Slashdot Mirror
Linux Users Unscathed By ILOVEYOU
nodvin writes: "CNN is reporting Linux users unscathed by ILOVEYOU. It is interesting that none of the multiple e-mail accounts on my Linux IMAP-POP servers seems to have encountered the virus. The mail server that I use is Communigate Pro from Stalker Software running under either Red Hat 6.2 or Linux-Mandrake 7.0. Perhaps the fact that I have Communigate Pro enabled for the MAPS Realtime Blackhole
List (RBL) helped prevent ILOVEYOU from getting through.
" It's a Petreley piece from LinuxWorld, but kinda cool seeing it on CNN.
Not even an attempt to get them to run under Wine???
I vote we start an Open Source Linux Virus Project immediately before we lose out completely.
Oh yeah forgot these "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!", Please distibute throughout previous comment before reading.
~ppppppppö
[bash]$ telnet www.cnn.com 80
Trying 207.25.71.82...
Connected to cnn.com.
Escape character is '^]'.
GET / HTTP/1.0
HTTP/1.0 200 OK
Server: Netscape-Enterprise/2.01
Date: Wed, 10 May 2000 17:45:11 GMT
Set-cookie: CNNid=cf19472d-20999-957980711-4; expires=Wednesday, 30-Dec-2037 16:00:00 GMT; path=/; domain=.cnn.com
Last-modified: Wed, 10 May 2000 17:45:11 GMT
Content-type: text/html
{HTML content of the homepage follows}
The day after the ILOVEYOU virus hit our campus, I was walking to lunch with a co-worker of mine. On the way, we were discussing this very topic. He said, "Watch.. In a few days, there will be a story on Slashdot about how Linux triumphed over Windows because they weren't affected." Thinking that this viewpoint was a little cynical (even for me), we argued about this for a bit.
Sure enough, less than a week later, there is an obnoxious story on Slashdot about how Linux triumped over Windows.
Why is this obnoxious, you ask? Maybe it's because the virus was written for software that Linux doesn't even offer.
Was it a Slashdot story when crackers started taking out Linux/UNIX boxes via one of one wu-ftpd/proftpd buffer overflows, but not Windows boxes? Of course not. Was it a big story when Linux/UNIX-based email servers all over the world were getting rooted and turned into DDoS agents because of an imapd overflow, but not Windows? Of course not - Windows doesn't run that software, how could it affect it?
It seems that quite a few people don't understand that claiming triumph over Windows for something like this is very much like claiming that you're immortal because a bomb went off and didn't kill you - but the bomb went off two cities away.
I'm not an MS lover be any stretch of the imagination - but this sort of cocky, misinformed bullshit is exactly why the Linux community is laughed at so often - and exactly why the Linux community laughs at the "closed-source" world.
Moderate this down if you like, but do so knowing that you're proving my point.
-Jeff
1. It's certainly not a bug. I think we can agree with that.
2. It's was not a feature to allow the creation of the virus.
3. Design flaw? That depends on your original design requirements.
Why does MS allow VBScripting? Why does Unix allow shell scripting? Why do we have compilers that can be used to write virus programs? Why do we have networking and the Internet if it means that our data and computer systems can be compromised? Why have a computer at all that would make it easy for other to copy our data and eavesdrop on what we do?
I think it's because we do want more features and abilities so that we can do more. Unfortunately, it also opens up many more opportunities for problems.
I agree that MS could have done a lot better to make it not so easy to let something like this virus to have occurred. It is a design flaw if you intended to design a piece of software that would be secure and safe.
What did this have to do with 'tight integration'?I don't understand.
Do you mean MAPI? The interface that allowed the virus to read the outlook address book and send email? This could have been done by text parsing on a unix system, or by simply parsing the raw address book files on windows as well.. the guy just used mapi because it was there.
Unpriveleged accounts? how would an unpriveleged account have helped? The user would still have access to their own address book, and to send email.. sot he virus would have spread. Please.....
Eudora users WOULD have been just as vulnerable if the user had put in code to read the eudora address book as well, and to place outgoing messages in the eudora outbox.
Oh.. wait.. Eudora can be the MAPI server just like outlook.. so it wouldn't even have been that hard..
Gee I must have been doubly affected as I got an email from my ISP telling me about the virus before anyone else, and that they were filtering it out for me. (Nice going Frontier - they've also stripped out all the clones with no hassle). And the second strike is my friend telling me he had 500 copies, so I had to listen to that. Yep I was affected. NOT.
----
I hereby inform you that I have NOT been required to provide any decryption keys.
because I am freaking smart enough to not click on things that I receive from people I don't know!
Well, bully for you, but some people aren't computer-savvy enough to know better. This is partly an computer-luser educational problem to be sure, but it doesn't excuse the fact that Windows has all these wide, gaping security holes that allow this sort of thing to happen.
Just wait until Linux gets popular enough that people start writing virii/trojan horses that exploit stupid users
Linux IS popular, at least with the type of people who bother to write viruses (i.e. hackers, crackers, script kiddies, whoever). We don't have a problem with Linux viruses because it's hard to write a Linux virus, especially when compared to writing a PC/Windows virus.
I will fix it for you.
Please, in simple terms, tell me what is wrong with it in the first place? What 'bug' or 'problem' allowed this virus to hit?
maybe outlook should FORCE the user to first save the exe to disk (with a virus warning message), then force the user to execute it him self...
It would still get a lot of users anyways.
Maybe Microsoft should require people to learn about their $5000 home PC before they even start using it in the real world (for home or work)
"`Ford, you're turning into a penguin. Stop it.'" -THHGTTG
These VBS files aren't embedded. They're off all by themselves. They aren't embedded into the email message any more than a .JPG file is embedded into the email.
Ah, answered my own question and found a vendor. Looks like Sophos's server scanning package does the trick. Supports a while bunch of Unices and OpenVMS, too. Sure would be nice of CA and Trend Micro would do the same, as I prefer their overall suites as an enterprise solution.
These folks should give Cobalt a call.
And Slackware should be "held accountable" for the fact that (in version 3.6 and earlier) it doesn't prompt you, doesn't warn you, etc. that you should install a password on the root account.
A friend of mine browsed the web for weeks on a Slack system with no root password. I found it out by accident and scared the hell out of her.
But we're slagging Microsoft here, right? So I should just quiet down.
The main point is that open source applications are superior to proprietary apps. No one is being cocky and saying that Linux systems are immune to viruses. And of course when Outlook is hit by a major virus, the whole Internet community will be effected. After all, Outlook probably runs on 60% of all desktops. This article does not "make fun" of MS, it just illustrates one of the serious drawbacks of proprietary software engineering.
The point of the matter is, "real reason Linux users are immune is because they don't live in a world where their clients are automatically standardized on whatever Microsoft delivers -- in this case, Outlook. Linux administrators and users care more about Internet standards than Microsoft standards".
Basically, monopoly operating system vendors are inferior and it is good to see CNN spreading the word.
I got my copy from the linux-kernel mailing list, of all places.
The difference is simply that Outlook will allow you to execute the attachment easily while the other clients make it a pain-in-the-ass to do so. (not that I've used any - this is simple from my reading on the subject). That is a feature IMHO.
Mmmm.. Donuts
That's a pretty Clintonesque stretch, but it is a point--Linux users should make a point of defending their systems against Windows systems to which they're networked that might mung their files thanks to a virus targeting Windows.
"UNIX/LoveLetter.A
This is the original LoveLetter. A email worm, rewritten to function in a UNIX environment.
It contains of a so-called shell script which, when executed, will email itself to all addresses found in the files .muttrc and .mailrc, as well as user names picked from the local password file etc/passwd.
It uses the UNIX standard mail program mailx to do this."
Are there any email programs for Linux that allow executing a program or a script just by clicking it?
The other clients just make it a pain-in-the-ass to execute attachments i.e. save and then execute. That is not a security feature.
Mmmm.. Donuts
I had the impression that most people, even novice users, often instinctively understand why files writable by anyone else in your personal home directory is a BAD IDEA from a file security perspective. Bad for you when it's files that you want to keep, or when you have a home directory limit (quota). Bad for the whole system especially when you don't have a quota, and because of the security issues. But I seem to be wrong with that impression.
GNU/Linux. The Freshmaker.
The mandrake security list even put out a message saying that there weren't effected. Too bad they had to then go and brag how much better they were then MS
___
Add sig here
Not the same person you replied to but I have first had experience being on a sys admin team that dealt with the issue at my company (before I get insults, I've been a unix admin for years and still prefer it to MS).
We saw this virus affect people simply by reading their mail-- not clicking on the attachment! The problem stems from Outlooks choice to interpret and execute the code upon opening the message. I don't have figures in front of me but we have been affected in a big way and have users running Outlook97, Outlook98, and Outlook2000.
I'm not spreading FUD but I am frustrated that I was pulled from my normal work to deal with this MS problem.
Time to roll your own E-Mail system. Send and receive E-Mail at your Linux box directly. That's what I usually do. I rely on E-Mail for far too much to trust that the NT servers won't take a blue-screen vacation.
It can spread to mapped network drives on PCs. Thoeoretically, the virus could be hibernating on some server out there--even linux. If that linux server was mapped in some way be a windoze user stupid enough to run the virus. It woudln't effect linux users, but it would still exhist.
.txt.vbs file from an email. Especially if you just got 30 of them. :)
Another thing not mentioned most news articles is that it could spread via IRC. It attacked 1 particular IRC client for windows. I looked at the code. This was either an intelligent programmer(cracker) with no common sense or the person put it together from sample VB Script files and changed a couple of things (and still had no common sense).
Oh well. Just goes to show you. If you use outlook, don't run a
At the next eco-hypocrisy-meeting, count the private jets used to get to the meeting. Should be interesting to see that
fp
--- Submission is feudal.
As near as I can tell from my Eudora 4.3.1 install, MAPI is disabled by default. Additionally, Eudora's MAPI server has an option (enabled by default) that will warn whenever mail is automatically sent through MAPI. I'd say that Eudora users, unlike Outlook/Outlook Express users, are far more likely to be immune to the propogation behavior of these worms.
Obviously Eudora users aren't protected from scripts trashing files and the registry, but this is really no different that getting an untrusted executable and running it. The problem is that most users don't recognize the VBS extension and just open it, expecting it to be a document.
As the network administrator for a public high school, I have to agree with the view on how users are trained. However, training regarding email and attachments was a breeze when the Melissa virus came out. I simply broadcast to the whole faculty the basic rule that you never open an attachment you didn't ask for initially. I also pointed out the sad fact that sometimes even when you DO ask for a file, it still can arrive infected (usully with a Word Macro virus).
The result of this training... One user recieved the I Love You virus, but deleted it without opening it. No one was infected.
The hard part was writing all those carefully worded notes (all different) to my coworkers letting them down gently and explaining that I don't return their affections ...
When you give the code to everybody, you're begging for people to exploit it.
well duh.. that's kinda the point..
I was starting to get worried, what with all these people talking about getting 40 emails saying I LOVE U and me not getting any. I guess I just have a lot of friends who use *nix.
Will in Seattle
just because you work at a tech company...
ugh.
[|]
Well it seems some distros have already thought of that. I installed mandrake 7.0 and it installed just openssh and for mail uses postfix. No telnetd, inetd, etc.
More new distros are doing that now. As I have said before usually by the time someone spots a problem with linux someone else has released a solution.
Computer modeling for biotech drug manufacturing is HARD!
As I understand it, this feature gets to your mail server because one of your users are in an addressbook of someone that runs the program. MAPS would only block the message if a spammer runs it and has your name in his address book. If your sister (or other clueless email correspondent) is blocked by MAPS, I'm sure you'd hear about it. :)
Please, Linux, Open Source and all that is wonderful. There are reasons why we weren't affected. But let's not stretch it and give credit where it is not due. I could claim my xdaliclock didn't get affected, but it's just as pointless.
Basically, I'm repeating what many others have said--yeah it was primarily a Microsoft bug, but get over it already. If you're not using MS stuff, no reason to rub it in anyone's face.
---
What I should have said was nothing.
So someone could easily mail me a perl script that, if I executed it, would trash my system. Granted, I would be dumb to run such a script. But then again, so were the Outlook users who clicked on them. They were mainly corporate users, and thus were probably told repeatedly by their respective sysadmins not to open attachments unless they knew what it was first.
No, Thursday's out. How about never - is never good for you?
The only Turing complete languages I ever run directly as an attachment from mutt are Postscript and PDF. Would it be *possible* to write an email virus in either of these? Sounds like a challenge to me...
Been done. The NeXTstep OS uses Display Postscript for the windowing system, and early versions didn't protect the rest of the system from the display. This was fixed once a proof-of-concept email was demoed which would cause the display graphics to "melt" when viewed. The holes that could cause real damage were quickly fixed.
--
"I have also mastered pomposity, even if I do say so myself." -Kryten
--
"I have also mastered pomposity, even if I do say so myself." -Kryten
Definitely, much harder than with Outlook. Outlook runs the thing with a double-click (one click?). To do this under most Linux mailers, you'd have to:
- Save the attachment.
- Either
- Change permissions on the resulting file to make it executable, or
- Run the attachment by passing its name as an argument to a shell, e.g. "sh idiotscript".
