Virus writers are targeting a new Microsoft tool that will be part of Windows and is set to ship as part of the next Exchange e-mail server release.
A virus writer has published the first examples of malicious code that targets Microsoft's upcoming command-line shell, code-named Monad, according to Finnish antivirus maker F-Secure. If the technology is included in Windows Vista, these could be one of the first viruses to target the new operating system formerly known as Longhorn, F-Secure said Thursday.
Monad, also known as MSH, is the replacement for the simple command shell in the current versions of Windows. A shell, also called a command line interface, allows a user to give a computer textual commands either from a keyboard or from a script. Monad has much more functionality, similar to shells in competing products such as Bash in Unix. However, by adding the ability to run more-complex scripts, Microsoft could possibly open another door to attackers.
Monad will support Windows Server 2003, Windows XP and Windows Vista, Microsoft representatives said in a Web chat late last year. However, the software maker has not disclosed how it will deliver the tool.
Security reporter Joris Evers talks about the potential risk to new OS.
The examples that made it to the Web would cause little harm but could be modified, according to Mikko Hypponen, director of antivirus research at F-Secure.
Hypponen warned that if Microsoft ships Monad with Vista and it is enabled by default this could lead to an "outbreak of scripting viruses." Microsoft may choose to ship the tool as an add-on or disable it by default to reduce the risk, he added.
Microsoft initially planned to include Monad in Vista, formerly known by its Longhorn code-name. However, company representatives have said the tool would first ship as a feature of Exchange 12, due in the second half of 2006. Monad will ship in Windows after that, they said.
Monad is available to testers but is not part of the first Windows Vista beta, which Microsoft released last week, a company representative said Thursday. The shell tool also is not included in the beta of Windows Server 2003 R2, an update to Windows Server due later this year, the representative said.
"At this time, these reports pose no risk for Microsoft customers," the Microsoft representative said.
Microsoft has yet to announce how it will deliver Monad in the Windows operating system. A source familiar with Microsoft's plans said it is too early to say whether the new shell will make it into later beta versions of Windows Vista or the final product. Windows Vista is due on store shelves by the end of 2006.
Microsoft also could offer Monad as a downloadable add-on for Windows.
A Microsoft developer in a blog posting on Thursday criticized the F-Secure report. "It's a misleading title, as it's an issue that affects any vehicle for any executable code on any operating system," wrote Lee Holmes, who works on the team building Monad.
"The fact that MSH is used as the execution vehicle is really a side-note, as it does not exploit any vulnerabilities in Monad," Holmes wrote. "The guidance on shell script viruses is the same as the guidance on all viruses and malware: protect yourself against the point of entry, and limit the amount of damage that the malicious code can do."
In a December online chat session with developers, Microsoft representatives specifically addressed the topic of script attacks. The company is taking measures to prevent those. For example, Monad will run only scripts that are digitally signed by a trusted person. Additionally, it won't be possible to double click on a script and have it run, according to a transcript of the session.
The possibility of viruses being aimed at Microsoft's new shell was discussed at the Virus Bulletin event last year. Eric Chien of Symantec said at the antivirus industry event that the new tool could allow the creation of both classic viruses as well as e-mail worms.
Ingrid Marson of ZDNet UK contributed to this story.
Since when is it the responsibility of the OS vendor to protect the user from viruses. It would be an impossible task to create an OS where it was simple impossible to create viruses. You would have a completely useless environment.
Additionally, I could write a batch file that formats the harddrive, or delete a bunch of windows systems files and email that arounds an I bet at least 5% of the recipients end up executing it. This would affect everyone from DOS to Windows 2003.
This article is definitely not new, it sounds more like propoganda (scareware), sell it someplace else.
It is currently impossible to right a self-propogating program for OS X. In OS X, the user has to enter the admin password to install a program below the user level. Destructive scripts are possible, but they have to be downloaded and run by the user....and even then they will not effect the system, just the user. Self-propogation/self-installation is what we are talking about here. Microsoft fanboys get so uptight about security. It's kind of pathetic. Windows can never be safe. There are just too many people out there that don't like Microsoft. Combine that with Microsoft's in ability to create a secure operating system... no matter what they do... and you are always going to have security issues. You should be used to it by now.
