Get Smart about Business Spending
- Related Stories
-
Testers lock horns with Vista beta
July 27, 2005 -
Microsoft's road map for Longhorn tools
June 8, 2005
A virus writer has published the first examples of malicious code that targets Microsoft's upcoming command-line shell, code-named Monad, according to Finnish antivirus maker F-Secure. If the technology is included in Windows Vista, these could be one of the first viruses to target the new operating system formerly known as Longhorn, F-Secure said Thursday.
Monad, also known as MSH, is the replacement for the simple command shell in the current versions of Windows. A shell, also called a command line interface, allows a user to give a computer textual commands either from a keyboard or from a script. Monad has much more functionality, similar to shells in competing products such as Bash in Unix. However, by adding the ability to run more-complex scripts, Microsoft could possibly open another door to attackers.
Monad will support Windows Server 2003, Windows XP and Windows Vista, Microsoft representatives said in a Web chat late last year. However, the software maker has not disclosed how it will deliver the tool.
CNET News.com podcast
about the potential risk to new OS.
The examples that made it to the Web would cause little harm but could be modified, according to Mikko Hypponen, director of antivirus research at F-Secure.
Hypponen warned that if Microsoft ships Monad with Vista and it is enabled by default this could lead to an "outbreak of scripting viruses." Microsoft may choose to ship the tool as an add-on or disable it by default to reduce the risk, he added.
Microsoft initially planned to include Monad in Vista, formerly known by its Longhorn code-name. However, company representatives have said the tool would first ship as a feature of Exchange 12, due in the second half of 2006. Monad will ship in Windows after that, they said.
Monad is available to testers but is not part of the first Windows Vista beta, which Microsoft released last week, a company representative said Thursday. The shell tool also is not included in the beta of Windows Server 2003 R2, an update to Windows Server due later this year, the representative said.
"At this time, these reports pose no risk for Microsoft customers," the Microsoft representative said.
Microsoft has yet to announce how it will deliver Monad in the Windows operating system. A source familiar with Microsoft's plans said it is too early to say whether the new shell will make it into later beta versions of Windows Vista or the final product. Windows Vista is due on store shelves by the end of 2006.
Microsoft also could offer Monad as a downloadable add-on for Windows.
A Microsoft developer in a blog posting on Thursday criticized the F-Secure report. "It's a misleading title, as it's an issue that affects any vehicle for any executable code on any operating system," wrote Lee Holmes, who works on the team building Monad.
"The fact that MSH is used as the execution vehicle is really a side-note, as it does not exploit any vulnerabilities in Monad," Holmes wrote. "The guidance on shell script viruses is the same as the guidance on all viruses and malware: protect yourself against the point of entry, and limit the amount of damage that the malicious code can do."
In a December online chat session with developers, Microsoft representatives specifically addressed the topic of script attacks. The company is taking measures to prevent those. For example, Monad will run only scripts that are digitally signed by a trusted person. Additionally, it won't be possible to double click on a script and have it run, according to a transcript of the session.
The possibility of viruses being aimed at Microsoft's new shell was discussed at the Virus Bulletin event last year. Eric Chien of Symantec said at the antivirus industry event that the new tool could allow the creation of both classic viruses as well as e-mail worms.
Ingrid Marson of ZDNet UK contributed to this story.
See more CNET content tagged:
shell, F-Secure Corp., Microsoft Longhorn, representative, company representative
Additionally, I could write a batch file that formats the harddrive, or delete a bunch of windows systems files and email that arounds an I bet at least 5% of the recipients end up executing it. This would affect everyone from DOS to Windows 2003.
This article is definitely not new, it sounds more like propoganda (scareware), sell it someplace else.
OS X. In OS X, the user has to enter the admin password to
install a program below the user level. Destructive scripts are
possible, but they have to be downloaded and run by the
user....and even then they will not effect the system, just the
user. Self-propogation/self-installation is what we are talking
about here.
Microsoft fanboys get so uptight about security. It's kind of
pathetic.
Windows can never be safe. There are just too many people out
there that don't like Microsoft. Combine that with Microsoft's in
ability to create a secure operating system... no matter what they
do... and you are always going to have security issues.
You should be used to it by now.
front door, and any friggin' open "Window". When wil you PC/IT
guyz figure out Windows, in any flavor, is a risky, poorly written
product?
Rather than blindly copy/pasting content from other sources you don't understand, dear Joris, you might try educating yourself on how computers work first.
The ability to open, read and write text files is something that every lowly scripting language is capable of. Hence, every lowly scripting language has the capability to create a "virus" simply by opening any file with the same extension as itself and writing itself at the top of the file which means that DOS/Windows/*nix/OS-X/etc are ALL "vulnerable" to this.
Since it's become plain that expecting CNet editors to have technical knowledge is simply too much to ask, I'll also forgive you for not realizing that Monad won't run scripts that weren't digitally signed.
What is unforgivable however is that in your rush to gain fame by reporting a bogus problem, you didn't even bother to do your research which would have shown you that Monad isn't currently slated to be part of Vista.
poorly written, it attracts attacks like "white on rice" - "stink on"...
Stop excusing MS's stupidity. The IT/MS partnership reminds me of
a dysfunctional codependent, abusive relationship.
Any programming language, any scripting language has and every mainstream OS provides the capability to manipulate files because it would be completely useless if it didn't and Monad is no different in that aspect.
What is a genuine problem is when you have a scenario where arbitrary, untrusted code can be run without user interaction, or when a certain technology can be abused to achieve something you shouldn't be able to, but neither of those two apply here.