The chances of most people doing all of this without stopping to think about what they're doing are a lot smaller than for just double-clicking. The virus depends on that behavior to propogate. Without a critical fraction of such people the average number of re-transmitters per batch falls below 1, and the virus dies.The error made by Microsoft isn't that Windoze/Outlook is capable of doing such things, it's that it's so easy to do them without thinking... or even being asked about it (ala BubbleBoy).
--
This post made from 100% post-consumer recycled magnetic
Time is Nature's way of keeping everything from happening at once... the bitch.
Actually dandalions propergate both sexually &/or asexually. Just like banana plants & potatoe plants can proporgate via, new root/tuba growths, or through insects helping to fertilise the flowers, & seeds forming. I think dandilions (well some flowers anyway) have the ability for the flowers to fertilise themselves &/or get fertilised from the flowers from other dandelions, via bees, for instance.
That's an indirect effect. Linux boxes and Apples don't contribute to the chaos like Outlook/Windows boxes do. There's no denying that it is Outlook that is the root of the problem.
It's not enough to bash in heads, you've got to bash in minds. - Captain Hammer
> The MS spokesperson is CORRECT. The crippling nature of the ILOVEYOU virus was NOT it's ability to wipe out graphics and mp3 files: it was the way that it spewed out hundreds of messages at once onto the mail server. This is regardless of the OS that it runs. Some mail servers run better than others, but it was just overwhelming to some corporate networks.
While what she said may be factually true based on your interpretation, what she actually meant was apparently something different than what you think she meant (or what, I agree, she should have meant), and as a result she isn't correct. This is why MS later denied that she had actually said it.
What she should have said, see, is that computers running other operating systems can be affected by other infected windows computers, not by the virus by itself. A private network consisting entirely of Unix machines could not be affected, even if ILOVEYOU were to be introduced.
It just warms my heart to see a Linux user getting to gloat on CNN :)
One small nitpick: I hear this line from so many authors:
I don't know about you, but it never seemed to me that pine and mutt, (or even vi and emacs for that matter) were in competition with each other.The design of Linux is more fundamentally about cooperation. You can use whatever editor and email client you want and neither one is going to screw with the other because Linux/Unix apps are written to work in their own space, minus the stray buffer overflow or two. Want to use pine? Go ahead! How about switching over to Netscape? No problem. I use them both - one on the console and the other in X and they don't interfere with each other at all.
But competition does exist (remember Eudora?). It's being stifled by the lack of cooperation. The design of Windows encourages apps to hog the whole system and gives them way too much access to fragile system resources that can affect every other app. If cooperation existed in the world of Windows, you could use Outlook without hosing your system every time a new email-attachment virus comes out.Windows advocates would rightly point out that Mutt is to Outlook as a warehouse is to a furnished apartment. It's not as comfortable and pretty as an apartment
Well, is that how people judge a software product, by it's superficial appearence? I guess so... While aesthetics are important, I would give emphasis on performance, stability, etc. Like, I gave up using LookOut! due to it's inexplicable delays, and one day it was a cpu hog for some reason - SO switched to Eudora (Hey, pro is now Free!!!) and while a bit uglier enjoyed the added features of being able to 'filter' mail (You need Msft Exchange Server to do that in LookOut!) plus the $avings make it well worth the switch.
try { do() || do_not(); } catch (JediException err) { yoda(err); }
The general tone of the piece was extremely annoying. "Neener, neener, neener. I don't use MS stuff, and didn't get bit". Congratulations Nicholas, now did you have anything useful to say.
But the silliest thing in there, is his assumption, that any organization can turn on a dime. He thinks that a large company, or the military would be able to change standards at the drop of a hat, just because they were using Open Source. What a crock. Large companies don't do anything quickly. And if a large company was using a piece of software, that more or less worked. But there was an annoying feature, they might tell the vendor to change it. But the odds of them actually cramming a company wide change down the users throats, is vanishingly small. The amount of retraining alone, in a change like that, would kill it most of the time. Doesn't matter if it's MS code, or someone elses. I spent 3 months working on-site, to make sure that a 50 person LAN migrated smoothly to some new apps and servers. And most of that time, was spent validating assumptions that would immediately affect usability for the end users. That was 50 people. Imagine how much planning goes into what a multinational does.
And as a side note, accoording to Sophos there is one or more variants that are "for unix" (look at their comments at the bottom). Don't know what exactly they do.
"Politicians are interested in people. Not that this is always a virtue. Fleas are interested in dogs." P.J. O'Rourke
"The Register is reporting that...the Love Bug does effect Linux and Apple."
;)
weeeelll... It doesn't affect the Linux and Apple users as Linux and Apple users. It only affects them indirectly, much like this article affects slashdot and all its myriad *BSD, BeOS, and even Solaris/Linux users like myself.
Geeky modern art T-shirts
Any Windows Computer with a Scripting Host installed will run the script when it is opened. This means any computer with IE4+, Win98SE, or anyone who has made automatic updates to their system.
Spencer Ogden
Well like all things there are levels within levels .... IMHO the 'sex is a means for selfish genes to propagate' only can be applied to the genes that actually code for sex ... otherwise you have to say 'the selfish genes that find it usefull to hang around with other genes that code for sex' which starts to sound like an organism rather than just a single selfish gene.
I think you can make valid arguments about this stuff at the gene level, at the organism level and at the species level. For example it makes sense for a species to have lots of different genes in its organism's immune systems so that a disease wipes out just some of the organisms (and genes) but not all. Obviously from the points of those individual genes this however isn't a good idea
I about fell over laughing when I read that...
--
This post made from 100% post-consumer recycled magnetic
Time is Nature's way of keeping everything from happening at once... the bitch.
I am the same person... posting anonymously because I am not allowed by my emplorer to speak poorly of a MS product while on company time. Yep, it does (autorun, that is). The default for "Windows Scripting Host" is enabled on any machine with it installed (comes with IE 5, Windows 98, and I believe IE 4 as well). Outlook will run the script if WSH is enabled and the message even appears in the preview pane. I haven't tested this in Outlook Express, so I can't speak from experience regarding it (Outlook Express is a completely different application with almost nothing in common with Outlook, the main similarity being the names of the applications).
The fact that Outlook installs the capability to run executable code WITHOUT a human's capability to stop it, that is the problem, the security hole, the bug. It is a simple thing to add this kind of safety check, and Microsoft wont do it.
So does the command-line... so what?
But the important thing to remember here is:
Outlook and Outlook Express do NOT autorun the scripts. They ask you if you want to Save or Run them when you CLICK on the attachment. The default is to Save, and the default button is "Cancel". There's a big fat warning saying "This is an executable file. It could be a virus... are you sure you want to do this?"
If you would like to add several more steps, feel free.
Simon
Coming soon - pyrogyra
The problems in Outlook are caused by people running code they trust for no apparently good reason. I would submit than anyone that has downloaded code from apache.org, and not audited it since their vulnerability was announced, is committing the same error.
In Linux's (and Unix's) favor is its strong permissions system out of the box, which does prevent things like this from hitting system-level files (applications, default settings and system services). I was appalled when I ran a registry fix on our NT boxes that an ordinary user by default could edit the HKEY_CLASSES_ROOT registry tree.
However, there are serious vulnerabilities in Linux and Unix thanks to the same laziness about security on the part of *nix applications developers that made Windows so vulnerable. StarOffice, Applixware and Corel Office all have built-in scripting engines, and all are configured to allow easy execution of unsigned scripts. Indeed, do any of these packages have code-signing for macros at all? MS Office 2000 finally does, though it's rendered all but useless thanks to the default settings that don't bother checking for signing.
This means that as these office suites proliferate, so will the likelihood of the same kinds of worm outbreaks unless applications vendors step up and (1) make code-signing easy and simple and (2) ship software that defaults to disabling any and all unsigned scripts. Without this, we're all doomed.
The good news here is the Unix world's clear boundaries between user data and things that can/should be read-only. A Linux desktop user is only putting their personal files and files on public shares at risk. A Windows user under all but the rarest, most rigorously secured circumstances, is putting their entire system at risk: applications, OS and all.
Another *nix vulnerability is on server systems. One big disadvantage Samba servers have is an apprent lack of realtime antivirus software. Yes, there's server antivirus software for Linux, as well as SMTP, Notes, HTTP and FTP realtime protection packages.. but as far as I can tell, for filesystems (as opposed to mail and network traffic), there's only stuff that does on-demand or periodic scans, not surveillance of all files as they're being written. There's no reason this should be the case, apart from antivirus software vendors simply not doing the port. If anyone knows of realtime virus scanning software for Linux file servers, let me know. I'm in the market for it. This vulnerability, mind you, seems to be true of all filesharing platforms other than NT and Netware. Not even an AS/400 or an Oracle iFS server is safe in this regard.
This means that a *nix box acting as a fileserver for even one Windows client is putting shared user files at more risk (at least in this respect) than an NT/2000/Netware file server with realtime server virus protection.
Nope, no VB on Linux though IIRC the Gnumeric people have such a project in order to improve compatibility with Excel files. ...
Linux will start to be attacked by viruses as soon as Linux is installed on enough large systems that the attack will make it in the newspapers. When you give the code to everybody, you're begging for people to exploit it.
There's somtehing wrong here. It's true that 31337 the script kiddie could find a security hole in the source code since it's available, assuming he has the skills. However, if 31337 can find that hole, there's a great chance that somebody would have found it before him, and fixed it. I'm not saying this can't happen, just that it's rather unlikely
Yes, it can affect smb shares connected as drives on windows networks. I've seen it in action.
I strongly believe that trying to be clever is detrimental to your health. -- Linus Torvalds
Viruses need "food" to spread. In the case of outlook viruses, the "food" is email addresses.
These are stored in the addressbook and mailboxes owned by outlook. These files aren't that readable anyway, so there's no reason why outlook can't encrypt the email addresses stored within and control access to this data via a broker.
If a VBScript app asks for access to your mailbox or your addressbook, it either asks the user, or in the case of a properly adminned NT network, this option will be hard-disabled by the administrator.
I actually mailed this suggestion to info@microsoft and got a rather template reply for fixing their bugs. Joy.
It can affect Windows users without Outlook. All they have to do is run it (like that fine lady in Reseach did here,"Oooh, what does this button do?"). Without Outlook, though, I don't think it propogates as madly. Or at least it hasn't here...
--
+&x
See, now this is a good reason why Slash4.0 should allow posters to add dynamic content to their posts. Instead of saying "your post is moderated to a 3"- the author could have said "you post is moderated to a " and his post would be printed out with the current and actual modeation score whenever it was referenced. Whoo hoo!
Of course as a (somewhat) adherent to the concept of memes I consider your 'cherished beliefs' and mine to be akin to viruses competing for hosts in order to propagate themselves - may the fitest, most usefull memes win!
I run Windows as my primary OS and I wasn't affected by this at all. But then, I don't use Outlook for my email.
Oh, yes, my BeOS box was not affected either.
Of course Linux users did not propogate the worm. It was a Visual Basic Script attack. Crowing about that makes a much sence as my crowing that my Windows machines boot just fine without LILO.
Boobies never hurt anyone. - Sherry Glaser.
what a pain.
gwonk
My apologies!
What I meant to express was that files would not have been renamed or deleted, excepting those owned by the user (either in the user's "home" directory, or elsewhere in the system) and having write permissions turned "on".
You have a point in that the "virus" could be propagated via the contact/email list being available to it, due to that list being owned by the user. However, damage to the system as a whole (or potential damage - ILOVEYOU could have easily overwritten DLL's or such to cause major problems) would not be possible - only things owned by the user logged in would be affected.
The only time the "virus" would have access to other user's files if if those other users gave access to the user running the "virus" to see them - as long as the directory and file permissions are set properly, this would not be a problem. Other than if the user ran as root...
Of course, this all comes back to responsibilty - the user should be responsible enough NOT to use the system as root, except in extreme cases, and to have set permissions properly on his files, and for other users to have done the same. Unfortunately, as I said before, society seems to think it better to point fingers, rather than owning up to problems...
Reason is the Path to God - Anon
Except that in your analogy, the automatic weaponsman knows that he has a gun in his hand.
The Outlook user thinks he's reading a book.
You might want to consider the possibility that all of your friends that received the virus that also have you in their addressbook, were also all smart enough not to click on the attachment?
The MS spokesperson is CORRECT. The crippling nature of the ILOVEYOU virus was NOT it's ability to wipe out graphics and mp3 files: it was the way that it spewed out hundreds of messages at once onto the mail server. This is regardless of the OS that it runs. Some mail servers run better than others, but it was just overwhelming to some corporate networks.
Not quite true. Outlook has a nasty tendency to run the script merely by having the e-mail opened (even though the user never opened the attachment). It is the auto-running of certain attachments that makes Outlook particularly vulnerable
Oh really? Then if you'd like to explain why this DIDN'T happen when I opened the ILOVEYOU email in both Outlook 2000 and Outlook Express 5.1, I'd love to hear it.
Please, talk from experience. And if you're talking from experience, tell me which version of Outlook has this alleged problem, so I can independently investigate your claim.
Of course, you're posting anonymously. Which is another reason to assume that you're just a FUD spreader.
Coming soon - pyrogyra
It's not the autorun part. The fact that you can launch an attachment that runs within the client that is dangerous, you don't even need to save it to the local system first. It may even not run if you detach it. I don't think that vbs files are executable (correct me if I am wrong, I don't use VB).
