Manualshelf

User Guide

ManualsBrandsMcafee ManualsOtherDR SOLOMON S ANTI-VIRUS 8.5
11121314151617181920
Preface
xx Dr SolomonsAnti-Virus
Instead, harmful objects exist to deliver their equivalent of a virus payload.
Programmers have written objects, for example, that can read data from your
hard disk and send it back to the website you visited, that can “hijack” your
e-mail account and send out offensive messages in your name, or that can
watch data that passes between your computer and other computers.
Even more powerful agents have begun to appear in applications that run
directly from websites you visit. JavaScript, a scripting language with a name
similar to the unrelated Java language, first appeared in Netscape Navigator,
with its implementation of version 3.2 of the Hyper Text Markup Language
(HTML) standard.Since its introduction, JavaScript has grown tremendously
in capability and power, as have thehost of other scripting technologies that
have followed it—including Microsoft VBScript and Active Server Pages,
Allaire Cold Fusion, and others. These technologies now allow software
designers to create fully realized applicationsthatrunon web servers, interact
withdatabases andother data sources, and directly manipulatefeaturesin the
web browser and e-mail client software running on your computer.
As with Java and ActiveX objects, significant security measures exist to
prevent malicious actions, but virus writers and security hackers have found
ways around these. Because the benefits these innovations bring to the web
generallyoutweightherisks,however,mostusersfindthemselvescalculating
the tradeoffs rather than shunning the technologies.
Where next?
Malicious software has even intruded into areas once thought completely out
of bounds. Users of the mIRC Internet Relay Chat client, for example, have
reportedencounteringviruses constructedfromthemIRC scripting language.
The chat client sends script viruses as plain text, which would ordinarily
preclude them from infecting systems, but older versions of the mIRC client
software would interpret the instructions coded into the script and perform
unwanted actions on the recipient’s computer.
The vendors moved quickly to disable this capability in updated versions of
the software, but the mIRC incident illustrates the general rule that where a
way exists to exploit a software security hole, someone will find it and use it.
Late in 1999, another virus writer demonstrated this rule yet again with a
proof-of-concept virus called VBS/Bubbleboy that ran directly within the
MicrosoftOutlooke-mailclientbyhijackingitsbuilt-inVBScriptsupport.This
viruscrossedtheonce-sharplinethat dividedplain-texte-mailmessages from
the infectable attachments they carried. VBS/Bubbleboy didn’t even require
youtoopenthee-mailmessage—simplyviewingitfromtheOutlookpreview
window could infect your system.