datafellows.com · Domains · Slashdot Mirror

Re:frustrated with "anti"-virus on Windows by satans_advocate · 2004-07-29 17:13 · Score: 1 · on A Taste Of Computer Security

This is rhetorical and wishful: when are we going to get some anti-virus software that protects us before an outbreak?

I'm currently evaluating F-Secure. It looks to be all that and more, now if I could just figure out their confusing pricing scheme. :(

Re:I think there's already something new going aro by Satan's+Librarian · 2003-09-18 10:34 · Score: 1 · on New Microsoft Worm Coming Soon?

I can confirm the Win32\Swen.A spreading which would fit the bill. Apparently it's already become widespread in HR departments. I sent out a resume three weeks ago from a fairly virgin email account - two weeks ago, I was bombarded with SoBig.F as a result. That seems to have subsided. This morning, the Win32\Swen.A bombardment began..... On the bright side, at least I know there's still a huge need for competent IT out there, even if that's not what I want to be doing...

Hell, at least all the stuff hitting my spam filter isn't talking about "Your Application" anymore.... That sucked.

Re:Create a worm that patches the vulnerability? by Satan's+Librarian · 2003-08-14 14:23 · Score: 1 · on LovSan Clone Let Loose

Sorry, I jumped the gun there - didn't mean to insult ya.

The 'original' virus that cleaned up another one was the DenZuk virus, which cleaned up Brain. This is like late 80's stuff. DenZuk started corrupting floppies when the new high density ones came out.

It's occurred on occasion since, and the idea comes up pretty often over in alt.comp.virus. Two papers of interest are Bontchev's (originally from the U. of Hamburg, working for F-Prot last I checked), and for the pro- view (written by a virus writer) MidNyte's paper.

Re:Create a worm that patches the vulnerability? by Satan's+Librarian · 2003-08-14 14:23 · Score: 1 · on LovSan Clone Let Loose

Sorry, I jumped the gun there - didn't mean to insult ya.

The 'original' virus that cleaned up another one was the DenZuk virus, which cleaned up Brain. This is like late 80's stuff. DenZuk started corrupting floppies when the new high density ones came out.

It's occurred on occasion since, and the idea comes up pretty often over in alt.comp.virus. Two papers of interest are Bontchev's (originally from the U. of Hamburg, working for F-Prot last I checked), and for the pro- view (written by a virus writer) MidNyte's paper.

Re:Phew by Satan's+Librarian · 2003-08-14 12:41 · Score: 2, Informative · on LovSan Clone Let Loose

If past performance is any indication, it's because Kaspersky takes multiple strings from harder to modify areas and also supports wildcards - the guy who started it (Eugene Kaspersky) is a badass at assembler and has generally produced some of the best virus analysis in the industry. I use and recommend F-Secure, which uses a combination of his engine and Fridrik Skulason's for scanning - that way you get the advantage of having two sets of seperately picked virus signatures plus different heuristical scanning methods.

Aside from a few stability issues that took them bloody forever to work out on 2K (BSOD's once a week for a few months on my box as a result) - it's been a great product for years. I've gotten to laugh at the people using McAfee's and Norton's several times and say 'I told you so' when they got hit

Unfortunately - I think they have the price for the personal edition set too high, and can't market in the U.S. for shit.

Data Fellows... by Helmholtz+Coil · 2002-07-01 09:09 · Score: 4, Informative · on SSH-Based Solutions - Looking for Industry Proof?

...has a version of SSH available for Unices, Windows, Macs, even the Nokia 200. Don't know how good it is, but they've got a fair amount of info on the site.

Data Fellows... by Helmholtz+Coil · 2002-07-01 09:09 · Score: 4, Informative · on SSH-Based Solutions - Looking for Industry Proof?

...has a version of SSH available for Unices, Windows, Macs, even the Nokia 200. Don't know how good it is, but they've got a fair amount of info on the site.

Re:Anti-Virus Programs by shepd · 2002-04-07 18:34 · Score: 2 · on Reflections on Brilliant Digital: Single Points of 0wnership

>You could always try KaZaA and search for an AV program for free too.