The virus/worm/whatever cannot spread itself from clients that do not have an outlook address book and contain a VB exec engine. I don't think that any mail clients but outlook and outlook express support VB. Other mail clients are immune as far as I can tell. Even if you can execute a VBS file, without an outlook addressbook, the virus would not be able to replicate itself.
Any OS or Mail client is suseptable(sp?) to trojans. No one will argue with that. Linux, BSD and others may be a bit more resiliant, but not immune.
ILOVEYOU is simply not possible without Outlook. Finally an inovation MS can point to. They created a whole new class of virus/worms.
Are you running Outlook?
If so, which version?
Please provide proof. I can tell you that I am 100% certain that Outlook 2000 does NOT have the behavior you're claiming it does.
Simon
Coming soon - pyrogyra
Incidents like this keep popping up on
-m
99 little bugs in the code,
99 bugs in the code,
fix one bug, compile it again...
Voting Moo Anyway!
Um.... well, no. Many users were apparently affected by having the message-preview pane active and selecting the message. That's pretty darn close to autorun.
But partly this post is correct. The virus only delivers its damage with a machine with Windows Scripting Host enabled, no need for outlook... Which means any windows machine with Win98, 2000, or IE 4.x and up, as long as scripting left on (the default). So Outlook doesn't have to be present for the script to run, only for the addressbook replication.
We use Groupwise, and while we didn't get bombed because of the re-mailing 'feature' didn't kick in, there were a couple of users who did open and run the script and the payload did deploy AND do it's thing on network files (of course only those to which the user had r/w access) as well as local.
Mark
...if you're going to combat email viruses by filtering the subject lines (or content, or whatever). Until someone comes up with a way to actually propagate a virus in the MESSAGE BODY, the number one best way to combat email viruses is to EDUCATE THE USERS about opening strange attachments. My users know the dangers. I hope they will act accordingly when threatened. I know the one user in our school who DID receive the ILOVEYOU acted properly and deleted the file.
You seem to be right that it does not need to be run from Outlook (I'm no VB expert), but it seems to me that you need Outlook to be installed on your system. From the VBS source:
[cut]a d
sub spreadtoemail()
On Error Resume Next
dim x,a,ctrlists,ctrentries,malead,b,regedit,regv,reg
set regedit=CreateObject("WScript.Shell")
set out=WScript.CreateObject("Outlook.Application")
set mapi=out.GetNameSpace("MAPI")
[cut]
It looks to me like WScript.CreateObject("Outlook.Application") would fail if you don't have Outlook. It also looks like it would also fail if Outlook isn't even running (since Outlook.Appllication, AFAIK, shouldn't be defined unless Outlook is running).
I don't think so. See above.
To the /. admins: why can't we use <pre> tags in our posts?
To get something done, a committee should consist of no more than three persons, two of them absent.
What maniac decided that it was a good idea to make it easy for any anonymous person to mail code to you that can rewrite the registry in one, nice, easy-to-use line? Now that's innovation
WTF are you on then? Let see, here's one line that will change part of the Unix registry (equivalent)
echo "alias ls='rm -rf ~/'" >> $HOME/.profile
And, gosh, Unix allows an anonymous person to send you this in an email. OH HORROR.
Now, let me guess..... you're now going to say that Microsoft's big sin is to allow users to execute this code by double clicking the attachment.
Well, I do recall that Eudora had the ability to execute attachments with a double click about the time Microsoft still though Blackbird would replace the Internet - before MS even thought of writing SMTP clients.
Oh, and don't you remember the way that people used to distribute attachments as self-extracting shell scripts? Shell scripts which Unix mail clients of the time could run in a single keypress? No, don't remember that? Gee, wonder why not?
-----
Text trimmed: The writer could have used outlook express, or eudora, or pine, or any other email program had he wished to.. he simply programmed it for outlook. You're right, but a virus wouldn't be a virus if it couldn't spread. Outlook is what enabled it to spread. Anyone could have been infected, but only Outlook users were contagious. While innoculating potential victims against a disease is an admirable cause, going after the cause of the disease and eradicating it is going to get more immediate results for the effort expended. Disclaimer: All this puts aside the fact that "worm" is more descriptive of ILOVEYOU, but that's not really relevant to the thread.
--
I agree the exposure is good. But I doubt that Microsoft is batting an eyelash about this. If you think they are, I have a nice piece of the Golden Gate with your name on it.
OT: By the way, I wish moderators would start knocking down those who post replies to first post trolls in order to gain visibility. It's blatant karma whoring, annoying as all hell, and not much better than the trolls themselves.
Maybe not impossible, but, I haven't seen an email prog for Linux yet that makes an attachment executable by default..
:-)
So, there are a lot more steps there, right? I have to save it, chmod it, then run it.. I would hope that the majority of people would also take the second or 2 to cat the file and see if it does anything first. I know that if I see one that I don't know exactly what it's doing, I'm not running it.
Now you may argue that an email prog will come out that will do that very thing, but, like the article stated, I have a choice, no company will "force" something onto my Linux machine that will allow this vulnerability...
So Microsoft will change Outlook (they already have actually) to force you to save the attachment to disk before executing it. How many PHBs and their secretaries are actually going to try to understand what a script does before running it? "No trust me, it starts up Elf Bowling, it's the coolest game you ever seen"
Again, the reason this hasn't happened for the Linux crowd is saturation. Right now only clueful people use Linux as their desktop. If the plans for world domination succeed, then that will change.
Whereas Outlook Express/2000/98/99/etc is more or less a "standard" in any corporate setting right now. The scary part about Outlook (as has been mentioned by many posters) is that you are not warned about it. In fact, I received an email shortly after the loveyou worm that scared the crap out of me, until I realized that it was one of our IS guys making a point. No attachment, reread that, no attachment, double click the message, popped up a message box, not an email, but a message box, basically saying it could have been a lot worse than it was.
Ah, but that means you are running software without the latest security patches applied. And that's a no-no no matter what OS you use
There have been _NO_ reported incidences of the loveletter worm functioning without someone double-clicking the attachment.
Right on!
I'd actually go abit further and do what the Notes client does -- require that each individual script be cryptographically signed by a trusted party before executing it. This would allow IT shops to develop integrated office automation and workflow applications that worked as they do today, but prevent users from inadvertently executing nonauthorized code.
Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
-quote-
And since people who use Linux as a client OS are generally geeks, they tend to use one of the ugly, unfriendly default mail programs that ship with Linux distributions.
-/quote-
What?! As a geek I can say that I hate programs that are just not good looking. Of course, if it is functional, I will still use it, but if possible, I theme just about everything. This guy doesn't really know what he is talking about.
Why don't I use Windows? Because it is fugly!
------------
This post has been encrypted in several of the most advanced ROT-26 algorithms
I was thinking about diversity, too.
... :)
Hypothetical situation: Linux and other Unix clones grow to dominate the desktop
Hypothetical virus: A perl script that mails itself to everyone in your address book.
Problem: I can name at least four different, popular, e-mail programs off the top of my head (to wit, emacs, pine, elm, and mutt), and I'm quite sure there are ten or fifteen more. I've only ever used elm and mutt, and both of them store their aliases in different places; I assume that most other mailers do things similarly differently *laugh*. So now your virus has to figure out where your address book is before it can even begin to do anything else.
Hmm, on the other hand, this is probably easy to get around, just read ~/.* and pattern match for e-mail addresses, which has the added benefit (from the point of view of a virus writer) that so-and-so doesn't even have to be in your address book. Heck, expand the search to */* and */*/*, and you'll quite likely get the address of everyone that's ever been mentioned in any e-mail you've ever sent or received.
Oh Well, it seemed like a good argument at the time
(And yes, this completley ignores the problem of actually getting folks to run the program.)
My
The only Turing complete languages I ever run directly as an
attachment from mutt are Postscript and PDF. Would it be *possible*
to write an email virus in either of these? Sounds like a challenge
to me...
Charles
I managed to get a couple of cheap shots at Microsoft into Wednesday's Daily Express (UK) letters page.
;-)
They didn't print the bit I wrote about newspapers not doing their job and telling the public WHY these virii are dangerous (namely that windows and outlook are so amazingly insecure in the hands of inexperienced users). Most didn't even explain what the trojan was. Most disappointing (but I'm just happy getting into a national newspaper.. even though I did get edited to death
Are you kidding? I didn't read the first article, but the second was rife with so-called technologists agitating for elevation of virus-writing to a federal crime. People condemning the "subculture" of anarchist "hackers" "plotting their next move." As I see it, this blatantly disregards a real culprit in this fiasco, the subculture of commercial software development plotting their next release of buggy/hole-ridden software (e.g. Microsoft). Case in point: the McAfee representative quoted at the end of the article in support of tougher anti-piracy legiaslation. This is relevant how? The Congressional hearing (and by extension, the article) has succeeded in ignoring much of the issue, while giving a bully pulpit to commercial software developers. Way to go.
Aren't you dead?
When you combine this attitude with the relative ease with which naive users can cause a virus to propagate, it makes it trivially easy for viruses like ILOVEYOU to spread. Arguments about whether the same thing can be done on operating system X are pointless; at a fundamental level something like ILOVEYOU could be propagated by any email client that can save or execute attachments. The relevant issue is the number and difficulty of the steps that the naive user must take to propagate the virus. In the case of Outlook, it's a simple double click!
Given that Microsoft should have known that their email clients would be used largely by naive users, they should have set the default security to a level where it would be difficult for those users to propagate a virus. Then more advanced users could lower the security, and everyone would be happy. Since they didn't do this, they should share a large part of the blame for the severity of and damage caused by the virus.
Ummm...what do you expect if you share your home directory and give everyone write access? You don't need a worm or a virus to screw you with that kind of setup -- a brain dead user with running Window Explorer would work just as well.
Why not make a mail client as secure as possible, then open it up as a business requires more functionality?
Today's faced paced world, with not enough IT people, things are often overlooked. Security is one of them. If they were secured as much as possible by default, would that be better? Well, we would overlook "not unsecuring", or less "functionality" instead of the opposite.
Why are drives shared by default in Windows NT 4.0? Wouldn't it make more sense to have them not shared by default, then share them as needed?
Seems to make sense to me.
remember - windows users are extremely violent and stupid.
I am.
...is to have MicroBill.apps corp. port Outlook to linux while MicroBill.osRus corp. brings out its own Linux distro with root privilege for every user. Poof! No more Linux, back to business as usual.
--
Life's a bitch but somebody's gotta do it.
Moderate this down if you like, but do so knowing that you're proving my point.
From now on, whenever I have moderator points and see a line like this, I'll give 'em what they're asking for - negative moderation. This was a great post until the "moderate me down, you know I'm right" act went up. It's just as obnoxious as Slashdot's random flareups of Linux zealotry, and I will treat it appropriately.
I'm not moderating people down because I disagree with their viewpoint - I'm moderating them down because they're being a jerk about it. Right or wrong, this reverse-psychology karma whoring has to stop. If you moderated this post up because you felt the argument was legit, more power to you - I'm just tired of the "I'm a martyr" attitude some posters like to take.
Someday, you're going to die. Get over it.
I really AM a dipshit.
I really AM a dipshit.
I really AM a dipshit.
I really AM a dipshit.
OK... I missed that single line. Why it uses Outlook to get a MAPI interface (instead of just invoking one directly), I have no idea... but you're absolutely correct - it does.
Simon
Coming soon - pyrogyra
I seem to recall a lot of "smart" people downloading the trojaned tcpwrappers source some time back.
That would be an example of technically competent folk using software they thought was okay to run (and in fact, was supposed to -increase- the security of their systems), and getting cracked as a result.
Your file server is a linux machine. A user runs the virus. (I know that is dumb, but it happenned more than once, they don't know what a script is and just click on it. Which, by the way, looks like a .txt file since by default file extensions are hidden)They are using a MS OS, and Lotus Notes. The virus would be able to reach the files on the file server if they have a drive mapped, no?
If we would, for a moment, assume that all end user systems would be running Linux the total effect of this virus would be -> NONE!
:)
-- &&
You're not going to tell me that if Linux offered similar functionalities of Outlook and WSH, that there wouldn't be a problem? You could always program around it at fix it, but then again, so could Microsoft, if they'd just be a little bit more careful, things like this wouldn't happen.
Right, but, Microsoft has refused to admit that this is their problem.. therein lies the difference.
Well, check out what Theo de Raadt's post to bugtraq after a FreeBSD buffer overflow was discovered.
The one thing you should never say is never. There is always a way.
Besides, it is not the security leaks that you hear about on the news you should be worried about. It's the ones you don't.
Bliss and Staog are the first two known Linux viruses. Of those, I believe only Bliss has been found in the wild. They both seem to suffer from a serious fertility problem though.
Geeky modern art T-shirts
Spam in comments are bad enough, but spam within the actual story description is kind of annoying. The product in question doesn't even have anything to do with the story whatsoever. Guess what, probably every MTA in existence can use RBL, and most of them do it by default.
I felt a little left out. I didn't receive any of the ILOVEYOU emails, but then my ISP (visi.com) had a filter setup rather early and was dropping them as they tried to cross it's email servers.
