actually understand, and share in, the fascination of replicating code. It's as if you can understand the pure world that some virus writers live in.

Chapter 2 starts off the virus-analysis section, including some of the basics (like the types of malicious programs and their key features), as well as the naming scheme. Chapter 3, "Malicious Code Environments," serves as a lengthy and complete description of how various viruses work. The dependencies that you would expect to see, including OS, CPU, file formats, and filesystems, are all described. Then Szor goes on to describe how viruses work with various languages, from REXX and DCL to Python and even Office macros. Not all of the descriptions are lengthy, but you get to see how flexible the world of writing a virus can be. What I most enjoyed about the book overall is represented in this chapter, namely Szor's command of the history of the virus as well as his technical prowess, which he drops in as appropriate.

Chapter 4 gets a bit more technical and now focuses on infection strategies. Again, Szor isn't afraid to delve into history or technical meat, including a lengthy and valuable section "An In-Depth Look at Win32 Viruses." If you don't feel armed to start dissecting viruses by this point, you're in luck: there's so much more to read. Chapter 5 covers in-memory strategies used by viruses to locate files, processes, and sometimes evade detection. Szor has a list of interrupts and their utility to the virus writer, providing a comprehensive resource to the virus analyst.

Chapters 6 and 7 cover basic and advanced self protection schemes, respectively, used by viruses. TAOCVRD's completeness of information in a usable space, together with very functional examples and descriptions, is again evident. Szor walks you through a basic decryptor routine, for example, showing you how a self-contained virus can be both evasive and functional at the same time. Sadly little attention is given to various virus construction kits at the end of chapter 7, though.

Chapters 8 and 9 get a little less technical and somewhat more historical. These chapters cover virus payloads and their classification (ie benevolent viruses, destructive viruses, etc) and computer worms, respectively. The overview of payloads is almost entirely historical, giving a great overview of how virus writers have used their techniques to cause havoc or just have "fun" from time to time. Chapter 9 gives a concise and valuable overview of computer worms, almost boiling about half of my worms book down into just one chapter in a clear and easy to use fashion.

Part 1 concludes with chapter 10, which covers exploits and attack techniques used by worms and viruses. Again, Szor's clarity of explanation shines as he artfully gives a concise overview of how a buffer overflow attack works (including stack layout and address manipulation), heap-based attacks, format string attacks, and related methods. He then discusses these techniques in light of various historical examples, clearly explaining how they operated and were successful. If you've been yearning for a short overview of attack techniques and how malware has used them, this chapter is for you.

Part 2 covers the defender's strategies. Chapter 11 serves as a nice introduction to this section by describing many of the current and advanced defense techniques such as some of the first and second generation scanners, code and system emulation, and metamorphic virus detection. This is all covered in nice technical detail, always at a reasonable level to not leave everyone in the dust. Through it all small examples are constantly given, which reinforce the text nicely. Chapter 12 is very similar, this time focusing on in-memory scanning and analysis techniques.

Chapter 13 covers worm blocking techniques, focusing on host-based methods which can prevent the buffer overflow from being successful or the code from arbitrarily gaining network access again. Chapter 14 complements this with network specific defenses, including ACLs and firewalls, IDS systems, honeypots, and even counterattacks. These two chapters are a lot less technical than the previous two, but still quite valuable.

By this point I'm sure you're ready to try your hand at virus analysis, and Szor is eager to help you out. In chapter 15 he gives you a great setup for virus analysis, including various tools and examples of how they work and what kind of information they give you. Finally, in chapter 16 you have the obligatory (and valuable) resource roundup which complements the references given in every chapter, as well.

Overall I find Szor's book to be amazing, both in terms of its technical prowess over so many specifics in the field but also for its presentation. Without dumbing it down, Szor's able to communicate to most readers with clarity in a manner they'll understand, learn from, and be able to use. I think that many of us, especially those of us who get plundered in our email inboxes with malware, are curious to spend some time dissecting these beasts using techniques AV professionals use, and Szor's book does an exemplary job of introducing that world to us all. I consider this to be one of the most important computer security books I own due to it's clarity and completeness of coverage.


You can purchase The Art of Computer Virus Research and Defense from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

cancel ×

100 comments

Sorry! There are no comments related to the filter you selected.

1992 Called.... (0, Offtopic)

1992 Called (893858) | more than 9 years ago | (#12876234)

They want their labour-intensive resarch methodolgies back.

Is it just me... (2, Insightful)

udderly (890305) | more than 9 years ago | (#12876238)

Is it just me or does this sound like it would be a really cool job--especially if you like sleuthing.

Re:Is it just me... (4, Funny)

Asshat Canada (804093) | more than 9 years ago | (#12876247)

I was about to say yes until I realized you didn't say slutting.

Re:Is it just me... (1)

0racle (667029) | more than 9 years ago | (#12877474)

Have you seen pictures of these virus writers?

Too Much Joy (4, Interesting)

Gary W. Longsine (124661) | more than 9 years ago | (#12877516)

I think you have hit the nail on the head here.

Reverse engineering malware is so much fun, and appeals to techie and tech-savvy manager types so much that it has been a terrific and terrible distraction. I've seen the effect firsthand -- companies waste precious limited mitigation and response talent and time trying to analyze malware when they should be taking immediate action to contain the spread of a worm.

Corporations and government agencies have been so thoroughly trained by the AntiVirus industry that they have a hard time coping in an age of the zero day worm, flash worm, or even the boring ordinary retread worm with 800 variants that do different things and propagate through a dozen different old defects. In fact, in the last year it's become clear that worms targeting many old defects can spread widely, slipping in under the radar of AntiVirus definitions with dozens of daily variants. (It's hard to patch a large network, and the industry hasn't woke up to the fact that it's also hard to keep it patched.)

What does it matter, which of the 800 strains of Spybot or Rxbot is smacking your PC's around? Well, if it were possible to quickly assess exactly what a given strain might do on a computer, it might be. But typically it's not possible.

In fact, it's gotten to the point where the AntiVirus vendors themselves have all but given up on detailed analysis of the many variants emerging each hour. Sometimes critical features of a strain (what ports does it probe, etc.) are missing entirely from the public analysis of the strain for weeks after it was first detected. Sometimes one vendor will describe a feature while others don't. Obvious cut-and-paste errors in the analysis of major vendors can also be observed, if one pays close attention.

