PS3 virus?

D

DVFtaxman

Newcomer
I haven't seen this mentioned anywhere, but I'm curious whether the use of linux might make the system susceptible to virus'?
The way I'm thinking is that xblive is a closed network, which I'm assuming would allow them to cater for anything virus related at source (as well as making it more difficult for such to hit the network). However, I'm really curious as to the potential for virus to infect the PS3, and Sony's ability to police this?

I apologise if I sound a little vague, or misguided, but obviously I have limited knowledge of this area.
 
Don't get me wrong but when you are using Linux, you must be insanely stupid to succeed in that. Windows is completely in another level when you compare the number of viruses. Most of the viruses are made by people who run Linux so don't be worried about your system getting infected. I doubt its even possible to get your PS3 infected with a virus, even if it runs Linux.
 
Think PS3 as VMWare implemented in hardware. You install Linux onto VMWare, then the guest system (Linux) gets infected, but the host system is intact so you can just wipe out Linux and install it again.
 
A virus can only affec the PS3 system if there's a way to right to memory (Flash ROM or HDD OS or similar) that the system OS is using. We know the OS is writeable like PSP, but with sufficient safeguards a virus shouldn't be able to access that. On PSP you could have a file masquerade as a firmware update for example, and then an attack is executed from that. Such virus attempts would presumably need the user to choose to run it though.

Linux is separate from the system OS. It's an application, like a game. You could pick up a Linux virus that messes up your Linux install, but the rest of the PS3 and the XMB interface would remain intact.
 
A Linux-borne virus could only affect the Linux installation itself, and that's assuming it can take advantage of a local exploit to get superuser access.

There are plenty of viruses out there targeting Linux applications, but most of them are worms that exploit vulnerabilities in server applications (sendmail, ftpd, sshd, etc.). Also bear in mind that these viruses will need to be compiled for PPC to even run.

There will be some, but likely not many. They will probably need to attack servers listening on open ports rather than the Windows approach of virus-by-email transmission.
 
Ah, I was just thinking along the lines of someone writing a virus to actively and specifically attack the PS3, and figured linux to be a means of access - I hope that makes sense?
 
one said:
Think PS3 as VMWare implemented in hardware. You install Linux onto VMWare, then the guest system (Linux) gets infected, but the host system is intact so you can just wipe out Linux and install it again.
Click to expand...
That works as long as VMWare is impermeable, right?
 
What people keep forgetting is that you don't need superuser access to piss off the user, infect other machines, or cause havoc. Most malware today doesn't need superuser access or kernel mode to do most of its damage.

If you use PS3 Linux as a real computer, then you're going to have email, documents, bookmarks, pictures, videos, music, etc stored on the computer. You're gonna want to download and install useful or cool software on that OS. All of that stuff will be just as vulnerable to malware as it is on any other platform, despite Linux running in a VM.

Malware doesn't need superuser permission to open a listening port for remote access, scan for other vulnerable systems, delete or randomly corrupt the user's personal files, run a process in the background, randomly crash another application or web browser or any of a million things just as annoying to an average end user as corrupting or controlling the host OS would be.

The only thing malware needs at an absolute minimum, is a user naive enough to let it run despite any and all safeguards an OS might put in the way.
 
Last edited by a moderator:
There haven't been any successful viruses yet running on any Unix like OSs (Unix, Linux, OSX, FreeBDS) - not even one to date. That is in more than 30 years of existance. By successful viruses, I mean those that have actually spread successfully in the wild. Viruses have been written for Unix like OSes, but because being network OSes, security has always been more stringent than Windows, and that has prevented them from successfully spreading.

With Unix/OSX/BSD/Unix, you can exploit coding bugs such as x86 stack buffer overflows to gain root access (worms), but once that bug is fixed, that vulnerability is fixed for good - unlike Windows where a virus vulnerability remains for good because it exploits part of the Windows security model (or rather lack of it) and can't be fixed. In other words virus vulnerability in Windows is down to faults in the Windows security model itself (which can't be fixed without breaking applications) rather than faults in the code (which can be fixed). Hence the virus can come back if you don't install an anti-virus tool on Windows, while that doesn't happen in Unix like OSes.

