Slashdot Mirror

← Back to Stories (view on slashdot.org)

Linux Users Unscathed By ILOVEYOU

Posted by CmdrTaco on from the this-is-pretty-funny dept.

nodvin writes: "CNN is reporting Linux users unscathed by ILOVEYOU. It is interesting that none of the multiple e-mail accounts on my Linux IMAP-POP servers seems to have encountered the virus. The mail server that I use is Communigate Pro from Stalker Software running under either Red Hat 6.2 or Linux-Mandrake 7.0. Perhaps the fact that I have Communigate Pro enabled for the MAPS Realtime Blackhole List (RBL) helped prevent ILOVEYOU from getting through. " It's a Petreley piece from LinuxWorld, but kinda cool seeing it on CNN.

22 of 328 comments (clear)

  1. Disappointing. by Jeff+Mahoney · · Score: 5

    The day after the ILOVEYOU virus hit our campus, I was walking to lunch with a co-worker of mine. On the way, we were discussing this very topic. He said, "Watch.. In a few days, there will be a story on Slashdot about how Linux triumphed over Windows because they weren't affected." Thinking that this viewpoint was a little cynical (even for me), we argued about this for a bit.

    Sure enough, less than a week later, there is an obnoxious story on Slashdot about how Linux triumped over Windows.

    Why is this obnoxious, you ask? Maybe it's because the virus was written for software that Linux doesn't even offer.

    Was it a Slashdot story when crackers started taking out Linux/UNIX boxes via one of one wu-ftpd/proftpd buffer overflows, but not Windows boxes? Of course not. Was it a big story when Linux/UNIX-based email servers all over the world were getting rooted and turned into DDoS agents because of an imapd overflow, but not Windows? Of course not - Windows doesn't run that software, how could it affect it?

    It seems that quite a few people don't understand that claiming triumph over Windows for something like this is very much like claiming that you're immortal because a bomb went off and didn't kill you - but the bomb went off two cities away.

    I'm not an MS lover be any stretch of the imagination - but this sort of cocky, misinformed bullshit is exactly why the Linux community is laughed at so often - and exactly why the Linux community laughs at the "closed-source" world.

    Moderate this down if you like, but do so knowing that you're proving my point.

    -Jeff

  2. Not Better Code, Better Philosophy by Geo++ · · Score: 3

    The main point is that open source applications are superior to proprietary apps. No one is being cocky and saying that Linux systems are immune to viruses. And of course when Outlook is hit by a major virus, the whole Internet community will be effected. After all, Outlook probably runs on 60% of all desktops. This article does not "make fun" of MS, it just illustrates one of the serious drawbacks of proprietary software engineering.

    The point of the matter is, "real reason Linux users are immune is because they don't live in a world where their clients are automatically standardized on whatever Microsoft delivers -- in this case, Outlook. Linux administrators and users care more about Internet standards than Microsoft standards".

    Basically, monopoly operating system vendors are inferior and it is good to see CNN spreading the word.

  3. Huh? by whoop · · Score: 4

    As I understand it, this feature gets to your mail server because one of your users are in an addressbook of someone that runs the program. MAPS would only block the message if a spammer runs it and has your name in his address book. If your sister (or other clueless email correspondent) is blocked by MAPS, I'm sure you'd hear about it. :)

    Please, Linux, Open Source and all that is wonderful. There are reasons why we weren't affected. But let's not stretch it and give credit where it is not due. I could claim my xdaliclock didn't get affected, but it's just as pointless.

  4. Re:Genetic diversity in face of infection .... by taniwha · · Score: 3
    I thought genes were selfish. Sex was not "created" to increase genetic diversity, although that may be a side effect. Sex is merely a way for your selfish genes to find there way into another survival machine and (hopefully) propagate again.

    Well like all things there are levels within levels .... IMHO the 'sex is a means for selfish genes to propagate' only can be applied to the genes that actually code for sex ... otherwise you have to say 'the selfish genes that find it usefull to hang around with other genes that code for sex' which starts to sound like an organism rather than just a single selfish gene.

