L
losl(removethis)
Could virus infect a virtual PC?
Thank you!!
Thank you!!
L
Locke Nash Cole
Of course they can.
-L
-L
I
Ionizer
losl(removethis) said:
Fred Langa was discussing VPCs in his latest newsletter: "A VPC can put an
entire operating system and all your apps--- *everything*--- inside a
sandbox. Whatever happens in the Virtual PC (even a total system crash or
a catastrophic "wipe the hard drive" problem) has zero effect on the real
PC."
More from Fred Langa on the topic of Virtual PCs:
http://search.atomz.com/search/?sp-q=VPC&sp-a=0008002a-sp00000000
Regards,
Ian.
D
Dr.X
A virtual virus? ;-)
If your VPC is networked, It can spread the virus if it can find a open
share or if it has access to the internet. The virus don't care.
Dr.X
If your VPC is networked, It can spread the virus if it can find a open
share or if it has access to the internet. The virus don't care.
Dr.X
F
FromTheRafters
losl(removethis) said:
No. Viruses don't infect PCs, they infect programs.
Yes, they can infect programs when running on a virtual PC.
Why do you ask?
K
kurt wismer
FromTheRafters said:
presumably the virtual pc itself is program, is it not? could not that
program become infected like any other?
L
Locke Nash Cole
Correction,
Viruses can infect a PC itself, BIOS based viruses which are rare and few
and far between can most certainly do this.
-L
Viruses can infect a PC itself, BIOS based viruses which are rare and few
and far between can most certainly do this.
-L
K
kurt wismer
Locke Nash Cole wrote:
[correcting malformed usenet article]
y'know... it's generally a good idea, when correcting someone, to make
sure *you* are correct...
there is no such thing as a bios based virus... there are bios trashing
viruses (that only work with some implementations of flash bios) but
none that infect the bios...
[correcting malformed usenet article]
y'know... it's generally a good idea, when correcting someone, to make
sure *you* are correct...
there is no such thing as a bios based virus... there are bios trashing
viruses (that only work with some implementations of flash bios) but
none that infect the bios...
F
FromTheRafters
kurt wismer said:
In much the same manner as an OS is a program. It is that and
more, because it emulates the hardware abstraction as well if
I understand it correctly.
I'm sure it could, but infecting an OS system file does not infect the
whole system - just the affected file. I'm guessing it is likewise the
case with a virtual platform. If we are to consider complex "programs"
like OSes to be infected - we may as well consider self-contained
worm files to have "infected" the OS program and call them viruses
too.
F
FromTheRafters
Locke Nash Cole said:
Name one.
I have never heard of a virus that didn't infect software - that is to
say, one that infects firmware.
L
Locke Nash Cole
Several BIOS's come with virus protection for themselves, and lots of
motherboards have a jumper to prevent re-flashing of the BIOS by unknown
programs, but for your viewing pleasure...
BIOS Virus W95/CIH.1019 (Tsernobyl) can re-write bios on several chipsets
(not all)
http://www.hackersprogrammers.com/articles/bios.htm
http://www.internetweek.com/news/news0721-4.htm
http://www.sss.ca/sensible/home.nsf/htmlmedia/vnjul98.pdf/$file/vnjul98.pdf
http://www.krollontrack.com/AboutUs/PressReleasesArchive/index.asp?getPressRelease=42
There are others besides the CIH variants that flash certain chipsets, or
re-write parts of your BIOS's firmware. But I'm tired.
-L
motherboards have a jumper to prevent re-flashing of the BIOS by unknown
programs, but for your viewing pleasure...
BIOS Virus W95/CIH.1019 (Tsernobyl) can re-write bios on several chipsets
(not all)
http://www.hackersprogrammers.com/articles/bios.htm
http://www.internetweek.com/news/news0721-4.htm
http://www.sss.ca/sensible/home.nsf/htmlmedia/vnjul98.pdf/$file/vnjul98.pdf
http://www.krollontrack.com/AboutUs/PressReleasesArchive/index.asp?getPressRelease=42
There are others besides the CIH variants that flash certain chipsets, or
re-write parts of your BIOS's firmware. But I'm tired.
-L
F
FromTheRafters
Locke Nash Cole said:
Usually this is bootsector protection, not BIOS protection.
Corruption is not the same as infection.
This is payload, not viral - and so not infection.
http://www.hackersprogrammers.com/articles/bios.htm
http://www.internetweek.com/news/news0721-4.htm
http://www.sss.ca/sensible/home.nsf/htmlmedia/vnjul98.pdf/$file/vnjul98.pdf
http://www.krollontrack.com/AboutUs/PressReleasesArchive/index.asp?getPressRelease=42
There are others besides the CIH variants that flash certain chipsets, or
re-write parts of your BIOS's firmware. But I'm tired.
