Alien computer viruses?


log in

Advanced search

Message boards : News : Alien computer viruses?

Previous · 1 · 2 · 3 · 4
Author Message
OzzFan
Volunteer tester
Avatar
Send message
Joined: 9 Apr 02
Posts: 13541
Credit: 29,307,454
RAC: 14,943
United States
Message 1261121 - Posted: 16 Jul 2012, 14:04:33 UTC - in response to Message 1261019.

You have been looking for how many years?


The SETI effort itself has been going on a few decades. SETI@Home has been searching officially since April of 1999.

And you post this kind of story?


Creating stimulating discussion and discourse is always a good thing.

I understand your trying to hook a number of computers to run this search but you really have to explain it truthfully.


I see nothing that suggests they've done otherwise.

You have to Tell them we have Norton AV and it checks all incoming packages of info.


Please tell me you're kidding. Every Anti-Virus program on the market works through virus signature files, which implies the virus must be discovered and a signature created, then the signature gets added to a "definitions" file. Being that we are working with largely random data, the probability of this random data having the same signature as a known virus is very high. So high in fact that several false-positives have been reported by users in the past.

You could do heuristics scanning, but that's largely guesswork and isn't ideal for catching an alien embedded virus.

Except the info is coming from 300 light years away. Just a minor problem right?


Not at all. If the virus is programmed similar to a computer worm but has an intelligence like we've never seen, it could easily infect our entire infrastructure.

However, I personally believe the optimal way to launch an attack on our civilization would be to go after our satellite communication devices.

wulf 21
Send message
Joined: 18 Apr 09
Posts: 75
Credit: 12,844,126
RAC: 3,788
Germany
Message 1261150 - Posted: 16 Jul 2012, 16:07:33 UTC

article wrote:
Siemion stressed that this doesn't apply to such projects as SETI@Home and Astropulse, which he said are "thoroughly vetted by very competent computer security professionals, and every effort is made to ensure [their] safety."



What exactly is meant by that? That buffer overflows can't happen within the SETI@home and Astropulse software?

Well, I guess since thousands of users are working with lots of random data here, that any data sequence that could cause a buffer overflow should have occured mutiple times by now. If that is the case then we can consider the client apps being completely overflow-free. Therefore any harmful code within our workunits, be it written by ETI or another I (means: human hacker), would never be executed.

Well if the above is correct (There still might be an error within this chain of argument), then, provided you run the original software from Berkely and that there was no malevolent programmer involved in writing it, SETI@home is perfectly safe.

OzzFan
Volunteer tester
Avatar
Send message
Joined: 9 Apr 02
Posts: 13541
Credit: 29,307,454
RAC: 14,943
United States
Message 1261157 - Posted: 16 Jul 2012, 16:55:57 UTC - in response to Message 1261150.
Last modified: 16 Jul 2012, 17:11:45 UTC

Well, I guess since thousands of users are working with lots of random data here, that any data sequence that could cause a buffer overflow should have occured mutiple times by now. If that is the case then we can consider the client apps being completely overflow-free. Therefore any harmful code within our workunits, be it written by ETI or another I (means: human hacker), would never be executed.


That is correct. The science applications are the ones performing the analysis and are therefore the only thing executing any code on our systems. The random data in the workunits is not executed/executable and therefore could not cause a buffer overflow or even execute a virus on our systems. A buffer overflow would have to come from the science app itself.

Well if the above is correct (There still might be an error within this chain of argument), then, provided you run the original software from Berkely and that there was no malevolent programmer involved in writing it, SETI@home is perfectly safe.


