Computer Virus Aboard the ISS 290
chrb writes "BBC News is reporting that laptops taken to the International Space Station by NASA astronauts are infected with the Gammima.AG worm. The laptops have no net connection; officials suspect the worm may have been transferred via a USB flash drive owned by an astronaut. NASA have said this isn't the first time computer viruses had travelled into space."
Re:Solid proof!!!! (Score:4, Informative)
Alas, while AV doesn't stop everything it is a lot better than not having it at all. A good AV scanner probably could have prevented this. Which again is why they should be giving them that little bit of training if they aren't already.
Who to believe? (Score:1, Informative)
Slashdot: "The laptops have no net connection"
Article: "The laptops infected with the virus were used to run nutritional programs and let the astronauts periodically send e-mail back to Earth."
Re:Even In Space (Score:1, Informative)
Nice one to get (Score:5, Informative)
From Symantec's site:
It then attempts to steal sensitive information for the following online games:
* ZhengTu
* Wanmi Shijie or Perfect World
* Dekaron Siwan Mojie
* HuangYi Online
* Rexue Jianghu
* ROHAN
* Seal Online
* Maple Story
* R2 (Reign of Revolution)
* Talesweaver
Oh noes, now how will the astronauts be able to play their Japanese MMO's?
Re:USB drive viruses (Score:2, Informative)
admin templates --> system --> turn off autoplay
though if you doubleclick on the drive letter in "my computer" you will run the autorun.inf on the drive - so untrusted drives , explore first.
Re:Solid proof!!!! (Score:3, Informative)
They stop really old Viruses like that one effectively, even CLamAV detects and cleans that one.
so yeah, AV would have prevented this one, it would have been effective.
Right... (Score:5, Informative)
So, on some computers which (A) have been there for years, and (B) have no network connection over which to download virus signature updates, somehow miraculously that AV software would be up to date and able to recognize the newest trojans. I don't know what AV software that is, but I want it too ;)
Or, I know, let's send Mordac up there with each Shuttle or rocket trip, to install those updates.
Oh yeah, and you so want to be up there on your own, when the retarded AV software after a buggy update decides one or more of the following:
- some critical Windows file looks suspicious and deletes it. It happened more than once IRL.
- some piece of binary data transmitted by or to your computer looks suspiciously like an obscure, outdated SQL-Server exploit, and shuts the program down and cuts off the network connection. I can personally testify that it happened to me in WoW, never mind that it wasn't on the right port, I had no version of SQL-Server installed, and it was on a connection to WoW that was on for 2 hours now and thus unlikely to be what a virus does. Or see the infamous "STARTLOGGER"/"STOPLOGGER" idiocy that made it possible for a while to disconnect anyone from IRC (and God knows what else) if they have Norton AV installed. Yeah, you so want that on a space station's computers.
- introduces a bigger vulnerability of its own than Windows has. At least one RL mass-pwnage, and of the format-your-hdd sort at that, happened over a buffer overflow vulnerability in IIRC McAffee's firewall. Or if you look in the history of Norton's patch notes, a _lot_ of them were patching old buffer overflow vulnerabilities in their AV software.
- suddenly decides that an otherwise legitimate piece of software is too dangerous, and just deletes it. It happened to me with one AV which decided that IRC is too dangerous a place and just removed my mIRC executable. Not because of some malicious code, or even vulnerability, in that version of mIRC, but just because apparently they considered it dangerous anyway. You so want to be up on a space station when such a piece of crap decides that your, say, telnet is too dangerous and must be stopped.
- loads itself in memory twice and slows everything down to a crawl. Happened to me, with an older version of McAffee's AV. Oh, and trying to stop or uninstall it, only stopped one of the copies.
- goes paranoid about protecting the user's "privacy", and prevents legitimate logins. Again, McAffee did that for me. Half the sites were so confused by whatever it did, that they simultaneously thought I'm logged in _and_ not logged in. I was starting to develop a deep empathy for Schroedinger's cat. You surely want that kind of thing randomly happening when you're trying to log into some more important thing up there.
Heh ;)
Re:Nice one to get (Score:3, Informative)
Those are all Chinese/Korean MMOs. Learn2geography.
Re:NASA needs Linux (Score:1, Informative)
Funny thing: after leaving this thread, I saw the Linux.com thing on the side of Slashdot. At the top was: PostPath: Enterprise-strength open source alternative for Exchange [linux.com].
The real question should be (Score:1, Informative)
Re:Solid proof!!!! (Score:2, Informative)
"In space, without Internet access, it's pretty clear that the AV software will not be kept up to date." .. i think that's an incorrect assumption, normally, they do have internet connections, so, it could easily be kept up to date. until of course, the virus brought down their internet connection, which is no different than what could happen here.
Re:Solid proof!!!! (Score:3, Informative)
EVEN clamav?
Man, clamav is better than most.
Re:Nice one to get (Score:1, Informative)
Pretty damn well. Those are mostly Chinese.
Re:One has to ask (Score:4, Informative)
Isn't this an FAQ?
These laptops are convenience machines, for writing reports, spreadsheets, maybe even a little gaming.
There is no connection between the laptops and the embedded computers that actually run the ISS systems, and those computers do NOT run Windows. For that matter, they probably don't run Linux, but more likely some 10 or 15 year old Unix variation that was already well proven when the ISS bids went out.
The laptops may connect to experiments - that I don't know.
Since they are convenience machines, with no planned networking, and since when they were put out for bid, Windows was the most convenient OS to use, that's what they have. That's also not to say that Linux laptop may not make it up there, some time.
Don't pretend that there's any sort of IT architecture on the ISS for anything but the base plan. Everything is spec and bid.
I would hope that they have image CDs up there, and not just for virus removal. I can see wanting to reimage some of the laptops for each new ISS crew, and some for each new shuttle visit. I wouldn't want to keep "history" on any of them - not without backup.
Re:Even In Space (Score:0, Informative)
Who is shilling for Bill Gates ?
Re:Solid proof!!!! (Score:3, Informative)
But, with no Internet connection, the AV software doesn't really need to be kept up to date.
Not exactly true. We are mandated to keep AV software updated (I think weekly) on our machines that aren't hooked to any network at all - internal or external. This isn't mandated by the IT department or Security or anything, but the DoD. Of course, these are the same rules that require three (or was it six?) feet of space between machines (even air conditioning units) from every other.
They should just toss a CD with the latest definition updates for AV software of choice in with the regular supplies. Problem semi-solved.
You're strawmanning (Score:2, Informative)
"ISS" doesn't use windows at all.. Most if not all of the actual hardware seem to be running on different versions of linux (mind you, quite a bit of the hardware is from around the Y2K or before, so you'll see p233s with 64mb ram running things).
The only things infected were a couple of laptops running "nutritional programs", (whatever the hell those are).. Even then, all ISSEarth communication goes through fairly tough screening, and is not directly linked to the 'net, so it's not as if planting trojans on astronaut's laptops is very useful, or challenging (seeing how the laptops weren't running AV Software, and are far from mission critical equipment).
anyway, see this possibly partial, old entry [linuxjournal.com] on what some parts of ISS are run on.
Re:No pun...? (Score:1, Informative)
Re:Solid proof!!!! (Score:3, Informative)
EVEN clamav?
Man, clamav is better than most.
How can I persuade my info security department of that given things like http://en.wikipedia.org/wiki/ClamAV#Comparisons [wikipedia.org] ?