Saturday, October 07, 2006

corrections for the virus alert blog

i'm always on the lookout for good new sources of malware and/or security information, especially blogs (growing a security blogroll as big as mine doesn't just happen, y'know)...

now sometimes i find a good one and sometimes i find one that could use a little work... the virus alert blog is one that that i thought could use a little work so i offered some corrections to a couple of articles that i felt held the most misinformation... i don't think the comments i left were overly critical, more just corrective... certainly not something anyone should take offense to - but apparently offensive enough for them to be taken down without explanation or correction to the articles in question...

well, isn't that just dandy then... y'know, i respect the right of a blog owner to decide whether or not s/he wants to accept feedback from others... look at me, i've disabled comments here in part to avoid comment spam but also to avoid being engaged in complex debates in a medium that frankly just wasn't designed for it (which is why i point people to alt.comp.virus and alt.comp.anti-virus)... i still accept feedback, mind you, and even make corrections from time to time based on that feedback, just not in the form of blog comments... but if you're going to allow comments then allow comments, don't disappear them...

whatever... thanks to my use of comment aggregation (via co.mments.com) and a feed reader that keeps track historical feed items i have the full text of my comments to share with you...

the first article was Computer Virus Myth #5 which basically said getting infected by viewing a web page was a myth and not possible... my response was as follows:
By kurt wismer. October 5th, 2006 at 7:59 am

while it would ideally be true that you cannot become infected just by browsing to a web page, the reality isn't so simple…

there are multiple examples of malware getting executed on a host machine simply because a user browsed to a malicious website - adware and spyware do this all the time so there's no reason why a virus can't do the same… if the virus can get executed (and the spyware example you yourself acknowledge proves that software can get executed under this scenario) then the virus can infect the machine…

in fact, one type of instant messaging worm spreads itself by sending messages to your IM contacts containing nothing more than a link to a malicious website which, when visited by your contacts launches the viral on their machines…

so long as there is java, javascript, activex, flash, shockwave, and any number of other active content web technologies out there (not to mention vulnerabilities that allow arbitrary code execution), any kind of malware can get executed by browsing to a malicious page - and for viruses that means they get the opportunity to infect…
("launches the viral on their machines"? looks like i missed a word - should have been "launches the viral code on their machines")

the second article was The 3 Main Types Of Computer Viruses which lists trojans, worms, and email viruses as the 3 main types of (ahem) viruses... my response was as follows:
By kurt wismer. October 5th, 2006 at 8:35 am

this really begs some corrections…

first and foremost - a trojan isn't any kind of virus… although viruses can often be considered a kind of trojan, the reverse does not hold true… the fundamental requirement for a virus is that it self-replicates and there's nothing in the definition of trojan horse programs dealing with self-replication…

worms can be considered viruses but generally only in the academic sense (whereby the mathematical definition of virus used in formulating proofs includes all self-replicating programs)…

email viruses are more accurately referred to as email worms… the tradition with viruses is that they are classified by what and/or how they infect (what: boot sector viruses, file infectors, macro viruses, etc - how: overwriting infectors, appending infectors, companion infectors, cavity infectors, etc)… "email" is neither a 'how', nor a 'what' (since email is not any kind of program it cannot be infected, it can only serve as a container), it is a transport medium (which is how worms are generally classified; email worms, IM worms, IRC worms, P2P worms, etc)…

0 comments: