Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!sdd.hp.com!zaphod.mps.ohio-state.edu!unix.cis.pitt.edu!dsinc!netnews.upenn.edu!vax1.cc.lehigh.edu!cert.sei.cmu.edu!krvw
From: VALDIS@VTVM1.CC.VT.EDU (Valdis Kletnieks)
Newsgroups: comp.virus
Subject: Re: *NIX virus... necessary knowledge. (UNIX)
Message-ID: <0003.9012201422.AA05067@ubu.cert.sei.cmu.edu>
Date: 18 Dec 90 17:49:08 GMT
Sender: Virus Discussion List <VIRUS-L@LEHIIBM1>
Lines: 44
Approved: krvw@sei.cmu.edu

>Date:    15 Dec 90 03:27:33 +0000
>From:    dhesi%cirrusl@oliveb.ATC.olivetti.com (Rahul Dhesi)
>
>There are many different types of machines running different types of
>UNIX.  For this reason it is very unlikely that a UNIX virus could
>ever become as widespread as an IBM/MS-DOS virus, for example.  As
>soon as it arrived at a machine with a different CPU (or even the same
>CPU with a different executable file format) its propagation at that
>point would be blocked.

To paraphrase this JUST a little bit..

There are many different types of machines running different types of
MS-DOS.  For this reason it is very unlikely that a MS-DOS virus could
ever become as widespread as the Morris Worm, for example.  As soon as
it arrived at a machine with a different floppy controller (or even
the same machine with a different version of the BIOS) its propagation
at that point would be blocked.

How many "malicious" viruses have we seen?  And how many "innocuous"
ones have there been that hurt people because they didn't know about
MS-DOS 3.1, or MS-DOS 4.0, or this manufacturer's funky BIOS rom
or....

But it didn't stop the virus from spreading enough to be a problem, did it?

If anything, a Unix virus would be EASIER to write - because (for
example) the semantics of 'seek()' or 'open()' have not been
drastically changed since 1974 or so.  I have currently going a
project that is literally 250,000 lines of code, and is known to work
on Apollo, bsd4.2, bsd4.3, bsd4.4, hpux, solbourne,sunos 3, sunos 4,
sys5.2, ultrix 3.1, ultrix 4.0 (for both Vax and Mips CPUs).

Now, since a virus *IS* just another program, it should be fairly
simple for a competent programmer to write a measly 300 lines of code
that will run on at least as many systems as the aformentioned
monster....  Of course, it helps that the semantics of 'open()' have
not drastically changed since 1974, as opposed to MS-DOS, that likes
to keep changing the register contents of the various INT calls every
release or two....

                                  Valdis Kletnieks
                                  Computer Systems Engineer
                                  Virginia Polytechnic Institute