Sunday, January 20, 2008

100th post, will it be good?

That depends on whether you like technical stuff or not :-P. We have been having a discussion on the clamav-users mailing list about the .exe format and how it pertains to Linux. If you run Linux, you should know that extensions have pretty much no use on Linux, they are just for organisational purposes. Linux uses a thing called magic numbers to detect what type of file it is, among other things. Linux users boast that they don't get viruses because Linux doesn't carry the same type of permissible binary execution as Windows, letting things in that shouldn't. This being said, you could stick the .exe extension on a rather nasty shell script and have an unknowing user run the script and, boom, you have infiltrated the system. This user might have been told that running an exe on Linux wouldn't do anything because Linux can't get viruses. Luckily, it isn't this easy.

Another thing we have been talking about is Intel processor emulation on non-Intel chips (including, but not limited to, cellphones, AMD chips, smart phones). On Linux-running *phones, there is Intel-processor emulation to run certain binaries, so viruses that wouldn't normally affect system X do indeed affect it because the said virus affects Intel-based chips (including emulation). Even Linux-emulation on Windows emulates an Intel chip. Security experts probably saw that sharing this single characteristic was a bad idea, but alas, history is just a bunch of mistakes to learn from.

I guess the point of this post is to say that, even if you are running a supposed "secure" OS (/me looks at the Mac fanboys), you can still get viruses. Sure, it may be _much_ easier on one platform, but if the virus isn't platform specific, but architecture specific, you might be in for quite a ride. As far as I know, this hasn't been made yet. I wouldn't want to be the guy that has the unfortunate luck to find it though, so don't just blindly say you can do whatever you want because you you may just be the one to discover this new virus. Be careful, make sure you trust the person sending you _any_ type of file on any OS.

No comments:

Post a Comment