Date: Wed, 01 Aug 2001 21:07:00 -0400 From: Matthew Hagerty <mhagerty@voyager.net> To: freebsd-questions@FreeBSD.ORG Subject: Re: just how many known viruses are there for FreeBSD? Message-ID: <5.0.2.1.2.20010801204128.023a77e8@pop.voyager.net> In-Reply-To: <20010801193228.P56755@acadia.ne.mediaone.net> References: <BBDEEDD2EB67D311A0240008C74B9345129C52@ntxmidcity.sdccd.cc.ca.us> <BBDEEDD2EB67D311A0240008C74B9345129C52@ntxmidcity.sdccd.cc.ca.us>
next in thread | previous in thread | raw e-mail | index | archive | help
Okay, this is going way off tangent. I feel like I'm reading=20 slash-dot... I suggest anyone participating in this conversation go teach= =20 them selves how to program in x86 assembly on ISA/PCI architecture=20 machines, and C before make more any more claims about what is and is not=20 possible. It is one thing to speculate about how something might work, but= =20 spreading bogus information as if it is fact, is not ethical. To begin with, what "low level" calls are you referring to? BIOS=20 interrupts or something? Uh, you can call those from VB, C, C++, Assembly,= =20 etc. they are not language specific. Also, if you write a program that=20 does not access any of the OS API calls, i.e. to open a window, open a=20 file, etc. then again, it does not matter what language you use. A program, ANY program, no matter what language it is written in and for=20 what OS, has to be converted into "machine code" instructions that can be=20 executed on the host platform. That conversion process may be via a=20 compiler, i.e. C and Assembly, or via an interpreter like BASIC or=20 PERL. But, just having machine instructions, i.e. a processor executable=20 binary does not mean it will run on the host platform. That's where a=20 linker comes in to play. It prepares raw machine code for execution on the= =20 host platform. Also, any x86 processor >=3D the 286 has what is called "protected mode"=20 where certain parts of the system are protected at the hardware level by=20 the CPU. The first program to put the CPU into protected mode remains in=20 complete control of the system, and this program is usually the OS=20 kernel. So, even a slick Assembly program will be stopped by the CPU=20 hardware if it tries to step out of bounds. Now, if the "virus" program is= =20 the first to put the CPU into protected mode then it would have control,=20 but that would indicate that you have physical access to the machine and=20 can reboot it. So to make such a virus work you would have to get it on a= =20 hard drive (or boot device) in a place where it will be the first thing to= =20 run at boot time, and then boot the computer. Any UN*X worth its salt is=20 going to prevent you from doing that while it is running, and if you do=20 have physical access to the machine and are set on destroying it, you don't= =20 need a virus. Just stick in a plain old DOS boot disk, fdisk the drive and= =20 format it... What you are claiming, i.e. an program that is OS independent, can be done= =20 (check out command.com, i.e. DOS), but on a UN*X platform you won't be able= =20 to install such a virus while the OS in running, and if you get "root" on=20 the box, you don't need the virus. And even for the virus to infect the=20 host, it will still have to execute WITHIN the host computer's OS=20 environment, which means it will most likely be stopped dead by the OS, or= =20 the CPU in hardware, for trying to perform an illegal operation. There is much much more to this, and I urge you all to learn more about x86= =20 hardware, Assembly programming, and "real" C programming before making=20 bogus claims. Matthew At 07:32 PM 8/1/2001 -0400, you wrote: >Precisely. This is why your average Windows virus will not run on any >OS. Wether it is written in C, C++, or VB, it is going to use the OS >interface to screw up your stuff. If you have one written entirely in >assembly, you can access low level routines that get around the OS >interface. This is the whole idea between a multi-OS program or >virus. If you don't rely on the OS, you can run on any OS as long as >the hardware is right. > >There's my $0.02 >L >On 08/01/01 04:34 PM, Erin Fortenberry sat at the `puter and typed: > > > So, why doesn't M$ word run on my FreeBSD machine without an emulator? > > > :) > > > > uh, because it is looking for lib's and an API the just doesn't exist on > > UNIX without said emulator. Don't forget there is a big difference= between > > c:\ and /. > > > > > > Just my $.02 > > > > > > Erin > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-questions" in the body of the message > > > >-- >Louis LeBlanc leblanc@acadia.ne.mediaone.net >Fully Funded Hobbyist, KeySlapper Extrordinaire :) >http://acadia.ne.mediaone.net =D4=BF=D4=AC > >Weinberg's Second Law: > If builders built buildings the way programmers wrote programs, > then the first woodpecker that came along would destroy civilization. > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-questions" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5.0.2.1.2.20010801204128.023a77e8>