Thread: Developers: Beware

  1. #1
    5|-|1+|-|34|) ober's Avatar
    Join Date
    Aug 2001
    Posts
    4,429

    Developers: Beware


  2. #2
    Registered User
    Join Date
    Jan 2003
    Posts
    361
    As bad as this sounds now, I think it will definately be best in the long run. Too many people critisize how MS doesnt do anything against viruses. Well here ya go...but since it isn't as backwards compatible now people will critisize that, but I really don't see an alternative here. Oh well, whatever this will turn into a big flame.

  3. #3
    Registered User
    Join Date
    Sep 2001
    Posts
    4,912
    I read an artical a while back about how the "monoculture" formed by Microsoft operating systems was a major cause of the outbreak of computer viruses. I guess problems like this are the only alternative but still, that sucks.

  4. #4
    Mayor of Awesometown Govtcheez's Avatar
    Join Date
    Aug 2001
    Location
    MI
    Posts
    8,823
    Originally posted by sean_mackrory
    I read an artical a while back about how the "monoculture" formed by Microsoft operating systems was a major cause of the outbreak of computer viruses. I guess problems like this are the only alternative but still, that sucks.
    Basically, yeah. MS OSes are so common that virus writers really only need to target them.

  5. #5
    Registered User
    Join Date
    Sep 2001
    Posts
    4,912
    But I'm told Linux has the same "monoculture" problem. Could someone a little more Linux-Experienced fill me in.
    - Is it as easy for viruses to get in, since most (if not all) things need to be compiled for the specific kernel.

    - If there's a problem with programs that run fine on one Linux machine running on another, slightly different version of Linux, how come viruses still expericence a similar mono-culture?

  6. #6
    Me -=SoKrA=-'s Avatar
    Join Date
    Oct 2002
    Location
    Europe
    Posts
    448
    The amount of people that use GNU/Linux at home is not that big, and most of them probably have experience of using it at work, where security would be stronger. Also, to do much work, a virus would have to run as the superuser (root), and people know they are not to use that account except when it's completely necessary.
    Some viruses have been written for GNU/Linux, I think. However, Linux boxes are usually the ones that deliver them in the form of e-mail, rather than the end target.
    SoKrA-BTS "Judge not the program I made, but the one I've yet to code"
    I say what I say, I mean what I mean.
    IDE: emacs + make + gcc and proud of it.

  7. #7
    *******argv[] - hu? darksaidin's Avatar
    Join Date
    Jul 2003
    Posts
    314
    Originally posted by sean_mackrory
    - Is it as easy for viruses to get in, since most (if not all) things need to be compiled for the specific kernel.
    I don't know any userspace applications that need to be specifically compiled for the current kernel. This only applies to kernel modules or applications that need to interface the kernel directly. Userspace applications interface with the kernel through the device system (basically a virtual filesystem). This doesn't require the application to even know the kernel version in most cases.


    Originally posted by sean_mackrory
    - If there's a problem with programs that run fine on one Linux machine running on another, slightly different version of Linux, how come viruses still expericence a similar mono-culture?
    Usually this is not a kernel related problem but rather a spawn of Linux dependency hell. Yet it would still be possible to write software without any meaningful dependencies. A small thing like a virus will probably not suffer from dependency problems.


    Originally posted by -=SoKrA=-
    Also, to do much work, a virus would have to run as the superuser (root), and people know they are not to use that account except when it's completely necessary.
    Some viruses have been written for GNU/Linux, I think. However, Linux boxes are usually the ones that deliver them in the form of e-mail, rather than the end target.
    Theoretically. But did this ever stop a windows virus from doing harm? Windows XP has a similar user system as Linux has it. Just that "root" is called "administrator" (ok, and a few other things...). The only problem is, that there are exploits to gain administrator rights - and the fact that most windows home users work in administrator mode all the time.
    However, even for Linux there are known exploits (that usually get fixed pretty fast) to gain superuser (root) privileges.
    And of course, Linux just like Windows is mostly written in C and as such susceptible to buffer overflow exploits.
    [code]

    your code here....

    [/code]

  8. #8
    Registered User BillBoeBaggins's Avatar
    Join Date
    Oct 2003
    Posts
    107
    Looks like I switched to C# just in time..