Or you could click the link in my post and enjoy a free (as in beer) A/V scanner that might run in DOSEMU, and certainly does run in a DOS box of all windows I've tried it on (3.1-9x-NT-XP), and is updated quite often. This is one of the last true shareware programs I've seen on the net that's actually receiving updates (sad really that shareware turned into adware turned into spyware has now turned into trojanware).

Re:no virus protection? by reynaert · 2001-09-20 03:50 · Score: 1 · on Linux on the Desktop

Several Linux viruses exists. The two oldest are Staog (1996) and Bliss (1997).

Re:no virus protection? by reynaert · 2001-09-20 03:50 · Score: 1 · on Linux on the Desktop

Several Linux viruses exists. The two oldest are Staog (1996) and Bliss (1997).

Technical write up on nimda by winter@ES · 2001-09-18 14:09 · Score: 2, Informative · on New (More) Annoying Microsoft Worm Hits Net

A great technical write up on nimda can be found right here.

Man.. it's nasty too...

paulb

W32/Nimda.A@mm by rkischuk · 2001-09-18 03:49 · Score: 1 · on New (More) Annoying Microsoft Worm Hits Net

More info from F-secure about the virus

Re:seeing this as well by marnanel · 2001-09-18 03:28 · Score: 1 · on New (More) Annoying Microsoft Worm Hits Net

Yes, similarly here. I've heard it suggested that this is some form of the Code Blue worm: according to Datafellows's website, CB attacks random IPs half the time, and IPs in the same /16 the other half.

This reminds me of the Fish Virus.... by AhNewBis · 2001-08-08 04:25 · Score: 2, Interesting · on Fight Virus With Virus?

The Fish virus, IIRC, would remove the Stoned/Michaelangelo virus if it was found, and then infect the machine itself.

Further info about the virus is found here from Datafellow's virus database.

Re:killing the fungus by zombieking · 2001-06-18 04:13 · Score: 1 · on CD-Eating Fungus Among Us

I *dare* you to start an EMail spam warning everyone about this bad new danger to their music collections, and encouraging them to sanitize their CDs before it's too late!

People will do it too. Remember this? I'm just waiting for the e-mail hoax telling people that they can remove a "deadly virus" from thier computer by jumping off a building. It would be raining people at the company I work at...

-----

Information from Hackernews by Prolog-X · 2000-10-30 06:04 · Score: 1 · on Microsoft Cracked

Here (10-30-00 in the archives): contributed by abner and laney

The weekend did not manage to quell the massive amounts of coverage the Microsoft infiltration continues to garner. Virtually every news organization has its own version of the Microsoft debacle, of which we've provided a sampling below. Meanwhile, we are left wondering why the crown jewels of Microsoft were left at the mercy of passwords. There are all sorts of other authentication technologies that we have no doubt Microsoft will be investigating. Perhaps utilizing the smart card support in Windows 2000 wouldn't be a bad idea. It's a shame it takes negative incidents like this to get people to consider security as a strategic business issue. Shame on you, Microsoft.

Also Happy Microsoft Day:

ou've heard it before and you'll hear it again. Threats are evolving. We've seen viruses retrieve and forward passwords before on a large scale, now they are becoming targeted and fast. Threat evolution is something that cannot be dealt with reactively; it must be part of infrastructure planning and design. Today, all attention is focused on Microsoft. The world's favorite target has fallen victim to a password-stealing virus that got a hold of passwords that can access the source code to upcoming versions of Windows and Office. It is unclear whether or not the perpetrators were able to use the passwords to actually access and manipulate the source code, however if the source code was accessed two questions remain. 1. Was the code manipulated in some way that could open the door for later attacks or other problems? Microsoft claims no, the code has maintained it's integrity. Other than to trust Microsoft's word we may never know the answer. 2. Does the ability for a criminal group to view the source code destroy the security by obscurity that is key to so many commercial software products? In the open source community, numerous hackers examine products and contribute solutions to flaws in the products. In the commercial world, many companies rely on their development team to produce secure code and then keep the source code secret to not only protect their intellectual property, but also to minimize potential attacks that could be launched against the product. In this case, the loss of security by obscurity could result in a criminal having intimate knowledge of the product development cycle to be able to develop targeted attacks on future Microsoft products. Regardless of the quality of Microsoft products, the mere fact that the company was able to recognize that this incident occurred is unfortunately unique. Many corporations might never know this had happened to them. In fact the ability to isolate the incident to specific networks or machine is quite difficult in many environments. The other interesting thing going on here is the Trojan horse attack. These attacks have been discussed for several years now and the current solution has been to use content filtering software to detect the attack. If you are one of the world's favorite targets, the Trojan horse writer will write the attack specifically at you. By the time the anti-virus companies know about the Trojan horse and are able to detect and stop it, it's too late. Unfortunately, it has taken a high profile incident like this for awareness to spread. One solution is to seperate general purpose computing such as internet surfing and email from sensitive computing such as accessing source code or controlling IT infrastructure. This is what the military does. They run 2 networks that are physically isolated from each other. A less expensive solution is to keep all executable content from reaching workstations such as executable programs, active HTML content, or documents that contain macros. This is difficult to acheive in reality so physical seperation is the the only way to be sure you are secure. The Wall Street Journal broke this story and pretty much everybody is currently running it. Look for more information and speculation to filter out through the rest of the day.

Hope this helps.

Re:Mandrake... and linux viruses by Sun+Tzu · 2000-05-10 01:13 · Score: 3 · on Linux Users Unscathed By ILOVEYOU

Bliss and Staog are the first two known Linux viruses. Of those, I believe only Bliss has been found in the wild. They both seem to suffer from a serious fertility problem though.

Re:Stupid Question from Me by DGolden · 2000-05-06 05:41 · Score: 1 · on Slashback: Feathers, Worms, Happy Returns

> its slowly becoming more and more possible.

Er... The Chernobyl virus (also known as CIH) has been around for quite a while now, it caused havoc a while back and made national news in Britain and Ireland anyway. It can pretty nastily screw up the bios of the computer, necessitating the physical removal of the bios chip in order to use an external reflasher (it's often cheaper to just replace the MoBo), and it also trashes the hard drive data.

It can do this because there is a relatively little difference between many of the motherboard flash interfaces in use, and so "all" the author (CIH) had to do was encode the most common few. Most MoBos ship with the Flash write protect off, and a lot of people don't know to set it.

Windows 98 still runs on top of DOS, BTW, no matter what MS marketroids would have you believe, and the Chernobyl virus infects Windows 9x machines, using bugs (actually design oversights made by MS that can't be corrected without breaking a whole load of other stuff) in the Win32 kernel to jump to supervisor mode.

Quoted from the above link:

What makes the CIH case really serious is that the virus activates destructively. When it happens the virus overwrites most of the data on the computers hard drive. This can be recovered with recent backups.

However, the virus has another, unique activation routine: It will try to overwrite the Flash BIOS chip of the machine. If this succeeds, the machine will be unable to boot at all unless the chip is reprogammed. The Flash routine will work on many types of Pentium machines - for example, on machines based on the Intel 430TX chipset. On most machines, the Flash BIOS can be protected with a jumper. By default, protection is usually off.

Re: which AV? by Windigo+The+Feral+(N · 2000-03-09 14:46 · Score: 3 · on Symantec Tries to Censor Criticism

Mendax Veritas dun said:

Symantec more or less owns that market segment at this point, aside from Network Associates, who are even more loathesome.

Well, they aren't the only ones in the market, really--F-Prot, which comes in two different flavours (the Data Fellows "Finnish Mix" and the Command Software "British Remix"), is damned good, beats the pants off of both McAffee and NAV, and hasn't been bought out by either company (largely because at least Data Fellows also sells other security software like firewall programs, SSH clients and SSH servers for NT, etc.). Also worth noting is the Best Damn Antivirus Software Money Can Buy (according to alt.comp.virus--and by the way, it's not just antivirus writers who hang out there; there are a fair number of virus coders who hang out there as well), AVP...hell, they've even got a version for Linux for folks who run servers (who want to scan the stuff they're serving for Nasty Stuff).