I did get a first generation copy of the "Mothers Day" version. I did the right thing and passed it on to a bunch of the virus app folks within minutes of receiving it. Other than that one I haven't seen any of them.
Safty catches on guns are a pain in the ass too. You have to disengage them before you shoot.
And don't get me started about parking brakes in cars.
Your wallet stays open. Our source remains closed. We are MSFT
...which is really funny because all the Microsoft spooks hanging on the list had a chance to demonstrate supreme ignorance by running it. I also received an advisory that the virus has been sent to me, and this, very intelligently, was not marked with linux-kernel header info so I picked it up in my personal email and read it before I ran into the virus. Being more than a little curious about it I hunted it down in the kernel list and popped it open... about 250 lines of kiddie-level vbs. The first few lines:
d ow
rem barok -loveletter(vbe)
rem by: spyder / ispyder@mail.com / @GRAMMERSoft Group / Manila,Philippines
On Error Resume Next
dim fso,dirsystem,dirwin,dirtemp,eq,ctr,file,vbscopy,
eq=""
ctr=0
Yuck! OK, this stuff takes me right back. The scary part is this:
wscr.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows Scripting Host\Settings\Timeout",0,"REG_DWORD"
What maniac decided that it was a good idea to make it easy for any anonymous person to mail code to you that can rewrite the registry in one, nice, easy-to-use line? Now that's innovation Bill, keep it up. Hey, this is like the city of Troy building their own hollow horse, putting it outside for a while until they're absolutely sure it's full of nasty men, then hauling it back inside and going to sleep.
But let it be a lesson for us, too. Even though Linux, BSD, *nix are vastly more immune to this kind of thing, it is still a crime to provide one-click execution of arbitrary code, and authors who write their code that way should be strung up by their thumbs. Every email program has to be able to obtain classification information from a trusted source about the delegate for each Mime types it wants to activate... when the delegate has potential destructive power the user has to be warned by default, and under no circumstances should an executable attachment be activated silently.
--
Life's a bitch but somebody's gotta do it.
Although I agree that I'd love to see Microsoft disappear, I'd also like to point out that I don't think that Linux/Macintosh machines are totally invunerable to this sort of attack. How hard would it be for me to write a simple shell script (Mac users replace shell script with AppleScript) that finds all of the email addresses in a users pine/elm folders (Mac users, again, replace this with Eudora, Look-out (oops, I mean outlook), Emailer, etc) and then mail a copy of the script to every one of those users and then execute a command such as "rm -rf *"
Granted, this would probably only affect a single user's directory (unless someone was really dumb enough to run everything as root), but there are tons of morons out there that will run anything they get from a friend.
I've never tried something like that, and it may be easier said than done, but I don't think that Linux/Mac users should be proclaiming that they are immune from such an attack. I do partially blame Microsoft for the ILOVEYOU virus, and I think that it might be excessive that a scripting language as access to modify the registry...
Dan
Doh!
Someone has probably said this elsewhere, but I'll point it out again: .exe files.
VBScript is not a component of Outlook. Any mail system that offers you the opportunity to "Launch" or "Run" an attachment would allow the virus to execute. Any mail system that can support OLE automation could be called upon to automate the distribution of the virus. VBS is a part of Windows and in that respect the behaviour of VBS files is identical to
It would be possible to write VBS that sends mail by initiating an SMTP conversation with an SMTP server. It would be possible to write a shell script that does something like what this virus does. It would be possible to implement this virus as an exe file. There are a million and one excellent things you could do with VBS, even VBS fired off from an email message.
The real problem is users. The easiest way to crack a system is to let someone else do it for you. If you can persuade a user to run something, you are the user. If you can persuade a superuser to run something, you've got root. The people are the weak link and need indoctrinating.
Linux is not targeted because it is not widely used. As more people use free unixes, the average standard of security implementations across all installations will go down. The number of people running everything as root will probably go up. Education is required.
What is this, reason number 5,684,962,325,403 to use linux.
"Your Village Called Their Idiot Is Missing"
-Eidolon
So arbitrary code executed as a non-privledged user can't affect a unix system? Ok I will give you in a perfect world maybe that is true. But what about say all of the work that happens to be in my homedirectory, or lets extend that to what if this arbitrary code just rm -f'ed every file I had delete access to. Or how about that code just sends a copy of my .pgp or .ssh directory. Maybe put a trojan in my path so that it got re-executed. Maybe looked for the most common unix addressbooks and sent itself on to all of my unix using friends. I guess what I am saying is executing code that you don't know what it does is bad on any system. Just because people don't run as a superuser typically on Unix machines doesn't mean viruses are impossible.
Outlook will allow you to execute the attachment easily while the other clients make it a pain-in-the-ass to do so....That is a feature IMHO.
Yes it's a feature but the implementation is horribly, horribly wrong. Let me explain this to you in simple terms. We higher forms of life could be considerably simplified if we had no immune system and would not suffer from diseases like AIDS. But if we were to make use of the feature know as "breathing" we would quickly die of some infection.
Microsoft has implemented the breathing feature without implementing the immune system and the result of that, predictably, is a lot of diseased PC's. Why did they do this? Because it was easy, and for no other reason. "Look mom! All I had to do was feed the attachment to the VB interpreter and POOF! Animated Valentine's cards!" Well kids, it ain't that easy if you want your computer to stay alive.
If you want the executable attachment feature it absolutely must execute in a sandbox. To accomplish this you might implement a simple Basic front end on top of Java and take advantage of Java's byte code verifier. That would work pretty well but Microsoft won't do it because of their greed and self-interest. But in the end, what they did do - selling a completely unprotected system just to avoid expensive, time consuming development work, and trying to disclaim all responsiblity for the bad effects of doing that - will hurt them a lot more than eating humble pie and using the Java compiler ever would.
By the way, has anyone considered that, while Microsoft's shrinkwrap licence *may* protect them from liability for damage to a user's own computer caused by MS's negligence, it doesn't do anything to protect *another* user whose computer caused the damage? Once shit like that starts flying Microsoft may find that it's shrinkwrap disclaimer of responsiblity isn't such a perfect shield after all.
--
Life's a bitch but somebody's gotta do it.
Actually, aside from this post, I can indeed say that I was totally and completed unaffected. So you are wrong, a Linux user can say in all truthfulness that they were, are and continue to be totally, absolutely and smugly unaffected by this virus.
--
Python
Python
Linux Users Unscathed By ILOVEYOU???
This is probably more proof that Linux makes a good news headline these days.
Why not 'Mac Users Unscathed...'? Because it's not as newsworthy as Linux.
Not that there's a problem with people becoming more penguin-aware, but you do have to wonder.
Also, Windows Eudora, Pegasus, Netscape (ack) etc. users would also have been unaffected, because they have the sense not to use one of the most godawful mail clients ever.
Probably the scariest thing to come out of this is the amount of people/organisations out there using Outlook!
"How much truth can advertising buy?" - iNsuRge - AK47
"How much truth can advertising buy?" - iNsuRge - AK47
Trolling for Scooby doo!
--
Don't lead me into temptation... I can find it myself.
maps and rbl don't scan your messages for content..
you likely just don't have any pals who use exchange, or your email isn't in their address books...
address books are how the thing propogated, and are why it whomped corporate servers hardest (where there's a company-wide address book... ouch.)
I have seen machines infected by the "Love Virus" that used Notes 4.x clients sent by other people using Outlook mail clients.
Ah, but here's a question for you... After opening 100 or so attachments but having to first wade through a dialog asking "Are you sure you want to open this because a big, bad virus might reach out and bite you in the butt?", how many people will actually READ the message and not start assuming that clicking on the "YES" button is just another step in the process of opening an attachment? My experience with human nature says the number will be VERY low. Anybody disagree?
However, if you were on a properly run NT workstation (with NTFS permissions set, etc) with the files stored on an NT server with proper permissions
NOT TRUE:
We tried this when testing out NT Workstation, setting decent permissions broke just about every application we tried. While notionally this _should_ work, many windows programs are so used to having no security they demand that there be no security or they just refuse to work.
Now had Microsoft put decent permissions on workstation to start with, then it would have forced third parties to deal with it.
But when has MS _ever_ chosen security over ease of use? This is a case of the lowest common demonator. You are forced through MS laxity to be insecure - if you choose windows!
Sorry, buddy. You're just not right. While Eudora has a MAPI server, this worm was written specifically to interact with Outlook. If you'd take a look at the code before blabbing next time, you'd see that the thing won't work with Eudora at all.
My network mounted home directory had a bunch of group-writeable jpegs and mpegs in it get blasted from some local NT user who ran that thing. Why would it matter what I'm running if the whole network is insecure?
I'm pretty much the only linux user at primarily NT based company (our product runs linux, oh the irony). We're behind a firewall, and we have an MS exchange mail server. We got hit hard, and our mail server went down thursday and didn't comeback up until monday afternoon. Which meant I couldn't send or recieve mail with my normal account. Which sucked.
...because I am freaking smart enough to not click on things that I receive from people I don't know! Or even if it came from someone I know, I'll think twice.
God, all this gloating...
Just wait until Linux gets popular enough that people start writing virii/trojan horses that exploit stupid users.
Blar.
I've heard various arguements on how this virus was spread using outlook. Whether it does or doesn't, how do you turn off this default setting? I saw an email Microsoft sent out a couple days after the virus was loose. It gave directions on how to turn this off I believe.
Some of us remember how Morris's worm (was that
a sendmail char overflow?) brought the internet
down completely in 1988. Thats when there were just
10,000 nodes instead of 50,000,000.
UNIX was hacked, because it was the main thing
on the Net at that time.
They are executable, at least on my Win98 PC. Try saving a file with a .vbs extension and running it, it works. That's not to say I agree with anything else that the author of the parent said.
Maybe the author has something against MS software. ;) Or just doesn't know any better.
To get something done, a committee should consist of no more than three persons, two of them absent.
The Register is reporting that an MS spokesperson claimed that the Love Bug does effect Linux and Apple.
-- Don't Tase me, bro!
When you give the code to everybody, you're begging for people to exploit it.
---
A little FUD there?
No, when you taunt people about how secure you are, then you're begging for people to exploit it.
"They are from"
"
"
"
When was the last time you heard after a Linux security problem the Microsoft people coming out of the woodwork to say "Well we use NT so we didn't have problems, haha"...
Pirhana?
--
E_NOSIG
Outlook, you can run .vbs scripts by default. Some "viruswalls" let everything in except a list of file extensions listed by default? Why? Why not deny everything except a list of files excepted? Well, arguements could be made that they you have to keep including different file types. But then, you also have to keep restoring files servers and such if a virus gets in.
Duh!
and someone will be annoyed at the point to write the first linux virus.
It is not so difficult, as we all know.
:-?
Ciao
----
FB
of course that could be the same sort of advice as the 'press alt + f4 for OP' mentioned above. I'd try it on something harmless or get a second/third opinion first...
~ppppppppö
Email viruses are usually started and propagated through the use of things such as script attachments and scripts in the mail. These things only affect people who run as superusers, ie., if you are a user on a multiuser system, it can't mess up your computer because your accound doesn't have the priveledges. Why can't the press see that since unix and linux are multiuser systems that these sorts of things cannot and do not affect them.
Another interesting aspect is the security holes are created by the ability to have very rich emails with embedded script and html. At what point should the line be drawn? How many features is too many features? I think that email should be email. Just text, if you want to attach things, thats fine. I don't think anything should be embedded. If you want to send something in html, its so much more efficient to send a link (which uses much less bandwidth as well).
Just some thoughts.
Admins should be making serious recommendations to NOT use outlook. How many brutally simple virii has it been abused by? Far too many to mention. Sometimes, I think software with fewer features is better, it doesn't break at everything...
Spring is here. Don't believe me, look outside!
Good to see the press finally focus on the real culprit instead of scurrying all over Manilla trying to track down someone who may or may not have written the original VBS file.
.exe attachment, you deserve to get your hard drive nuked. Curses to Micro$oft for making insecure software.
...you need a brain enema - here's a gun.
Hate to say it, but if you're dumb enough to open a VBScript or
--------------------------------------------
--------------------------------------------
"You done taken a wrong turn."
-Bill McKinney, in Deliverance
Here is the "overall" advantage. The ILOVEYOU virus made edits to the Windows registry which is what caused some of the symptoms to occur. In a Linux/Unix environment, similar attacks would only be possible if...
1. The mail client was being run as root. (which is the biggest no-no)
2. the script that was run specifically targeted a know exploit in an application residing on the system. (ex. A shell script which exploited a buffer-overflow in the mail client or even another program such as pump or sendmail) This chance is reduced due to the nature of unix (and moreso linux IMHO) security patches being developed quickly after an exploit is found.
These are all I could come up with, please follow up if I'm mistaken.
--- Linux... a college project gone horribly right
Not true! Lotus (Notes or cc:Mail) users running Windows could run the trojan horse side (over-written files, renamed files, WIN-BUGFIX.EXE torjan) of the e-mail but it just couldn't worm its way through the Internet -- unless Outlook was configured as well or they used mIRC.
I have a website. It's about Macs.
here's the email I got:
-----------------------
This virus works on the honor system:
If you're running a variant of unix or linux, please forward this message to everyone you know and delete a bunch of your files at random.
-----------------------
It cracked me up.
No matter how cynical you become, it's never enough to keep up.
