Theoretically multi-platform

Story: Multiplatform Java botnet spotted in the wildTotal Replies: 8
Author Content

May 06, 2011
9:35 AM EDT
Another half-truth from the "Anti-Virus" industry. They left a telling quote from the A-V analyst at the end of the article:

"However, we’ve seen only the PC version in a downloader/dropper in the wild."

It's a Windows .exe-format file. They have 2 things to make it "multi-platform":

1. The exe file got made by JarTpExe. which means the original code was in Java

2. Some "public information" says that this malware is available for Windows, Mac and iOS.

This is about as multi-platform as any other "multi-platform" software, malware or not: it only runs on Windows and there's some vapor available about other platforms. Another PR hit for McAfee, that's all this is.

May 06, 2011
5:52 PM EDT

Multiplatform: Runs on XP, Vista and Windows 7

See 3 different PC operating Systems.

Another favourite is "Runs on all PC Operating Systems", meaning Windows XP, Windows Vista and Windows 7

May 07, 2011
10:57 AM EDT
You write the truth, in an ironic fashion.

But the real question then becomes, "Why is the anti-virus industry so dreadfully eager to see plagues on other platforms?"

I mean, I have a collection of magazine articles, conference papers, journal articles, etc predicting Plagues of Locusts for Unix, Mac, Linux going back many years. And indeed, the first so-named "computer virus" was written for 4.3BSD Unix, the first rootkit was for SunOS 4, and the first trojans date to things like a Univac. But for some reason or set of reasons, malware only takes off on Windows, and to a much lesser extent, Mac OS 9.

Why? You really can't cite "Market Share". Apache has always been the leading web server, and it's never attracted the kind of malware that IIS used to. You can't even cite some kind of mystical "critical mass". The 2004 "Witty Worm" only targeted a particular vendor's firewall system, and managed to infect essentially every single installation (12,000 or so). That's pretty small potatoes, even by 2004 standards.

May 07, 2011
5:29 PM EDT
While Linux may or may not get an infection, it can always be a vector for infecting another system. Mail router, mail user, web server serving infected JPG's...

Excuse me while I don't care enough to lose sleep over it.

May 08, 2011
6:53 PM EDT
Hasn't there been at least one "Java virus" (aimed at Windows) that could temporarily infect Linux systems, at least until a reboot? And after all, Linux systems can stay up a long time. Even Windows systems (Vista, 7) are staying up for a month or so at a time.

Why wouldn't this sort of thing make a reasonably good vector for taking advantage of "local access" Linux vulnerabilities?


May 09, 2011
10:18 AM EDT
Quoting:Hasn't there been at least one "Java virus" (aimed at Windows) that could temporarily infect Linux systems, at least until a reboot?

Call me when it goes epidemic on linux machines.

I won't hold my breath.

Yes, it's possible to have a virus on any general-purpose machine with disk storage. So what? Only Windows attracts epidemics, and that's the real question that needs answering, not "Does Linux/Mac/VxWorks/*BSD need an anti-malware system". Sensationalizing the rare "multi-platform" virus doesn't help, getting hysterical over the extremely rare linux-specific virus doesn't help. All of that is merely scaremongering to increase profits for "A-V" vendors, or to bring Linux or Mac or whatever down to Windows level in the eyes of Windows fanboys. Why does only Windows attract epidemics? Please be specific, give examples.

May 09, 2011
10:36 AM EDT
Servers are generally going to run only those Java apps that the administrator installs, not random Java code from a browser session. Most servers run pretty much headless (no user account open, no active terminal or gui). Home servers, they're a different story. But hacking a well configured Linux system isn't trivial, it's not something most script kiddies are going to try doing. Most would attack a Win server before a Linux box.

May 09, 2011
11:02 AM EDT
There a quite some servers (*nix, windows) that run Tomcat, and a flaw in the code can lead to Java injection. However, this is the same for php. But when infected, I think the Windows server will have allot more hard time, because the underlying system is more weak than with *nix. Flaws will not be fixed as fast as on *nix systems (the power of open source), making it easier to be exploited. And also, Windows server contain lots of code that isn't necessary, unlike *nix servers, that are mostly stripped down to the bare necessaries. This is also an attack vector.

May 09, 2011
12:21 PM EDT
phsolide: "Well said; all OS'es (can) have virusses, but only Windows has epidemies".

I think that should settle most discussions about 'which OS is safer'.

Posting in this forum is limited to members of the group: [ForumMods, SITEADMINS, MEMBERS.]

Becoming a member of LXer is easy and free. Join Us!