Agreed, but the above pertains to all software. You have to trust who it comes from before you can feel safe about assuming that there is no malevolent programmers writing malicious code that will execute on your system. I would imagine that if the SETI@Home code developers were to be that malicious, there would be enough reports of issues abound. Also, the SETI@Home developers have released their code as Open Source, allowing anyone who understands written code to review their work and possibly improve upon it - hence why there is a third-party option at SETI@Home known as the Lunatics Optimized Apps.

braunfeld
Send message
Joined: 25 Feb 09
Posts: 12
Credit: 2,089,890
RAC: 1,328
United States
Message 1261293 - Posted: 16 Jul 2012, 22:01:22 UTC - in response to Message 1252813.

what is the word for the emote %)?

FredF59
Send message
Joined: 2 Jan 09
Posts: 1
Credit: 1,387,820
RAC: 933
Germany
Message 1261300 - Posted: 16 Jul 2012, 22:15:28 UTC

Keine Aliens in Sicht. Also auch kein Virus. Ausser bei Spielberg's Falling Skies. Mfg FredF59

Horacio
Send message
Joined: 14 Jan 00
Posts: 536
Credit: 68,826,683
RAC: 89,995
Argentina
Message 1261704 - Posted: 18 Jul 2012, 6:49:02 UTC - in response to Message 1261157.

Well, I guess since thousands of users are working with lots of random data here, that any data sequence that could cause a buffer overflow should have occured mutiple times by now. If that is the case then we can consider the client apps being completely overflow-free. Therefore any harmful code within our workunits, be it written by ETI or another I (means: human hacker), would never be executed.


That is correct. The science applications are the ones performing the analysis and are therefore the only thing executing any code on our systems. The random data in the workunits is not executed/executable and therefore could not cause a buffer overflow or even execute a virus on our systems. A buffer overflow would have to come from the science app itself.


I agree, but... the science apps are not perfect, BOINC is not perfect, the compilers are not perfect, libraries are not perfect, drivers are not perfect, the OSs are not perfect, and the hardware is not perfect... so there is some probability to find a certain bug that could be exploited to do something like branching the execution of a valid app to a certain address in memory where the data is stored...

Anyway, to do it, the aliens will need first to get a copy of our current technology, study it, find a bug to exploit, write some clever code and then send it back to us... but unless they are close enough in the space, by the time that code comes here it will be useless as the software for which it was designed will be deprecated several years ago... IIRC, the closest star is at 4 light years, I doubt any current software will still be running (without any upgrade) in the next 8 years.




____________

OzzFan
Volunteer tester
Avatar
Send message
Joined: 9 Apr 02
Posts: 13541
Credit: 29,307,454
RAC: 14,943
United States
Message 1261774 - Posted: 18 Jul 2012, 11:36:40 UTC - in response to Message 1261704.

Well, I guess since thousands of users are working with lots of random data here, that any data sequence that could cause a buffer overflow should have occured mutiple times by now. If that is the case then we can consider the client apps being completely overflow-free. Therefore any harmful code within our workunits, be it written by ETI or another I (means: human hacker), would never be executed.


That is correct. The science applications are the ones performing the analysis and are therefore the only thing executing any code on our systems. The random data in the workunits is not executed/executable and therefore could not cause a buffer overflow or even execute a virus on our systems. A buffer overflow would have to come from the science app itself.


I agree, but... the science apps are not perfect, BOINC is not perfect, the compilers are not perfect, libraries are not perfect, drivers are not perfect, the OSs are not perfect, and the hardware is not perfect... so there is some probability to find a certain bug that could be exploited to do something like branching the execution of a valid app to a certain address in memory where the data is stored...

Anyway, to do it, the aliens will need first to get a copy of our current technology, study it, find a bug to exploit, write some clever code and then send it back to us... but unless they are close enough in the space, by the time that code comes here it will be useless as the software for which it was designed will be deprecated several years ago... IIRC, the closest star is at 4 light years, I doubt any current software will still be running (without any upgrade) in the next 8 years.