There is nothing that is brought up in this article that can't be done in any other scripting language. You can write a .bat file to do the same thing, a *nix shell script, client-side JavaScript, etc.
There are security holes that don't require user interaction and you can rant at those all you like, but when you click "britney spears nude!!!!!!!!.jpg.exe" and then whine "omg! I have a virus! Microsoft sucks!!!" feel free to switch over to *nix or OS-X but you won't be any safer since it's you that's insecure and not the particular platform you happen to be using.
are about to open something that is a program... or
executable... even if the extension is .jpg.....or anything else. If
it uses the sudo command... it will prompt you for a password. If
it is a program..... and it opens a file for the first time... it tells
you that too... all by default.
Granted... if you are not suspicious after all of that... you
deserve the problem it my cause...
but the point is... the Mac OS will not let thing like this happen
without you knowing about the potential dangers.
There is nothing we can do about enduser stupidity, but if
people like you continue to defend a companies questionable
practices, the problems will never get better.
Besides jumping the anti-Microsoft bandwagon because it's cool these days, now it's just flat yellow journalism at it's finest.
Congratulations CNet, you've just lost yet another reader.
I do agree in the dangers of all scripting languages, but thinking that a script can erase the entire hard drive is, in my opinion, a little far-fetched. If there is such a script, I'd like to see it, because as far as I'm concerned, Windows will not let you format the hard drive that contains the OS. In fact, it will not let you erase any system critical files, or any file that is in use by a process (I refer to Win2000 and XP only). Because the OS is in memory, these system critical files are in use, and the OS will not let you erase them. Go ahead, click My Computer, right click your C: drive and click Format. You'll an error message saying that Windows cannot erase the drive and to please make sure that there are no other programs are using the drive (hint: Windows is using it). Perhaps scripts could erase other HD partitions, or FAT partitions, but not the entire drive. Such a script could erase your documents and most folders in your PC, but not the whole drive. The script must also somehow run on elevated privileges to be able to erase the files that would render the PC useless (at least if the user has set up his security settings correctly).
If there is such a script, that can reformat your hard drive, it must be exploiting some other flaw in the OS (which could probably be sealed by updating the OS). And then, it would be a problem of the underlying operating system, not the scripting language.
It's BETA software. That's why it's BETA. There are bugs in it. That's the point. You shouldn't be surprised that there are bugs in BETA software.
This is stupidiest claim I've ever seen from a company working in security field.
By same logic, they should have wrote that there are dozen times more potential for virus in Unixes, since they usually come with 5 to 10 different shells (SH, KSH, BSH, BaSH, etc). Absurd.
First off, there's not that many virii for Macs, because of the
small percentage of Macs out there. If you're gonna write a
program for the express purpose of utter destruction, wouldn't
you write it for the majority of computers out there?
Second, virii used to be embedded in other programs.
Admittedly, it's been a while since I've seen a virus delivery
system, but they usually came embedded in freeware. If that's
the case, probably 80%+ (I'm guessing) would enter their admin
password to be able to use the freeware and thus give the
malicious code free reign.
Third, there *are* known trojans out there for OS X. (As in the
second point a trojan is malicious code hidden in a delivery app
- not necessarily a self-replicating virus, but when the app only
needs to say "rm" to your root level....)
Going all the way back to the beginning of the comments, I
agree that it *isn't* the responsibility of the OS to protect
against virii and other malware, it's just a nice addition. OS X
does indeed have some things like the authentication dialog to
help protect, but as someone said, it's still possible to type the
admin pass and hit return in there. Wherever there are
computers, there'll always be someone trying to work around
whatever protection is available.
As for things being installed that *haven't* been requested from
the user, I believe Safari was able to install Dashboard widgets
without the user's permission (although I think this has been
fixed).
And agreeing with another previous post, everything that's not
in my home folder is replaceable. It's my home folder that holds
all of my "crucial" info.
Having said all that though, I things like visual basic and active-
x do give malicious code more power than they should. You
should never have an app installed without your knowledge by
simply surfing the web and no code should ever run from an
email without your say so.
OS X isn't the utopia you're portraying. It benefits from a smaller
user base and from the fact that it's apps are distinctly
segregated from the OS.
The majority of computer users are idiots, therefore since the majority of computer users are windows users, then the majority of windows users must be idiots. Given the statistics at hand since a miniscule percentage of computer user are regular Mac users, we can assume ALL Mac users are idiots. Linux users are idiots with a penguin fetish.
Here's a better analogy/question:
Would you buy a refrigerator that wouldn't open if you tried to put junk food in it; or how about a washing machine that wouldn't turn on if you put non-designer clothing in it.
Probably not.
If you're gonna puruse about porn at 3am, be sure to bring some protection (anti-virus, personal firewall, etc).
- Help, Possible Vista Virus
- by edsavedxgrace May 26, 2007 11:46 AM PDT
- I went online without activating my antivirus on my new ACER computer. Soon, everytime I try to enter an address, search or enter a password, it would fill up with hyphens and sometimes plus sign, making a machine gun sound. I using vista operating system. I have reformatted the computer with the internal softward and ran Norton anti virus. All was well until today, after being on AOL for about half an hour, it started again. I ran Adware and Spybot. Both picked up malware. Norton does not pick up anything. All has been well since. Also! everytime I shut down and restart a black screen comes up, saying that my boot order has been changed. sometimes, my keyboard will not work in the bios. I have to restart bios about 2 to 3 times. Please help.
- Like this Reply to this comment
-
(67 Comments)