The AntiVirus industry can't keep up the analysis of every minor strain, but they do continue the practice because it's a proven effective strategy for keeping mindshare. To their credit, they do a pretty reasonable job of rapid analysis and signature development on quite a few variants every day. Unfortunately, the stakes are pretty high and getting higher.

The bottom line for big networks: focus on prevention and containment. Cleanup is very costly, so do your own analysis if you must, but don't let it delay or sap resources from containment efforts when a worm hits. Other damages might be mounting while the mitigation effort stalls out because an incident response team is bogged down trying to answer the question: "Does the variant that hit your network today have a keystroke logger?"

With several variants of various worms released each day, are you *sure* that you've been hit with only one variant?

Even if you think you are sure, in fact, you typically can't be sure quickly enough. Well staffed, well funded, and highly experienced labs at the major AntiVirus vendors can't keep up with detailed analysis of the zillions of variants. Neither can the overburdened IT staffs of the world. They need to stop trying.

Disclaimer: As the founder of Intrinsic Security [intrinsicsecurity.com] I am clearly convinced enough in the limitations of the AntiVirus approach that I started a company and developed an alternative (complementary) approach. All of my opinions, well reasoned and otherwise, are my own, although they may be shared by others.

Avoid The Obvious Punctuation Error... (3, Interesting)

devphaeton (695736) | more than 9 years ago | (#12876268)

But how do AV researchers dissect such malware, especially when virus writers have devoted so much time to avoiding detection and perfecting their craft with self-decrypting viruses, polymorphic shellcode, and obfuscated loops.

I have a theory that probably 90% of the worms we see are written by the AV companies themselves.

Either that, or they're REALLY DAMN GOOD at getting hold of some fledgling outbreak, no matter how obscure, and reverse engineering it and learning all its minute details. Sometimes they claim to do this within a couple of hours of its first known incident.

I dunno.. maybe i'm a conspiratorist... I still say that Norton Internet Security is the most effective piece of malware out there.

Re:Avoid The Obvious Punctuation Error... (2, Insightful)

MrPower (687654) | more than 9 years ago | (#12876304)

Either that, or they're REALLY DAMN GOOD at getting hold of some fledgling outbreak

I suspect that many of these "fledgling outbreaks" that the AV companies most quickly defeat are the variants that have just been edited by script kiddies.

Tweak the engine a little and viola, they have defeated a virus in 10 minutes!

Re:Avoid The Obvious Punctuation Error... (1)

cramd (303683) | more than 9 years ago | (#12876414)

if you take a look at the stats most viruses that are released are variants. This however does not make for an easy task for AV companies to detect.

A Sk uses a different packaging tool and most AV products will not detect the variant. There some AV engines that do detect variants. And do it very well.

My company uses Symantec and we were hit by a new virus last week. No updates on symantec site, and LONG ASS hold times to talk to some kid, somewhere far far away, who reads a script and can't help me.

I know a few people who work at a competive AV company. A quick call to them to see if they were aware of a new virus in the wild. At this point they were not. I transfered the virus to my home server to ship it off to their virus lab and what do you know? As I run their AV on my mail server I was not able to send the sample as it was detected as a virus.

I quickly removed symantec from the infected machines and installed Sophos. It detected 9 variants of current viruses that symantec just looked by.

The process that goes on in a virus lab is almost insane. i have had the chance to tour one before and there is almost too much work that goes on to detect, disect, and create a signature for.

Re:Avoid The Obvious Punctuation Error... (1)

ettlz (639203) | more than 9 years ago | (#12876785)

Kudos to Sophos. My university makes it available for students' home machines, and they generally have a shit-hot response. Sometimes they're a bit too enthusiastic, and I've seen a number of false positives that were corrected a couple of hours later. Still, better safe than sorry.

Re:Avoid The Obvious Punctuation Error... (1, Informative)

Anonymous Coward | more than 9 years ago | (#12876468)

viola [reference.com] n.
  1. A stringed instrument of the violin family, slightly larger than a violin, tuned a fifth lower, and having a deeper, more sonorous tone.
  2. An organ stop usually of eight-foot or four-foot pitch yielding stringlike tones.


voilà [reference.com] interj.
  1. Used to call attention to or express satisfaction with a thing shown or accomplished.

Re:Avoid The Obvious Punctuation Error... (3, Informative)

Tipa (881911) | more than 9 years ago | (#12876306)

Considering Symantec would instantly cease to exist as a company if it were ever found doing something like this, you can bet they aren't. There are top secret mailing lists used by AV companies and researchers where they pass around stuff as soon as they find it. Honeynet computers can catch viruses pretty quickly as well, and you can bet that all those AV companies have honeynets of their own just waiting to be infected.

Re:Avoid The Obvious Punctuation Error... (1)

Gary W. Longsine (124661) | more than 9 years ago | (#12877524)

The major AntiVirus vendors also have automated sytems in place to help their clients collect virus samples and deliver them for analysis. The Symantec feature is called Scan and Deliver [symantec.com] .

Conspiracies? (3, Informative)

Spy der Mann (805235) | more than 9 years ago | (#12876467)

I'm an old-schooler, I've read Norton's books like "Inside the IBM PC", when he spoke about bits, bytes, sectors, clusters, etc.

I remember using the famous Norton Utilities for say, defragging my HD or repairing the DOS FAT table.

Norton didn't enter the antivirus business until much later. The de-facto standard for cleaning up viruses was McAffee viruscan for DOS.

And I was shocked at the massive amount of viruses being written... or actually, the amount of viruses that the McAffee antivirus SAID had been written (this was BEFORE the internet as we know it; we used to get the antivirus from BBS's or in issues of computer magazines). I'm talking about 300 or more viruses being written PER MONTH.

The rumour of McAffee hiring virus writers was pretty extended.

Today is very different. Antivirus companies DON'T NEED to hire virus writers (they don't need to create their own market, Microsoft has done them the favor :). With websites dedicated to virii and similar stuff, irc channels, mailing lists, and specially the number of Windows vulnerabilities, it's almost as if virii wrote themselves.

Also, the jerks in the world seem to be multipying. And virus-writing tools are relatively easy to find. All it takes is a script kiddie and a virus writing toolkit. The real geniuses writing virii, are rare. However, all it takes is one original virus for several variants to appear in the next months.