By no means are you restricted to what Network Solutions or Symantec have to offer. There's other stuff out there that's actually better but less well known about (wow...kinda like BeOS and *BSD and Linux, eh? ;).

For most people, I recommend not using anti-virus software at all. AV is a non-solution to something that is mostly a non-problem.

I wouldn't say it's entirely a non-problem. In a home environment, with a clueful user who doesn't download strange binaries without checking the source twice, and especially if he's using an OS for which very few viruses exist (such as BeOS or Linux or *BSD)...and more importantly anymore, never uses certain office suites out of Redmond with extensive macro capabilities including hooks to Visual Basic (which has hooks to system calls in Win32) nor uses programs with extensive HTML and Javascript capability to read email, then yes, it'd be a non-problem.

There are cases where it could be a problem, though. Say...work environments that have to use Office 97 and accept Word and Excel documents from Goddess-only-knows where, or home users who dabble in warez because they don't feel like paying $200 for the latest killer game, or work environments where people take stuff from home and put it on the boxes, or people who are new to the net (and don't know about stuff like Good Computer Hygiene) and get offered this "cool South Park screensaver" from an email address that belongs to their friend on the net (and they are completely and utterly unaware that said program is in fact the "Pretty Park" trojan/worm that mails itself to everyone on your Outlook Express address list)...in those cases, yes, it could be a problem.

Now add in those folks who have to take home stuff from work. Now add in the number of folks at work who are the clueless folks who will blindly run that "Pretty Park" executable, and/or have warez'd copies of Diablo, and/or take stuff to work to show folks how "cool" it is...and you have to take Word documents home to work on them, or Excel spreadsheets...and think of all the OTHER companies your company might be sharing Word documents with...'s pretty scary, really, if you think about it.

I'll touch some more on this below...

t's a non-solution because most AV software protects only against known viruses, and is therefore useless against anything newer than the most recent signature update you've installed. Of course, the kind of virus you are most likely to encounter is a new one that the virus scanners don't know about yet, so what good is your scanner doing? (There have been attempts to develop techniques of recognizing "virus-like behavior", but the eternal problem with that is that there is nothing that most viruses do that isn't also done by perfectly harmless, useful, legitimate software, especially debugging tools.)

By and large, antivirus software isn't for us who know how to use debugging tools :) It's for folks who might be new to computers, or who have to take stuff home from work and run it, or who might want to be double-safe that the program they just downloaded doesn't have anything nasty in it.

Yes, some TSRs and some programs will cause antivirus software to hiccup. I'll also note that these are (in the case of most folks--not necessarily us techy ones) few and far between. It also depends specifically on the heuristics that the program is looking for--I've heard that Norton Antivirus tends to give quite a number more false positive alarms than AVP or F-Prot do, for instance (in fact, on alt.comp.virus it's recommended that if you run Norton or McAffee Antivirus (another AV program bad for false positives in heuristics mode) you double-check it by running F-Prot or AVP in heuristics mode because the latter two programs are far less susceptible to false positives).

As it is, for binary viruses and trojans heuristics can work well; for Word macro viruses (which are the single largest category of viruses today, by the way) they're nearly foolproof. As Word macro viruses are a far worse problem nowadays, this is probably a Good Thing.

It's mostly a non-problem because viruses just aren't that common and are, for the most part, easily avoided by simply not being stupid. I haven't run an anti-virus package on any of my computers since I left the Norton AntiVirus development team in 1993, and have never been hit by a virus in the almost seven years since then.

I'll assume you practice Good Computer Hygiene (not downloading strange binaries, etc.) I do have some questions for you, though...

