Thread: Macs have a virus!

A "program" is not a single thing
it's a composite entity that ends up with the CPU executing one or more instructions
think of it like a complete person - has many parts

A "virus" is just a set of CPU instructions
it is not a program
think of it as some blood - it is not a complete person

A program contains, amongst other things, a set of instructions for the CPU to execute
these instructions need to know where they are in memory

When a Windows "program" is executed,
the first thing it does is ask Windows "Where am I?, and where can I store internal variables?, by the way, I am 100 bytes in size"

Windows will answer, "You are loaded at memory address 1000 through 1099, you are allowed to use 1100 through 1199 for storing variables"

"Great", says the program, "based on this information, I will now execute my payload"

A virus contained within a program will disrupt and manipulate this communication in order to infect other files

it will misinform Windows of it's hosts attributes
and in doing so, gain write access to areas of memory outside of it's hosts actual footprint

All "programs" follow the same design, so the viral code "knows" what to do, and what to change, in order to copy itself to another program

The virus has just altered another executable in memory
It has replicated

Originally Posted by ninja9578

Even for us programmers that's hard because most of the number of languages. Most Linux programs are written in Python right? I don't know python. I only know C, C++, Java, assembly, and basic .

Erm, 95% of the software installed on the average Linux machine is part of the GNU system and written in C (with GCC extensions) or C++. A lot is also written in shell scripts and Perl. Assembly isn't really used as a separate language for certain programs to be coded in entirely, but it's rather used as a means to optimize bottlenecks (generally inner loops) generally in C/C++ code. Python and Java are used for a lot of cross-platform programs, but generally not for Linux-specific software (e.g. Git vs. Mercurial). I'm not sure where you heard otherwise about Python. I love the language and it works really well with UNIX, but it is nowhere near as widely used as languages that compile to native code.

With all that being said, the number of languages you can read and understand is irrelevant as far as Ynot's point goes. In addition to the Linux kernel being much more secure than the underlying structure of Windows, there is an extra layer of secure inherent in free (libre) / open source operating systems because there's a damn good chance one of the hundreds of thousands of developers browsing the source code will notice that buffer overflow or even that deliberate attempt to look up your email contacts, etc. It's not about you as the user reading through thousands of source files for every large UNIX program you ever use. It's about the fact that someone else interested in that program's source code will have discovered the problem before it got packaged by your distro. Mac OS X partially benefits from this too, but to a lesser extent.

oh right i get it now ynot

Originally Posted by Ynot

A "program" is not a single thing
it's a composite entity that ends up with the CPU executing one or more instructions
think of it like a complete person - has many parts

A "virus" is just a set of CPU instructions
it is not a program
think of it as some blood - it is not a complete person

A program contains, amongst other things, a set of instructions for the CPU to execute
these instructions need to know where they are in memory

When a Windows "program" is executed,
the first thing it does is ask Windows "Where am I?, and where can I store internal variables?, by the way, I am 100 bytes in size"

Windows will answer, "You are loaded at memory address 1000 through 1099, you are allowed to use 1100 through 1199 for storing variables"

"Great", says the program, "based on this information, I will now execute my payload"

A virus contained within a program will disrupt and manipulate this communication in order to infect other files

it will misinform Windows of it's hosts attributes
and in doing so, gain write access to areas of memory outside of it's hosts actual footprint

All "programs" follow the same design, so the viral code "knows" what to do, and what to change, in order to copy itself to another program

The virus has just altered another executable in memory
It has replicated

Your talking to a guy who occasionally programs in asm, I know how a program sets itself up and communicated with the OS.

What you described sounds like a worm, which is only one type of virus. Viruses come in many forms, some install software and dlls. Usually they do it two at a time, so if you end one process, the other one will restart it.

Originally Posted by ninja9578

Your talking to a guy who occasionally programs in asm, I know how a program sets itself up and communicated with the OS.

What you described sounds like a worm, which is only one type of virus. Viruses come in many forms, some install software and dlls. Usually they do it two at a time, so if you end one process, the other one will restart it.

i think he was talkign to me, because i said

i would say that a virus would have to be a program

so he was telling me what a program is, so that i know a virus isnt really a program.

and by the way, i was taught that a worm is as much of a virus as a trojan horse is. it fucks up your computor, but by definition it actually isnt a virus.

From my (admittedly rudimentary) knowledge of malware inner-workings
worms are just self-hosted viruses

From Wikipedia
http://en.wikipedia.org/wiki/Worm_(computer_virus)

A computer worm is a self-replicating computer program. It uses a network to send copies of itself to other nodes (computers on the network) and it may do so without any user intervention. Unlike a virus, it does not need to attach itself to an existing program. Worms almost always cause at least some harm to the network, if only by consuming bandwidth, whereas viruses almost always corrupt or modify files on a targeted computer.