Beefy Boxes and Bandwidth Generously Provided by pair Networks
Perl-Sensitive Sunglasses

comment on

( #3333=superdoc: print w/replies, xml ) Need Help??
First, the singular form of "virus" is "virus", not "viri". Second, the plural form of "virus" is "viruses", not "virii". Third, there is a cogent discussion of this issue at Morality of posting Perl "virus" code and perhaps how to protect against such viruses at Virus protection for Perl scripts.

Fourth, I don't see why this node should be reaped-- at least let the author take the downvotes. The code is still here, and anybody with half a clue and minimal knowledge of Perl could figure it out anyway. Just for the mental exercise... This script avoids doing a lot of things a good virus might: checking to see if it's root and infecting core modules; checking to see if a script is too small and not infecting it-- a virus() function in a 100 line script might be visible, in a 5000 line script it might go unnoticed; building the function into a BEGIN or END block and shoving it in the middle somewhere (even better if "middle" is in the middle of a big block of POD, if the documentation is stable, a programmer doing maintenance might never look there); then, the sheer size of the added code makes it easy to spot, but this just as easily could've been a fairly concise obfuscated snippet... the sort of thing we might pass off if we saw it in someone else's script (like stuff we downloaded) as either advanced wizardry or cargo-cult code. Finally, this code is not cross-language, but it could easily be modified to work from and infect other scripting languages.

To me, the very idea that we should try to keep a lid on this stuff is counter-productive. Anybody using scripting languages in a professional or other setting where security is a concern needs to be *very* aware of the danger of using foreign code. In fact, as a frequent user of CPAN modules, I have to ask: how hard is it to get a CPAN account? Could someone easily make a throwaway identity and upload a trojaned module? Is someone reviewing all of the code posted to CPAN? It's hardly responsible to spout off things like "use the module" to folks who are busy reinventing the wheel (at least non-core-module wheels) if there is a real security risk involved in doing so.

In reply to Re: simple perl viri by ichimunki
in thread Problem with quotes by nighthawk_

Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post; it's "PerlMonks-approved HTML":

  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.
  • Log In?

    What's my password?
    Create A New User
    and the web crawler heard nothing...

    How do I use this? | Other CB clients
    Other Users?
    Others wandering the Monastery: (6)
    As of 2020-11-26 12:07 GMT
    Find Nodes?
      Voting Booth?

      No recent polls found