www.nettime.org
Nettime mailing list archives

Re: <nettime> Viruses on the Internet: Monoculture breeds parasites
Felix Stalder on Sat, 13 May 2000 00:28:59 +0200 (CEST)


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: <nettime> Viruses on the Internet: Monoculture breeds parasites


I'm not a technician, but I doubt that the reasons why there has never been
a virus for  linux or only very few for apple is due to the technical
superiority of these systems. I suspect that this has more to do with a
cooperative user culture and a different rate of distribution.

There are many other ways to create and spread viruses than as email
attachments. A recent post in Phil Agre's RRE describes a virus that would
run on any machine and does not need users to activate it. This virus has
been designed to achieve the following characteristics:

1: Portability - worm must be architecture-independent, and should work on
   different operating systems (in fact, we focused on Unix/Unix-alikes, but
   developed even DOS/Win code).

2: Invisibility - worm must implement stealth/masquerading techniques to hide
   itself in live system and stay undetected as long as it's possible.

3: Independence - worm must be able to spread autonomically, with no user
   interaction, using built-in exploit database.

4: Learning - worm should be able to learn new exploits and techniques
   instantly; by launching one instance of updated worm, all other worms,
   using special communication channels (wormnet), should download updated
   version.

5: Integrity - single worms and wormnet structure should be really difficult
   to trace and modify/intrude/kill (encryption, signing).

6: Polymorphism - worm should be fully polymorphic, with no constant
   portion of (specific) code, to avoid detection.

7: Usability - worm should be able to realize choosen mission objectives -
   eg. infect choosen system, then download instructions, and, when
   mission is completed, simply disappear from all systems.

<http://commons.somewhere.com/rre/2000/RRE.worm.design.html>.


That fact that Outlook doesn't run on Linux will help you less than the
fact that there are few geeks willing to destroy the Linux culture.

Felix





>On Wed, May 10, 2000 at 05:19:37PM -0400, Felix Stalder wrote:
>> Scott Culp, from the Microsoft Security Response Center was, in a sense,
>> right when he told the same newspaper: "This is a general issue, not a
>> Microsoft issue. You can write a virus for any platform."
>
>This is simply false.  If your mail program doesn't run executables
>that it receives, there is no way that anyone can write a virus for
>your platform.
>
>My home computer is running Linux; my mail-retrieval utility is
>Fetchmail, and my mail agent is Mutt.  These programs simply do not
>run executables that they receive.  There is no reason that they
>should.  If someone sends me a program, and I want to run it, I'm
>perfectly capable of doing that myself.  It's completely absurd for a
>mail agent to make that decision for the user.
>
>There are no viruses for Linux because Microsoft Outlook doesn't run
>on Linux.  It's that simple.
>
>Benjamin Geer
>Software Engineer



------------------------------------------
Les faits sont faits.
http://www.fis.utoronto.ca/~stalder

#  distributed via <nettime>: no commercial use without permission
#  <nettime> is a moderated mailing list for net criticism,
#  collaborative text filtering and cultural politics of the nets
#  more info: majordomo {AT} bbs.thing.net and "info nettime-l" in the msg body
#  archive: http://www.nettime.org contact: nettime {AT} bbs.thing.net