為什麼這麼老的病毒怎麼會再VISTA上運作,以及為什麼防毒軟體沒有偵測到!
問題的原因容我慢慢解釋:
防毒軟體使用的BullGuard是採用著名防毒軟體BitDefender的引擎
由於BitDefender為了考量掃描的速度跟毒庫的大小,就決定捨棄了古老的DOS特徵庫
他們認為這會加快軟體的效率,因為現在流通的DOS病毒不多,大部分都是Win32病毒了
但是為什麼Vista也會中標?
主要是因為Vista裡的Command Line保留了以前就有的DOS指令
只是一旦運行這些指令,還是會照成損害的關係,事實上Vista跟XP已經是完全的32bit作業系統
能夠運行一些舊有16bit軟體是用了wowexec.exe來支援舊有軟體,不同於以往是再真實模式下運行
兩者是有差別的!
A batch of laptops pre-installed with Windows Vista Home Premium was found to have been infected with a 13-year-old boot sector virus.Those of you with a long memory will vividly recall the year 1994: Nirvana's lead singer Kurt Cobain died, South Africa held its first multi-racial elections, and Tony Blair became leader of the Labour party. Oh, and Microsoft's operating system was the quaint, pre-NT Windows for Workgroups.
But it was a year that also saw the arrival of a boot sector computer virus known as Stoned.Angelina which moved the original master boot record to cylinder 0, head 0, sector 9.
It would appear that this teenage virus has not yet been consigned to the history books.
According to Virus Bulletin, the consignment of infected Medion laptops – which could number anything up to 100,000 shipments – had been sold in Danish and German branches of retail giant Aldi.
The computers had been loaded with Microsoft's latest operating system Vista and Bullguard's anti-virus software, which failed to detect and remove the malware.
Although the infection itself is harmless, Stoned.Angelina will undoubtedly have left Microsoft and Bullguard execs blushing with embarrassment about the apparent flaws in their software which allowed an ancient virus to slip through the back door.
On its website Bullguard offered some reassurance to Medion customers hit by the virus:
"Stoned.Angelina is a low-risk boot virus that infects the MBR (Master Boot Record) of hard disks. This is a very old virus. Apart from its ability to spread from computer to computer, it carries no payload (damage) to the systems it infects."
It added that the virus commonly spreads by being booted from an infected floppy disk, and causes no damage to the operating system.
Virus Bulletin technical consultant John Hawes said: "This is a reminder that old viruses never really die.
"Malware that's been off the radar for years often pops up when least expected, after someone digs out an old floppy or boots up an ancient system, and security firms have a duty to maintain protection against older threats for just this kind of eventuality." ®
http://antimstw.blogspot.com/2007/09/windows-vista.html
沒有留言:
張貼留言