1.4.7.4 POV-Ray viruses?
"Are there any POV-Ray viruses out there? Can one be done?"
At the time of writing this documentation, no known viruses or trojans made with the POV-Ray Scene Description
Language (SDL) are known to exist.
Due to the properties of the POV-Ray SDL, writing a working virus (that is, a piece of code which spreads, without
the user knowing, by copying itself to non-infected files) is very difficult, if not impossible to do. The main
obstacle in making a POV-Ray virus is that there is no way for the SDL code to reside in memory, infecting files when
it sees them; another problem is that there is no way to get file listings in the POV-Ray SDL, so the code cannot
infect other .pov files at parse time.
However, trojans (i.e. a malicious piece of code which attempts to harm the system, but will not infect other
files) are much more likely. It is possible with the POV-Ray SDL to open a file and write practically anything to it.
This can be used to cause severe damage to an unprotected file system.
Note, however, that in POV-Ray 3.5 the concept of I/O restrictions was introduced in order to protect the user from
these kinds of malicious scripts. Setting the I/O restrictions properly will prevent the SDL from being able to open
files for writing (and optionally even for reading). You should check that your copy of POV-Ray 3.5 has these
restrictions properly set, especially if you render files not made by you. Note, however, that not all versions of
POV-Ray 3.5 for different platforms may have these restrictions implemented. Consult section 1 of the POV-Ray 3.5
documentation for more details about the I/O restrictions.
Regardless of this, it is always a good idea to run only scripts which you have received from trusted sources. This
is particularly true if you are using a version of POV-Ray older than 3.5.
The POV-Ray community consists mostly of benevolent people and it is generally safe to try POV-Ray scripts made by
them. However, it is often better to be safe than to be sorry.
|