So, conspiracy theories? I don't think so.
A bunch of self-organizing lamers? Very possible. Just look at the wikitorial invasion.

Fall of The Legend (was: Conspiracies?) (2, Interesting)

Gary W. Longsine (124661) | more than 9 years ago | (#12877831)

For many years variants of this legend have floated around the net, taking different forms. The least conspiratorial version that I've heard is told as follows:
"__Fill in the blank with one of the early players in the antivirus market__ had an ill-conceived bonus program in place for a while which rewarded employees for being the first to discover a virus. The incentives created by the program obviously ran counter to the long term interests of the company and their clients, and the bonus program was discontinued when an employee was caught writing their own viruses for submission."
This is so dilbertesque [urbandictionary.com] that it seems almost likely to become true someday, even if it wasn't when the rumor started. It just sounds like something that would happen in a big company. I half expect one day to wake up to a headline, "Former AntiVirus executive admits to creating legendary bonus incentive program to find viruses in the early days of computing".

However, it's probably just as likely that the rumor was started in usenet by the other major antivirus company, only to have it backfire in the form of some general level of mistrust of the AntiVirus industry.

The legend has since mutated into the simpler but unlikely "AntiVirus vendors write most of the viruses" form of the legend. AntiVirus vendors today have far too much to lose. I'm confident that like all good corporations, they have policy in place which would lead not only to instant dismissal of employees caught releasing viruses "into the wild" to borrow their expression, but also probably to prosecution as well.

By the way, this was also the earliest, well more precisely, the first form that I ever heard. It might be fun to trace this rumor back to its origins and analyze the meme propagation, as was done regarding the damaging misquotation that Al Gore claimed to invent the internet [wikipedia.org] . The analysis would probably require more effort, since it goes back possibly twenty years or more.

Virii (1)

Fatalis (892735) | more than 9 years ago | (#12879386)

It's funny that you have a grammar tip in your signature, and yet you've used the "scientific" pluralization of the word "virus".

Re:Avoid The Obvious Punctuation Error... (1)

xQx (5744) | more than 9 years ago | (#12877183)

I'm with you. I hardly ever got viruses until the major virus companies started making money from selling antivirus -- I guess we'll find out when Microsoft finally get around to putting all the AV companies out of business by building it into their OS.

Seems to me a little convenient that 99% of viruses created seem to do nothing more than spread. I remember when I was a 'script kiddie' I was maicious. If script kiddies were creating viruses they'd be deleting word and excel documents and filling hard drives and killing windows 9x OS's; printing shit to printers etc.

Re:Avoid The Obvious Punctuation Error... (2, Informative)

bluGill (862) | more than 9 years ago | (#12878159)

Script kiddies generally get bored before they get a working virus. If indeed the can follow the instructions to begin with.

Most viruses these days are written by organized crime. (Actually worm or trojan might be better terms) They create networks of infected computers, and then sell the network. spam is often sent from infected machines. There are a few other ways to earn money from an infected machine, but spam is the money maker.

available on Safari (0)

Anonymous Coward | more than 9 years ago | (#12876271)

Looks like this is on safari so added it to my bookshelf.
http://safari.oreilly.com/ [oreilly.com]
If you have not used this safari service yet its got an excellent selection of books, reading about 3 a week.

also this site I saw on the daily dave mailing list seems a good resource for disassemble of malware. http://www.openrce.org/ [openrce.org]

Money Money Money! (0)

Anonymous Coward | more than 9 years ago | (#12876274)

Save $7 by buying it from Amazon! The Art of Computer Virus Research and Defense [amazon.com]

How to defend against computer viruses... (0, Insightful)

Anonymous Coward | more than 9 years ago | (#12876276)

Don't get one in the first place.

Don't download random crap and execute it.

Re:How to defend against computer viruses... (1)

HermanAB (661181) | more than 9 years ago | (#12876365)

Never heard of 'driveby downloads' have you?

Re:How to defend against computer viruses... (2, Insightful)

Jeremi (14640) | more than 9 years ago | (#12876428)

Don't download random crap and execute it.


That's easy to say, but harder to do. Any non-trivial program that connects to the Internet is going to download something... that's what makes it useful. And if the program wasn't 100% correctly written, there may be a way to make it execute the thing it downloaded. Voila, all the conditions are there to catch a virus, without the user ever realizing he was "downloading random crap" at all. (For examples, see: every web browser ever written)

Re:How to defend against computer viruses... (1)

WillAffleckUW (858324) | more than 9 years ago | (#12876702)

easier method - don't let companies profit from "fixing" virus programs so that their isn't an incentive for "helping" bored developers to create new ones.

that would probably cut them in half.

Re:How to defend against computer viruses... (2, Informative)

pestilence669 (823950) | more than 9 years ago | (#12876965)

On a Windows machine, you don't need to download anything. Just plug it into the Internet with a publically accessible IP address sometime. I'm not even being paranoid right now.

There are BOOTP attacks, buffer overflows for every type of service, even exploits against the network stack.

On my old company honeynet, we couldn't keep our machines up for more than a week. All recent "SP2 blah blah" patches. Both Windows XP and 2000. We even turned on the Windows "Firewall."

It's not a totally hopeless situation. You definately need a *HARDWARE* firewall with Windows. Relying on your ISP to block ports is unwise. Using Outlook is unwise. Opening Word documents from email is unwise.

I've even gone as far as to remove the VB & J Script engines from my machine. Less components = less to break. Who really even scripts MS Office documents anyway? When you connect your machine to every other person in the world, take some precautions for heavens sake.

Good advice, but not sufficient (1)

Gary W. Longsine (124661) | more than 9 years ago | (#12877553)

It's likely that most home computers at least are infected by worms rather than careless double-clickery. You can buy a computer as a novice home user, and it can get infected before you have time to patch it. Here's an amusing example, just one of many recent stories on the phenomenon: Jacques' Hack Attack [bbcworld.com]

The same is probably also true for most infected corporate computers, even though those are some what better protected.

Re:How to defend against computer viruses... (1)

Fnord666 (889225) | more than 9 years ago | (#12877849)

Even that is not enough sometimes. What happens when the virus comes on the shrink wrapped distro disk from a software company? I've had this happen before and it was a good thing I scanned the disk before running the install.

