.Net virus 'not high threat'

Microsoft's newest software platform, .Net, gets a good security grade from New Zealand developers, despite being targeted by its first virus.

Microsoft's newest software platform, .Net, gets a good security grade from New Zealand developers, despite being targeted by its first virus.

The donut virus, which surfaced early this month, doesn’t have Auckland developer Jose Luis Fowler too worried.

“It’s a virus, but the whole .Net platform is secure if applications have been designed in a secure manner,” he says. “It’s not doing anything different to other viruses.”

The W32/Donut virus, believed to have been written in the Czech Republic, attacks files in .Net but doesn’t spread automatically by email, having to be mailed directly or downloaded. The virus’s trademark is the appearance of a box declaring “This cell has been infected by dotNET virus!”

Symantec NZ country manager Richard Batchelar says he knows of only two businesses in New Zealand that have been affected by the virus and says it is a “low to medium-scale alert”.

Ron Gramann, managing director of Wellington developer Incognita, believes the real significance of the donut virus is it will hopefully serve as an incentive for developers to bone up security.

“When developing in .Net there are many security options, ranging from IIS security, Windows security, Windows Security and .Net security,” he says. “.Net security is expensive, configurable and somewhat complex, but like anything else, you have to know what you’re doing. I think Microsoft has provided a solid security model in .Net and it’s up to developers to learn it, understand it and use it.”

Incognita has used the beta version of Visual Studio .Net to build its website, as did Christchurch rural software developer iAgri, which plans to launch its Landmark finance and livestock administration product suite as a .Net service this year.

Chief executive Sinclair Hughes says while the project isn’t yet fully deployed, “we’re waiting to see what our virus protection vendor and Microsoft come up with”.

In an “open letter” dated January 10, Microsoft’s .Net framework team states “this virus is a piece of native code a user would need to run to be infected. This could only affect users who downloaded and ran the program from an untrusted source, but the dangers of doing this are well-known. This virus is not a ‘.Net virus’, but simply a native executable that elects to modify only applications written for the .Net framework in the MSIL [Microsoft Intermediate Language] PE format. The method of infection is the same as many much older viruses.”

The virus affects programs with the .exe extension.

Join the newsletter!

Error: Please check your email address.

Tags .Net virus

More about LandmarkMicrosoftSymantec

Show Comments
[]