Yesterday there was a flurry of posts regarding the Delphi virus alert regarding W32/Induc-A. Some are worth referring, as the overall discussion this has started is quite interesting (and rather high level). Here is a list of relevant posts:
- First of all, Embarcadero is full aware of this, and Allen Bauer has posted a very interesting blog entry, A Tempest in a Teapot or something more sinister?, about the problem. Allen says:"At this point, here at Embarcadero, we’re actively analyzing situation and overall impact to our community. We’re also working on recommendations about how to find out if you’re infected and what to do once you see that you are. Throughout all this we’re working on recommended steps can you take to guard against re-infections."
- Craig Stuntz has a very nice post referring to Ken Thompson’s Turing Award Speech, which I find very intriguing. For one of my major applications I compile in a dedicated virtual machine I never touch, to avoid any unrelated side effect in chages I'd to to components or other configuratiojn issues. This is much easier to do as that's a Linux program compiled with Kylix.
- There is a good summary (with interesting suggestions) on Tim Anderson blog, #34ing also my previous post.
- The article on The Register has an interesting set of comments, including one by product manager Micheal Rozlog.
- Thomas Pfister has a first hand account.
Again, the virus itself is not apparently producing any real damage, rather than spreading itself to Delphi installations. If you are currently compiling from old versions of Delphi (4 to 7) check your installation or test with an anti-virus one of the programs you compile. If affected, however, go look for the program that brought you the infection, or your system units will be affected again.
There is one thing I wanted to add in defense of Embarcadero: the fact they are taking seriously a thread to a development environment that's many years old and not on sale any more, is certainly positive. What would have Microsoft done to a Word 2003 virus rather than suggesting users to upgrade? Still, when considering the overall cost of upgrading your Delphi installation you shoudl add the benefit of a mroe controlled environment: certainly using a very old versions of the products exposes you to an extra risk!