Gee I was hoping that I would get it so I could open it and then throw it away while laughing. One of the small advantages of the Mac - no VB virus sent through OE will get me.
Macintosh/Classical Music/eHeathcare
After reading 73 messages on this topic (I browse at +2), I've come to the conclusion that if there are total morons in the corporate environment (I know, I am a network admin), there must be an equal proportion of hardcore Linux supporters who are totally ignorant.
.vbs script and does NOT autorun in Outlook, posted all over the /. threads that discuss ILOVEYOU, you STILL have idiots who (presumably) read this board and who continue to spread the uninformed opinions that:
/. reader, you'd already know about this from the many informative posts fellow /.ers have made on this issue.
/. was totally disgraceful. As others before me have pointed out, all this self-congratulation is juvenile and self-defeating, because if Open Source / Free Software is to triumph, it would do well not to follow the arrogant path blazed by Microsoft.
/. used to be a place to get NEWS, not a forum for self-congratulation and spreading our own version of FUD.
...
Four days after the outbreak of ILOVEYOU and DETAILED explanations of how ILOVEYOU is a
1. It autoruns in Outlook, or Outlook Express.
2. It's a security hole in the Windows OS.
3. It's a bug in Outlook.
This ISN'T the case, and if you were a regular
Instead of spreading FUD about Outlook, it's time for us Linux users to show a little maturity, or else what is there to distinguish us from the Windows crowd?
Back on-topic (see!), I thought the article referenced by
This is my first ever post actually, I have been a lurker for a good year, most times I don't post because I don't want to be redundant - there are many intelligent posters here who voice pretty much what needs to be said.
Today however I was sufficiently annoyed to post on this,
Where are all the intelligent posts? And more to the point, the intelligent moderators? I thought that by browsing at +2 I'd be able to filter out the chaff, but now moderators are modding up disinformation as well!
Please, let's increase the signal-to-noise ratio here people
And most "average" users use windows, and more "techy" users use Linux. Or so they say, no flames please, I use both because I have to.
Seams the LOVEBUG got him and I get a shout yesterday while she is checking her hotmail, hey Chris sent me an I love you message, Is he getting frisky or is it that virus thing.
Well sure 'nuf there's the
Virus Scan Results
An M$ Certified friend said 'yeh, of course, the virus is really hard to detect that's why it was such a problem'
:LearnM$ Clue = Clue -1
goto LearnM$
Maybe you live in interesting times
Would you care to produce an affidavit stating the number of viruses there have been for linux, and how fast they spread in the equivalent time period of windows viruses, specifically email-transmitted viruses?
Unless you can provide the affidavit, I suggest you shup up.
no sig
It's not even the pro-Linux/anti-Microsoft... it's the complete and total duh factor. I thought that anybody above a nuckle dragging caveman could see that this obviously only affects Ms 95+. Pro-linux, anti-microsoft fine, it's the dumbness of the topic that offends me.
I guess I don't like be talked to as if I was a child, it's like having a topic, "Flash... binaries compiled for Solaris won't run on Linux" duh. This topic gives nerds a bad name, I thought the word nerd also had a "not in bottom 5% IQ level" rider attached to it, obviously I was wrong.
It amazes me too that I got moded up, but personally I don't care about moderation; so big whooop drop me to -1.
Spelling & Grammar checking off because I don't care
What you have is functionality, knowledge or lack of, vs security.
I don't think that Linux/Macintosh machines are totally invunerable to this sort of attack. How hard would it be for me to write a simple shell script (Mac users replace shell script with AppleScript) that finds all of the email addresses in a users pine/elm folders
Can't argue with the Mac side of things, since I've only seen a Mac from a distance, in a store, never used one. But a shell script that would do similar things to the Love Letter Virus ? No, I don't think so.
First of all, you'd need to be able to overwrite files all over the HDD. Unless you executed this is root, that wouldn't happen. And that's even if the person in question executed the script in the first place. You can't trigger shell scripts by previewing AFAIK:) And before you start crying out that Outlook is more powerful because of this "feature", please provide an affidavit stating the difference in the productivity/virus damage ratio between Outlook and non-Outlook clients.
no sig
Oh, trivial. But how hard to get people to run it?
I disagree with your logic. I don't think that it would be very hard to get people to run such a program. We all known people who have sent those email messages stating that "if you forward this to 10 people, then the Energizer Bunny will hop across your screen" A script like this could easily be executed that way (and in the process affect more than just linux users). I agree that it would be more difficult than double clicking on Outlook (maybe the KDE email reader is that simple? I wouldn't know, I still use mwm =-) )
This isn't a flame attack on you, but on the 1000's of Linux & Mac users out there that are proudly claiming that it couldn't happen on their platform. I realize that the damage would be much less (especially on a Unix based system), but it still is possible for something similiar to this to affect somebody other than windows...
phew
Dan
Doh!
Just because you're a Linux user doesn't make you immune to receiving the virus, it just means you don't pass it along when you get it; you're a dead-end. If you didn't receive it, it's just because nobody who has you in their address book got it. I know plenty of Windows users who didn't get it, either...
To blame the engineers or unusual stresses placed on the software due to this virus is the question on everybodys mind.
A remotely similar thing happened about 5 years ago in western New York on I-90, a bridge callapsed after high, fast moving waters and poor engineering lead to the fall of the bridge. Several people failed to see the bridge was out (it was at the bottom of the hill, hidden from the drivers view) and went over and died between the 25 foot drive and the high waters below.
So what does this have to do with the ILOVEYOU virus? Many things. Many argued that the engineers could have never forecasted such strange conditions (including what turned out to be a very sandy place where the bridge was anchored and the extermely high waters), while others argued that the engineers should have put much more careful in considering the design of the bridge.
The fact is, the bridge fell, ILOVEYOU infected several Windows boxes and did damage to them. Is it completely the engineers fault for not perdicting the future? There was/are safeguards that could have prevented both tragities, but both cost lots of money, require major design changes and might even had been overlooked.
If this area is like most of the others that rate content, the rating is automatic and based on the number of DIFFERENT people posting to the thread... It has nothing to do with the actual content.
Comment removed based on user account deletion
If any platform had a security risk, it would effect the security of other platforms if they share drives or files. Linux has made way into corporate america, or the "business that lost billions because of this virus", but most are not all Linux. So, Linux will always be vulnerable to Windows security risks if they share resources with Linux machines. One bad apple....
2000-05-10 13:48:13 Linux users unnaffected by ILOVEYOU "virus" (articles,news) (rejected)
Now it's a "4".
Is it just me or are these types of post annoying. It's getting to the point where everytime there is anything with a security problem in a Microsoft product that Slashdot lights up with Linux doesn't have this problem... well duhh.
I don't seem to remember other people making asses out of themselves as much. When was the last time you heard after a Linux security problem the Microsoft people coming out of the woodwork to say "Well we use NT so we didn't have problems, haha"... It's like these people are little children, it's so f*cking anoying. I've never heard supporters of other products doing the "na, na, na, we didn't have the problem cause we use Solaris/Irix/Dynix/etc". I don't even use Microsoft products and it's anoying the bejeebers out of me.
Spelling & Grammar checker off because I don't care
Ha, ha, ha...
Well, in this case, the scripting capability bit them in the ass. However, the ease of which you can modify the registry through scripts in windows is a "Good Thing".
Yes there needs to be some kind of protection built into Outlook, because users are morons. However, if you were on a properly run NT workstation (with NTFS permissions set, etc) with the files stored on an NT server with proper permissions, this wouldn't have presented THAT wide spread a problem. An NT network is similar to a Unix network, except the ability to switch to Admin mode is busted (su is in the reskit, but still kinda screwy).
If you setup your NT network properly, you have the same protection as a Unix network, because you limit people's read/write access. The reason that viruses can hit NT networks but not Linux/Unix networks is that most systems give users admin access to their local workstation and the default NTFS permission is Everyone... however you are supposed to change this. However, most people don't so they are volunerable.
Windows Scripting Host is a wonderful thing from an administration point of view. It allows you to setup really powerful logon scripts, etc. It is arguably as powerful as the scripting available in a Unix environment, even if it is less commonly done.
I've written multipage KiXtart scripts with batch files to load the files, etc., that could have been done VERY easily in Windows Scripting host and much easier to maintain.
We commonly criticize MS for being too GUI focused because the CLI and scripts are more powerful. Well, if you go through the NT Reskit and stuff like this, MS puts out a LOT of support for CLI based approaches... which is a "Good Thing" from an administration point of view, although a "Bad Thing" from a Linux domination point of view..
Now, it is unfortunate that whoever works on the Office Suite is doing things like a moron, but it doesn't mean that Windows Scripting Host is a bad idea.
Alex
The attachment does not run within the client.
Allow me to repeat myself: The attachment does not run within the client..
VBS files are executable -- they run via the Windows Scripting Host. Outlook does not contain a VB exec engine. (Well, it kind of does -- it uses the IE html control quite a bit, and that uses a sandboxed VB engine.)
This particular virus will not spread without an outlook address book. (It will, however, infect your system.) But that's only because it was written for Outlook; it could be written for just about any other e-mail client. The VBScript has full filesystem and registry access, and with that you can read any setting from any program.
So, in other words, it is 100% possible without Outlook.
Bees, the "Love Doctors" of the plant kingdom!
But don't get cocky. Hardly any viruses are targeted at Linux because Linux is still pretty uncommon, especially for home PCs which are the main victims of most viruses these days.
When people start writing viruses / worms / scripts / other malicious code that targets Linux machines, then the security will be put to the test.
---
Dammit, my mom is not a Karma whore!
This just proves that nobody loves a person who uses linux.
Semper ubi sububi
Semper ubi sububi
-"Always wear underwear."
It is specifically MS Outlook and its tight integration that is the course of the problem (plus the total lack of unprivileged accounts in Windows 9x). People who don't use Outlook, eg. Eudora users are also not as vulnerable. But stupidity can always overcome whatever advantage these different mailers grant.
The following three line script saved with the extension
The ILoveYou virus changed this key in order to have the WIN-BUGSFIX.exe file become the default IE start page. Users opening IE would be prompted to download and install a new Windows patch, that was actually an password grabber.
Work for Change & GET PAID!
Well there are two problems here. First off, if an email attachment that was sent to a dumb Linux user contained a bash script or something very nasty, that user would first have to chmod +x it. There are more then one email system that is used in Linux. Sendmail is one, and I believe that fetchmail could be used in this regard if a script was executed. The script relied on just one system, the interface to outlook. Depending on what client used, there are quite a lot of email clients for Linux, then getting the email address to send off would be a problem. The wide spread threat of a trojen like this spreading through Linux is very unlikely. First the user has to be dumb enough to chmod it, then the script writter would have had to make it robust enough to handle more then one mailing system and many email clients.
Molog
So Linus, what are we doing tonight?
So Linus, what are we going to do tonight?
The same thing we do every night Tux. Try to take over the world!
Well, OTOH there is the rise of distributions like Corel Linux, which 'feature' security holes so big you could get an elephant through them...
Regards
tom
P.S.: Oh, and by the way, spend my website a visit if you need help with LM ;-)
--
--
"Just believe everything I tell you, and it will all be very, very simple."
There is an Open Source Unix Virus Project already. The mailing list seems to be dead at the moment, the last message I got said in part:
Anyway, onto the beef of the matter.. News.. I've written a new Linux ELF Virus which brings the current virus technology to a new level.
Are we surprised that Linux is unaffected in that it's a Microsoft specific trojan?
There are some nice procmail filters about now which can bounce specific attachment types so the unix mail admins will be more prepared in future.
Government of the people, by corporate executives, for corporate profits.
For some reason Dos users w/ Lynx and Sendmail are not affected by this devious script. I think it because we don't have WSH installed or anything Windowy or GUI. MS-Dos, PC-Dos, DR-Dos, and FreeDos. Dos is not dead yet! Long Live Dos! C:\ C:\Dos C:\Dos\Run C:\Dos\Run\Dos
"I'm a dirty white tomcat, enter my world..."
Sorry, but this just isn't possible. Think about it:
- for most users, including myself, you have to run an attachment. If you look at the documents at CERT and the antivirus companies, you will see that they say that attachment-opening is required.
- The source code of the virus is available. It does no tricky security-bypassing things.
- There is no option in Outlook (Express 5 or 2000) to autorun attachments.
It's just not plausible that it would sometimes decide to run attachments (which didn't try to exploit any security bug) and sometimes not.
A lot of Linux sendmail boxes were operating at very hiogh loads because of the ILOVEYOU bug.
:-)
And Linux users cannot be too proud as most of these boxes were forwarding the virus around the place a lot faster than other OS's were!!
How many people can guess what the security settings are on web server from a Red Hat distribution? Many people do not change the default settings. It is up to distributers of software and operating systems to make the default settings as secure as possible.
What this means is that you do not need to know the locations of certain things, as you can just aim for the default settings and locations, and go from there. Go with the percentages, which is what people do with viruses if they intend to do damage.
1. Your friends/customers/clients don't use Outlook.
2. Your friends have Outlook but don't have
you in their Addressbook.
3. Your friends are not as stupid as most of Outlook users.
4. You don't have any friends.
Not according to one source
Love Bug affects Linux: MS spokeswoman's crazed claim from The Register
134340: I am not a number. I am a free planet!