MSH currently has nothing to do specifically with Vista, it will work on XP, 2003 and future releases - so why make this seem like this is a Vista specific problem? In addition nowhere do you state the specific threat posed but rather state that there MIGHT be a threat (big difference). Obviously your bias against MS is very visible here, never mind the fact that both vista and MSH are beta products right now.
Wow, you 'nix/mac kids just can't keep your noses out of MS related stories can you. Always have to throw your $.02 in even though you aren't contributing anything useful.
Cnet is rushing like everyone else (what, you're trying to beat Slashdot?) to report a non-story. Monad doesn't ship w/ Vista. It's not in the beta. I can right a .bat or .cmd that does something way worse than the given .msh. Jeez! Why do I bother coming here to read stories at all? I have to spend so much time trying to find content in amongst the slop. Take some time and do some research and fact-checking, already.
Most existing OSs today support scripting as well like Mac, Unix, OS/400 and Linux. Anyone can create any dangerous script anywhere. Remove all references to Microsoft in the article, replace with a different company/platform/product and the article sends the same message.
Only MS operating systems let the attackers in the back door, the front door, and any friggin' open "Window". When wil you PC/IT guyz figure out Windows, in any flavor, is a risky, poorly written product?
... would be: "All existing OSes vulnerable to executable code".
Rather than blindly copy/pasting content from other sources you don't understand, dear Joris, you might try educating yourself on how computers work first.
The ability to open, read and write text files is something that every lowly scripting language is capable of. Hence, every lowly scripting language has the capability to create a "virus" simply by opening any file with the same extension as itself and writing itself at the top of the file which means that DOS/Windows/*nix/OS-X/etc are ALL "vulnerable" to this.
Since it's become plain that expecting CNet editors to have technical knowledge is simply too much to ask, I'll also forgive you for not realizing that Monad won't run scripts that weren't digitally signed.
What is unforgivable however is that in your rush to gain fame by reporting a bogus problem, you didn't even bother to do your research which would have shown you that Monad isn't currently slated to be part of Vista.
Jan: It's clearly mentioned in the story that Monad will only run scripts that are digitally signed. It's also clearly stated that Monad isn't part of the first Vista beta, but that Microsoft says that it will be included in future releases.
It seems that just like the author you are clueless about what the supposed vulnerability is all about.
Any programming language, any scripting language has and every mainstream OS provides the capability to manipulate files because it would be completely useless if it didn't and Monad is no different in that aspect.
What is a genuine problem is when you have a scenario where arbitrary, untrusted code can be run without user interaction, or when a certain technology can be abused to achieve something you shouldn't be able to, but neither of those two apply here.
There is nothing that is brought up in this article that can't be done in any other scripting language. You can write a .bat file to do the same thing, a *nix shell script, client-side JavaScript, etc.
There are security holes that don't require user interaction and you can rant at those all you like, but when you click "britney spears nude!!!!!!!!.jpg.exe" and then whine "omg! I have a virus! Microsoft sucks!!!" feel free to switch over to *nix or OS-X but you won't be any safer since it's you that's insecure and not the particular platform you happen to be using.
The mac os is not fooled by fake extensions. It tells you if you are about to open something that is a program... or executable... even if the extension is .jpg.....or anything else. If it uses the sudo command... it will prompt you for a password. If it is a program..... and it opens a file for the first time... it tells you that too... all by default. Granted... if you are not suspicious after all of that... you deserve the problem it my cause... but the point is... the Mac OS will not let thing like this happen without you knowing about the potential dangers. There is nothing we can do about enduser stupidity, but if people like you continue to defend a companies questionable practices, the problems will never get better.
First of all I'd like to say that I'm not one bit surprised that a bug has already been found in Vista. I think that there will always be security holes in MS OSes (ok, for all you MS lackeys, there will always be security holes in ALL OSes. Hope you're happy now.) Ok, so it's beta. Bugs are common in betas. I had never heard of Monad before and certainly don't know if it will ship with Vista. We can only hope it will be fixed before it is released.
I do agree in the dangers of all scripting languages, but thinking that a script can erase the entire hard drive is, in my opinion, a little far-fetched. If there is such a script, I'd like to see it, because as far as I'm concerned, Windows will not let you format the hard drive that contains the OS. In fact, it will not let you erase any system critical files, or any file that is in use by a process (I refer to Win2000 and XP only). Because the OS is in memory, these system critical files are in use, and the OS will not let you erase them. Go ahead, click My Computer, right click your C: drive and click Format. You'll an error message saying that Windows cannot erase the drive and to please make sure that there are no other programs are using the drive (hint: Windows is using it). Perhaps scripts could erase other HD partitions, or FAT partitions, but not the entire drive. Such a script could erase your documents and most folders in your PC, but not the whole drive. The script must also somehow run on elevated privileges to be able to erase the files that would render the PC useless (at least if the user has set up his security settings correctly). If there is such a script, that can reformat your hard drive, it must be exploiting some other flaw in the OS (which could probably be sealed by updating the OS). And then, it would be a problem of the underlying operating system, not the scripting language.
F-Secure found no vulnerability or bug in Monad shell. All they claim is that they've wrote a virus using it, instead of creating EXE, CMD, BAT, JS or other type of executable.
This is stupidiest claim I've ever seen from a company working in security field.
By same logic, they should have wrote that there are dozen times more potential for virus in Unixes, since they usually come with 5 to 10 different shells (SH, KSH, BSH, BaSH, etc). Absurd.
First off, there's not that many virii for Macs, because of the small percentage of Macs out there. If you're gonna write a program for the express purpose of utter destruction, wouldn't you write it for the majority of computers out there?
Second, virii used to be embedded in other programs. Admittedly, it's been a while since I've seen a virus delivery system, but they usually came embedded in freeware. If that's the case, probably 80%+ (I'm guessing) would enter their admin password to be able to use the freeware and thus give the malicious code free reign.
Third, there *are* known trojans out there for OS X. (As in the second point a trojan is malicious code hidden in a delivery app - not necessarily a self-replicating virus, but when the app only needs to say "rm" to your root level....)
Going all the way back to the beginning of the comments, I agree that it *isn't* the responsibility of the OS to protect against virii and other malware, it's just a nice addition. OS X does indeed have some things like the authentication dialog to help protect, but as someone said, it's still possible to type the admin pass and hit return in there. Wherever there are computers, there'll always be someone trying to work around whatever protection is available.
As for things being installed that *haven't* been requested from the user, I believe Safari was able to install Dashboard widgets without the user's permission (although I think this has been fixed).
And agreeing with another previous post, everything that's not in my home folder is replaceable. It's my home folder that holds all of my "crucial" info.
Having said all that though, I things like visual basic and active- x do give malicious code more power than they should. You should never have an app installed without your knowledge by simply surfing the web and no code should ever run from an email without your say so.
OS X isn't the utopia you're portraying. It benefits from a smaller user base and from the fact that it's apps are distinctly segregated from the OS.
referring to my earlier post, user base makes little difference. apache is 3x as popular as IIS yet hardly suffers any attacks compared to IIS. windows is insecure by nature (and these aren't clickall idiots, these systems are maintained by trained admins). OSX's unix roots are harder to crack since UNIX and Linux have been built with security in mind for years. oh and to anyone who might disagree with my above statement: hackers target companies far more than they want to target home users. there is more disruption in hitting companies with viruses.
I guess they don't have a decent spell check on the mac. Despite that virii, thing that guys blurb was the best one yet.
The majority of computer users are idiots, therefore since the majority of computer users are windows users, then the majority of windows users must be idiots. Given the statistics at hand since a miniscule percentage of computer user are regular Mac users, we can assume ALL Mac users are idiots. Linux users are idiots with a penguin fetish.
Operating systems execute code...they are a functioning piece of software not a control mechanism.
Here's a better analogy/question:
Would you buy a refrigerator that wouldn't open if you tried to put junk food in it; or how about a washing machine that wouldn't turn on if you put non-designer clothing in it.