Thanks for the links, but I'm sure even after I read them that they don't
support the contention that firmware BIOS is infectable. I am aware
that *some* computer manufacturers place BIOS routines on harddrives
and the possibility exists that those routines could be infectable - but I
haven't as yet heard of any virus that does this. It may just be because
there aren't enough of them to make a worthy target, but I would accept
the "name one" even if it were strictly POC.
F
Frederic Bonroy
losl(removethis) said:
I use Microsoft's Virtual PC to test whether virus samples that I come
across are viable (or rather: viable enough to be included in my modest
non-scientific collection).
Of course, since Virtual PC and VMware do not technically emulate the
code but execute it on the physical processor, there is always a
theoretical risk that a virus might escape from this environment.
One famous virus author has written a short article on how a virus can
find out whether it's running in Vmware.
Or what exactly do you mean by "virtual PC"?
F
FromTheRafters
Locke Nash Cole said:Several BIOS's come with virus protection for themselves, and lots of
motherboards have a jumper to prevent re-flashing of the BIOS by unknown
programs, but for your viewing pleasure...
BIOS Virus W95/CIH.1019 (Tsernobyl) can re-write bios on several chipsets
(not all)
http://www.hackersprogrammers.com/articles/bios.htm
http://www.internetweek.com/news/news0721-4.htm
http://www.sss.ca/sensible/home.nsf/htmlmedia/vnjul98.pdf/$file/vnjul98.pdf
http://www.krollontrack.com/AboutUs/PressReleasesArchive/index.asp?getPressRelease=42
There are others besides the CIH variants that flash certain chipsets, or
re-write parts of your BIOS's firmware. But I'm tired.
A virus with a payload that wipes the harddrive is not a "harddrive virus".
A virus with a payload that opens the CD tray is not a "cupholder virus".
A virus with a payload that beeps the PC speaker is not a "PC speaker virus".
A virus with a payload that displays a bitmap on a VGA is not a "VGA virus".
A virus with a payload that corrupts the CMOS storage is not a "BIOS virus"
despite the fact that the author calculates a new checksum for the CMOS
and calls it a virus (he doesn't know what a virus is, evidently).
....and finally, a virus with a payload that flashes the BIOS is not a BIOS
virus (unless the BIOS is "infected" as a result - which it isn't with CIH
and Kriz and the others that use the same or similar payload).
Nice try though. ;o)
B
Bart Bailey
What's your distinction, if any, between a virus from any source that
infects your email application, and a virus that infects any application
but comes via email?
Are either considered to be email virii?
L
Locke Nash Cole
Frederic,
Yes I was worried about this myself, especially since MS bought out Virtual
PC, as you say the code is executed on the actual processor, not emulated
through a virtual processor like the old Virtual PC used to do.
But even with the old Virtual PC, I installed a variant of BSD once, and its
partition manager actually ruined my physical boot record on my hard drive,
so I had to fix my boot records. Kinda sucked
-L
Yes I was worried about this myself, especially since MS bought out Virtual
PC, as you say the code is executed on the actual processor, not emulated
through a virtual processor like the old Virtual PC used to do.
But even with the old Virtual PC, I installed a variant of BSD once, and its
partition manager actually ruined my physical boot record on my hard drive,
so I had to fix my boot records. Kinda sucked
-L
F
Frederic Bonroy
Locke said:
Did old Virtual PC versions really do that? That's odd.
Weird. Maybe you inadvertently configured Virtual PC to use a physical
hard disk instead of an emulated hard disk?
K
kurt wismer
FromTheRafters said:
if *i* understand correctly a virtual pc is nothing more than a
hardware (cpu, ram, hard drive) emulator... the ones i've seen require
you to install an operating system on them in order to do anything
interesting with them...
except the OS isn't a complex program anymore than a user interface is
a complex program... they're concepts, not programs, they they are
implemented in programs or collections of programs...
of course i've just made your point for you, since the virtual PC is
likewise not a program but implemented in a program...
K
kurt wismer
Locke said:
bios level virus protection is nothing more than write protection for
the bootsector of the hard drive...
the 'jumper' predates flash bios trashing malware (just as floppy disk
write protect tabs predate viruses)...
cih is not a "bios virus"... corrupting the bios (what cih does)
doesn't make it a bios virus anymore than corrupting jpeg's would make
something a jpeg virus or corrupting mp3's would make something an mp3
virus...
so far it seems like you've been misinformed...
K
kurt wismer
Bart said:
the convention for virus terminology would suggest that an "email
virus" is a virus that infects emails (because viruses are classified
by what they infect)... since emails are not infectable there can be no
email viruses...