Happily, Brandon, no one knows everything anymore! The IT field has experienced this uncomfortable reality for a growing number of years now, and most likely it will get worse despite the effort to sell all kinds of certifications, re-training programs, etc. As far as experience is concerned, we each can augment our experiences via mailing lists such as this and other resources which are easily available via the Net or elsewhere.
Regarding attacking the architecture itself, this is rare but not unheard of. The more common approach however is utilizing the design of the architecture as an assisting tool of the attacking system. For instance, a documented flaw within the architecture design or even standard processing procedure can be utilized, invoked or implemented by the designer of the virii or malware to his/her purpose. The real problem however is that the marketplace has become dependent on one architecture, namely Intel and compatibles. Years ago, at least there were a variety of different relatively available architectures within the marketplace which a consumer could use -- PowerPC, Sun, etc. (Note: As Sun recently announced that it become strictly software company, even that slim option of acquiring Sun hardware will not be a viable choice much longer). These other architectures provided improvements upon the Intel design that were very advanced and still remain useful -- if one knows how to implement these strengths within Linux. These formally available architectures, due to their construction were different enough that viral and other malware relying upon Intel specific features couldn't function as intended. Linux is a phenomenal OS, however given the reality of virii and malware Linux is further protected if it's on a different architecture, in my opinion. Currently the only remaining competing architecture commonly available within the marketplace is the Cell within the PS3 which will run Linux. Yes, there may be people writing malware for different architectures, but doing so is difficult, also the amount of people it would affect is so small that the malware designer would really have to be seriously deranged to invest his/her own time to pursue that path. Of course, the wisest approach is to be skilled enough to handle anything. This is mostly a goal, than something actually to be achieved but keeping it as a continuing challenge is also a strong defense and deterrent. All the best... On Jan 20, 2008 10:53 PM, Brandon Perry <[EMAIL PROTECTED]> wrote: > That still seems a bit "over-the-top". Sure, better safe than sorry, but > I wouldn't just blindly delete any exe that I come into contact with > (via email or otherwise). Especially on Linux, you can get archives > zipped into an exe format that are unzipped via unzip -a. That is quite > a common format in the Windows world, and I haven seen a few times > within the Linux world also. Magic numbers can't tell it is an archive, > so you would think it is just a regular binary, but I know for a fact > Dell does many of their drivers in this format. > > With the whole Intel thing, even through emulation, this could be a > stretched argument. Sure, there are architecture-independent viruses, > but I haven't heard of a virus that can attack on any platform through > the architecture itself. I am sure that in the future, these will be > common, but I don't think this is something that we should be worrying > about now. Please correct me if I am wrong in saying this as I am not > pretending to know everything about the virus infections, this is just > from experience. > > On Sun, 2008-01-20 at 19:51 -0500, Derick Centeno wrote: > > The point raised by Dennis is extremely relevant to this thread. The > > exception of course is Linux which runs on the PowerPC or Cell > > architecture. Only in that environment would Linux executables have no > > effect as the infecting executables are designed for Linux and Windows > > running on Intel compatibles and utilize specific functions, register > > processing and calls to the Intel and compatible processor. > > > > Keeping in mind that there are emulators of all kinds, including even a > > Linux emulator which functions within Windows, all of them share one > > characteristic, they either run on Intel or emulate Intel. All of these > are > > susceptible to these infections and other malware. > > > > This is a pretty monstrous headache for the current computer system > > marketplace which seems to function nearly entirely by relying on one > > processor. I can hear the overwhelming sigh from many experts repeating > to > > themselves regarding this predicament, "I told them... long ago". To > which > > the only response now is, "Oh well..." > > > > The solution which Bill Maidment recommended earlier in this thread may > be > > the only reasonable approach for users of Intel systems to implement. > If I > > was using an Intel system I'd have to agree with him, better safe "than > > scorched." > > > > All the best... > > > > On Jan 20, 2008 6:46 PM, Sarocet <[EMAIL PROTECTED]> wrote: > > > > > Dennis Peterson wrote: > > > > Nobody has actually tested the files to see if they are Windows > > > executables that I've > > > > seen. It is entirely possible they could be Linux executables. File > > > extensions don't > > > > mean much on a Linux system but it seems from this thread a great > way to > > > pass around > > > > Linux viruses is to tack on a .exe extension and a lot of people > will > > > ignore them to > > > > their great peril. > > > > > > > > dp > > > Well, if you ignore the file i don't see how it's going to run. > > > Moreover, it's less likely you will write ./Foo.exe as > > > you're already assuming by the extension that it wouldn't work, so why > > > do it? > > > _______________________________________________ > > > Help us build a comprehensive ClamAV guide: visit > http://wiki.clamav.net > > > http://lurker.clamav.net/list/clamav-users.html > > > > > _______________________________________________ > > Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net > > http://lurker.clamav.net/list/clamav-users.html > > _______________________________________________ > Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net > http://lurker.clamav.net/list/clamav-users.html > _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