Probably not.
If you're gonna puruse about porn at 3am, be sure to bring some protection (anti-virus, personal firewall, etc).
I went online without activating my antivirus on my new ACER computer. Soon, everytime I try to enter an address, search or enter a password, it would fill up with hyphens and sometimes plus sign, making a machine gun sound. I using vista operating system. I have reformatted the computer with the internal softward and ran Norton anti virus. All was well until today, after being on AOL for about half an hour, it started again. I ran Adware and Spybot. Both picked up malware. Norton does not pick up anything. All has been well since. Also! everytime I shut down and restart a black screen comes up, saying that my boot order has been changed. sometimes, my keyboard will not work in the bios. I have to restart bios about 2 to 3 times. Please help.
Web giant is spending $120 million to beef up its Mountain View, Calif., headquarters, according to filings with the city reviewed by the San Jose Mercury News.
The Samsung Galaxy Mini 2 S6500 could make its debut at the Mobile World Congress in Barcelona later this month, according to a leaked promotional image.
MIT creates a simulation to celebrate the 50th anniversary of Spacewar. A relic of the early days of minicomputers, it was one of the first computer video games and set the stage for many others, including Asteroids.
Additionally, I could write a batch file that formats the harddrive, or delete a bunch of windows systems files and email that arounds an I bet at least 5% of the recipients end up executing it. This would affect everyone from DOS to Windows 2003.
This article is definitely not new, it sounds more like propoganda (scareware), sell it someplace else.
OS X. In OS X, the user has to enter the admin password to
install a program below the user level. Destructive scripts are
possible, but they have to be downloaded and run by the
user....and even then they will not effect the system, just the
user. Self-propogation/self-installation is what we are talking
about here.
Microsoft fanboys get so uptight about security. It's kind of
pathetic.
Windows can never be safe. There are just too many people out
there that don't like Microsoft. Combine that with Microsoft's in
ability to create a secure operating system... no matter what they
do... and you are always going to have security issues.
You should be used to it by now.
front door, and any friggin' open "Window". When wil you PC/IT
guyz figure out Windows, in any flavor, is a risky, poorly written
product?
Rather than blindly copy/pasting content from other sources you don't understand, dear Joris, you might try educating yourself on how computers work first.
The ability to open, read and write text files is something that every lowly scripting language is capable of. Hence, every lowly scripting language has the capability to create a "virus" simply by opening any file with the same extension as itself and writing itself at the top of the file which means that DOS/Windows/*nix/OS-X/etc are ALL "vulnerable" to this.
Since it's become plain that expecting CNet editors to have technical knowledge is simply too much to ask, I'll also forgive you for not realizing that Monad won't run scripts that weren't digitally signed.
What is unforgivable however is that in your rush to gain fame by reporting a bogus problem, you didn't even bother to do your research which would have shown you that Monad isn't currently slated to be part of Vista.
poorly written, it attracts attacks like "white on rice" - "stink on"...
Stop excusing MS's stupidity. The IT/MS partnership reminds me of
a dysfunctional codependent, abusive relationship.
Any programming language, any scripting language has and every mainstream OS provides the capability to manipulate files because it would be completely useless if it didn't and Monad is no different in that aspect.
What is a genuine problem is when you have a scenario where arbitrary, untrusted code can be run without user interaction, or when a certain technology can be abused to achieve something you shouldn't be able to, but neither of those two apply here.
There is nothing that is brought up in this article that can't be done in any other scripting language. You can write a .bat file to do the same thing, a *nix shell script, client-side JavaScript, etc.
There are security holes that don't require user interaction and you can rant at those all you like, but when you click "britney spears nude!!!!!!!!.jpg.exe" and then whine "omg! I have a virus! Microsoft sucks!!!" feel free to switch over to *nix or OS-X but you won't be any safer since it's you that's insecure and not the particular platform you happen to be using.
are about to open something that is a program... or
executable... even if the extension is .jpg.....or anything else. If
it uses the sudo command... it will prompt you for a password. If
it is a program..... and it opens a file for the first time... it tells
you that too... all by default.