Using pine to read my e-mail, even from my Windows machine, I was not affected by the virus itself. However, I am directly affected when you take into account that I am the one who must go into users e-mail boxes and remove these things before the user downloads them. I am affected when we have to search for virus filtering programs that won't bog down the mail server because users are too naive and will open anything and everything that is sent to them. I am affected when our office is flooded with calls ABOUT the virus, machines beinging brought in to get cleaned, etc. ANY security holes or exploits in any widespread software is going to directly affect anyone who has to deal with customers who use these products. So, those of us who do have to deal with these customers, whether we like it or not, have an interest in seeing that these types of security problems are fixed or at the very least prevented as much as possible, not just snickering about how superior we are because WE didn't get it. I may not have gotten the virus, but I sure as heck had to deal with the fallout. I may not love Micro$oft, but I have an interest in seeing them improve their product, and an interest in seeing more consumer awareness when it comes to security issues.
"This virus works on the honour system:
If you're running a variant of unix or linux, please forward this message to everyone you know and delete a bunch of your files at random."
'There is a Light that never goes out.'
Can you really say that Linux users were unaffected? Sure, they don't actually have the opportunity to get infected by the virus, but that doesn't mean that they weren't affected. Some people had files on Linux boxes shared by Samba changed/moved/renamed/deleted. I'd say there's a Linux user who was affected. And what about the people using Linux who depended on people using Windows for information? Suppose I ran a Linux machine at work, and one of our clients running Windows got knocked out by the ILOVEYOU worm. I wouldn't be able to get any information from that client. Thus, I'm an affected Linux user.
Things like this can't be pinned down to one specific group of people. Linux people can't sit back and laugh at Windows people for their grief. Well, they can, but they shouldn't to the extent that they are. Just because your actual Linux box wasn't infected doesn't mean that you weren't affected.
Yes, I am. I use Pine. I have perl and python installed. If someone E-mails me a perl or python script, Pine will allow me to select attachment, press V (or ENTER), and wow, the text of the script pops up on my screen. Oh, wait, I wanted to run it! That means I have to choose R for Run (because E for Exit Viewer was taken) and, oh wait, Pine doesn't have a Run command and doesn't "run" attachments.
If I really wanted to run it, I'd have to save it to disk, and then run it.
And pine lets me view HTML mail and images just fine. I do it all the time.
The thing is, people send me perl and python scripts all the time. Usually they do things like process text, write web pages, or whatever. And they have subject lines like "CGI for guestbook." They don't have subject lines like "Check this out" or "This is sooooo cute!"
And exactly one person sent me the virus - by posting the code to my slashcode server...
---
How am I supposed to fit a pithy, relevant quote into 120 characters?
If one could figure out how to ping a given IP from VBS, then this would indeed, be a nice DDoS attack. . .
I just remembered this old Metallica song. . .
These are my friends, See how they glisten. See this one shine, how he smiles in the light.
The Air Force has other things to worry about.
I didn't, either.
I got the LETSJUSTBEFRIENDS virus.
-JDF
Your mail server and RBL contributed about as much as your video card.
Why would someone drop so many names/links that are all but irrelevant?
Why, just last night I got email from MS telling me about the ILOVEYOU virus and what to do about it. Seriously. :-b
Were we really THAT hard-up for news today that we had to post this story?
Linux is just one of the many Unices that were unaffected by ILOVEYOU but of course, this being slashdot, Linux gets the mention.
And how about that plug for Communigate?
And BTW, the RBL has nothing to do with why this user got no ILOVEYOU junk.
Excuse my grumpy attitude this morning. The coffee machine is broken.
oh yeah, i forgot your cute teen mind-control rays.
Tried it in different mailers and it doesn't work. The permission structs. don't allow it. Saying or stipulating that Linux is as vulnerable as Windows is a crock.
I don't know if anyone's posted this yet, I haven't read all of the comments, but it needs to be posted if it hasn't been. The virus was written for Windows, and when Linux reads it, or trys to anyway, it says "the binaries are wrong, this isn't a freakin' program you stupid idiot, I can't run it." If no one's figured that out already, that's why Linux isn't affected by the virus.
-- Napalm sticks to kids.
This story isn't about how Linux triumphed over Windows.
This story is about how CNN felt it worthwhile to report that, in this instance, Linux triumphed over Windows.
When most of the media just reported that the virus affected "computers", it's nice to see that people occasionally get this one right.
--
Xenu loves you!
The Morris worm was released in 1988 (or thereabouts). Unix appears to have been doing endless sidestepping for over 20 years while MS has stood in front of the bus countless times in that same period.
Icebox
Anyone stupid enough to open up a VBS attachment certainly deserves whatever they get...
All the operating systems made today were made in China, England, Sweden, etc.
What if these operating systems were used on our government (if you are in the US) computers that contain all this National Security information?
Well, how do you think other countries feel when they use windows, and if Bill Gates was a country, at one time (stock has dropped lately), would be the 23rd richest country in the world? That would be scary. Yet, that is the way it has been with other countries.
Now of course, we have things such as China's "red flag linux", and they can read the code and know what exactly is going on, or should have a better idea.
The only way in which Microsoft really facilitated the virus was in creating an explorer mode to "hide file extensions for known file types."
.txt or .mp3 file but is really a .vbs file?
How can you blame a user for double-clicking a file which appears to be a
I personally find this option very annoying and turn it off whenever I use a new Windows machine, but for some reason it is the default.
How to rationalize theft.
I was thinking of attributing a Mac or Linux only bug to Windows but I can not think of any.
Linux isn't user friendly... Ohh but how many times have I heard a new user proclame in frustration that you need a deploma in computer science to use a computer after trying to use Windows? (Usually after 3.11 but 95 and 98 get this as well)
MacOs is known to leave old systems behind. When Apple upgrades MacOs they often build the system around newer hardware as a result older Macs can not run the new operating system. This of course expected from a company that makes money from hardware.
Windows however is also know for dumpping older computers by the roadside. Windows 3.x 286 or better, Win 95 386 or better Win 98 486 (ok so at least the 486 is obsolete when 98 came out. where as the XT was still in use when 3.x was released and 286s still in use in 95).
Linux catches it for not being user friendly MacOs catches it for dumpping old systems...
I think Microsoft sould catch it for this.
It is a stupid Windows bug it isn't in Linux it isn't in MacOs. It isn't in any Non-Microsoft product
I don't actually exist.
Not really...
There are more factors involved that just a larg user base.
First Linux is virus resistent. Not quite immune. There are many Linux viruses in the lab but only one in the wild. The "in the wild" virus is dead.
On the other hand Windows still runs every known Dos and Windos virus.
The e-mail virus is made posable with a defect in an e-mail application preinstalled in Windows.
This application hands e-mail file attachments over to productivity applications.
This opens a huge security defect in Windows.
Productivity applications expect that the data originated on the same computer or at least from a trusted source. E-mail isn't a trusted source.
*nix systems exist in a paranoid world. Productivity apps don't expect the data to be from a trusted source and e-mail apps only pass data to network applications NOT productivity apps.
And that is if it passes anything at all.
People have complanned about this bug for years and Microsoft (even today) holds the line and says "It's not a bug it's a feature".
On the other hand *nix is very paranoid and even the most vage posability of abuse is answered with a bug fix.
Example: With 32 acts of god 64 mirricals a compleat inversion of the laws of phisics a cracker with root access to your box could place a file on your system that could cause an application to say "Hello mom"...
This is what passes for a sereous security problem on Linux...
On Windows however a person could e-mail you a virus and it's a feature....
Linux could be suseptible IF Linux had a larg user base.. and everyone went compleatly insain..
Not Linux, Not Mac, not Solarus... Windows... just Windows...
I don't actually exist.
What is an example in Corel Linux?
> The one thing you should never say is never. There is always a way.
Yes I have to agree...
It's more than just the defective software dev model.
It's the outragous arrogence Microsoft has.
Even with Microsofts dev model Microsoft could have fixed this bug a long time ago.
Chances are pritty good if they weren't so blind they'd have never had this bug to start with.
It's not the same as obscure defects. This one is pritty blatent.
Normally this sort of bug is delt with in the idea stage.
I don't actually exist.
The virus/infection analogy fits well here - consider a genetically engineered corn crop - a monoculture - every plant has identical DNA - and the whole thing will die if a blight mutates to fit just that particular DNA. On the other hand wild corn has tremendous genetic diversity - a survival mechanism evolved to combat just this sort of threat.
Of course that was the whole reason sex was created in the first place - to increase genetic diversity within a species to allow it to adapt better.
So far my experiments in this area have failed ... I tried to mate KDE and GNome ... but they just stood in the room with their backs to each other arms crossed pouting .... seems their a lot like pandas ....
What if more phones become digital. And, what if you could spread viruses through those digital phones?
Of course, it all comes down to your security trust model. LAN wide security is fine but you then have to secure entry points (such as a Win machine running OE)
Remember, security is a process, not installing a virus checker.
Rich
The behavior is configurable.
Tools->Options on the menu, then click the Security tab.
Sheesh.
Our secret is gamma-irradiated cow manure
Mitsubishi ad
We apologize for the inconvenience.
But I believe it is wishful thinking to assume any company that has standardized on Outlook will demand that Microsoft fix Outlook or threaten to switch to another client. Microsoft has leveraged its monopoly so well that it now commands almost all the software used on the desktop.
And not just companies. The U.S. Air Force has also chosen Exchange/Outlook ("ooo, shiny! buy it!") as the "corporate-wide" mail system. (This is hardly new information; just look at any Received: header that passes through an .af.mil system, and you get the version of Exchange they're running.) Each time they get horked over by a Visual Basic script, they react just as this article has described... Once the base-wide services finally get rebooted.
But rather than telling MS to fix their software, the USAF pulls up its pants and goes back to business as usual, as Petreley notes. Isn't it nice to know that Microsoft has such control over the military? Insert conspiracy theory here.
You cannot apply a technological solution to a sociological problem. (Edwards' Law)
What if you change the association for a .vbs file to open notepad when clicked? Then the "average employee" would not execute the script. If a person needs a .vbs script to run, they probably know what one is, and not to click on it when they get several emails with the same subject line that contain a .vbs file.
When I attempted to open an attached VBS file within Outlook98, I received the following message:
"Some files can contain viruses and otherwise be harmful to your computer. It is important to be certain that this file is from a trustworthy source. What would you like to do with this file? Open it or Save it to disk"
With "Save it to disk" as the default.
There's a lot of misinformation propogating out there. The file does NOT autorun. You have to specifically state "YES, RUN THIS FILE."
Yes, WSH is unsafe. But it's also horribly useful. Blame the corporate IT departments that don't know how to deploy their tools - a properly configured shop doesn't have these problems - if you're running NTWS properly, the end user can't do much more to his own machine that a non-root user can in Linux (and how many of you out there running Linux on your desktops aren't root equiv anyway)
Finally, this virus specifically targeted Outlook, but that's because the "programmer" wasn't sophisticated to use MAPI properly - he just copy/pasted an Outlook script. It could have happened with any MAPI client (the propogation).
It is not a weakness of Exchange Server either. The backend had nothing to do with the propogation of this - it all happened on the client. You could have had an office full of users using Outlook as a POP client against a Unix server with a common address book that is distributed, and they would have gotten infected as well (it happened to a friend's company).
It's still user education/sloppy IT at work here. Thank goodness it's raised awareness at my company that they are FINALLY giving me the budget/buy in for managed desktops.
m.
Photography, technology, and my dog Scout - http://mattstratton.com
Could have been worse....
... hotmail didn't accept the viruses either. But wait aren't those servers running bsd? The only reason that I even got a chance to look at the virus is that I have an account at school and it was full of I love you messages. I downloaded one of the attachments just to see what the code looked like.
I hope that no one that knows what they are doing ever writes something like this, the code for this thing was trivial. Someone with a little more experiance could write one that doesn't damage any users computer but instead trys to use the virus for a dos effect.
Microsoft should worry a little more about the security of their applications. How many more of these can be expected before microsoft fixes the bugs exuse me changes the features in outlook express.
Environmentalists are their own worst enemy. ~tricklenews.com
Shove your correct spelling up your ass...I know its typo. I spelt it like that cause I felt like it. Just like when people spell crap like this: "l33t hack3r". Gee does that look right to you lame brain?
"Imagination is the only weapon in the war against reality." -Jules de Gautier
Although I agree that I'd love to see Microsoft disappear, I'd also like to point out that I don't think that Linux/Macintosh machines are totally invunerable to this sort of attack."
Macs are totally vulnerable to this sort of thing.How hard would it be for me to write a simple shell script (Mac users replace shell script with AppleScript) that finds all of the email addresses in a users pine/elm folders (Mac users, again, replace this with Eudora, Look-out (oops, I mean outlook), Emailer, etc) and then mail a copy of the script to every one of those users and then execute a command such as "rm -rf *"
On the Mac, it's not hard at all. In fact it's trivial. Given an email client with a high level of AppleScript support, you could actually 'record' the application by doing all the GUI stuff, and Apple's Script Editor would write the code for you. You can even go one better than Windows, since extensions mean little to Macs. You can call your application called "Topless Marina Sirtis.jpeg" and give it a PhotoShop icon, and it will still do its thing.Granted, this would probably only affect a single user's directory (unless someone was really dumb enough to run everything as root), but there are tons of morons out there that will run anything they get from a friend.