I don't believe I ever claimed our stuff was perfect. The point I was making is that an alien virus could not be spread through the workunits because the workunits are un-executed data and not code. Our code doesn't need to be perfect unless there is a way to execute foreign code on our systems, such as an alien virus. That comes back to trust in the software you use.

wulf 21
Send message
Joined: 18 Apr 09
Posts: 75
Credit: 12,844,126
RAC: 3,788
Germany
Message 1261888 - Posted: 18 Jul 2012, 16:45:45 UTC - in response to Message 1261774.
Last modified: 18 Jul 2012, 16:48:30 UTC

I don't believe I ever claimed our stuff was perfect. The point I was making is that an alien virus could not be spread through the workunits because the workunits are un-executed data and not code. Our code doesn't need to be perfect unless there is a way to execute foreign code on our systems, such as an alien virus. That comes back to trust in the software you use.


Well, I think the point Horacio was making is that there actually exist bugs that can lead to data being executed as if it were code. There is no physical seperation between data and code in the system memory, that seperation is purely logical. That's the only reason why a feature like Data Execution Prevention exists and is by default turned on for critical windows system files.

Hence my question: Can we rule out the existence of this type of bug in the SAH software because it should have occured multiple times by now simply because of the amount of random data being processed?

OzzFan
Volunteer tester
Avatar
Send message
Joined: 9 Apr 02
Posts: 13541
Credit: 29,307,454
RAC: 14,943
United States
Message 1261902 - Posted: 18 Jul 2012, 17:14:41 UTC - in response to Message 1261888.

I don't believe I ever claimed our stuff was perfect. The point I was making is that an alien virus could not be spread through the workunits because the workunits are un-executed data and not code. Our code doesn't need to be perfect unless there is a way to execute foreign code on our systems, such as an alien virus. That comes back to trust in the software you use.


Well, I think the point Horacio was making is that there actually exist bugs that can lead to data being executed as if it were code. There is no physical seperation between data and code in the system memory, that seperation is purely logical. That's the only reason why a feature like Data Execution Prevention exists and is by default turned on for critical windows system files.

Hence my question: Can we rule out the existence of this type of bug in the SAH software because it should have occured multiple times by now simply because of the amount of random data being processed?


Agreed about the code and data execution. It also helps that BOINC runs in a completely sand boxed environment which minimizes the risk of a virus infecting the entire machine.

Can it be ruled out? I suppose that depends on the user's level of paranoia and the effectiveness of the security implementations in place. I personally don't think it is large enough of an issue to worry about, but others may not feel the same.

Profile Hamed Golamraj Elyasi
Send message
Joined: 9 Dec 10
Posts: 1
Credit: 24,815
RAC: 0
Iran
Message 1262312 - Posted: 19 Jul 2012, 21:10:06 UTC - in response to Message 1252673.
Last modified: 19 Jul 2012, 21:39:02 UTC

it seems your link is broken in some gateways! but i could load it by changing my settings.
human is addicted to digital life, but there are many security bugs, in fact our digital technology is not a completed technology so every thing is possible in this field!
____________

feifeiCai
Send message
Joined: 22 Jun 12
Posts: 1
Credit: 10,858
RAC: 0
China
Message 1263748 - Posted: 23 Jul 2012, 16:35:20 UTC

你们都给我说中文,OK?
____________

OzzFan
Volunteer tester
Avatar
Send message
Joined: 9 Apr 02
Posts: 13541
Credit: 29,307,454
RAC: 14,943
United States
Message 1263760 - Posted: 23 Jul 2012, 17:02:02 UTC - in response to Message 1263748.

你们都给我说中文,OK?


You can translate using http://translate.google.com/

可以使用这个翻译 http://translate.google.com/

傅恒新
Send message
Joined: 30 Jun 12
Posts: 1
Credit: 50,243
RAC: 0
China
Message 1264287 - Posted: 26 Jul 2012, 0:57:13 UTC - in response to Message 1263748.

终于看到一个会中文的!!

Previous · 1 · 2 · 3 · 4

Message boards : News : Alien computer viruses?

Copyright © 2014 University of California