Marius van Oers McAfee Avert
.NET support in UNIX
With .NET, instead of native code it is also possible to provide code in an intermediate form, using the Intermediate Language, IL. When the user launches a file the IL code is compiled by JIT (Just In Time Compiling) in memory into native code, and the native code is executed.
The disadvantage is speed-decrease, the advantage is that applications can run on more OS/versions so eliminating the need for a specific application per operating system (WinME/2K/XP etc).
The use of Unix/Linux as operating system is increasing rapidly on areas like File, Mail and Web-servers. Here the range of operating systems/flavors/kernel versions is even bigger (SunOS/Linux RedHat/Suse, BeOS etc) Applications can be OS/flavor/kernel version specific so to make/distribute code for Unix is not easy.
So in both the Windows and Unix worlds, native code is faster but limits the distribution. .NET addresses this for the Microsoft Windows world, and .NET may also be supported in the Unix world. Currently there are projects going on (example Mono) in an effort to create an open source implementation of the .NET framework.
With this development environment it will allow applications developed for .NET to run on Windows and Unix/Linux-based operating systems. Malware (virus/Trojan) writers may move to the .NET environment, thus possibly creating cross-platform malicious binaries.
As the output binaries don't contain native code but (abstract) IL code, this also poses another issue. So .NET support might introduce security issues in the Windows and Unix worlds. This paper will mainly focus on the .NET support in Unix and the possible security issues related to that.