    I think you can make valid arguments about this stuff at the gene level, at the organism level and at the species level. For example it makes sense for a species to have lots of different genes in its organism's immune systems so that a disease wipes out just some of the organisms (and genes) but not all. Obviously from the points of those individual genes this however isn't a good idea

  5. Re:Yet again Petreley is just plain wrong by markus+o'farkus · · Score: 4
    "Does it autorun in Outlook? NO. Does it autorun in Outlook Express? NO"

    Um.... well, no. Many users were apparently affected by having the message-preview pane active and selecting the message. That's pretty darn close to autorun.

    But partly this post is correct. The virus only delivers its damage with a machine with Windows Scripting Host enabled, no need for outlook... Which means any windows machine with Win98, 2000, or IE 4.x and up, as long as scripting left on (the default). So Outlook doesn't have to be present for the script to run, only for the addressbook replication.

    We use Groupwise, and while we didn't get bombed because of the re-mailing 'feature' didn't kick in, there were a couple of users who did open and run the script and the payload did deploy AND do it's thing on network files (of course only those to which the user had r/w access) as well as local.

    Mark

  6. Re:Mandrake... and linux viruses by Sun+Tzu · · Score: 3

    Bliss and Staog are the first two known Linux viruses. Of those, I believe only Bliss has been found in the wild. They both seem to suffer from a serious fertility problem though.

    --
    Geeky modern art T-shirts
  7. Someone posted it to the linux-kernel list by SurfsUp · · Score: 5

    ...which is really funny because all the Microsoft spooks hanging on the list had a chance to demonstrate supreme ignorance by running it. I also received an advisory that the virus has been sent to me, and this, very intelligently, was not marked with linux-kernel header info so I picked it up in my personal email and read it before I ran into the virus. Being more than a little curious about it I hunted it down in the kernel list and popped it open... about 250 lines of kiddie-level vbs. The first few lines:

    rem barok -loveletter(vbe)
    rem by: spyder / ispyder@mail.com / @GRAMMERSoft Group / Manila,Philippines
    On Error Resume Next
    dim fso,dirsystem,dirwin,dirtemp,eq,ctr,file,vbscopy,d ow
    eq=""
    ctr=0

    Yuck! OK, this stuff takes me right back. The scary part is this:

    wscr.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows Scripting Host\Settings\Timeout",0,"REG_DWORD"

    What maniac decided that it was a good idea to make it easy for any anonymous person to mail code to you that can rewrite the registry in one, nice, easy-to-use line? Now that's innovation Bill, keep it up. Hey, this is like the city of Troy building their own hollow horse, putting it outside for a while until they're absolutely sure it's full of nasty men, then hauling it back inside and going to sleep.

    But let it be a lesson for us, too. Even though Linux, BSD, *nix are vastly more immune to this kind of thing, it is still a crime to provide one-click execution of arbitrary code, and authors who write their code that way should be strung up by their thumbs. Every email program has to be able to obtain classification information from a trusted source about the delegate for each Mime types it wants to activate... when the delegate has potential destructive power the user has to be warned by default, and under no circumstances should an executable attachment be activated silently.
    --

    --
    Life's a bitch but somebody's gotta do it.
  8. Re:This has a lot to do with Outlook by SurfsUp · · Score: 4

    Outlook will allow you to execute the attachment easily while the other clients make it a pain-in-the-ass to do so....That is a feature IMHO.

    Yes it's a feature but the implementation is horribly, horribly wrong. Let me explain this to you in simple terms. We higher forms of life could be considerably simplified if we had no immune system and would not suffer from diseases like AIDS. But if we were to make use of the feature know as "breathing" we would quickly die of some infection.

    Microsoft has implemented the breathing feature without implementing the immune system and the result of that, predictably, is a lot of diseased PC's. Why did they do this? Because it was easy, and for no other reason. "Look mom! All I had to do was feed the attachment to the VB interpreter and POOF! Animated Valentine's cards!" Well kids, it ain't that easy if you want your computer to stay alive.

    If you want the executable attachment feature it absolutely must execute in a sandbox. To accomplish this you might implement a simple Basic front end on top of Java and take advantage of Java's byte code verifier. That would work pretty well but Microsoft won't do it because of their greed and self-interest. But in the end, what they did do - selling a completely unprotected system just to avoid expensive, time consuming development work, and trying to disclaim all responsiblity for the bad effects of doing that - will hurt them a lot more than eating humble pie and using the Java compiler ever would.

    By the way, has anyone considered that, while Microsoft's shrinkwrap licence *may* protect them from liability for damage to a user's own computer caused by MS's negligence, it doesn't do anything to protect *another* user whose computer caused the damage? Once shit like that starts flying Microsoft may find that it's shrinkwrap disclaimer of responsiblity isn't such a perfect shield after all.
    --

    --
    Life's a bitch but somebody's gotta do it.
  9. Feldercarb! by Fadamor · · Score: 4

    Ah, but here's a question for you... After opening 100 or so attachments but having to first wade through a dialog asking "Are you sure you want to open this because a big, bad virus might reach out and bite you in the butt?", how many people will actually READ the message and not start assuming that clicking on the "YES" button is just another step in the process of opening an attachment? My experience with human nature says the number will be VERY low. Anybody disagree?

  10. Not Unscathed by Anonymous Coward · · Score: 4

    My network mounted home directory had a bunch of group-writeable jpegs and mpegs in it get blasted from some local NT user who ran that thing. Why would it matter what I'm running if the whole network is insecure?

  11. MicroSoft: Love Bug Affects Linux/Apple by Col.+Klink+(retired) · · Score: 5

    The Register is reporting that an MS spokesperson claimed that the Love Bug does effect Linux and Apple.

    --

    -- Don't Tase me, bro!

  12. Please, enough chest pounding by InsaneGeek · · Score: 3

    Is it just me or are these types of post annoying. It's getting to the point where everytime there is anything with a security problem in a Microsoft product that Slashdot lights up with Linux doesn't have this problem... well duhh.

    I don't seem to remember other people making asses out of themselves as much. When was the last time you heard after a Linux security problem the Microsoft people coming out of the woodwork to say "Well we use NT so we didn't have problems, haha"... It's like these people are little children, it's so f*cking anoying. I've never heard supporters of other products doing the "na, na, na, we didn't have the problem cause we use Solaris/Irix/Dynix/etc". I don't even use Microsoft products and it's anoying the bejeebers out of me.

    Spelling & Grammar checker off because I don't care

    1. Re:Please, enough chest pounding by hal200 · · Score: 3
      I've never heard supporters of other products doing the "na, na, na, we didn't have the problem cause we use Solaris/Irix/Dynix/etc".

      You've obviously not been hanging out on the right web sites then...Go find a pro-Solaris/Irix/Dynix website/newsgroup/mailing list and you'll get your fix.

      Frankly, it amazes me that you got moderated UP to 3, Interesting...I personally find nothing interesting about yet another rant about how Slashdot is pro-Linux / anti-Microsoft. Welcome to the free world...if it offends you that much, then no one is forcing you to stay and read it!

      --

      I just want to take over the world...Why does that automatically make me EVIL?

  13. _Totally_ Unaffected? by B-Rad · · Score: 5

    Can you really say that Linux users were unaffected? Sure, they don't actually have the opportunity to get infected by the virus, but that doesn't mean that they weren't affected. Some people had files on Linux boxes shared by Samba changed/moved/renamed/deleted. I'd say there's a Linux user who was affected. And what about the people using Linux who depended on people using Windows for information? Suppose I ran a Linux machine at work, and one of our clients running Windows got knocked out by the ILOVEYOU worm. I wouldn't be able to get any information from that client. Thus, I'm an affected Linux user.

    Things like this can't be pinned down to one specific group of people. Linux people can't sit back and laugh at Windows people for their grief. Well, they can, but they shouldn't to the extent that they are. Just because your actual Linux box wasn't infected doesn't mean that you weren't affected.

  14. Genetic diversity in face of infection .... by taniwha · · Score: 5
    Actually I decided a while ago that the main thing that Linux has going for it is 'genetic diversity' - in the sense that we're all using lots of different mailers/browsers/GUIs/etc.