Granted... if you are not suspicious after all of that... you
deserve the problem it my cause...
but the point is... the Mac OS will not let thing like this happen
without you knowing about the potential dangers.
There is nothing we can do about enduser stupidity, but if
people like you continue to defend a companies questionable
practices, the problems will never get better.
Besides jumping the anti-Microsoft bandwagon because it's cool these days, now it's just flat yellow journalism at it's finest.
Congratulations CNet, you've just lost yet another reader.
I do agree in the dangers of all scripting languages, but thinking that a script can erase the entire hard drive is, in my opinion, a little far-fetched. If there is such a script, I'd like to see it, because as far as I'm concerned, Windows will not let you format the hard drive that contains the OS. In fact, it will not let you erase any system critical files, or any file that is in use by a process (I refer to Win2000 and XP only). Because the OS is in memory, these system critical files are in use, and the OS will not let you erase them. Go ahead, click My Computer, right click your C: drive and click Format. You'll an error message saying that Windows cannot erase the drive and to please make sure that there are no other programs are using the drive (hint: Windows is using it). Perhaps scripts could erase other HD partitions, or FAT partitions, but not the entire drive. Such a script could erase your documents and most folders in your PC, but not the whole drive. The script must also somehow run on elevated privileges to be able to erase the files that would render the PC useless (at least if the user has set up his security settings correctly).
If there is such a script, that can reformat your hard drive, it must be exploiting some other flaw in the OS (which could probably be sealed by updating the OS). And then, it would be a problem of the underlying operating system, not the scripting language.
It's BETA software. That's why it's BETA. There are bugs in it. That's the point. You shouldn't be surprised that there are bugs in BETA software.
This is stupidiest claim I've ever seen from a company working in security field.
By same logic, they should have wrote that there are dozen times more potential for virus in Unixes, since they usually come with 5 to 10 different shells (SH, KSH, BSH, BaSH, etc). Absurd.
First off, there's not that many virii for Macs, because of the
small percentage of Macs out there. If you're gonna write a
program for the express purpose of utter destruction, wouldn't
you write it for the majority of computers out there?
Second, virii used to be embedded in other programs.
Admittedly, it's been a while since I've seen a virus delivery
system, but they usually came embedded in freeware. If that's
the case, probably 80%+ (I'm guessing) would enter their admin
password to be able to use the freeware and thus give the
malicious code free reign.
Third, there *are* known trojans out there for OS X. (As in the
second point a trojan is malicious code hidden in a delivery app
- not necessarily a self-replicating virus, but when the app only
needs to say "rm" to your root level....)
Going all the way back to the beginning of the comments, I
agree that it *isn't* the responsibility of the OS to protect
against virii and other malware, it's just a nice addition. OS X
does indeed have some things like the authentication dialog to
help protect, but as someone said, it's still possible to type the
admin pass and hit return in there. Wherever there are
computers, there'll always be someone trying to work around
whatever protection is available.
As for things being installed that *haven't* been requested from
the user, I believe Safari was able to install Dashboard widgets
without the user's permission (although I think this has been
fixed).
And agreeing with another previous post, everything that's not
in my home folder is replaceable. It's my home folder that holds
all of my "crucial" info.
Having said all that though, I things like visual basic and active-
x do give malicious code more power than they should. You
should never have an app installed without your knowledge by
simply surfing the web and no code should ever run from an
email without your say so.
OS X isn't the utopia you're portraying. It benefits from a smaller
user base and from the fact that it's apps are distinctly
segregated from the OS.
The majority of computer users are idiots, therefore since the majority of computer users are windows users, then the majority of windows users must be idiots. Given the statistics at hand since a miniscule percentage of computer user are regular Mac users, we can assume ALL Mac users are idiots. Linux users are idiots with a penguin fetish.
Here's a better analogy/question:
Would you buy a refrigerator that wouldn't open if you tried to put junk food in it; or how about a washing machine that wouldn't turn on if you put non-designer clothing in it.
Probably not.
If you're gonna puruse about porn at 3am, be sure to bring some protection (anti-virus, personal firewall, etc).