One other thing - stack buffer overflow vulnerabilities - which make up the majority of security vulnerabilities are due to a peculiarity of processor architecture. On x86, it happens because the return address on the stack isn't protected against being overwritten by applications accessing local variables on the stack. This is not true of all architectures. Some non x86 architectures are immune to stack buffer overflow because the stack is protected. I am not sure about this, but It is possible that in the Power architecture, it is protected, in which case the PS3 would also be almost immune to worms as well.

Finally, Unix like OSes can be vulnerable to trojans (ie. programs the user is fooled into installing). However even these are easier to prevent on Unix like OSes, because applications and data, and system and user areas, are very rigidly separated in Unix like OSes, and it is possible to prevent programs running in user writable directories by mounting those as no-exec. Executables cannot then be run from those directories no matter what the user does.
 
Last edited by a moderator:
aaaaa00 said:
What people keep forgetting is that you don't need superuser access to piss off the user, infect other machines, or cause havoc. Most malware today doesn't need superuser access or kernel mode to do most of its damage.
Click to expand...

But your machine can't be infected without superuser rights, and you can even prevent applications from running in user writable areas of the filesystem if you want. The virus/trojan has to get onto your machine and be run in order to infect other machines. You can of course piss off Windows users by relaying on Windows viruses, although your machine might not be affected.

Macro-virus vulnerability is an issue however as is running IE with activeX. If you are running MS Office or IE under WINE/Codeweavers (which can be done) then there might be a problem, but the damage would be limited to the sandbox WINE/Codeweavers is given write access to. There could also be a problem with macro viruses on OpenOffice if OpenOffice decided to implement a slack security model like MSOffice which allowed macros to run automatically. So far though there have been no macro viruses on OpenOffice.

Malware doesn't need superuser permission to open a listening port for remote access, scan for other vulnerable systems, delete or randomly corrupt the user's personal files, run a process in the background, randomly crash another application or web browser or any of a million things just as annoying to an average end user as corrupting or controlling the host OS would be.
Click to expand...

On Linux/Unix only superusers can open port numbers below 1024, which prevents users masquerading as a server if you stick to ports below this number for servers. Using iproute and netfilter, you can also easily block services across a range of ports going out of your machine (eg. blocking smtp port 25 traffic going out of your machine from ports above port 1023 to stop spam trojans sending out emails), and you can even tag packets by user id and filter those in very sophisticated ways using netfilter (eg. you could block all packets from user "guest" going out to the Internet or from initiating new connections to a specified set of internal machines/ports).

The only thing malware needs at an absolute minimum, is a user naive enough to let it run despite any and all safeguards an OS might put in the way.
Click to expand...

You have always got this to fall back on. However it is mainly Microsoft who insists on using silly supposedly ease of use security flaws like having Outlook and Office run macros automatically, putting a backdoor like ActiveX into Windows etc. If Linux apps don't copy these "features" then the main vulnerability is plishing.
 
SPM said:
unlike Windows where a virus vulnerability remains for good because it exploits part of the Windows security model (or rather lack of it) and can't be fixed.
Click to expand...
Then how is it being fixed in Vista?
One other thing - stack buffer overflow vulnerabilities - which make up the majority of security vulnerabilities are due to a peculiarity of processor architecture. On x86, it happens because the return address on the stack isn't protected against being overwritten by applications accessing local variables on the stack.
Click to expand...
Actually, you can do software fixups using a canary. This is not as robust as a hardware solution. Most modern compilers support it, as far as I'm aware.

Also, x86 CPUs do offer hardware based stack protection by way of No Execute and works with Windows by way of DEP.
 
Sis said:
Then how is it being fixed in Vista?
Click to expand...

Is it being fixed as opposed to being PR? Microsoft has been claiming that Windows security has been improving for years, but there is no let up in worms, viruses, malware and trojans. The problem with fixing Windows security is that you break compatibility with most apps if you do so, and Microsoft can't really afford to do that. I am therefore somewhat sceptical about claims of Vista security. You will probably have a power user mode for backward compatibility, and most apps (and viruses) will run under that, because Windows XP home will be around for a while yet, plus viruses will have Microsoft's DRM to hide under to avoid third party anti-virus tools.

