Perhaps you already know about the “Delphi virus” which is in the news these days. I would not enter (again) in the details of this. There is already enough virtual ink on this. For example, Marco Cantu summed up some links on the theme. Also Craig Stuntz has a nice post about this.
But now in the wild is a 2nd ‘virus’ with a much more dangerous ‘payload’ that the former:… mass-media misinformation. This thing can damage Delphi way worse than any other virus, Delphi specific or not. For example, from this cNet article I don’t really know against what is written the article: against the worm or against Delphi?
I don’t imply that in the wild are ‘human’ malware but, once again, we can see how bad ignorance can be. To sum up all the misconceptions:
- Is anybody still using Delphi? Yes, sure it is. The user base is anywhere between 1 and 2 millions. Ok, we know that the TIOBE index is somewhat approximative but sometimes it gives a general overview on what’s going on… …and things are encouraging because now we are before to a release – the most quiet period on Internet, when everyone waits.
- Is it alive? Sure it is. Delphi 2010 is the first RAD development tool which provides Natural Input Methods out of the box for Windows XP and newer. Is the first RAD development tool certified for Windows 7. The only one RAD development tool which provides out of the box a n-Tier solution capable to link the native code, .NET and Java worlds. If this isn’t ‘alive’ then what is?
- Is Delphi infected? The worm infects a file from the distribution kits of Delphi 4 till Delphi 7. Delphi 7 was released in 2002. 7 (seven) years ago. Why nobody says that from then there were 5 (five) releases in between. Delphi 2010 will be the 6th release. And still the guys from Embarcadero are aware of this and will handle the matter. So, anyone which has a (by a wide margin) up to date Delphi version is safe. Why nobody says this?
- Is Delphi weak? The same form of attack, or perhaps even worse forms implemented with less effort, can be implemented for Java, .NET family of languages (there are even tools and videos (!) how to do it), C++, Ruby etc. For me it seems much more simpler to add methods to a Java system class that opens an hole, and then put that changed class into the .jar file and deploy application out to millions and it would have a backdoor exploit. Why they try to leave the impression that Delphi is the only weak one?