Re:How to defend against computer viruses... (1)

1u3hr (530656) | more than 9 years ago | (#12879516)

What happens when the virus comes on the shrink wrapped distro disk from a software company? I've had this happen before

Conversely, one of the prime points every anti-piracy PR campaign makes is the high chance of getting malware. However, in 10 years of using such, from CDRs sold in Hong Kong and Thailand, I've yet to find a single infected file. And amusingly one of the most highly-pirated apps is Norton AV.

Bad Topic (1)

pestilence669 (823950) | more than 9 years ago | (#12876283)

This is just what every script kiddie needs... the anarchist cookbook equivalent for virus writers.

I've worked as an adware author. It's already frighteningly easy to write a worm, virus, or other malignant type of application... without an instruction manual.

Books like these never address the root causes that enable such applications to exist. It's not fully a home owner's fault if an intruder enters an open door, but they should share the blame.

Practice makes perfect (4, Insightful)

kaosrain (543532) | more than 9 years ago | (#12876286)

But how do AV researchers dissect such malware, especially when virus writers have devoted so much time to avoiding detection and perfecting their craft with self-decrypting viruses, polymorphic shellcode, and obfuscated loops.

It is important to note that virus authors who have perfected their craft create viruses that are not found.

Re:Practice makes perfect (0)

Anonymous Coward | more than 9 years ago | (#12877348)

Aaaah the perfect viruses that are not found.
Urban legend.
Because what's the point? In order not to be found, it should not only hide itself in inactive state, but not do any activity at all.

I have an idea (1)

ndansmith (582590) | more than 9 years ago | (#12876291)

With this knowledge, someone could start a whole new gang of internet vigilantes. First you write "malware" and sell it to seedy companies, phishers, spammers, and various other jerks. Then it is revealed that the software is actually "beneware" which cleans the target computer of all spyware and viruses and reports to the perps to the authorities.

Re:I have an idea (1)

Stanistani (808333) | more than 9 years ago | (#12876426)

<Geezer Mode>
Back in the BBS days, online users would have 'meets' often attended by the system operators of various local BBSes. At one meet, the sysops were comparing notes about a piece of malware that had propagated locally, and which had required hundreds of hours to repair the systems. A user proudly piped up that he had written that particular piece of code. We watched as they beat him rather soundly. Wish it would happen to more malware authors.
</Geezer Mode>

just a site you need to check (0)

Anonymous Coward | more than 9 years ago | (#12876300)

Mobile TNT [mobiletnt.com]

Informing (0)

Anonymous Coward | more than 9 years ago | (#12876303)

It's good to inform the masses now.

Obligatory "Just get a Mac" statement... (0)

Anonymous Coward | more than 9 years ago | (#12876317)

We know, we know. We like to suffer, it's fun.

That should keep the Mac flyboys at bay for awhile. :)

http://homepage.mac.com/hogfish/PhotoAlbum2.html [mac.com]

The only virus I've ever caught (1)

sphix42 (144155) | more than 9 years ago | (#12876362)

is one I wrote myself..

Re:The only virus I've ever caught (0)

Anonymous Coward | more than 9 years ago | (#12876575)

me too. DOS .bat file infector. Never released in the wild.

Re:The only virus I've ever caught (0)

Anonymous Coward | more than 9 years ago | (#12879972)

After I debugged it and put it back on your computer while you were looking at your credit card statements....

Question... (1)

cfavader (754724) | more than 9 years ago | (#12876372)

What happens when someone finds a loophole and patents some sort of virus and then sues any AV companies that try to reverse engineer it? Yay for our intellectual property dogma!

Qui custodes virii? (1)

WillAffleckUW (858324) | more than 9 years ago | (#12876397)

What happens when someone finds a loophole and patents some sort of virus and then sues any AV companies that try to reverse engineer it? Yay for our intellectual property dogma!

I think that's DCMA, actually. If you copyright a virus and someone borrows your work and it shows up on millions of PCs worldwide, aren't all those millions of PCs subject to seizure, since they contain your copyrighted work?

Well?

Re:Qui custodes virii? (0)

Anonymous Coward | more than 9 years ago | (#12876470)

virii isnt correct, and doesnt exist in latin. it would be viruses.
viri in latin means 'men'
on a related note, you can have both cacti and cactuses. /pedant

Re:Qui custodes virii? (1)

WillAffleckUW (858324) | more than 9 years ago | (#12876644)

picky picky

virii isnt correct, and doesnt exist in latin. it would be viruses.

At best it would be viruse, not viruses. I'll stick with virii, thanks.

Re:Qui custodes virii? (0)

Anonymous Coward | more than 9 years ago | (#12877690)

In the English language, the normal plural of "virus" is "viruses". This form of the plural is correct, and used most frequently, both when referring to a biological virus and when referring to a computer virus. The forms "viri" and "virii" are also used as a plural, although less frequently. There is disagreement over whether these forms should be considered correct.
[http://en.wikipedia.org/wiki/Virii [wikipedia.org] ]

Viruses and virii are both correct :p
As for its use in a latin phrase, virus/viruses/virii are modern words. Viruses/Virii were not discovered until way after the time of the latin language, therefore it does not exist in the language. Therefore, he is actually correct in saying "Qui custodes virii"

Re:Qui custodes virii? (1)

77Punker (673758) | more than 9 years ago | (#12876618)

Despite the high "awful" and "dumb" factors of the DMCA and Patriot Act, you must remember that courts do function in a sorta-real world.

The virus writer would have to write a program that pretty much breaks into your computer and puts itself into your computer. His lawyer would have the daunting task of proving that despite the fact that his client is a criminal who planted the program on the machine by its design, the person whose computer is infected is still at fault for having it. It would never work, even with the DMCA.

Re:Qui custodes virii? (1)

WillAffleckUW (858324) | more than 9 years ago | (#12876729)

Despite the high "awful" and "dumb" factors of the DMCA and Patriot Act, you must remember that courts do function in a sorta-real world.

The virus writer would have to write a program that pretty much breaks into your computer and puts itself into your computer. His lawyer would have the daunting task of proving that despite the fact that his client is a criminal who planted the program on the machine by its design, the person whose computer is infected is still at fault for having it. It would never work, even with the DMCA.