Actually, you can do software fixups using a canary. This is not as robust as a hardware solution. Most modern compilers support it, as far as I'm aware.
Click to expand...

There are safe C libraries, and libraries that insert bytes between the buffer and the return address on the stack to make the offset unpredictable, and of course safe languages that check for buffer overruns like Java C# etc. but people don't seem to use them because there are just as many buffer overflow vulnerabilities as ever. Presumably programmers don't want to pay the speed penalty.

Also, x86 CPUs do offer hardware based stack protection by way of No Execute and works with Windows by way of DEP.
Click to expand...

The no-exec feature should help, but buffer overflow problems are apparently still as common as they always were. Presumably this is because only on some x86 CPUs support it or no-exec isn't being turned on for some reason. Do you happen to know which ix86 architectures support it and whether there is any reason no-exec should not be enabled (compatibility reasons perhaps?)
 
It should be possible to write one. Malicious users can try to spread specially written PS3 malware via USB media, Email, websites, ... etc. These are different from existing Windows, UNIX or Mac ones.

As for the damage malware can cause, it depends on how well the Linux applications and guest OS are architected. Most likely it can only damage the Linux world (See one's post).

In the PS3 OS side, I assume code needs to be signed by Sony (as always), and at least some sort of required user action/confirmation to transfer things over, so the likelyhood is minimized (even if the code is downloaded directly via the native PS3 browser).

I'm not sure if PS3 OS implements the "canary" mechanism mentioned by Sis and SPM. If not, buffer overflow is still possible (i.e., malware get still get itself installed without user consent). If yes, the infected program will just die.

If all else fails, there are hardware mechanisms in PS3 to prevent a malicious program to write to sensitive area. So in the worst case, rebooting the PS3 should stop the spread. Although the damage might have been done (e.g., all Linux user files are deleted, may be necessary to reinstall some software).

In old/existing Windows, administrators could lose control over their machine to malware entirely.
 
Last edited by a moderator:
SPM said:
Is it being fixed as opposed to being PR?
Click to expand...
It is being fixed and, as you point out, there are compatibility issues. Most of these are addressed through compatibility shims, however. This link has a decent overview, but honestly, it looks like it will behave similar to Linux and OSX.
There are safe C libraries, and libraries that insert bytes between the buffer and the return address on the stack to make the offset unpredictable, and of course safe languages that check for buffer overruns like Java C# etc. but people don't seem to use them because there are just as many buffer overflow vulnerabilities as ever. Presumably programmers don't want to pay the speed penalty.
Click to expand...
With the amount of existing code, it's not terribly surprising. The hardest part, I believe, is that some overflows/underflows are just hard to detect. Use of fuzzers should be mandatory on all software being released.
The no-exec feature should help, but buffer overflow problems are apparently still as common as they always were. Presumably this is because only on some x86 CPUs support it or no-exec isn't being turned on for some reason. Do you happen to know which ix86 architectures support it and whether there is any reason no-exec should not be enabled (compatibility reasons perhaps?)
Click to expand...
There are a very few applications that break with no execute but I'm drawing a blank on what they were (I read about them a couple years ago). Apparently there is a way to mark an application as being exempt, allowing it to work (but this just opens up an attack vector--weakest link and all).

In terms of CPUs, AMD was the first, according to this report and looks to cover Athlon 64. It also mentioned that Intel was adding them to the Pentium 4. I would expect--but I haven't verified--that it is standard now in all new X86 chips.
 
patsu said:
I'm not sure if PS3 OS implements the "canary" mechanism mentioned by Sis and SPM. If not, buffer overflow is still possible. If yes, the infected program will just die.
Click to expand...
To be clear, canaries are inserted by the compiler and requires no special OS support. The no-execute, hardware based stack protection would require OS and Cell support.

It would seem to me that the browser would be the biggest attack vector, especially if an add-in (or some other process) can sniff keystrokes or peak at credit card information. Is the browser that's used for the online 'store' (also the same as the one in the XMB?) based on one of the open source browsers, or is it an in-house Sony browser?
 
