Conditions Required for Support of Virus Activity

Recalling that there are no general definitions of "computer viruses," let's agree to use this term to designate all programs capable for stealth self-reproduction. The latter might be done by the virus on its own (infection takes place without user intervention; to become infected, it is enough to connect to the network), or the virus might awaken after the user starts an infected program.

I'll formulate the minimum requirements of self-reproducing programs for their environment:

  • There are executable objects in the operating system.

  • It is possible to modify these objects and/or create new ones.

  • Different habitats exchange executable objects.

Here, the term "executable object" must be interpreted as some abstract entity capable of controlling computer behavior at its own discretion. This definition is not the best or the most correct one. However, any attempt at individualizing this definition or making it more precise results in loss of actual meaning. For example, a text file in the ASCII format is interpreted in a determinate way and, at first glance, cannot serve as a natural habitat for a virus. However, if a text editor contains some buffer overflow error, then there is an actual threat of inserting machine code into such files, with subsequent passing of control to this code. This, in turn , means that it is impossible to state beforehand, which object is executable and which object isn't.

In practice, the following three types of executable objects must be considered : disk files, main memory, and boot sectors.

The process of virus propagation in general is reduced to modification of executable objects to ensure that the infected object gains control at least once. Operating systems of the UNIX family by default do not allow users to modify executable files, providing only root with this privilege. This seriously complicates propagation of viruses; however, it doesn't make propagation impossible. First, not all UNIX users realize the potential threat of logging into the system with the root privileges, and they make excessive use of it without any practical need. Second, some applications can work only under root, and in some systems it is impossible to create a virtual user isolated from all other files of the system. Third, the presence of security holes in the software allows the virus to bypass the existing limitations.

This is even truer if you take into account that, in addition to executable files, in UNIX systems there are lots of interpreted files (further on, called simply scripts). In contrast to the Windows world, where the batch files play an auxiliary role, every self-respecting UNIX user implements every frequently carried out action as a script, after which he or she forgets about it. This is true not only for the command line but also for report generators, interactive Web pages, multiple maintenance applications, and so on. Modification of script files usually doesn't require any specific rights and privileges; therefore, they usually become the first candidates for infection. In addition to this, viruses can infect source code of programs, as well as source code of the operating system, including compilers (in most cases, their modification is allowed).

Frankly, the reason for low virus activity is not UNIX security or reliability. On the contrary, it is the adopted scheme of the software distribution. UNIX users practically do not exchange executable files. Instead, UNIX users prefer to download all required programs from the original source, most frequently in the form of the source code. Although there are precedents of capturing control over Web or FTP servers and infecting their contents with Trojans, there have been no serious epidemics. It should be mentioned, however, that local sources of infections did appear, which means that the threat of a dangerous epidemic is quite real.

The aggressive policy of Linux promotion treacherously moves this operating system to the market of home and office PCs in other words, to the application areas that are not typical for UNIX, where its power is not needed and might even become harmful . When UNIX gains popularity among unqualified users, it will automatically lose its status as a virus-free system, and users won't have to wait long for devastating epidemics. The main problem is whether the user community will face this challenge equipped with a thorough knowledge or whether it will once again let the chance slip.



Shellcoder's Programming Uncovered
Shellcoders Programming Uncovered (Uncovered series)
ISBN: 193176946X
EAN: 2147483647
Year: 2003
Pages: 164

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net