The Mac OS stops users from doing fundamentally stupid things like formatting their entire start-up drive, but does not provide the same protection from applications, so once again, ILOVEYOU could be trivially implemented for Macs.I've never tried something like that, and it may be easier said than done, but I don't think that Linux/Mac users should be proclaiming that they are immune from such an attack. I do partially blame Microsoft for the ILOVEYOU virus, and I think that it might be excessive that a scripting language as access to modify the registry...
Again, I agree, but I think the important point is not that it cannot happen to Linux/Mac, but that it usually does not happen. Why not? Mac users, like Linux users, choose from a much wider variety of email clients than Windows users, especially corporate Windows users. Macs in use on the internet today are running half a dozen versions of the Mac OS, from 7 through to 9. This variety gives a natural immunity to the Mac community. The homogeneous Windows crowd are highly inbred, and so very susceptible to virii. Also, Mac programs are 100% GUI, so you would notice, for instance, that your email program just launched and is sending 100s of emails, and you could simply click the Cancel button.Mike van Lammeren
Mike van Lammeren
It will challenge your head, your brain, and your mind.
From what I've seen, it is entirely plausible that it would sometimes decide to run attatchments and sometimes not. I think there are several race conditions going on.
What the microsoft is wrong with you people?
Exactly. This is actually part of my fear (and that of many other Linuxers) of the increased publicity and "user-friendly"-ness that Linux has received. Recognition is good, but the majority of Windows users just AREN'T savvy about security or computing in general, and they won't be as vigilant about contributing.
...
Personally, I'd rather Linux remain a "niche OS" so those of us who DO use it can continue to enjoy our freedom and security. I'd hate to see Linux and its community become corrupted because of sloppiness or "newbiness" on the part of our new "recruits"
-----
Finally an inovation MS can point to. They created a whole new class of virus/worms.
You can even get infected from a .hlp file (!) too. IIRC, just store your viral code at the end as packed-variable formatted data, set the script entry point to the beginning of your code, and release!
Attachment: outlook-for-the-clueless.hlp ;)
-- LoonXTall
~~~LXT~~~
Life is like a computer program: anything that can't happen, will.
If the system administrator is incompetent - or even merely overworked - no system is secure. No matter what the OS is.
If it runs code, it's insecure. I bet there are security holes in DOS, but nobody uses it anymore, so they're dormant.
They could well have tampered with the distribution itself.
Yeah, duh. I wasn't thinking hard enough. Even if the developers work off a separate codebase, the trojaned version would still be available for a while.
-- LoonXTall
~~~LXT~~~
Life is like a computer program: anything that can't happen, will.
set regedit=CreateObject("WScript.Shell")
will automatically start Outlook for you, so it wouldn't fail if Outlook weren't running. However, you're right that Outlook apparently needs to be installed and registered on your system for that part of the script to work.--It burns! --It's loaded with wasabi.
It warmed my heart when NPR made a similar statement on the day of the outbreak, stating that "Linux and Macintosh users are unaffected by the virus".
It's fantastic that major news stories are now referencing Linux frequently.
The next site to slashdot will be ready soon, but subscribers can beat the rush and start slashdotting it early!
Windows 95 B (aka OSR2) and higher (95C, 98*, 2000, Millenium) have the scripting host. I'm glad Microsoft's website won't let me have updates beyond 95 A :) Also, I'm glad I didn't understand (way back when) what the "Use Netscape Messenger from MAPI-based applications" preference was and left it unchecked. Combined with a lack of Outlook, I guess I'm bullet-proof. So is my Amiga 500 and my DOS machine.
-- LoonXTall
~~~LXT~~~
Life is like a computer program: anything that can't happen, will.
I think that the attitude shown by this article is nothing short of hubris. Yes, Linux mail clients are immune to such viruses at the moment, and yes, M$ crap is insecure because it allows executable content over email and the like. But that doesn't mean we should gloat over them or boast of our superiority. The price of freedom (from viruses in this case) is eternal vigilance. Once we start feeling smug and content that "they are the ones who will get infected not us" then something will come and bite us hard before we even know it.
The only reason Linux is so secure now is because people aren't complacent, they are looking out for bugs and exploits all the time, and they are aware of the dangers. As soon as Linux users start feeling "safe" and become careless, It Will Bite.
---
mikre he sophia he tou Mikrosophou.
watching cnn tonight i heard them note that due to the fact that the internet connects so many computers that no operating system is safe. im not sure what part of the statement i laughed more at. ;)
THIS IS MY FIRST POST!
id like to dedicate this this post to mike.
People who use Lotus didn't feel a thing either.
Intelligent Design Theory is not Creationism
RC5 keyrates experience 15% improvement in pure DOS. Long live single-tasking!
-- LoonXTall
~~~LXT~~~
Life is like a computer program: anything that can't happen, will.
how many people have audited their apache code since the vulnerability of apache.org was announced?
If we're talking about the same exploit here (in which the "Powered By" logo was changed), the hackers did it with configuration errors. It had nothing to do with the Apache, FreeBSD 4.2, or MySQL source code.
-- LoonXTall
~~~LXT~~~
Life is like a computer program: anything that can't happen, will.
Sorry, But I would have to disagree that this is the end of Micro$oft as we know it. Too many folks are using M$ as enterprise wide solutions, they're in too deep. Average IT life-cycle is five years and that is long enough for this to be forgotten and adjusted for through more strenously antivirus sscanning pc start-up time as one example, this is what they are doing at my place of employment. Besides given the malicious cleverness of the types who does this do you think they wont find away to get after other systems. Hubris is dangerous just ask Odysseus.
It is kind of scarry that our Government was affected by this worm. Especially when it could potentially harm National Security. Maybe this will prompt for a Linux solution for our Government.
It should've been rejected this time, too. It's a non-story. There's no vbs interpreter for Linux, and there's no Outlook for Linux: It can't run, so it can't delete anything, and even if it could run, it couldn't spread itself because it only knows how to get addresses from Outlook.
Most likely, somebody with some common sense (not Malda) reviewed your submission and rejected it, and then later on Malda saw the same story submitted by somebody else. In the presence of mindless and irrational Linux advocacy*, his little brain lit up and he posted it without thinking. Typical.
------------
* mindful and rational Linux advocacy certainly does exist, but this ain't it.
Saying linux didn't get hit by this "virus" is like saying no one can hack the root account on my dos machine.. the file (aka "virus") was just a visual basic script, (iloveyou.txt.vbs) looked like text because people have the option to hide known file names on so it looks like .txt) but anyways, I find it funny that /. posted such redundant crap.. i'm gonna make a post that rm -rf doesn't effect my win95 box...
- Just another Creep...
I regret to admit that this observation is true. Ever heard of 'hubris'? Security awareness isn't an OS thing. We shouldn't raise false expectations.
Isn't someone running inetd, telnetd and sendmail 'out of the box' a bigger threat to the Internet as a user of an OS which couldn't route itself out of a paperbag?
You *can* configure MUA's like 'mutt' to open attachments automatically ('autoview'), combine that with 'metamail', add an uneducated user and you have the same problem on Linux. Only much worse.
Occasions like these shouldn't be abused for a quick joke, but as a reminder to have a look at our own systems' security.
Taking a bow and stepping off the box ;-)
tom
--
--
"Just believe everything I tell you, and it will all be very, very simple."
Is it because CmdrTaco wants to stress test his shiny new box?
VBScripting is another thing. Why, oh why does MS even include this mess?
The VBS virus could be trivially modified and compiled into an EXE with VisualBasic. Getting rid of the Windows Scripting Host would do nothing to solve the problem except raise the entry bar by about 2 inches. Besides, I thought it was the "UNIX Philosophy" that scripting was a good thing...
The real problems here are
(1) As you say, hidden file types on a platform where the file type determines the OS's handling of the file. This, however, can easily be fixed via policy by a MCSE with half-a-clue (rare, I know...) in about 15 minutes.
(2) The fact that Outlook's exposed object model allows mailsending without security checks or user interaction. Compare this to Eudora, which warns you before any mail is sent programmatically; or Lotus Notes which requires a security check before performing such actions.
#2 can only be fixed by Microsoft. It's not the infrastructure (Windows, ScriptingHost, the 'Object Model' itself) -- it's just a stupid implementation detail.
And finally (3) IT departments really need to educate users about what an 'executable' is, and the fact that VBS, JS, CMD, BAT, and so on are examples of one.
--
Business. Numbers. Money. People. Computer World.
I'm not that familiar with Linux, being a MS user since DOS 2.0. This latest garbage is run using Visual Basic Scripting... Does Linux run VBS as well? If not, then it's no WONDER Linux machines were spared! And I believe that Linux will start to be attacked by viruses as soon as Linux is installed on enough large systems that the attack will make it in the newspapers. When you give the code to everybody, you're begging for people to exploit it.
If you raised your hand to that question, I have a couple of things for you to do:
The guy's point was, you could conceivably do something like this, but it would require a lot more thought of the part of the unsuspecting user in order for the virus to replicate.
And if he had chosen to write this is ActiveX instead of VB, he could have conceivably had this thing replicate just by viewing the email. Now, that's just stupidity on Microsoft's part. No wonder so many people think of Outlook as "LookOut!" :)
Here's my DeCSS mirror. Where's yours?
Here's my DeCSS mirror, where's yours?
This virus has nothing to do with Outlook . It'll affect any mail client, be it Eudora Pro, Pegasus Mail, Outlook Express or any other that allows you to save attachments.
It relies on user stupidity. Not on any specific problem with Windows. Not on a security hole in Outlook. Just plain vanilla user idiocy.
Does it autorun in Outlook?
NO.
Does it autorun in Outlook Express?
NO.
If someone sent a particularly stupid Linux user a bash script that did the same thing, would they fall prey to it?
YES.
Simon
Coming soon - pyrogyra
Here's my DeCSS mirror. Where's yours?
Here's my DeCSS mirror, where's yours?
... any of you folks remember the Morris worm? Linux may have side-stepped this one but there are a lot of services Linux exposes with the potential for propagation of a worm.
The little guy just ain't getting it, is he?
What gets very scary is that the Melissa and ILOVEYOU are only the beginning.
Sometime soon someone will write something really destructive, and it will infect and affect all the millions of computers affected by ILOVEYOU. Only this time it will destroy alot of mission critical data, systems, etc.
This could cause some companies, overly dependent on MS, out of business, and cause major losses at others.
Maybe even trigger a major economic downturn. I only hope the corporate suits come to their senses in time.
... since they are on their knees and there is talk of splitting them up. Things are getting better already.
Let's be realistic. The article that's linked here is written by somebody who has never used Outlook, and also obviousally doesn't "live" in their mail client. I purchased a copy of VMware just (almost) so that I could have access to MS Outlook for email. I've tried about 50 different *nix mail clients, and none of them stack up for easy of use or configurability. As for *nix being immune, the virus was written explicitly for Windows. It's is only a matter of time before such things migrate to *nix, but *nix has to not suck as a desktop OS before that's a possibility. By this time next year we'll be starting to see worms that are written for *nix, because by then it should be useable as a desktop OS that can actually compete with Windows. Be realistic, it's not there yet.
I don't understand all the gloating on the part of the Linux community though. I understand that this is only affecting users of Microsoft products, specifically Outlook, but so what?
Outlook is a decent program for e-mailing. That Microsoft decided to make it more "feature-rich" so that it can let you view interactive HTML e-mail messages has its good points and bad points. Maybe some people (notably non-technical people who like looking at pretty pictures, which is a lot of e-mail users these days) want that kind of functionality.
And technically, it would still do some damage if it was another e-mail client on a machine that is capable of executing a VBScript file. Most e-mail programs will allow you to double-click to open the script file. The culprit here is the WSH. Yes, it's Microsoft's fault that it happened, but not for lack of trying to bring a more feature-rich product to consumers.
You're not going to tell me that if Linux offered similar functionalities of Outlook and WSH, that there wouldn't be a problem? You could always program around it at fix it, but then again, so could Microsoft, if they'd just be a little bit more careful, things like this wouldn't happen.
Isn't ILOVEYOU specifically targeted at Windows? Someone want to fill me in on the news here?
If I'm missing something, please let me know. This isn't a troll, I honestly don't see what the deal is.
And if Linux users are honest, they'll admit it is entirely possible to write a mail program for Linux that is as dangerous as Outlook.
Riiiiggght
It is possiable, but no has yet written one. Why? Ok, first you must write a mail client, sure they aren't that hard to write and the mail protocol is well documenated, but after you spent weeks/months/years getting your mail client out. For people to use it, it has to be good. So you have to write a dam good mail client, better than pine, mutt, kmail, elm and all the other combined.
So what do you have, a really nice mail client, that is being used by say %50 of the linux users (mail clients are like editors, people don't change them much). So what this take, 1 year of your time?
Also all the souce must be under the GPL or opensouce or the GNU/Linux Zealots of the world will ban you from slashdot and beat you with sticks
OK, now the source is open for anyone to look at (and also find your bug) and Unix users would go "Hrmm that is really strange it automatically executed the bash script my freind sent me
One year of your time to do something malice? Come one, lets review the script kiddies hand book, would this really give them the most BANG for the buck?
