From owner-freebsd-questions Wed Aug 1 18: 5:27 2001 Delivered-To: freebsd-questions@freebsd.org Received: from mail2.mx.voyager.net (mail2.mx.voyager.net [216.93.66.201]) by hub.freebsd.org (Postfix) with ESMTP id 9A0F837B401 for ; Wed, 1 Aug 2001 18:05:22 -0700 (PDT) (envelope-from mhagerty@voyager.net) Received: from thunderbird.voyager.net (216-93-124-123.mdmmi.voyager.net [216.93.124.123]) by mail2.mx.voyager.net (8.10.2/8.10.2) with ESMTP id f7215bo47383 for ; Wed, 1 Aug 2001 21:05:37 -0400 (EDT) Message-Id: <5.0.2.1.2.20010801204128.023a77e8@pop.voyager.net> X-Sender: mhagerty@pop.voyager.net X-Mailer: QUALCOMM Windows Eudora Version 5.0.2 Date: Wed, 01 Aug 2001 21:07:00 -0400 To: freebsd-questions@FreeBSD.ORG From: Matthew Hagerty Subject: Re: just how many known viruses are there for FreeBSD? In-Reply-To: <20010801193228.P56755@acadia.ne.mediaone.net> References: Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1"; format=flowed Content-Transfer-Encoding: quoted-printable Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Okay, this is going way off tangent. I feel like I'm reading=20 slash-dot... I suggest anyone participating in this conversation go teach= =20 them selves how to program in x86 assembly on ISA/PCI architecture=20 machines, and C before make more any more claims about what is and is not=20 possible. It is one thing to speculate about how something might work, but= =20 spreading bogus information as if it is fact, is not ethical. To begin with, what "low level" calls are you referring to? BIOS=20 interrupts or something? Uh, you can call those from VB, C, C++, Assembly,= =20 etc. they are not language specific. Also, if you write a program that=20 does not access any of the OS API calls, i.e. to open a window, open a=20 file, etc. then again, it does not matter what language you use. A program, ANY program, no matter what language it is written in and for=20 what OS, has to be converted into "machine code" instructions that can be=20 executed on the host platform. That conversion process may be via a=20 compiler, i.e. C and Assembly, or via an interpreter like BASIC or=20 PERL. But, just having machine instructions, i.e. a processor executable=20 binary does not mean it will run on the host platform. That's where a=20 linker comes in to play. It prepares raw machine code for execution on the= =20 host platform. Also, any x86 processor >=3D the 286 has what is called "protected mode"=20 where certain parts of the system are protected at the hardware level by=20 the CPU. The first program to put the CPU into protected mode remains in=20 complete control of the system, and this program is usually the OS=20 kernel. So, even a slick Assembly program will be stopped by the CPU=20 hardware if it tries to step out of bounds. Now, if the "virus" program is= =20 the first to put the CPU into protected mode then it would have control,=20 but that would indicate that you have physical access to the machine and=20 can reboot it. So to make such a virus work you would have to get it on a= =20 hard drive (or boot device) in a place where it will be the first thing to= =20 run at boot time, and then boot the computer. Any UN*X worth its salt is=20 going to prevent you from doing that while it is running, and if you do=20 have physical access to the machine and are set on destroying it, you don't= =20 need a virus. Just stick in a plain old DOS boot disk, fdisk the drive and= =20 format it... What you are claiming, i.e. an program that is OS independent, can be done= =20 (check out command.com, i.e. DOS), but on a UN*X platform you won't be able= =20 to install such a virus while the OS in running, and if you get "root" on=20 the box, you don't need the virus. And even for the virus to infect the=20 host, it will still have to execute WITHIN the host computer's OS=20 environment, which means it will most likely be stopped dead by the OS, or= =20 the CPU in hardware, for trying to perform an illegal operation. There is much much more to this, and I urge you all to learn more about x86= =20 hardware, Assembly programming, and "real" C programming before making=20 bogus claims. Matthew At 07:32 PM 8/1/2001 -0400, you wrote: >Precisely. This is why your average Windows virus will not run on any >OS. Wether it is written in C, C++, or VB, it is going to use the OS >interface to screw up your stuff. If you have one written entirely in >assembly, you can access low level routines that get around the OS >interface. This is the whole idea between a multi-OS program or >virus. If you don't rely on the OS, you can run on any OS as long as >the hardware is right. > >There's my $0.02 >L >On 08/01/01 04:34 PM, Erin Fortenberry sat at the `puter and typed: > > > So, why doesn't M$ word run on my FreeBSD machine without an emulator? > > > :) > > > > uh, because it is looking for lib's and an API the just doesn't exist on > > UNIX without said emulator. Don't forget there is a big difference= between > > c:\ and /. > > > > > > Just my $.02 > > > > > > Erin > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-questions" in the body of the message > > > >-- >Louis LeBlanc leblanc@acadia.ne.mediaone.net >Fully Funded Hobbyist, KeySlapper Extrordinaire :) >http://acadia.ne.mediaone.net =D4=BF=D4=AC > >Weinberg's Second Law: > If builders built buildings the way programmers wrote programs, > then the first woodpecker that came along would destroy civilization. > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-questions" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message