Do you run Microsoft Office? Do you accept Word documents from possibly untrusted sources? (The single largest category of viruses and worms, not to mention the one with the most growth by far, is Office macro viruses and worms (especially Word macro viruses which often are also worms in that they have specific hooks to common mail applications to enable spread by email)...in 1993, Word macro viruses were literally unheard of. The first "proof of concept" Word macro virus appeared in 1997, and eventually spread to the wild. A year later there were over 200 known Word macro viruses, and the first Excel macro viruses were known. In 1998-ish the first known Word macro worm was discovered. As of now (early 2000) there are over four thousand Office macro viruses (the vast majority Word macro viruses, and a fair number of which can be considered worms as well; more than a few also are "droppers" for destructive payloads), depending on whom one is talking to (some would put it higher, some would put it closer to two thousand)--literally more Word macro viruses and worms exist than binary-based viruses at present, and it is becoming a fairly serious problem in businesses (a Word macro virus/worm brought the email systems of many businesses to a screeching halt last year because of all the load--one of those companies just happened to be [ironically] Microsoft). The largest portion of databases for antivirus software are for Word macro viruses; I suggest you take a look down at Data Fellows' virus-lists and see just how many have the little prefix "W97/M" (Word 97 macro virus)...it's really a staggering number. Binary-based viruses like CIH are by far the exception now; most folks doing viruses are either working in Word macro viruses or are working on worms (such as mIRC worms, or trojans that are worms such as "Pretty Park").

Fortunately for antivirus software authors, most Word macro viruses have specific infection routines and use specific Visual Basic calls (Microsoft, in its infinite wisdom [HAH!], decided to allow one to use Visual Basic hooks in Office macro code...which is a security disaster waiting to happen, as Visual Basic has hooks into the operating system itself) to do nastier things (like the "propogation behavior" of Word macro worms, or droppers for destructive payloads for the nastier Word macro viruses--in a way, they behave more like trojans than viruses), so it's pretty easy to kill such things with heuristics. (It's also pretty easy to kill such things if you don't enable macros, or you use stuff like StarOffice to read the file. But that's another issue :)

(Unfortunately, it seems the bulk of the business world not only uses Win95/98 or WinNT, but also Office, and also Outlook Express--which helps Word macro worms spread like wildfire through a network (by the way, Word macro worms are having the same growth Word macro viruses had in the beginning, and some have been found with destructive payloads--things are going to get interesting indeed). Even worse, Word macro viruses are cross-platform--they can infect Word on Winboxen, Macs, and presumably any other platform that can run Microsoft Word and/or a word processor that recognises Word documents and Word macros (fortunately, most of the Word macro worms can spread only under WinXX and largely only if Outlook Express exists as a mailer, though some can also use Eudora [the other big mailer], but I don't expect this to last very long--and the Mac users can still infect documents with the worms).)

Do you have to share computers at work with anyone? (Their computer could be crawling with viruses. Just because you don't do anything stupid doesn't mean your co-workers won't.)

Does your workplace have a strict "no-files-or-disks-from-home, no-programs-from-home" policy? (If not, they're wide open unless they're using a scanner. Again, you might practice Good Computer Hygiene, but others won't necessarily do so.)

If you do consultation work, are all your boot-disks and install material on non-writable media like CD's? (If they've got a boot-sector virus, they can infect ZIP disks and floppies.)

Are you absolutely certain that all of the software you get is virus-free? (About the only way you CAN be certain is if you compile and run it yourself--and even then, if the compiler itself has virus code, you still might not be safe (cref. a proof-of-concept of this where hidden backdoor code was included in early C compilers for Unix--if code was removed, the compiler simply reinserted it at compile-time; the only way to remove it for certain was to compile from a known clean copy, and reportedly the backdoor generated WAS used a few times). Commercial software has been released accidentially with virus code before (most infamously, a demo CD included with a PC game magazine that was infected with CIH); hell, computers have literally come preinstalled that had viruses (there was a rather infamous case where either Dell or IBM (memory fails me on which one) actually sold some laptops which were infected with CIH--it turns out that the standard disk image used to copy the OS and apps onto the drives had been infected with CIH somehow). There are now known worms that can infect a computer using Outlook Express (with HTML and ActiveX extensions turned on) without even opening the mail itself (just by previewing the mail). Most Internet worms propogate themselves anymore by sending copies to everyone on an address-book list in email clients (the vast majority of Word macro worms, and even some "trojan" worms like PrettyPark), or by mass-DCC send (most mIRC worms propogate this way--the worms take advantage of insecurities in mIRC scripting language).