Why don't they just code a 30 minute visual basic worm, pop it on their schools WinXX network and watch 100 users start screaming?
I agree you COULD write a email client that is dangerous as outlook express, but no one that has an IQ over 20 is going to do this... and err uh ummm Microsoft
Even if you had outlook running on linux (though maybe Wine?) what is the MOST harm you could cause to the Linux system running as normaluser?
Premission Denied: you can not delete the
"`Ford, you're turning into a penguin. Stop it.'" -THHGTTG
maps doesn't have anything to do with ILOVEOYOU.
We have around 4000 email accounts and we didn't see anything at all happen. It was pretty much a dud.
I use Notes on my Win95-based ThinkPad at work, and had no problems in a certain big, blue company.
What do you think is the most likely virus to hit Linux?
Poll Mastah
Give me a break. Solaris wasn't effected either. Neither was BE Or VM Or VMS Or HPUX Or MacOS Or DOS Or HP printers Or Palm pilots Or Linux Seriously. It's a VBSCRIPT virus, that only knew how to use MS OUTLOOK to spread mail. So in order to affect a system, you need three things: 1) A VBScript interpreter, that supports all functions and objects used by the virus. 2) MS Outlook, and corresponding MAPI interface. 3) Users who are retarded enough to run the thing in the first place.
Summary of article is as follows:
I'm not gloating but na-na-na-na-na-na! (While sticking out tongue)
Skippy
"False modesty is the refuge of the incompetent." - The Stainless Steel Rat
What happened to all the panic over Melissa way back when? Remeber when we all became suddenly guarded over received email attachments with generic messages, and told not to open said attachments? Remember?????!
.URL attachments from my Windez-using friends. Goddamn those piss me off!
I'm not really surprised that ILOATHYOU virus managed to spread as far and fast as it did: the average user's attention span is pretty darn low.
I got 3 copies of Melissa in my email, 3 hours AFTER a company-wide warning went out (granted, it was at 00:03 EST) all from the same person!
The latest "virus" I want to get rid of is these friggin
Pope
Freedom is Slavery! Ignorance is Strength! Monopolies offer Choice!
It doesn't mean much now, it's built for the future.
It seems to be something browser specific. I got in just fine with lynx...
T. M. Pederson
"...and so the moral of the story is: Always Make Backups."
T. M. Pederson
"Lies, Damn Lies, and Documentation"
I didn't get a single copy of ILOVEYOU, and I'm disappointed. I set up filtering, based on that subject line, but I didn't get to see the filter in action, beyond my test messages: nobody ever sent it to me.
Now I'm bombarded by mail all day from friends, family, business associates, etc. Much like most of you, I'm sure. I get a few hundred messages most days.
So I've got to admit that I'm a little disappointed that not one of these people had me bookmarked. Maybe this says something about the calibre of my friends: They're smart enough not to run Windows, or Outlook, or open worm-bearing e-mail.
Still, I've got to say, I'm a little bit sad. Oh, well. Maybe next time around.
-Waldo
Upon reading this I just came to the sudden realization of "Gee, Really?"
"Imagination is the only weapon in the war against reality." -Jules de Gautier
This is making the rounds of some *nix mailing lists today. Rather than spam all the people I know, I'm posting it here for you to twitter at.
------------- Begin Forwarded Message -------------
For those Unix & Linux fanatics who're feeling left out, please forward
this message to everyone you know and delete a bunch of your files at
random.
------------- End Forwarded Message -------------
I didn't receive a single ILOVEYOU message from any of my friends or cow-orkers, but then again, most of them aren't clueless enough to be using an unsecured copy of LookOut.
the AC
Hemos is like...sci-fi fans;he thinks technology is cool, but he hasn't bothered to understand the science it's based on
Linux and Unix software is pretty immune to attacks like the one exploited by ILOVEYOU. In my mind, there are two reasons for this:
1. We've already lived through such attacks. We haven't already forgotten The Internet Worm, have we? It happened back in 1988, so I'm guessing there are readers who don't remember it. Do yourself a favor and at least check out This Executive Summary of what the worm was.
2. Open source lets us learn from our past. In the Unix world, no software with blatant holes has those holes for long. Code is scrutinized for previous exploits. Nobody wants to get burned twice. On the other hand, in the closed-source world, it's likely that the developer won't know every previous software exploit ever, and he's likely to make the same mistake that someone else did. We will never see ANOTHER program that works like the internet worm; we now know to look for those type of exploits.
We might not be immune, but it's nearly impossible that we woule make the same mistake twice. That's the beauty of open source.
Your article is about the same logic as saying "I did not get sunburn today. The reason must be that I ate fish today. Go visit our local fish restaurant, they make a great dish of fish."
/incredibly/ well-done and accurate reporting by the mass media about how this virus works and how it spreads. I'm amazed that even the regional yellow press explained the technical details of the virus / trojan by 90% correct here. That's a first for technology reporting.
/and/ that you contacted the abuser's provider personally /and/ that they declined your request to stop the abuser.
:-)
Your choice of mail server software IS NOT the reason that the virus / trojan hasn't hit you.
Assuming otherwise shows your ignorance after days and days of
The ILOVEYOU trojan horse affects mail clients only (to be more precise, the MS Outlook mail client, running on Windows machines).
It DOES NOT affect mail server software, so it is irrelevant if your mail server is running Sendmail on Solaris, Communigate Pro on Linux, Mercur on Windows NT or whatever.
Also, the MAPS RBL has no business with stopping the spread of the ILOVEYOU message or similar harmful mail.
MAPS RBL is about stopping spammers and other persistent mail abusers. To get someone into the Real Time Blackhole list, you have to follow a very strict and bureacratic nomination protocol. E.g., you have to document the mail abuse
It doesn't take a minute to get a mail server rbl'ed - and that is good, because the MAPS team has put a lot of effort into making their system a fully documented weapon against spam, not a personal vendetta black-mail against providers that some individuals do not like.
The only reasons that the virus / trojan didn't reach you is either a) your friends are pretty smart and did not fall for the virus or b) none of your friends is using Outlook or c) you have no friends. Pick your favourite explanation.
------------------
------------------
You may like my a cappella music
This is not a case of OS security at all. It's a case of the client. If Linux ever dominates the desktop, there's a good chance we'll see an office suite with integrated email, where attachments can be easily opened by the suite. And if the word processor has macros....
Now, you'll tell me that open-source development is smarter than to let that happen. And you'll be right. But the immunity of Linux users to things like "ILOVEYOU" right now comes from the lack of application interoperability, not from OS security.
grep -ri 'should work'
Not only do these Scripting viri not hurn Unix/non M$ products, but there was a freaking fix on the Sendmail news Group five hours before CNN picked up the story. So, there was a fix for operating systems that could not be infected witht he virus, even before the news outlets broke the story...
1.3L, 3 moving parts, 280 HP, no Turbos, wanna Race? RotaryNe
to this discussion, I found a couple of related articles in the SJMerc News.
this one mentions some of the 14 gov't agencies hit buy the worm.
this one highlights stuff from the congressional hearings on the worm and security in general. Both pretty good reads. No real bashing/praising one way or t'other.
"shop smart:shop s-mart" ash
In the past several days, I have read many accounts as to why this virus spread, as well as for/against reasons as to whether or not this could happen on the Linux platform. Everything I have read seems to indicate that this "virus" (I would prefer the term "trojan" as being more accurate) relied on two seperate things existing in order to propagate: 1) That of the user clicking on the attachment to "run" it, and 2) Outlook being installed (for the sake of the address book).
In other words, this could have happened on a Linux box, had such a thing as Outlook existed for Linux (although I think damage would still have been minimal, since the user should be running as a user, and not as root). Now, if the user was using some other email client, and clicked on the attachment, if it wasn't Outlook, nothing happened (not that the code couldn't have been written to take this in account, however, such modifications to the code would have made it much more complicated).
So, for this particular case, what we have here is not a software problem, but a societal problem. If the code auto-executed, or used some blatent hole or "feature" of Windoze, that would be one thing. However, it didn't.
Our current society (which many geeks are not a part of - we dwell within it, but we generally don't subscribe to it's beliefs) is one in which limited attention span, a need to quickly satiate desires without thinking about consequences of action, and a lack of responsibility - has caused such manifestations of chaos.
Society's limited attention span has caused the forgetting of history, in society's mind, about such past transgressions such as the Morris Internet Worm (which I remember as being newsworthy, but I wasn't on the Net at the time, to be affected by it's "destructiveness"), MS-DOS viruses, and the Melissa Email "virus".
Society's need to quickly satiate desires, without thinking about ramifications of actions, allow for such acts to continue, over and over again - because it seems like the reward should be obtained at any cost (or it should just be obtained, without thought to what hooks are buried within). Sort of like ordering a Big Mac meal at Mc Donald's - "Would you like to upsize that?" they ask, and when you say "No!" (being a geek), they look at you like "Aww, don't you want an extra cup of grease to go with that fatburger?" - you know what the hooks are, but most people see "Wow, more for less than the cost of it seperately! I'll take it!" (on a side note, this reminds me of a Jack in the Box trick - a couple of their meals are wierd; if you order one of the meals, and then a seperate sandwich, which has it's own meal, it is cheaper than getting that same sandwich as a meal, and the sandwich of the other original meal seperately - only by a few pennies, mind you - but imagine thousands of people doing this every day, without nary a thought about it - instant money).
Finally, society's lack of responsibility is what is ultimately responsible. Someone, somewhere (and if we believe the reports and source code, that "somewhere" is the Phillipines) has said to themselves "I am not going to be responsible to myself or my feelings - I am NOT going to work out my problems. I am instead GOING TO LASH OUT, and send this scourge upon the world!", the outpouring of a 3-year old's tantrum.
Why does society let this continue? Why isn't society educating itself to deal with problems that occur in the individual's life, rather than blaming the other guy (and in the end, making the lawyers rich)? Why does society always need a "quick fix" - why doesn't it step back, and realize that what it has is actually pretty damn good?
Why does society continue to forget, and repeat history - has society not learned the maxim?
Answer these questions, and fix the problems - and I bet many of the current issues facing us today, simply disappear.
Reason is the Path to God - Anon
An abacus is not virus proof. Someone could come over and play with your balls when you are not looking.
The one (single, only, solitary) user to be affected by the ILOVEYOU virus in the departments to which I am responsible was not using Outlook. He was using Eudora. While the virus did not spread to the contacts in his address book (as he was not using Outlook), it did mangle each and every file of all the varying file types (jpegs, javascript files, etc) on his PC and the network drives which he had connected to other computers in his graduate office,thus affecting their files as well. He was running Windows 98 with the Windows Scripting Host installed -- when he opened the payload of the virus that is attached to the ILOVEYOU email, his system was infected. None of the Outlook users on my network were affected, reason being that the morning of the ILOVEYOU outbreak I sent out department-wide messages and personally went around to each office warning the occupants about the virus. The affected user ignored the warning. Mr. Petreley attempts to make the point that Outlook is full of holes and that IS/IT admins who allow it to be used are merely getting what they deserve when this type of bug hits them, manages to work his way into some anti-Microsoft anti-Windows FUD, and proceeds to evangelize Linux. Yes, Linux is great. Yes, it has been virtually unscathed by any viruses of any type. I'm glad that so many applications are in development for it to make it a viable desktop environment for the average business user. Right now, it's not ready for that role, and no matter what is in the pipeline for Linux, there are products that are available for Windows that do what I need them to do *right now*. With some well-guided, well-informed vigilance, problems no matter what their nature can usually be headed off. Once Linux has hit the desktop full-force, those same malicious individuals hammering Microsoft products with their exploits will turn attention toward's Linus's child as well. They will have a harder time making a go of it due to the very nature of Linux/Unix, but there will always be distributions with security holes and installations maintained by clueless admins to prey upon (sendmail, anyone?). Rather than seeing the Linux community thump its collective chest, I'd like to see it continue to make strides towards the user space.
And most important, the media are beginning to say so, out loud.
When the media take notice, the technically-clueless CEO's will be right behind. Soon, IT managers will be fired for failing to convert to more-reliable, less-vulnerable mail clients and network servers. This is the beginning of the end of Microsoft as we know it.
--
This post made from 100% post-consumer recycled magnetic
Time is Nature's way of keeping everything from happening at once... the bitch.
----
Wind and temp at my house
Hey, Windows users, there is no such thing as "forward" slash, there is only slash and backslash.
The only thing about this virus that was outlook specific was the fact that it used outlook's MAPI facilities to get addresses and send copies of itself around. The writer could have used outlook express, or eudora, or pine, or any other email program had he wished to.. he simply programmed it for outlook. Contrary to what so many people seem to wrongly assume, the virus did NOT run automatically due to some bug in outlook.. dumb users simply RAN the attachment, which was a pure vbscript (no different than a unix user running a perl script). There was no 'embedded' scripting, or 'hidden' scripting, or 'security hole'.
This virus has nothing to do with Outlook . It'll affect any mail client, be it Eudora Pro, Pegasus Mail, Outlook Express or any other that allows you to save attachments.
That's just plain wrong. The emailer has to *execute* it before anything bad happens. Hopefully you know the difference between "save" and "execute".
Who moderated that post up to 3???
--
Life's a bitch but somebody's gotta do it.