    The virus/infection analogy fits well here - consider a genetically engineered corn crop - a monoculture - every plant has identical DNA - and the whole thing will die if a blight mutates to fit just that particular DNA. On the other hand wild corn has tremendous genetic diversity - a survival mechanism evolved to combat just this sort of threat.

    Of course that was the whole reason sex was created in the first place - to increase genetic diversity within a species to allow it to adapt better.

    So far my experiments in this area have failed ... I tried to mate KDE and GNome ... but they just stood in the room with their backs to each other arms crossed pouting .... seems their a lot like pandas ....

  15. Re:Email Security by jafac · · Score: 5

    Where should the line be drawn?

    Simple! The same place web-browsers draw it by default! When a use action causes executable code to be downloaded and run, we get a nice little warning dialog. Those of us educated enough to know it could be harmful, will click "NO", and go on with our lives. The rest will be formatting and reinstalling Windows, and thinking twice the next time.

    The fact that Outlook installs the capability to run executable code WITHOUT a human's capability to stop it, that is the problem, the security hole, the bug. It is a simple thing to add this kind of safety check, and Microsoft wont do it. The guy who wrote the program to test if his 150 users would format their hard drives PROVES that as a "system" humanity is vulnerable to this kind of exploit. As individuals, some of us aren't, but as a whole - we are. To quote MIB; "a person is smart, people are scared stupid animals, and you know it."

    Humanity as a whole is now a critical, functional component of a system, known as the internet. That component is vulnerable, in that a certain % of them will run ILOVEYOU worms. Giving everyone a second-chance warning dialog would significantly reduce the damage such worms can cause. It won't protect everyone, but a higher percentage.
    Microsoft does not take this into account.
    I call that irresponsible. Even negligent. As is running anything mission critical on a system with such vulnerabilities.

    I just remembered this old Metallica song. . .

    --

    These are my friends, See how they glisten. See this one shine, how he smiles in the light.
  16. Hubris by Gurlia · · Score: 4

    I think that the attitude shown by this article is nothing short of hubris. Yes, Linux mail clients are immune to such viruses at the moment, and yes, M$ crap is insecure because it allows executable content over email and the like. But that doesn't mean we should gloat over them or boast of our superiority. The price of freedom (from viruses in this case) is eternal vigilance. Once we start feeling smug and content that "they are the ones who will get infected not us" then something will come and bite us hard before we even know it.

    The only reason Linux is so secure now is because people aren't complacent, they are looking out for bugs and exploits all the time, and they are aware of the dangers. As soon as Linux users start feeling "safe" and become careless, It Will Bite.


    ---
    --
    mikre he sophia he tou Mikrosophou.
  17. Re:Nor Mac users.. by Archeopteryx · · Score: 3

    Or, for that matter, even Windows users who use something other than Outlook. Sometimes I wonder if all of these holes through MS code are put there to facilitate MS industrial espionage? They seem to have no visible ethics otherwise, so this would not amaze me at all.

    Doesn't this make you wonder what hidden bytecodes are in their JVM?

    --
    Dog is my co-pilot.
  18. Yet again Petreley is just plain wrong by spectecjr · · Score: 4

    This virus has nothing to do with Outlook . It'll affect any mail client, be it Eudora Pro, Pegasus Mail, Outlook Express or any other that allows you to save attachments.

    It relies on user stupidity. Not on any specific problem with Windows. Not on a security hole in Outlook. Just plain vanilla user idiocy.

    Does it autorun in Outlook?

    NO.

    Does it autorun in Outlook Express?

    NO.

    If someone sent a particularly stupid Linux user a bash script that did the same thing, would they fall prey to it?

    YES.

    Simon

    --
    Coming soon - pyrogyra
  19. Re:Windows user unscathed by ILOVEYOU virus... by Anonymous Coward · · Score: 3

    It's wonderful to know you are so brilliant.

    But users are NOT the problem here.

    Email has become an open-platform groupware tool. There is nothing wrong with that. It is a good thing. Rich documents, spreadsheets, presentations are passed around and should be passed around in any business setting.

    Microsoft and cooler-than-thou pseudogeeks love to blame "lusers" for this problem. But the blame ought to be placed squarely on Microsoft.