Do you serve files for other people? (If so--even Word documents--if you don't check them before offering for download, you may unwittingly pass along infected files. Again, infected files don't even necessarily have to be binaries anymore--the vast majority of viruses anymore are Word macro viruses and worms, and the few actual binary viruses tend to be spread either through warez or as "trojans" or worms.)

You see...it's not as easy keeping virus-free as one thinks. In fact, if you accept foreign Word documents at ALL and don't have either a damned good virus-scanner or macros turned off completely, you are essentially wide open to getting a rather nasty case of computer VD. Even more so if you use Outlook Express, or (God Forbid) accept attachments of *.exe or *.doc files in email, or accept HTML-email or have Javascript or ActiveX enabled in your email browser.

It makes sense for people producing executable images of software for distribution to have a scanner handy just to be as sure as possible that the software they're giving out isn't infected, but most of us aren't in that situation.

1) Even commercial software has been infected--there is more than one documented case of this.

2) As stated above, things have changed a LOT in the world of viruses since 1993 :)

2a) The major problem, with rare exception (CIH, which really is novel in that it attempts to over-write BIOS info in boxen with flashable BIOSes), is not binary-based viruses like Stoned or Jerusalem (the two biggies in 1993, by the way). The biggies, by far, are Word macro viruses (literally more Word macro viruses exist now than binary ones exist now or in 1993, a fair number have nasty droppers or destructive payloads, and an increasing number can also be classified as worms as they propogate through vulnerabilities in a number of Internet programs [a short list--Outlook Express, Free Agent (Usenet client), Eudora, etc.]).

2b) With the exception of CIH, the major problem with malicious binaries isn't with viruses anymore but with Trojans of various types. The vast majority of these may be classified either as worms (i.e. PrettyPark.exe, the latest in this line) or as attempts to pass off Back Orifice (a program designed by Cult of the Dead Cow to spotlight rather serious security flaws in Win9X, and which can be used to remotely control another computer--often without the victim knowing, as Back Orifice hides its processes and tries to make it difficult to uninstall).

3) The single largest increase of ANY viruses or malicious programs today is in the form of worms. Many of these worms are essentially multiplatform and the vast majority target the single largest used office suite in businesses today. Many of these companies must share Word documents and other traffic with other sites, often untrusted traffic. In a way, the Internet has been the best thing since sliced bread for propogation of viruses (keep in mind, too, that when you left Symantec the vast majority of "program trading" was at universities and most of the "warez" traffic as well as virus traffic was at universities and on small, members-only BBS's; there were still roughly an equal number of *.edu and *.com sites online, the plague known as AOL had yet to hit the net (that occured in 1994 or 1995, and AOL has always had a wee bit of a script-kiddie/V/C community), and the Internet had NOWHERE near the penetration it has now--it was next to impossible for worms to spread the way they do now, much less Word macro viruses (again, keep in mind that macro viruses of ANY kind were unheard of before 1997).)

