Computer Virus Aboard the ISS

chrb writes "BBC News is reporting that laptops taken to the International Space Station by NASA astronauts are infected with the Gammima.AG worm. The laptops have no net connection; officials suspect the worm may have been transferred via a USB flash drive owned by an astronaut. NASA have said this isn't the first time computer viruses had travelled into space."

One has to ask

What *Windows* is doing in space in the first place.

Re:One has to ask

My thoughts exactly. There is no reboot after you hit the Blue Planet Of Death...

*ducks*

Re:One has to ask

What *Windows* is doing in space in the first place.

I've always thought that opening Windows on a space ship is a bad thing

Re:One has to ask

I've always thought that opening Windows on a space ship is a bad thing

Yes, the results would prove conclusively that Windows quite literally suck(s).

I'd be willing to wager

that Captain Kirk picked up something nasty from those green bitches. Damn space viruses.

If i know my star trek...

The virus is actually an alien computer system attempting to interface with the station's computer systems.
Kirk: Spock __ Can __ you translate __ their message? Spock: Yes Captain. The message is, "Do you wish to enlarge your penis?" Kirk: Make it so...

NASA needs Linux

This is even further proof that NASA(as well as most every other major organization) needs to move away from the virus laden, insecure, corporate blunder we call Microsoft. Sure Exchange is a great mail system but its still just an iteration of a wheel that was created long before it. Were a giant like NASA or Boeing or Lockheed Martin or the US Govt itself to step away from the Microsoft Corporation, we'd start to see whatever the new adoptee was (preferably Linux) take some serious light and hopefully outshine the Gates machine.

Re:NASA needs Linux

This isn't necessarily a problem with Microsoft/Windows (although they certainly could have had a better security system), it's a problem with monoculture. Each vulnerability discovered opens up mind-bogglingly large amounts of computers to hacking, so all of the black hats are focusing their efforts on one small goal (making at least one of them succeed very quickly). This also means that exploits relying on uncommon settings (ones that rely on the target having say, two separate unrelated applications installed) are researched, where they might not have been worth the effort otherwise.

Although you have a point about big companies stepping away from Microsoft. Linux is open source, no-architecture-lock-in, and comes with so many different distros with so many different default settings, that the monoculture problem would be replaced with many-more-but-easier-to-manageable problems (think "Asteroids"). The other advantage that a polyculture OS world would offer is halting the SPREAD of the virii - if an exploit relies on someone to have XYZ system/configuration, it wouldn't necessarily be able to spread through the "fire-breaks" of ABC or DEF systems/configurations (and since most home computers nowadays are Microsoft's XYZ systems/configurations, there's no "fire breaks").

Geez...

Network security really isn't that hard! It isn't like it's rocket scie... oh... nevermind...

This sounds like a great movie plot...

Will there be an Andromeda Strain of this Virus?

Nice one to get

From Symantec's site:

It then attempts to steal sensitive information for the following online games:

        * ZhengTu
        * Wanmi Shijie or Perfect World
        * Dekaron Siwan Mojie
        * HuangYi Online
        * Rexue Jianghu
        * ROHAN
        * Seal Online
        * Maple Story
        * R2 (Reign of Revolution)
        * Talesweaver

Oh noes, now how will the astronauts be able to play their Japanese MMO's?

No internet??

Q. Where do these NASA guys get their pr0n from?

A. Oh yeah.. the USB drive.

the laptops have no net connection ..

"The laptops have no net connection .."

So, how do they send/receive email ..

"The laptops infected with the virus were used to run nutritional programs and let the astronauts periodically send e-mail back to Earth"

So, they do have a net connection ..

"The laptops carried by astronauts reportedly do not have any anti-virus software on them to prevent infection"

So how did they detect the 'infection' by the Gammima.AG worm ..

"The ISS has no direct net connection"

How do the laptops send/recieve email .. speculation by a slashdot reader don't count ..

--

"We are having a hard time understanding the how and why [wired.com], but everything is working", Commander Bill Sheperd Feb 2001

Re:the laptops have no net connection ..

I think the summary is incorrect. From TFA:

The ISS has no direct net connection and all data traffic travelling from the ground to the spacecraft is scanned before being transmitted.

Having no network connection and no direct net connection are different things. I suspect it means that the ISS has some form of network connection to NASA's internal network, but does not have any access to the Internet.

