Had to read through your post twice just to get the full awesomeness of it. In all my time on computers, never once have I even thought of customizing my desktop in the ways you mentioned. I would absolutely love to have an embedded text editor, with a save feature, right on the desktop. I spend so much time opening and closing notepad++ and paint, it would rock hardcore to have them open all the time clutter free.
Now, on to the virus part. Keen eye you have there to catch that. I'd hold onto the title of the guy who nudged Vista into existence, but then again with the way Vista turned out I might keep that bit to myself. Who knows. And a nifty little program it was, I'm loving how elegantly easy it all seemed once you discovered the vulnerability.
How much of an offense is it to just create the virus without releasing it? I would like, for reasons of cybersecurity, to make my own viruses. I want to study the mindset and theory behind them so I can defend against them in the future. Is there a risk of having a program get out of your control when testing it and accidentally releasing it to the wilds?
Win+r => run dialog
Type "notepad" without quotes, hit enter. (Notepad)
Type "mspaint" without quotes, hit enter. (Paint)
Type "outlook" without quotes, hit enter. (Outlook)
Type "winword" without quotes, hit enter. (Word)
Type "excel" without quotes, hit enter. (Excel)
The whole desktop is basically an ever changing screenshot now. Vista completely broke Citrix when it came out because the desktop manager is what presents that for you to click on. You're not actually clicking g on the desktop but a picture of the desktop.
As for what I discovered, by the time I figured it all out and was done playing, XP was on its way out so no point in getting attached to it knowing it was getting axed. But I did make a few hacks to the system anyway. When active desktop would crash, my modified version would say "You broke your desktop, idiot." It was great watching people flip out saying I had a virus ( lol). There was also a flag in the desktop shell file that would allow you to play about any media file in explorer without opening any program. It has the side effect of locking the file so good luck moving or deleting it. Google "Windows xp wantmedia=true" if you wanna read up on it.
It's not illegal to write a virus but if it spreads, that's a different story. And, yeah, there's a risk and it's not a small one. Since you wrote your own virus, antivirus wouldn't detect it. Good luck getting rid of it. As for using that knowledge, more than anything, writing a virus won't help defend you but knowing how networks work, how Windows goes down from ring 3 to ring 0, how drive symmetry works, and how computer hardware works and why are your greatest assets. I surf without antivirus protection or UAC because I'm a performance fiend but I know how viruses work because of things like I mentioned so I lock things down, change security permissions in ways most people don't know about, and so on. I get an average of maybe 1 virus a year and it's almost uncanny how fast I figure out one's on my computer. I just know how the computer is supposed to work.
Heh, you know, a co-worker of mine was running a version of Internet Explorer so old that it had about every cryptominer bug out there. Problem was that his version of IE was so old, they couldn't run. He had to update for one of the work portals. As soon as he did, his computer was so bogged down that he couldn't use it. Never let anyone tell you that old software is a detriment to your computer.
I...I...
I'm sitting here fumbling with all this new information you just gave me. Thank you for making the magic of the mystery return to me. I've been so bogged down with trying to keep up with basic stuff that I have forgotten how wonderfully clueless I am to these machines. I don't know what it was that attracted me to computers, but it just felt like it landed in my head as a product of the times. I have always been the only one who knew a damn about what they were doing with electronics, and while I may not be some basement mad scientist like a lot of guru's I have learned a thing or two in my travels.
Okay, I really need to just save your comments here and look at them in the morning when I haven't been drinking. Then I need to get my head out of my ass and bridge a dialogue with people like you who know what they are talking about. Do you mind me asking how old you are? Just so I can kind of gauge my place?
As soon as you keep it as a mantra that someone always knows more than you do, you'll enjoy it more.
It was supposed to be a thing that let me have shortcuts to frequently used programs as icons as an actual part of the desktop (along with an embedded text editor with a save button), an embedded alarm clock, and an embedded media player (audio and video). You could turn icons off, rearrange them, whatever, and my stuff would stay there right where they were intended. If you used a regular html document as the background, it always asked if you wanted to save or run the program and I wanted it to behave like a normal icon. I discovered that the HTML doc that was the desktop ran under system level privileges and wouldn't even ask you for permission to download and run a file from the internet.
Once I put all that together, it was a simple little script that copied over your actual desktop shell file with the default windows bliss background, injected a download command (at any URL I wanted, any executable I wanted, and silently), then logged the user off to make the changes stay. When the user logged back on, the desktop would load, run the script and therefore download the file I specified, run said file, and all invisibly. To infect your computer, all you had to do was browse to any page where the kickoff script was embedded. To be clear, the web page would rewrite a system file and log you off. That's not a small thing.
I never actually released it and developed it under the watchful eye of a college professor because writing a virus is a serious offense. I wanted someone who knew what was going on and could back me up if something happened. Once the virus was complete, I filed a report with Microsoft pointing out the vulnerability and the research I had done about if this was a known avenue of attack (there was only and exactly one virus already in existence that exploited this). I never got a response but maybe 8 months later, they released Vista.Could have just been interesting timing but I'm sure they didn't respond because they already knew of the problem (hence the reason Vista and later only have simple desktop background options).