Not as I read it. It's not up to a copyright holder to take unusual methods to protect oneself from piracy, in fact by depositing it to preserve copyright under the Berne Convention - which is how you get Strong protection for Copyright - you make it possible for anyone to read it.

Then, since it is code, they merely need to implement it in a virus and Shazaam you have a DCMA claim to anyone who got the virus.

I didn't say it made sense - I just said it was possible.

Re:Question... (1)

temojen (678985) | more than 9 years ago | (#12876598)

Patents don't work like that. It doesn't matter if a competitor knows how your patented thing works, it only matters if they make something that works the same way.

The funny part is on the Mil side (1)

WillAffleckUW (858324) | more than 9 years ago | (#12876374)

we figured out how to do all of these back in the mid-80s. Yup, self-decrypting viruses, polymorphic shellcode, and obfuscated loops - all of it.

The amazing thing is that it took so long for people to actually put them into practice.

Re:The funny part is on the Mil side (1)

darksider415 (893698) | more than 9 years ago | (#12878024)

It isn't as amazing as it seems. It really wasn't as much the fact that it took so long, as much as it's the fact that times have changed, and more and more people are using computers on a daily basis. Let's face it, there are more systems out there, with more people without firewalls and AV protection that make life easier for virus writers.

Worms ? (-1, Offtopic)

Anonymous Coward | more than 9 years ago | (#12876376)

> I think by now we're all familiar with worms [...]

Please someone, can you explain me WHY the HELL an article about those elongated soft-bodied invertebrate animal is posted on the main page of SLASHDOT ? WTF ?

wormholes (2, Interesting)

Doc Ruby (173196) | more than 9 years ago | (#12876406)

I remember the early 1980s, when a funny little VMS program called "worms" would carve circular holes in text files, like a bookworm would in paper. It didn't selfreplicate or anything, and it destroyed the wormy file. But it was a real laugh when it wasn't your file. FWIW, the purely funny version backed up the original file in its own subdirectory.

Re:wormholes (0)

Anonymous Coward | more than 9 years ago | (#12877872)

Would be interested in seeing the program if you have access to it. The funny version though, I have no interest in the other one.

25th post! (0)

Anonymous Coward | more than 9 years ago | (#12876418)

woot!

The Art of Computer VIrus Research and Defense (1)

daviq (888445) | more than 9 years ago | (#12876421)

Chapter 1 In order to properly aviod viruses, take these simple steps. These steps include getting a Apple Computer and then booting up. The last step is to discontinue use of your Windows machine by installing Linux on it. Epilouge Get a Mac, and run Linux.

bookreview (1)

hyfe (641811) | more than 9 years ago | (#12876441)

Book certainly looks interesting, but all the comments so far have been moderatly off-topic.

Anybody actually read the book and can tell me wether it actually is good, or is this is another case of an auther/publisher writing a review for their own book?

Re:bookreview (0)

Anonymous Coward | more than 9 years ago | (#12876718)

I'm about halfway through it, and it's definitely very readable and informative. One of the best chunks of change I've spent on a book in a long time.

Re:bookreview (2, Informative)

GT_Alias (551463) | more than 9 years ago | (#12877467)

I'm only 1/3rd of the way through it, but up to this point the book has been about execution environments and infection strategies of both existing and theoretical viruses. I bought the book mostly to look at his analysis techniques, it looks like that part comes later. But if you care about a 1/3rd opinion, I've enjoyed everything I've read so far. It's been fascinating to see the different techniques applied to past viruses, you can appreciate the creativity virus writers put into their creations.

Re:bookreview (0)

Anonymous Coward | more than 9 years ago | (#12880132)

I've read it, I found it to be extreamly intresting, but not teaching me any thing new. The book assumes a lot of prevouse knowledge, such as knowing x86 16bit real mode, and 32bit protected mode, understanding execution rings, and some other fun topics. I'd recommend reading it regardless if this is a topic you're intrested in.

Uh huh. (2, Interesting)

Telastyn (206146) | more than 9 years ago | (#12876444)

But how do AV researchers dissect such malware, especially when virus writers have devoted so much time to avoiding detection and perfecting their craft with self-decrypting viruses, polymorphic shellcode, and obfuscated loops. sic.

They don't. All they need to do is watch the thing go by on the wire and pick out something that vaguely looks like a unique signature for their dumb as dirt detection engines. And that assumes that such techniques are commonly used, which they're not.

Re:Uh huh. (0)

Anonymous Coward | more than 9 years ago | (#12878077)

yup, they dont... :-(

All this analysis and scanning is dumb (1, Insightful)

rufusdufus (450462) | more than 9 years ago | (#12876451)

Virus scanners/blockers are a scam; they have caused more problems in my network of tech-unsavy users than viruses have by a long way. Just last night my sister's McAffee took her harddrive out back for a thrashing. Another person I know runs 3 firewalls and 2 virus blockers at the same time, computer is practically useless.

There is a better way people! Either boot from a read only media or restore an image of the system every few boots--much faster and practically invulnerable. Put your documents (non executable formats only!) onto removable media and leave them removed except for saving.

This way even if an internet worm exploits a hole in your OS or email, its gone the next boot--even if it is undetectable!

Not only is this more effective and faster, you don't have to pay for pattern updates.

Re:All this analysis and scanning is dumb (1)

ettlz (639203) | more than 9 years ago | (#12876840)

Another person I know runs 3 firewalls and 2 virus blockers at the same time, computer is practically useless.

Seriously, is this person paranoid or just dangerous?

Re:All this analysis and scanning is dumb (0)

Anonymous Coward | more than 9 years ago | (#12877753)

3 firewalls is definitely paranoid, but isn't running 2+ different anti-virus programs at the same time dangerous?

Re:All this analysis and scanning is dumb (1)

Redwin (805980) | more than 9 years ago | (#12877205)

I'm sure windows update would find that setup useful, or anything else that needs to be patched for that matter. Not all worms write to the hard drive, SQL Slammer for example was memory resident and was removed upon a system reboot. The problem came with machines being scanned so many times that unpactched systems or not having the attacked ports blocked, meant machines could be reinfected after a very short period of time. Read Only systems wouldn't help.

