Can streaming sources get viruses?

If you mean a NAS then yes they can theoretically. Mine runs the antivirus package that it comes with.

What about the Naim devices?

i can see that if you save to the HDX then straightaway it’s vulnerable. So is there a virus scan that can be done? Is that sending it back to Naim HQ, if it is that is bad as we can all scan our PCs ourselves.

I'm prompted because I notice occasional malfunction e.g. machine locking and needing powerlead removed.

And if you mean Tidal or Spotify, I think we have to assume that they take care of that at their end.

best

David

There is a long answer that someone more qualified to reply than me can give and there is the short answer - this isn't something to worry about. If you have to reboot your HDX from time to time, then do so. It won't be a virus. More likely a mains spike corrupting some data or a low level memory-handling bug in the HDX that never got identified and fixed.

best

David

In the case of the Naim NAS boxes, then potentially yes.  A virus scan of the data across the network will reveal any contaminated data files.  However, as these devices use customised OS and hardware platforms, the risk is reduced (but not completely eliminated).  Furthermore if a significant portion of the OS is actually held in flash ROM (N.B. I don't know if this is the case), then power cycling them will clear (or disable) most viruses.

In the case of the players, then even if they did get a virus loaded, it could only be in the RAM and a power cycle will clear out the virus.
Not only that but the OS and hardware they run are so specialised it's almost certain that, to load successfully, a virus would have to be written specifically for the Naim devices (and no-one's going to go to the bother of doing that!).

I think the HDX is built basically on imbedded XP. On that basis then yes it could be vulnerable to a virus, which could for instance be delivered in an audio payload downloaded from the internet.

However I guess one has to assess risk, the board is not running stock XP, so perhaps might need some specific virus to run on a HDX and whats the chances of that happening?

I only have half a clue with this stuff so happy to be told I am wrong. On the basis though that your smart light switch can be hacked you have to assume its possible.

garyi posted:

I only have half a clue with this stuff so happy to be told I am wrong. On the basis though that your smart light switch can be hacked you have to assume its possible.

I have a  smart light switch that is completely immune to viruses, yet is very smart: flick it one way and the lights magically go on, flick it the other way and, behold! they go off!  

Sorry, couldn't resist!

 A Chemist, a psychologist and a biochemist are all given a fridge and asked to find out what it is.

The chemist dissolves it in acid, analyses the result and concludes that it's a complex ore of iron, aluminium and copper.

The psychologist opens the door then shuts the door, opens the door then shuts the door...   ... and concludes that it's a light switch.

The biochemist smashes it to pieces, reassembles the bits and concludes that it's a vacuum cleaner.

Depending on how you look at the world, some things aren't as obvious as they seem!

Hi,

Unfortunately not a question that has a simple answer.

The simple answer as to whether a virus can run (and therefore actually do anything) depends very much on the host that it lands on … As with a real world virus which might be incredibly toxic to – say – a domestic cat but which may not even survive when transmitted to a dog let alone cause it to feel any ill-effects then a virus that, for example, spreads wildly on a Windows PC and uses exploits in Windows to propagate wouldn’t get anywhere at all on a Mac or a Linux machine … and a virus that can’t execute is simply a bit of data on a storage medium and isn’t any kind of threat.

It isn’t even just a case of “Windows Machines Get Viruses So Avoid Windows” as there have been viruses written for the most odd devices – including the industrial PLCs that control centrifuges used in refining nuclear fuel (See : https://en.wikipedia.org/wiki/Stuxnet ) - nor is it that a virus that exploits a loophole in one version of Windows would infect and spread on other versions of Windows as those loopholes are not always present in other versions or may have been patched (for example the recent Wannacry attack: https://en.wikipedia.org/wiki/...ry_ransomware_attack).

Ultimately if you look hard enough and try hard enough and have the appropriate kit to do it (and the appropriate host to unwittingly or maliciously spread the virus) then there would be ways found to get code into anything … however the reality is that if you have a device that *CANNOT* run code from an external source and has its operating code in non-writeable storage then getting such code into a device is incredibly difficult.

We always try to ensure as far as possible that there are no “ins” into a system to make sure that viruses (or any other unwanted code) can’t get onto a system and install themselves and we do this by making sure that devices don’t execute any files or scripts that are in areas where the outside world can slip files in - so for example operating system code and data files are stored in separate areas and no executable code can be run from a data area.

For a virus to be transmitted by “streaming audio” itself would require an incredibly complex set of very well coordinated and daisy-chained processes to get the virus into the Streaming service providers systems, to allow it to survive unmangled through any intermediate transcoding processes that go on before the source files are “broadcast” (think of it like passing the “prime steak” that they have on their servers through a mincer to make burgers and then trying to reconstruct the steak back again from the mince), it would then need to know exactly what device it was being streamed to and be aware of the existence of a specific vulnerability that would allow executable code to be extracted from an audio stream at the playback end (remember the stream is not executed, it is simply decoded and played as audio so there would have to be an exploit in the player that could be specifically targeted and utilised). Even then the code would need to know exactly where it would need to store itself and how to execute itself on this target device that it would have no idea what it was on until it got there and managed to get itself extracted – in itself this would be one hell of a programming effort and generally one which given the nature of these kind of embedded devices is just not worth the effort … It’s far easier to get someone to click on an attachment in an anonymous email on their computer.

It's a brave man that would stand up and unequivocally say that their product is completely immune to viruses as anything that is connected to the outside world in any way may have yet undiscovered exploits that could be targeted and simply saying that a product is immune to viruses could be said to put you into the crosshairs for someone to target to prove a point and prove you wrong…

Phil

Crosshairs or not I think Phil's answer is perfect for going into the FAQ. Richard?

best

David

A virus comes from executing some code and that code embedding itself somehow into its host or host environment, streaming sources are made possible by parsing HTTP HTML based script. No code is executed, at least with web streaming and UPnP that Naim use. The worst threat I can conceive that a specific bug in a device such as a streamer is exposed and exploited and a malformed data construct causes the device to crash, and if done in such a way can be possible on some platforms for the attacker to gain login/console access... I think the threat to our our Naim streamers is extremely low.. there are easier ways to hack.

Sinon