I stand corrected. I should have said... "Anti-buffer-overflow facilities" instead of "Canary mechanism". PS3 should be using the OS + hardware level approach since it has no baggages. I suspect Sony is using some form of Opera as its web browser ?

That said, I seem to recall some startup trying to insert "Canaries" retrospectively into existing (selective) apps. Can't remember the startup's name anymore. I'd imagine it's a nightmare to use/develop.

Also... all these virii scares would apply to PS3, Wii and Xbox 360 since they all receive and try to interpret data from somewhere else. But the risk should be low, and it should not stop the 3 companies from exploring new areas in gaming/entertainment.
 
Inane_Dork said:
That works as long as VMWare is impermeable, right?
Click to expand...
Impermeable from the inside, or the outside? I was merely commenting in the context of the OP, it's very unlikely that the Linux as a guest OS can affect "the system" which is the BIOS and the hypervisor in the PS3 firmware.

Problems such as the libtiff vulnerability in the PSP photo viewer may appear later for the PS3 main OS, but I don't think limiting user options and closing non-proprietary interfaces is the way to go.

As for the web browser in the PS3 OS, it's likely the same brand as the PSP.
http://www.access-company.com/products/netfrontinternet/index.html
 
I think I'm more interested on the whole bluetooth protocol PS3 has since cellphones that have bluetooth enabled could get infected with a virus through it (bluetooth). It already happened to me twice :( . Although I've already seen some anti virus software for it (cell phones.)
 
Last edited by a moderator:
one said:
As for the web browser in the PS3 OS, it's likely the same brand as the PSP.
http://www.access-company.com/products/netfrontinternet/index.html
Click to expand...

There has been rumors on a Dutch site that the PS3 version is actually going to be Opera. This could explain a few things, like youtube support (PSP doesn't have it), better than Flash 6 support (PSP is stuck at 6.0), and a current different handling of downloadable files (PSP does support it, but Phil mentioned there were limitations for downloading attachments from Gmail for instance on the PS3).

For now I can't verify the source of that rumor though, so it's strictly a rumor.
 
There are a very few applications that break with no execute but I'm drawing a blank on what they were (I read about them a couple years ago). Apparently there is a way to mark an application as being exempt, allowing it to work (but this just opens up an attack vector--weakest link and all).
Click to expand...

The divx codec was a good example, as it dynamically generated it's decoder code at runtime (IIRC). The way to solve it, at least in the windows world, is to use virtualAlloc, which allocs memory you can exec from.

I'd say (as opinion) most viruses propagate through user naivete. Either through unpatched/not up to date security, or doing stupid things, like opening money_now.exe in an email from nigeria. You can design a system to deal with the former (auto update). You can design applications to deal with the latter. But both still require a competent user.

The question I'd have would be how locked off sony will make the system. Will the linux install have access to even the BDR drive? downloaded movies/content, etc. Do they want the next xbox-media-centre? And if so in what form.

As for language level problems - buffer overflows etc - even managed languages aren't perfect. Look up java on secunia and it has around 30 entries per version. .Net has faired a lot better (1.1 had 11, 2.0 has 2). I've heard whispers that during the 1.1 -> 2.0 change far, far more 'potential' security holes found (and plugged) when they did a complete spec analysis. If memory serves the two 2.0 fixes have been in helper libraries in system.web/asp.net.
 
You must log in or register to reply here.

Similar threads

S
SDL_Gpu API, SDL 3.0 ... New cross-platform graphics API.
Replies
1
Views
1K
Lurkmass
L
Cyan
Play on your PC as if it was a console, on Linux, Windows, etc.
Replies
1
Views
925
Cyan
Cyan
R
Valve just pushed out a massive Steam Beta Client Update (UI improvements, new features)
Replies
2
Views
882
Pressure
P
I
Possible rasterization pop-in/too fast frame delivery on LG OLED A2?
Replies
18
Views
2K
inlimbo
I
Shifty Geezer
Feedback wanted on game project [PC Web] *self promotion
2
Replies
25
Views
3K
Shifty Geezer
Shifty Geezer
Back
Top