Possible solutions would be in throttling outgoing repetitive traffic, (see Throttling Viruses: Restricting Propagation to Defeat Malicious Mobile Code by MM Williamson for more details on this technique) dynamic detection and dropping of malicious packets and user vigilance.

Re:All this analysis and scanning is dumb (1)

Calyth (168525) | more than 9 years ago | (#12880392)

I definitely agree with the R/O system won't help part.
Considering that I was rebuilding a computer after it's got the Blaster and a whole bunch of others some time ago, and we neglected to remove the CAT 5 out of the machine, and right after install, 10 minutes into running the system, it's got Blaster all over again.
Even if you can't write to the OS, you still need r/w ram for your programs and such, and imagine a memory resident worm/virus that keep reinfecting your R/O system on boot.

Missing something fundamental (3, Insightful)

tyates (869064) | more than 9 years ago | (#12876486)

From the review, it sounds like the book's missing something critical.
1. The fact that viruses even exist today is a testament to crappy OS Design. OS X and Linux don't even get viruses. And then if you put crappy application design on top of crappy OS design, you get viruses you don't even have to execute, like Outlook and Word macro viruses.
2. Worms and viruses are totally different. Worms attack you from the outside. But the odds of you getting a worm on a patched, up-to-date system that's behind a firewall is practically nil. (see for example, Apple Software Update.)
In other words, in a "sane" world with decent operating systems and applications, viruses and worms wouldn't even exist.

Re:Missing something fundamental (1)

Radres (776901) | more than 9 years ago | (#12876517)

FUD. Unix systems have always been vulnerable to virii [cybersoft.com] . Much like the mugger who targets the little old grandma as opposed to the 6' tall young man, criminals will take the path of least resistance.

Re:Missing something fundamental (1)

tyates (869064) | more than 9 years ago | (#12876669)

Where did you get this article? It doesn't make any sense. In the first few sentences it confuses viruses with worms, logic bombs, and trojan horses. In the whole article it doesn't even mention any actual cases of viruses, just theoretical potential vulnerabilities. Unix-based systems aren't completely immune to viruses, but because your apps don't run with superuser access it's *very* hard for them to infect other apps or system code. Who's the one with the FUD now?

Re:Missing something fundamental (1)

Radres (776901) | more than 9 years ago | (#12876703)

To say that there are no viruses for Linux at all is misleading.

Re:Missing something fundamental (1)

tyates (869064) | more than 9 years ago | (#12877094)

Okay - show me a Linux program that can be run as a user that is self-replicating and infects other programs. And not something theoretical, something that's actually infected systems.

Re:Missing something fundamental (1)

BITsai (894030) | more than 9 years ago | (#12878316)

Still puzzled by your insistence that a Linux virus must be able to do evil while run as a user. Nowhere else i've looked have i found this to be a requirement of a virus. Then again, what do those other sources know; they don't call themselves "author IT Leader".

Re:Missing something fundamental (1)

GT_Alias (551463) | more than 9 years ago | (#12876699)

OS X and Linux don't even get viruses.
If you mean viruses and worms in the klez, sircam, or slammer sense, no. But to if you're trying to imply these OS' are impervious to viruses, that would be an incredibly naive thing to say. Particularly for an "Authority on IT Leadership".

Re:Missing something fundamental (1)

tyates (869064) | more than 9 years ago | (#12877173)

A virus is something specific - a self-replicating executable. Please show me how an application run from a user account can modify an executable owned by bin or root, for example. Then show me how that process would continue to other executables. Then show me how that would spread from machine to machine, over the Internet. Then please show me a case where that's actually happened. I'll be here waiting.

Re:Missing something fundamental (1)

GT_Alias (551463) | more than 9 years ago | (#12877377)

Cases where it's actually happened:

Slapper [symantec.com]
Lion [sans.org]
Scalper [viruslist.com]

Those are just from a quick Google. Then there's the list of Linux and Mac OS X vulnerabilities (take a look around www.cert.org). How could you possibly claim that Linux and Mac OS X "don't get viruses" when any one of those vulnerabilities might be actively exploited. Just because a worm or virus doesn't make the news doesn't mean it's not out there.

I'll be here waiting

Hope I didn't keep you too long. I'm not sure why you're fighting this fight, particularly if you position yourself as someone knowledgeable on IT.

Re:Missing something fundamental (1)

tyates (869064) | more than 9 years ago | (#12877926)

These are worms. Do you know the difference between a worm and a virus? Are you knowledgeable on IT?

Re:Missing something fundamental (1)

BITsai (894030) | more than 9 years ago | (#12878230)

Yep, those are worms. Can you prove why a worm (which can infect and spread from a machine with no help from the user at all) is less dangerous than a virus? Are you knowledgeable on IT?

Re:Missing something fundamental (2, Informative)

pyrrhonist (701154) | more than 9 years ago | (#12878929)

Please show me how an application run from a user account can modify an executable owned by bin or root, for example.

You can use a local root exploit, such as the mremap(2) exploit [isec.pl] . This exploit will allow any unprivileged account to gain root privileges and can be used to execute arbitrary code with kernel level access.

This is just an example. There are much better unpatched exploits if you look hard enough. A far simpler method is to just scan for improper file permissions.

Some applications or libraries (zlib) have overflow and stack exploits that can be triggered by improperly formatted user data. If you provide a user with a data file to exploit this (i.e. a zip archive), you can then have the application run code to take advantage of the local root exploit.

Then show me how that process would continue to other executables.

Once you gain root access, you can easily replace executables, shutdown services, install kernel modules, etc. The way many distros are set up, you don't even need root access to do some rather malicious things.

Then show me how that would spread from machine to machine, over the Internet.

There's a lot more remote exploits out there than you think. One of my favorites involves the Buffalo LinkStation. The Buffalo LinkStation is a network appliance that runs Linux and uses Samba to serve files. There's a really fun exploit on it that will allow you run any command as root simply by sending it a properly formatted UDP packet. At this point, you can drop an auto-run installer into the SMB shares and infect every Windows machine that connects to the LinkStation, but I digress...

Then please show me a case where that's actually happened.

Well, it basically all started with the Morris Worm [wikipedia.org] .