    The problem is not Outlook or Outlook Express. The problem is that the platform provides a scripting engine that has no reasonable restraints placed on its behavior. No embedded script has any legitimate reason to be screwing around with the filesystem, opening up the address book, et cetera. That's just stupidity on Microsoft's part.

  20. It's not the software - it's society. by cr0sh · · Score: 5

    In the past several days, I have read many accounts as to why this virus spread, as well as for/against reasons as to whether or not this could happen on the Linux platform. Everything I have read seems to indicate that this "virus" (I would prefer the term "trojan" as being more accurate) relied on two seperate things existing in order to propagate: 1) That of the user clicking on the attachment to "run" it, and 2) Outlook being installed (for the sake of the address book).

    In other words, this could have happened on a Linux box, had such a thing as Outlook existed for Linux (although I think damage would still have been minimal, since the user should be running as a user, and not as root). Now, if the user was using some other email client, and clicked on the attachment, if it wasn't Outlook, nothing happened (not that the code couldn't have been written to take this in account, however, such modifications to the code would have made it much more complicated).

    So, for this particular case, what we have here is not a software problem, but a societal problem. If the code auto-executed, or used some blatent hole or "feature" of Windoze, that would be one thing. However, it didn't.

    Our current society (which many geeks are not a part of - we dwell within it, but we generally don't subscribe to it's beliefs) is one in which limited attention span, a need to quickly satiate desires without thinking about consequences of action, and a lack of responsibility - has caused such manifestations of chaos.

    Society's limited attention span has caused the forgetting of history, in society's mind, about such past transgressions such as the Morris Internet Worm (which I remember as being newsworthy, but I wasn't on the Net at the time, to be affected by it's "destructiveness"), MS-DOS viruses, and the Melissa Email "virus".

    Society's need to quickly satiate desires, without thinking about ramifications of actions, allow for such acts to continue, over and over again - because it seems like the reward should be obtained at any cost (or it should just be obtained, without thought to what hooks are buried within). Sort of like ordering a Big Mac meal at Mc Donald's - "Would you like to upsize that?" they ask, and when you say "No!" (being a geek), they look at you like "Aww, don't you want an extra cup of grease to go with that fatburger?" - you know what the hooks are, but most people see "Wow, more for less than the cost of it seperately! I'll take it!" (on a side note, this reminds me of a Jack in the Box trick - a couple of their meals are wierd; if you order one of the meals, and then a seperate sandwich, which has it's own meal, it is cheaper than getting that same sandwich as a meal, and the sandwich of the other original meal seperately - only by a few pennies, mind you - but imagine thousands of people doing this every day, without nary a thought about it - instant money).

    Finally, society's lack of responsibility is what is ultimately responsible. Someone, somewhere (and if we believe the reports and source code, that "somewhere" is the Phillipines) has said to themselves "I am not going to be responsible to myself or my feelings - I am NOT going to work out my problems. I am instead GOING TO LASH OUT, and send this scourge upon the world!", the outpouring of a 3-year old's tantrum.

    Why does society let this continue? Why isn't society educating itself to deal with problems that occur in the individual's life, rather than blaming the other guy (and in the end, making the lawyers rich)? Why does society always need a "quick fix" - why doesn't it step back, and realize that what it has is actually pretty damn good?

    Why does society continue to forget, and repeat history - has society not learned the maxim?

    Answer these questions, and fix the problems - and I bet many of the current issues facing us today, simply disappear.

    --
    Reason is the Path to God - Anon
  21. This had nothing to do with a flaw in outlook by mindstrm · · Score: 4

    The only thing about this virus that was outlook specific was the fact that it used outlook's MAPI facilities to get addresses and send copies of itself around. The writer could have used outlook express, or eudora, or pine, or any other email program had he wished to.. he simply programmed it for outlook. Contrary to what so many people seem to wrongly assume, the virus did NOT run automatically due to some bug in outlook.. dumb users simply RAN the attachment, which was a pure vbscript (no different than a unix user running a perl script). There was no 'embedded' scripting, or 'hidden' scripting, or 'security hole'.