kernelthread.com

A Taste of Computer Security

© Amit Singh. All Rights Reserved. Written in June 2004


Platform Independent Malware

As discussed earlier, homogeneity is particularly conducive to the creation and proliferation of malware. On the other hand, heterogeneity is a deterrent to the creation of a single program that would be an effective misbehaver on multiple systems.

Microsoft has historically laid great emphasis on backwards compatibility, which, together with Microsoft's large user-base, offers a homogeneous and fertile field for viral endeavors. In contrast, various Unix systems (even if POSIX, etc. compliant) have been heterogeneous due to binary incompatibility, system call differences, configuration differences, and other nuances. Often even two distributions of the same system might differ in some of these regards.

Nevertheless, operating systems in general tend to gain varying degrees of homogeneity with respect to each other, as "good" (or useful) ideas from one system get adopted by others. In particular, there exist many execution environments that are available (and provide the same APIs) on various Unix and other systems, including Windows:

Consider some examples:

While these environments would be resistant to mischief to different extents, they nonetheless provide cross-platform uniformity.

Consider Perl. It presents various uniform APIs for the underlying system. In fact, Perl may even allow for an arbitrary system call to be invoked (one that does not have a corresponding Perl function) from within a script using the syscall function. A vulnerability in the platform-independent portion of Perl might be exploitable on several platforms.

There have been several proofs-of-concept (such as a TEX virus), usually in academic settings. Realistically though, cross-platform malware is not very common.

<<< Viruses on Unix main Defeating Memory >>>