Here are some Linux specific cases:

Viruses: Staog, Bliss, Osf, RST, Binom, Alfa, Lindose, Adrastea, Amalthea, Btrq, Brunfly, BTM, Califax, Cassini, Debilove, Etap.d, Gildo, Glaurung, Guile, Gzid, Mcmd, Metis, Millen, Nel, Neox, Ovets, Satyr, Sickabs, Snoopy, Thebe, Winter, Xone

Worms: Adm, Cheese, Mighty, Ramen, Slapper, Lion, Scalper, Adore, Kork, Mighty,

Re:Missing something fundamental (1)

Beardo the Bearded (321478) | more than 9 years ago | (#12876725)

There are exploits in every piece of software and firmware that can be taken advantage of. It's just easier to exploit the MS software because it's been done before and there's a bigger payload.

It's not a testament to crappy design. What viruses show is this: No matter what you come up with, someone else who is more clever than you will find a way to mess with your design.

Look at Firefox as an example: A wonderful secure browser that lets web pages create and run arbitrary code on your local machine.

Re:Missing something fundamental (1)

tyates (869064) | more than 9 years ago | (#12877141)

A virus != an exploit. A virus is something specific, a self-replicating piece of software that infects other executables and spreads. If your executables are owned by root or bin or whatever, it's simply not possible for an application run with user permissions to modify them.

Re:Missing something fundamental (1)

BITsai (894030) | more than 9 years ago | (#12878254)

A virus != an exploit... very good! An exploit is a general vulnerability that can be attacked via a virus and other methods as well, such as a worm. Even if your executables are owned by root or bin or whatever, your machine can still get attacked and infected by worms.

Re:Missing something fundamental (1)

grasshoppa (657393) | more than 9 years ago | (#12876737)

OS X and Linux don't even get viruses

You, my friend, are what is wrong with the industry today. Please do not lead people to believe that you have a clue, you do not.

Linux and OS X *are* vulnerable. Perhaps not as much as windows, but that's hardly the point. If I can get a user to download and run something, I have access. There are always going to be cracks and work arounds no matter the OS, and that's what virus writers will continue to exploit.

Re:Missing something fundamental (1)

tyates (869064) | more than 9 years ago | (#12877072)

Did I say they weren't vulnerable? No. I said that they weren't susceptible to virii. Do you know what a virus is? A self-replicating executable that infects other executables. How exactly would that happen under Unix?

Re:Missing something fundamental (0, Troll)

narcc (412956) | more than 9 years ago | (#12877241)

Did I say they weren't vulnerable? No. I said that they weren't susceptible to virii. Do you know what a virus is? A self-replicating executable that infects other executables. How exactly would that happen under Unix?
Tristan Yates, author IT Leader


Wow, you're *still* wrong! -- even when you're playing you silly symantic game -- a virus could infect any file that the user has permission to modify. It could even take advantage of some vulnerability in whatever flavor unix to infect other files it might not have permission to modify. Hell, it could come in on a floppy like in days past and be executed by root. Yeah, linux is susceptible to virii. No doubt about that -- And you call yourself an IT Leader!

Re:Missing something fundamental (1)

tyates (869064) | more than 9 years ago | (#12878060)

So all your executables are world writable? And you run executables from floppies as root and then give those floppies to other people to run? And there's some widespread bug in Linux that noone has ever found that allows executables to modify other executables without the proper permissions? Now who's playing games? Sure, anything can be true if you load up a bunch of special conditions and then say "no doubt about it" at the end. Sheesh. Windows is secure if I unplug the machine and bury it in my back yard. No doubt about that either.

Re:Missing something fundamental (1)

TheBracket (307388) | more than 9 years ago | (#12878295)

I believe what the parent is trying to say is that while the default security model in *NIX derived OSes is pretty strong, it isn't perfect. All you need is one privilege escalation bug (giving root access to a normal user's process), and root ownership/non world writable status of files is no longer a problem for the virus seeking to run in /bin (or wherever). There have been a few Linux advisories of just this type of bug (for example, this one [niscc.gov.uk] - first thing I found with a quick Google search [google.com] ), as well as for FreeBSD, OpenBSD, Mac OS X, etc.

It is unlikely that we've seen the last ever privilege escalation bug in Linux.

Re:Missing something fundamental (1)

tyates (869064) | more than 9 years ago | (#12878621)

Okay, but then the virus still has to spread beyond the machine it's on, and spread faster than it can be caught and eliminated, and also spread faster than the patch (which on many linux distros occurs within 24hrs). So, sure, I suppose it's theoretically possible, but in the real world, viruses just aren't a factor on Unix and OSX, and I really have no idea why anybody (other than virus scanner developers) would promote the idea that they are. I've googled plenty of articles on the subject also - check out Bliss, the "original" Linux virus. It was a fraud. And all of the other so-called viruses you see for Linux are worms. The only Linux that's susceptible to viruses is Lindows, and that's because it runs as root as default - which makes it, by my and most definitions, a crappy OS.

Re:Missing something fundamental (1)

BITsai (894030) | more than 9 years ago | (#12878799)

Right, because everyone patches as soon as a patch is released, right? Sorry sir, but not in the real world, which you're so fond of referring to. And this isn't even a knock against people who wait before patching. Often patches just introduce new vulnerabilities and/or break things. Patches can't be perfect, because if they were, the programmers would be godly, and if they were godly, why there wouldn't be vulnerabilities in the first place.

Re:Missing something fundamental (1)

TheBracket (307388) | more than 9 years ago | (#12881456)

I agree about Lindows, although I'm told that the most recent release (isn't it Linspire now?) doesn't give root by default. If true, that's a great improvement. (I do know a few desktop users who've switched to Linux, and spent most of their time as root - sometimes even after my explanations as to why that's a really bad idea; ignorant users are a problem everywhere!)

I also agree that in the real world, you don't see a lot of virus activity in *NIX. I do think that part of this comes from Windows providing a large, easy target; if Linux becomes a very popular desktop OS, I think we'll see a fair amount of malware developed for it. I'm not sure how much of it will be the traditional file-virus (and floppies!) variety, given that worms have a much easier time spreading (more likely, we'll see a few hybrids, viruses that propogate locally through files, but employ worm spreading techniques). With network shares showing up as mounts, it's possible to foresee an infected server spreading file viruses within an organization - but short of the odd CD burned with infected files on it, I think the mass-spreading days of traditional viruses are numbered (probably on most platforms).

