On Sat, Jun 8, 2013 at 11:55 AM, Harley Acheson <harley.ache...@gmail.com>wrote:
> Something quite important has to happen in order to turn a one-to-one > attack into a virus-like problem. > > As "patient zero" I get the first bad blend. It can't immediately do > something bad to me or that is the end of the infection as I will not be > able to infect anyone else. Instead it needs to make it so that any new > files I create (and/or old ones) contain the same bad behavior. Otherwise > it can't replicate. > > So isn't the answer simple? Just not allow a *script* to set any settings > related to the auto-running of scripts? > Unless it manipulates the to-be infected files directly. Old boot sector viruses could do what they needed in a few hundred bytes (if not far less) and only with basic BIOS/DOS services available.. Now compare that with what power a python script has at its disposal and try to imagine what it "can't" do. All that is needed is to get a [normally] "trusted" source of .blend files to open one infected file with autorun (due to overconfidence, being rushed, sleep deprivation, distracted by pets/kids/spouse, etc..) and now everyone using future releases of their "trusted" files are at high risk. This is Virus Propagation 101. Even that [presumed safe] commercial DVD of blender media isn't 100% immune to passing viruses along.. many years ago I worked somewhere in which there was a virus on the mouse driver floppy as-is from the computer vendor. While things like this are rare, they can happen (admittedly more so when virus scanners were uncommon/non-existent). -Chad _______________________________________________ Bf-committers mailing list Bf-committers@blender.org http://lists.blender.org/mailman/listinfo/bf-committers