Re:Solid proof!!!!

Wow, someone who actually believes AV software stops viruses effectively?

Re:Solid proof!!!!

The reason NASA didn't bother with AV is because there's no pressure on their IT department. In a normal office, the IT department usually gets screamed at when computers don't work. But in space, nobody can hear you scream.

Re:Solid proof!!!!

You don't really understand. There is nothing they could have done to prevent the worm. The astronaut was installing Outlook which asked them to "close all software like antivirus and firewall which may interfere with the installation". The rest is history...

Re:Solid proof!!!!

One should expect this kind of thing, being intelligent doesn't automatically mean you are proficient with computers. Perhaps NASA should give their personnel a quick refresher on computer security.

Alas, while AV doesn't stop everything it is a lot better than not having it at all. A good AV scanner probably could have prevented this. Which again is why they should be giving them that little bit of training if they aren't already.

Re:Solid proof!!!!

Antivirus software is typically only effective if regularly updated. In machines that aren't networked, getting these updates is very tricky.

Re:Solid proof!!!!

Honestly though, Why the hell dont the laptops have anti virus software? if they are going to run a OS that is targeted by the bulk of viruses out there then it's dumb to send it up without AV software installed.

It looks like Mark Shuttleworth [wikipedia.org] might have to make another trip up there to drop off some Ubuntu disks.

Right...

So, on some computers which (A) have been there for years, and (B) have no network connection over which to download virus signature updates, somehow miraculously that AV software would be up to date and able to recognize the newest trojans. I don't know what AV software that is, but I want it too ;)

Or, I know, let's send Mordac up there with each Shuttle or rocket trip, to install those updates.

Oh yeah, and you so want to be up there on your own, when the retarded AV software after a buggy update decides one or more of the following:

- some critical Windows file looks suspicious and deletes it. It happened more than once IRL.

- some piece of binary data transmitted by or to your computer looks suspiciously like an obscure, outdated SQL-Server exploit, and shuts the program down and cuts off the network connection. I can personally testify that it happened to me in WoW, never mind that it wasn't on the right port, I had no version of SQL-Server installed, and it was on a connection to WoW that was on for 2 hours now and thus unlikely to be what a virus does. Or see the infamous "STARTLOGGER"/"STOPLOGGER" idiocy that made it possible for a while to disconnect anyone from IRC (and God knows what else) if they have Norton AV installed. Yeah, you so want that on a space station's computers.

- introduces a bigger vulnerability of its own than Windows has. At least one RL mass-pwnage, and of the format-your-hdd sort at that, happened over a buffer overflow vulnerability in IIRC McAffee's firewall. Or if you look in the history of Norton's patch notes, a _lot_ of them were patching old buffer overflow vulnerabilities in their AV software.

- suddenly decides that an otherwise legitimate piece of software is too dangerous, and just deletes it. It happened to me with one AV which decided that IRC is too dangerous a place and just removed my mIRC executable. Not because of some malicious code, or even vulnerability, in that version of mIRC, but just because apparently they considered it dangerous anyway. You so want to be up on a space station when such a piece of crap decides that your, say, telnet is too dangerous and must be stopped.

- loads itself in memory twice and slows everything down to a crawl. Happened to me, with an older version of McAffee's AV. Oh, and trying to stop or uninstall it, only stopped one of the copies.

- goes paranoid about protecting the user's "privacy", and prevents legitimate logins. Again, McAffee did that for me. Half the sites were so confused by whatever it did, that they simultaneously thought I'm logged in _and_ not logged in. I was starting to develop a deep empathy for Schroedinger's cat. You surely want that kind of thing randomly happening when you're trying to log into some more important thing up there.

Heh ;)

Re:Solid proof!!!!

So much for extrans.

I _FAIL_

Re:Solid proof!!!!

Honestly though, Why the hell dont the laptops have Minix?

Because Minix doesn't support text formatting.

Re:No antivirus?

>p>To be fair, it's because they know the real reason that the Mir space station came down ...

"Norton Antivirus has detected that the following file is infected with a virus:

gyrocontrol.dll

The infected file has been deleted

Re:digital genocide

If they're not more careful, we might find someday intelligent artificial life out there... and kill it.

Yes, because intelligent artificial lifeforms will definitely be running windows Vista on an x86 architecture.