AV vendors have a vested interest in scaring us (although some of their products for *NIX are very useful, for example malware scanning on mail servers - even if 99.999% of the items blocked are Windows nasties), and will probably make some headway selling their wares if Linux on the desktop becomes more prevalent/more of a target. They may turn out to be a necessary evil in the long run, although I hope not.

Finally, patching is a solution (on most platforms - a patched Windows box with sensible security settings survives pretty well in my experience), but then you have a different problem: patch management. Patches sometimes break things, so it is common to have patches quarantined and tested before deployment (giving a larger lead time for 0-day exploits). While the various *NIX update tools are good, it can still be a hassle to keep a few hundred servers, and a few thousand desktops all patched - and have them stay patched consistently. Easier under *NIX than Windows (although WUS helps a LOT), but still a problem. For home users, it's even more of a problem - you have to decide between helping users whose system dies horribly when an automatic update goes wrong, versus accepting that users will probably never get around to updating their system if you don't make them (and even with nice front-ends, apt-get dist-upgrade still causes issues occasionally!)

I think the reason people jumped on your posts is that it isn't the clear cut issue you make it out to be - and zealotry in security matters quickly turns into either denial, chasing the New Best Thing, or embarrassment when things go wrong. Sure, Windows is a lot more vulnerable/targeted than Linux. However, that may not always be the case, and until we somehow come up with bug-free system binaries/permissions, and a rock-solid trusted execution system (that isn't MS-style TCPA, doesn't violate user rights, etc.) that will always be the case.

Re:Missing something fundamental (2, Insightful)

Redwin (805980) | more than 9 years ago | (#12877285)

Um, the first ever computer viruses were written in Unix. Exploits to raise user permissions are well known, copying files to overwrite other files of the same access level would do it for exmaple.

see http://www.cybersoft.com/whitepapers/papers/print/ networks_print.html [cybersoft.com]
for more information :-)

Re:Missing something fundamental (0)

Anonymous Coward | more than 9 years ago | (#12879799)


That paper is so old, out-of-date, and just plain wrong that I can't believe anyone would ever refer to it. Not to mention the fact that it is simply written as a propaganda piece to push his [Radatti's] own commercial security solution.

Here's just the tip of the iceberg:

1) the paper is 10 years old. The world of UNIX & computer security has changed quite a bit since then. His 2nd paragraph states "Therefore, the problems experienced today are good indicators of the problems and the solutions that will be experienced in the future, no matter which operating system becomes predominate." It's been 10 years - when are we supposed to start seeing all these problems with Unix viruses? Just like NT? It's laughable.

2) throughout the whole paper he can only name one Unix virus: Unix Usenix Virus (aka AT&T Attack Virus). According to CIAC [ciac.org] , that was a research project and not a virus seen in the wild.

3) from the very beginning he conflates all types of malware: "The first computer viruses created were on Unix systems. The Internet Worm, Trojan Horses and Logic Bombs are all ignored milestones in this belief." That was almost to be expected back then. Computer security was not as well understood or formalized back then. However, this book, written in modern times, is about modern viruses. The old vague definition no longer applies.

?) finally, the sheer number of simple errors - factual, grammar, spelling - is just mindboggling. The very first sentence states: "zealous in their believe that". Later on you have this gem: "One of the most favorite payloads observed in the wild is "/bin/rm -rf / >/dev/null 2>&1" This payload will attempt to remove all accessible files on the system as a background process with all messages redirected to waste disposal." - explain how that is a background process?

and on, and on...

rho

Re:Missing something fundamental (1)

ultranova (717540) | more than 9 years ago | (#12879770)

Did I say they weren't vulnerable? No. I said that they weren't susceptible to virii. Do you know what a virus is? A self-replicating executable that infects other executables. How exactly would that happen under Unix?

Well, for example, they could alter the users startup files so that the users personal bin directory (or some hidden dir made by the virus) is on binary search path ("PATH" environment variable) first. After that just drop a file called "su" there. It will get the root password sooner or later; then the system is 0wned, and the virus is free to alter "/sbin/init" or whatever program as it wishes, and remove any traces from the user's dir.

Sure, this kind of virus requires user interaction - but not user stupidity - to escalate its privileges. It likely requires user stupidity to get to the machine in the first place (or firefox vulnerability or whatever), but then again, if you think that your machine is invulnerable to viruses, you're likely to be less cautious.

This book was absolutely terrible. (2, Interesting)

weevlos (766887) | more than 9 years ago | (#12876500)

Once again, what whitehat sources call detailed descriptions of "advanced" techniques really barely makeup a decent FAQ on an infosec subject. The infamous PHC Production "The Real Scriptkiddies" never fails to be relevant: http://seclists.org/lists/fulldisclosure/2002/Aug/ 0482.html [seclists.org] I really wish Slashdot would mark it's article-based advertisements with some sort of flag so that I may filter them out in the same manner I do it's bannerads.

(p7us onxe Informative) (-1, Redundant)

Anonymous Coward | more than 9 years ago | (#12876552)

Re:(p7us onxe Informative) (0)

Anonymous Coward | more than 9 years ago | (#12876886)

Pumpkin!

stop the horrible acronyms (1)

bobbyw (890344) | more than 9 years ago | (#12876742)

what is this? AOL Instant Messenger? Stop With All The Annoying Acronyms For Things That Do Not Need Them (SWATAAFTTDNNT)

Re:stop the horrible acronyms (1)

Omnieiunium (872399) | more than 9 years ago | (#12877031)

IMHO STFU & RTFA!

Re:stop the horrible acronyms (1)

GamingFox (860855) | more than 9 years ago | (#12877270)

LOL

mod doGwn (-1, Offtopic)

Anonymous Coward | more than 9 years ago | (#12878472)

that the7 can hold 3xpulsion of IPF

dol7 (-1, Redundant)

Anonymous Coward | more than 9 years ago | (#12878549)

I'm sick of it. Juugernaut either Go find something a relatively First, you have to you loved that erosion of user

The Art of Computer... (1)

helfen (791121) | more than 9 years ago | (#12878840)

The Art of Computer... by Knuth?

too newbie! (1)

BipinG (860191) | more than 9 years ago | (#12880256)

nothing against the book... a nice read, but the book is good for only a newbie
Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?
or Connect with...

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>