.Net may lead to fewer viruses

But different threats


Virus Bulletin Antivirus vendors will have to significantly redesign their products in order to address risks of malicious code arising from the release of Microsoft's .Net platform.

The change of computing model to Web services that comes with .Net will almost undoubtedly create fresh infection mechanisms for virus writers to exploit.

In particular .Net will create new files called Common Language Runtime (CLR), which contain executable code known as Microsoft Intermediate Language (MSIL), which vendors agree is not yet addressed by AV products.

Eric Chien, of Symantec, said that the security models to be introduced with .Net, may actually result in a drop of the number of new incidents of malicious code, so the issue is one of different vectors of infection coming into play.

Richard Wang, a virus analyst at Sophos, said the challenge for antivirus developers is to viral code would not need to be in a file, so a .Net virus might contain only something that specifies where malicious code comes from. This means AV protection must, in some way, inspect the remote code.

Viruses that infect .Net binaries, Trojans written in .Net languages and malicious code taking advantages of .Net services are all possible.

Because MSIL is designed as a cross platform language along the lines of the Java model, it might allow "viruses to propagate to operating systems that were previously considered low risk", according to Chien. MSIL can be thought of as a compiler for whatever hardware platform .Net services are running on.

While technically possible, Microsoft has yet to announce a common language runtime for Unix or Linux and viruses written in MSIL and CLR-unaware viruses pose a much lower risk.

The issue of .Net and malicious code is an academic question for now, with widespread use of .Net products and services maybe five years away, but its still interesting the visit the subject because Web services represent the future of IT, at least according to most major vendors.

The jury is still out on whether this represents a more, or less, secure world. ®


Other stories you might like

  • Google battles bots, puts Workspace admins on alert
    No security alert fatigue here

    Google has added API security tools and Workspace (formerly G-Suite) admin alerts about potentially risky configuration changes such as super admin passwords resets.

    The API capabilities – aptly named "Advanced API Security" – are built on top of Apigee, the API management platform that the web giant bought for $625 million six years ago.

    As API data makes up an increasing amount of internet traffic – Cloudflare says more than 50 percent of all of the traffic it processes is API based, and it's growing twice as fast as traditional web traffic – API security becomes more important to enterprises. Malicious actors can use API calls to bypass network security measures and connect directly to backend systems or launch DDoS attacks.

    Continue reading
  • Firefox kills another tracking cookie workaround
    URL query parameters won't work in version 102 of Mozilla's browser

    Firefox has been fighting the war on browser cookies for years, but its latest privacy feature goes well beyond mere cookie tracking to stop URL query parameters.

    HTML query parameters are the jumbled characters that appear after question marks in web addresses, like website.com/homepage?fs34sa3aso12knm. Sites such as Facebook and HubSpot use them to track users when links are clicked, and other websites like YouTube use them to enable certain site features too.

    On June 28, Firefox 102 released a feature that enables the browser to "mitigate query parameter tracking when navigating sites in ETP strict mode." ETP, or enhanced tracking protection, encompasses a variety of Firefox components that block social media trackers, cross-site tracking cookies, fingerprinting and cryptominers "without breaking site functionality," says Mozilla's ETP support page.

    Continue reading
  • Old school editor Vim hits version 9 with faster scripting language
    All of the famed user-friendliness and ease of use, but 'drastically' better performance

    Old school editor fans, rejoice: some two and a half years after version 8.2, Vim 9 is here with a much faster scripting language.

    Vim 9 has only a single big new feature: a new scripting language, Vim9script. The goal is to "drastically" improve the performance of Vim scripts, while also bringing the scripting language more into line with widely used languages such as JavaScript, TypeScript, and Java.

    The existing scripting language, Vimscript, remains and will still work. Only scripts beginning with the line vim9script will be handled differently. The syntax changes are relatively modest; the important differences are in things like local versus global variables and functions, and that functions defined with :def will be compiled before they are run. This allows many errors to be caught in advance, but more significantly, compiled functions execute from 10× to 1000× faster.

    Continue reading
  • Iceotope: No need to switch servers to swap air-cooled for liquid-cooled
    Standard datacenter kit just needs a few tweaks, like pulling off the fans

    Liquid cooling specialist Iceotope claims its latest system allows customers to easily convert existing air-cooled servers to use its liquid cooling with just a few minor modifications.

    Iceotope’s Ku:l Data Center chassis-level cooling technology has been developed in partnership with Intel and HPE, the company said, when it debuted the tech this week at HPE’s Discover 2022 conference in Las Vegas. The companies claim it delivers energy savings and a boost in performance.

    According to Iceotope, the sealed liquid-cooled chassis enclosure used with Ku:l Data Center allows users to convert off-the-shelf air-cooled servers to liquid-cooled systems with a few small modifications, such as removing the fans.

    Continue reading
  • Gartner predicts 9.5% drop in PC shipments
    Stark contrast to 11 percent increase year-over-year in 2021 shipments

    The party is over for PC makers as figures from Gartner suggest the market is on course for a breathtaking decline this year.

    According to the analysts, worldwide PC shipments will decline by 9.5 percent, with consumer demand leading the way – a 13.5 percent drop is forecast, far greater than business PC demand, which is expected to drop by 7.2 percent year on year.

    The PC market in the EMEA region is forecast to fare even worse, with a 14 percent decline on the cards for 2022. Gartner pointed the finger of blame at uncertainty caused by conflicts, price increases and simple unavailability of products. Lockdowns in China were also blamed for an impact in consumer demand.

    Continue reading
  • Samsung beats TSMC to be first to produce 3nm chips
    Lower power consumption, improved performance, and a second generation of the technology on the way

    Samsung has started production of chips using its 3nm fabrication process, beating rival TSMC, which expects to begin making chips with its N3 node generation later this year.

    The resultant chips are claimed to reduce power consumption by up to 45 percent and improve performance by up to 23 percent, with further gains promised in a second generation of the process.

    Korea's electronics giant said it has started initial production with its 3nm process node, which introduces what the firm calls Multi-Bridge-Channel FET (MBCFET) technology. This is Samsung's version of the Gate-All-Around (GAA) transistor architecture, where the gate material wraps around the conducting channel.

    Continue reading

Biting the hand that feeds IT © 1998–2022