4) In 1993, a lot of companies still used dumb terminals or didn't have much computer access. Now, a large number of folks have computers--frequently connected to the Internet--and they frequently have to take home work and such. Many of these folks don't practice Good Computer Hygiene--they run programs their friends send them online (unaware that many worms use address-lists specifically to propogate), while spreading rumours like "Good Times" because they literally don't know any better. Sometimes this even extends to the folks running the boxen--a number of sites use NT or even Windows 98 to administer networks, and many of these folks don't use proper security precautions (like not allowing executables to be installed, etc.). 5) The fact that so many folks ARE on the net with Win95/Win98 boxen has to be a major factor in how viruses are spreading, and especially worms (which had pretty much died out in the days of tht Morris Worm and WANK-Worm until Word macro viruses started coming out). Win95 and Win98 are notoriously insecure--in essence, everyone (even on a multi-user system) has root/administrator access, most of the Internet applications for these systems--especially those from Microsoft--are not exactly designed with security in mind, the major office suite for these boxes (Office 97) has major security flaws in its scripting language insofar as using it in a networked environment...the major scripting language for Microsoft-based Internet apps, ActiveX (which has even been incorporated into the OS in Win98) is so insecure that nearly every security site recommends disabling it...also, Win9X is designed for people who are complete and utter computer virgins, who aren't going to know about computer security and who are lucky to know how to install a program without some kind of installation-wizard. It's an OS designed for the clueless, and it's user-friendly to the point of sacrificing security...it also doesn't help that Internet apps (by and large) were actually an afterthought to the OS, added when the Internet exploded in popularity (especially the World Wide Web).

I'd even go so far as to say that, as designed, Win95 and Win98 are outright unsafe to use in a networked environment without some sort of protection both against malicious programs and scripts AND against malicious parties trying to gain outside access. Win9X was not designed as a multi-user, networkable OS; it was originally designed as a home OS for the newbie user who needs stuff to be point-and-click simple, and networkability was an afterthought added when Microsoft found out people actually wanted that Internet thing. Security has always been an afterthought, if it's been thought of at all; to make it secure actually requires either add-ons (like antivirus software and intrusion-detection software) or keeping it off a network period. Yes, security really IS that bad with Windows9X. (NT and Win2000 are considerably more secure, but that's partly because they were designed as networkable OS's and they do have security features in light of this. They are also somewhat less user-friendly, especially in tighter security settings (many WinNT sites have EVERYONE with admin access because some things become unusuable in lower settings).)

It's not just the Microsoft apps for Win9X that have security bugs, either--the whole idea of running untrusted apps is a Bad Thing (there REALLY needs to be a "sandbox" area for untrusted apps; moxe *nixes do this with multiple users and security settings, and Java does it by running it in a virtual machine with no direct hardware access). Eudora has had serious security bugs that worms exploit. mIRC, a major IRC client for Windows boxen, has had periodic troubles with script worms (in fact, before Word97 worms became popular, mIRC was the major target of worms on the net). WinGate, a popular telnet server for Windows boxen, is so horribly broken that early versions have essentially no security whatsoever and can be used as an anonymous relay host by Bad Folks because it has no logging whatsoever (and it HAS been used like this by Bad Folks, which makes it a MAJOR pain in the arse to try to track them down). Most FTP servers for Windows boxen can be cracked. Nearly any Internet-capable program for Windows can be made to cause the system to crash by simply sending "file://C|/con" (with HTML browsers and email clients that parse HTML like Outlook Express and Eudora), or requesting "C:\con" (with FTP clients)...hell, you could probably write malicious ActiveX code to do the same thing, or add that as a dropper to a Word macro virus. This is partly the fault of the programs, but it's partly a sign that the OS in and of itself is horribly mis-suited for network use.

In short, there've been a lot of deep, almost fundamental changes in the world of viruses and malicious code, and more importantly, the dominant means by which they spread and the dominant "host" they breed in to begin with.

Btw, the best source for free, up-to-date information on viruses (and even more importantly virus hoaxes, which greatly outnumber viruses) is the Computer Virus Myths web site.

I wouldn't say virus myths outnumber actual viruses (I think the number of Word macro viruses slightly beats the number of variants of "Good Times"/"Jessica Maddick", etc. :) but Kumite's a good site. (Hell, I recommended it in my last post. :) There IS bad stuff out there, though (especially if you are misfortunate enough to have to use Win9X + Outlook Express + Office 97) and "computer condoms" never hurt. "Computer safe sex" (and yes, I posted a number of tips for that too) never hurts, either. Combine the two and you shouldn't have trouble. :)