    What I am really worried about (that I haven't found any info yet) is if it is going to affect my ability to make tools that can detect hardware, or can we say goodbye to API oriented code? Hmm... I need to look more into how it is going to affect programming in the future...
    Last edited by BillBoeBaggins; 03-11-2004 at 12:40 PM.

  9. #9
    Registered User Dante Shamest's Avatar
    Join Date
    Apr 2003
    Posts
    970
    Looks like I switched to C# just in time..
    Are you sure?

    "Another product that Microsoft needs to update is the.Net Framework. The new memory protection features in SP2 require developers of certain applications to mark their code with memory execution permissions. If they don't, the protection features could interfere with the application, according to Microsoft."

    "The great bulk of applications will not be affected by memory protection. The number one that leaps to mind is execution environments with just-in-time code generation. The.Net Framework is one," Goodhew says.
    Last edited by Dante Shamest; 03-11-2004 at 07:30 PM.

  10. #10
    Registered User BillBoeBaggins's Avatar
    Join Date
    Oct 2003
    Posts
    107
    Yep.

    Not to mention that .Net is being built into all of their future OS's.

    Some application behaviors are expected to be incompatible with execution protection. Applications which perform dynamic code generation (such as Just-In-Time code generation) that do not explicitly mark generated code with Execute permission might have compatibility issues with execution protection. Windows .NET Framework applications do not currently mark generated code with Execute permissions. XPSP2 recognizes the current, shipped versions of .NET Framework and runs them with NX off. Therefore existing .NET applications will continue to run. Microsoft is enhancing the .NET Framework to take advantage of NX and will ship service packs for each of the shipped versions in the XP SP2 RTM timeframe. The .NET Framework "Whidbey" will innately support NX.
    Look at here...

  11. #11
    Registered User Dante Shamest's Avatar
    Join Date
    Apr 2003
    Posts
    970
    I'm probably going to spend most of my time coding in C# after 2006, but right now I don't see myself switching.

    Anyway, I like to do lots of OpenGL apps, and the .NET framework still hasn't any wrappers for it yet.

  12. #12

  13. #13
    Registered User Dante Shamest's Avatar
    Join Date
    Apr 2003
    Posts
    970
    I know about those implementations. I never use them, because there is no guarantee that they'll be continually maintained. (Remember GLUT?) When I said a .NET wrapper, I meant one maintained by Microsoft.

  14. #14
    Registered User BillBoeBaggins's Avatar
    Join Date
    Oct 2003
    Posts
    107
    That's partly why I chose DirectX. I like knowing that what I use is both of commercial quality, and will be continually supported because they have an interest in keeping it so.

  15. #15
    the hat of redundancy hat nvoigt's Avatar
    Join Date
    Aug 2001
    Location
    Hannover, Germany
    Posts
    3,130
    I'd rather have MS introduce a codebreaking change than sitting around doing nothing. For one, the service pack is voluntary. There isn't a hitman from MS on his way to install it on your PC. Then, added security is neccessary. And if that comes with a price, that's ok, as long as it's known. And I guess this thread proves it is known
    hth
    -nv

    She was so Blonde, she spent 20 minutes looking at the orange juice can because it said "Concentrate."

    When in doubt, read the FAQ.
    Then ask a smart question.

Popular pages Recent additions subscribe to a feed

Similar Threads

  1. 3 C++ Developers Needed - Los Angeles, CA
    By Great Job in forum Projects and Job Recruitment
    Replies: 0
    Last Post: 11-08-2007, 01:06 PM
  2. C++ / Linux Developers Wanted - SF Bay Area
    By rmitsearch in forum Projects and Job Recruitment
    Replies: 0
    Last Post: 06-01-2005, 11:21 PM
  3. Game Developers United
    By MattNowaczewski in forum Projects and Job Recruitment
    Replies: 1
    Last Post: 07-13-2004, 10:30 PM
  4. Linux For Developers
    By kuphryn in forum C++ Programming
    Replies: 2
    Last Post: 02-01-2002, 02:28 PM
  5. Developers, Developers, Developers, Developers
    By Betazep in forum A Brief History of Cprogramming.com
    Replies: 15
    Last Post: 10-27-2001, 09:15 PM