From: Reid Sweatman (borderland_at_[hidden])
Date: 2000-07-31 12:30:50
If you want to see some proof of your proposition, check out the last issue
of Schneier's CryptoGram, which contains a link to an article by a group of
Polish programmers who wrote an article called "What if Smart People Wrote
Viruses," or something like that. They supply enough source to make their
claims plausible. If they're indeed right, I sure hope no one ever releases
something like that into the wild. Funny thing was, this was right after
the Phillipine virus hit, and I'd just that morning had the thought that,
"Hell, any real programmer could do light years better than that," and
immediately thought of two things that could be added to the Phillipine
virus to really make it nasty, namely, self-modification and
self-relocation. I tend to believe the Polish authors because they
implemented those two, and went on to a couple of other tweaks I hadn't
thought of. For instance, their version worked cross-platform (which
required them to go outside of simple scripting languages to some extent; I
was just thinking of VB), and invoked a floating network registry server to
communicate about machines they'd discovered but couldn't personally infect.
So, yeah, I agree with you totally. If you don't already have the link, you
can find it at www.counterpane.com.
> -----Original Message-----
> From: bonnard_at_[hidden] [mailto:bonnard_at_[hidden]]On Behalf Of
> Valentin Bonnard
> Sent: Saturday, July 29, 2000 5:45 PM
> To: boost_at_[hidden]
> Subject: [Off-topic] Java viruses (Was: Re: Plain text please ! (Was:
> Re: [boost] Re: build system?))
> David Allan Finch wrote:
> > Valentin Bonnard wrote:
> > > (It isn't the HTML which contains viruses/worms/bombs, it's
> > > the Java.* code. Never mind.)
> > You have seen or heard of a Java virus?
> I have never seen one. But Java is just another programming
> language, and one can write viruses in just any language.
> > I think you are mistaking this with a Visual Basic virus.
> No, I know what Java is and what VB is.
> > Java runs
> > in a 'sandbox' which protects you from it getting at you OS
> > without your specific concent unlike a M$ Visual Basic script
> > which can scrible all over your M$ OS at it whim.
> In theory. I have seen a Java program that had a tendancy to
> dump core. There are some Java-related exploit and I don't
> see why that would stop. There was also the mis-feature
> that once you have downloaded a Java bytecode and saved
> it on your disk, it can anything it wants (because it is then
> a local file).
> Valentin Bonnard
Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk