babelzoo writes "According to this article at Silicon.com, Microsoft .NET is weak to new virus threats (not a suprise!) and Perl is mentioned as a prime example of this new threat (now that is a suprise).
The article goes onto mention that should .NET be ported to non-Microsoft platforms (ie. mono) then the security threat is even bigger (yeah, go on pull the other one!)."
Apparently, since .NET can execute programs in other languages, the concern is that we could write viruses and worms in Perl, and that detection systems are ill-equipped to handle these languages (now these virus protection systems will have to learn perl, and maybe embed perl in their products, because only perl can parse perl ... :-). They say this would only happen for sites that disable the security protections, it seems.
As to Ximian's Mono being more susceptible to attack because they don't have Microsoft's secuity protections ... yeah, I think not having Microsoft's security protections has always been a feature in the past, and see no reason to think otherwise now.
Bogus
Matts on 2001-10-03T15:19:36
This is totally bogus (as you already know, but let me expand...).
With Perl.NET, the perl code is compiled down to portable bytecode. In no way is Perl.NET shipping source code in their executables. So, virus scanning companies only have to deal with 1 more language, not dozens.
(if the journo in question had thought for 5 seconds about it, he would realize that in order for perl to execute Perl code on a user's computer without compiling down to bytecode, the user would require Perl on their machine. Hence almost zero threat in the real world)
Anyway, we're on top of this. It's not a big issue, especially since currently the bytecode decompiles into almost exactly the same code as you started with (almost as good as Robin's Perl stuff
:-), and the decompiler is open source. The only issue at the moment is we don't know exactly how the exploits are going to arise yet. Almost certainly anything email bound will be caught by us as it stands today.
Disclaimer: I work for an anti-virus company that works at the email gateway level.
Re:Bogus
kanenas on 2004-11-05T10:07:41
Do any implementations of Perl.NET support eval()? If so, couldn't eval() be used to obfuscate viral functionality with source language code? Not to say eval()ed strings couldn't still be dealt with; for example, when compilation is (near) invertible, a virus scanner could (possibly) hook into eval() to scan newly compiled bytecode before the bytecode is executed. And that's not to say that it couldn't be made difficult by suitable bytecode implementations of eval() that e.g. interpret rather than compile/execute.
As an alternative, if the string containing the Perl viral code were constructed/altered programmatically, a scanner could potentially identify a virus by such bytecode.
Enough of my rantings.
Disclaimer: I don't work with viruses or .NET.
