August 21, 2009
Yesterday there was a flurry of posts regarding the Delphi virus alert regarding W32/Induc-A. Some are worth referring, as the overall discussion this has started is quite interesting (and rather high level).
Yesterday there was a flurry of posts regarding the Delphi virus alert regarding W32/Induc-A. Some are worth referring, as the overall discussion this has started is quite interesting (and rather high level). Here is a list of relevant posts:
- First of all, Embarcadero is full aware of this, and Allen Bauer has posted a very interesting blog entry, A Tempest in a Teapot or something more sinister?, about the problem. Allen says:"At this point, here at Embarcadero, we’re actively analyzing situation and overall impact to our community. We’re also working on recommendations about how to find out if you’re infected and what to do once you see that you are. Throughout all this we’re working on recommended steps can you take to guard against re-infections."
- Craig Stuntz has a very nice post referring to Ken Thompson’s Turing Award Speech, which I find very intriguing. For one of my major applications I compile in a dedicated virtual machine I never touch, to avoid any unrelated side effect in chages I'd to to components or other configuratiojn issues. This is much easier to do as that's a Linux program compiled with Kylix.
- There is a good summary (with interesting suggestions) on Tim Anderson blog, #34ing also my previous post.
- The article on The Register has an interesting set of comments, including one by product manager Micheal Rozlog.
- Thomas Pfister has a first hand account.
Again, the virus itself is not apparently producing any real damage, rather than spreading itself to Delphi installations. If you are currently compiling from old versions of Delphi (4 to 7) check your installation or test with an anti-virus one of the programs you compile. If affected, however, go look for the program that brought you the infection, or your system units will be affected again.
There is one thing I wanted to add in defense of Embarcadero: the fact they are taking seriously a thread to a development environment that's many years old and not on sale any more, is certainly positive. What would have Microsoft done to a Word 2003 virus rather than suggesting users to upgrade? Still, when considering the overall cost of upgrading your Delphi installation you shoudl add the benefit of a mroe controlled environment: certainly using a very old versions of the products exposes you to an extra risk!
posted by
marcocantu @ 11:52AM | 9 Comments
[0 Pending]
9 Comments
More on the Delphi Virus Alert
I am sure the virus has been written by Mr. Hodges.
After endless attempts to convince people to migrate
from previous Delphi versions, especially Delphi 7
(there's no reason to try about D8, 2005 or 2006,
people jumped away from them ASAP), in the dark of
his office he found no better way to have antivirus
detecting older Delphi releases as infected and scare
users to force them to upgrade.
Or maybe it just attacks Delphi 7 and older releases
because the writer never upgraded too?
Comment by Luigi D. Sandon on August 21, 12:05
More on the Delphi Virus Alert
Luigi,
I think you are right on the last point. The virus
writer never upgraded!
Comment by Marco Cantu
[http://www.marcocantu.com]
on August 21, 12:08
More on the Delphi Virus Alert
What would have Microsoft done to a Word 2003 virus
rather than suggesting users to upgrade?
I believe there will be security bulletin notification
and accompanied hot fix.
Microsoft support policy is clearly stated at
http://support.microsoft.com/lifecycle/?LN=en-
us&x=13&y=9
http://support.microsoft.com/lifecycle/?p1=2488
Regards,
Comment by Lex Li
[http://blogs.msdn.com/lexli]
on August 21, 13:37
More on the Delphi Virus Alert
You know Marco, the virus source code is out there,
and with a few lines of code it could be changed to
infect BDS2006, RAD2007, 2009 and 2010, couldn't it?
Maybe something like that is already spreading, and we
will know only months ahead. So this is not a good
reason to upgrade.
Best regards
Comment by Alexandre Machado
[http://alexandrecmachado.blogspot.com]
on August 21, 13:40
More on the Delphi Virus Alert
>> "I am sure the virus has been written by Mr. Hodges."
>> "scare users to force them to upgrade"
This is totally pointless :) Don’t forget that Delphi’s
“users” are no ordinary users, but programmers. Now tell
me, how many programmers will be scared of such a
threat? This virus, I think, is just a joke :)
Comment by ua.Skywalker
[http://www.subtlesoft.com]
on August 21, 18:02
More on the Delphi Virus Alert
It affects only D7 apparently, but what will happen if
the virus "mutate" and affect newer versions? the
mechanism of the virus could be the same.
Comment by on August 21, 18:08
More on the Delphi Virus Alert
Luigi,
"I am sure the virus has been written by Mr. Hodges."
I certainly hope you're being facetious, because that
is a very serious accusation.
Comment by Allen Bauer
[http://blogs.embarcadero.com/abauer]
on August 21, 20:25
More on the Delphi Virus Alert
I guess Marco understood I was kidding even if no
emoticons or the like were present, otherwise I
believe he wouldn't have published my comment, nor
replied to it that way.
I thought it was an obvious joke about the fact that
the virus infects only those older releases and the
emphasis about upgrading.
If it was not and someone felt offended, I apologize
for it.
Comment by Luigi D. Sandon on August 22, 02:08
More on the Delphi Virus Alert
Today i've installed Delphi 7 on a pc with no virus
(windows 7 beta 2)
I've problems with virus alert on the laptop, so i
tried to put it on a different pc and os from scratch
well after finishing, i started delphi, put simply a
button on a form and, when trying to compile, i got
the virus alert.
On the laptop the problems started 3 days ago....
I think there may be problems with AV engines (i use
avast prof. on the laptop, avg 8 full on the pc with
windows 7)
Comment by andrea on September 11, 18:16
Post Your Comment
Click
here for posting
your feedback to this blog.
There are currently 0 pending (unapproved) messages.
