Linux Users Unscathed By ILOVEYOU

nodvin writes: "CNN is reporting Linux users unscathed by ILOVEYOU. It is interesting that none of the multiple e-mail accounts on my Linux IMAP-POP servers seems to have encountered the virus. The mail server that I use is Communigate Pro from Stalker Software running under either Red Hat 6.2 or Linux-Mandrake 7.0. Perhaps the fact that I have Communigate Pro enabled for the MAPS Realtime Blackhole List (RBL) helped prevent ILOVEYOU from getting through. " It's a Petreley piece from LinuxWorld, but kinda cool seeing it on CNN.

Disappointing.

[Jeff+Mahoney]

The day after the ILOVEYOU virus hit our campus, I was walking to lunch with a co-worker of mine. On the way, we were discussing this very topic. He said, "Watch.. In a few days, there will be a story on Slashdot about how Linux triumphed over Windows because they weren't affected." Thinking that this viewpoint was a little cynical (even for me), we argued about this for a bit.

Sure enough, less than a week later, there is an obnoxious story on Slashdot about how Linux triumped over Windows.

Why is this obnoxious, you ask? Maybe it's because the virus was written for software that Linux doesn't even offer.

Was it a Slashdot story when crackers started taking out Linux/UNIX boxes via one of one wu-ftpd/proftpd buffer overflows, but not Windows boxes? Of course not. Was it a big story when Linux/UNIX-based email servers all over the world were getting rooted and turned into DDoS agents because of an imapd overflow, but not Windows? Of course not - Windows doesn't run that software, how could it affect it?

It seems that quite a few people don't understand that claiming triumph over Windows for something like this is very much like claiming that you're immortal because a bomb went off and didn't kill you - but the bomb went off two cities away.

I'm not an MS lover be any stretch of the imagination - but this sort of cocky, misinformed bullshit is exactly why the Linux community is laughed at so often - and exactly why the Linux community laughs at the "closed-source" world.

Moderate this down if you like, but do so knowing that you're proving my point.

-Jeff

Someone posted it to the linux-kernel list

[SurfsUp]

...which is really funny because all the Microsoft spooks hanging on the list had a chance to demonstrate supreme ignorance by running it. I also received an advisory that the virus has been sent to me, and this, very intelligently, was not marked with linux-kernel header info so I picked it up in my personal email and read it before I ran into the virus. Being more than a little curious about it I hunted it down in the kernel list and popped it open... about 250 lines of kiddie-level vbs. The first few lines:

rem barok -loveletter(vbe)
rem by: spyder / ispyder@mail.com / @GRAMMERSoft Group / Manila,Philippines
On Error Resume Next
dim fso,dirsystem,dirwin,dirtemp,eq,ctr,file,vbscopy,d ow
eq=""
ctr=0

Yuck! OK, this stuff takes me right back. The scary part is this:

wscr.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows Scripting Host\Settings\Timeout",0,"REG_DWORD"

What maniac decided that it was a good idea to make it easy for any anonymous person to mail code to you that can rewrite the registry in one, nice, easy-to-use line? Now that's innovation Bill, keep it up. Hey, this is like the city of Troy building their own hollow horse, putting it outside for a while until they're absolutely sure it's full of nasty men, then hauling it back inside and going to sleep.

But let it be a lesson for us, too. Even though Linux, BSD, *nix are vastly more immune to this kind of thing, it is still a crime to provide one-click execution of arbitrary code, and authors who write their code that way should be strung up by their thumbs. Every email program has to be able to obtain classification information from a trusted source about the delegate for each Mime types it wants to activate... when the delegate has potential destructive power the user has to be warned by default, and under no circumstances should an executable attachment be activated silently.
--

MicroSoft: Love Bug Affects Linux/Apple

[Col.+Klink+(retired)]

The Register is reporting that an MS spokesperson claimed that the Love Bug does effect Linux and Apple.

_Totally_ Unaffected?

[B-Rad]

Can you really say that Linux users were unaffected? Sure, they don't actually have the opportunity to get infected by the virus, but that doesn't mean that they weren't affected. Some people had files on Linux boxes shared by Samba changed/moved/renamed/deleted. I'd say there's a Linux user who was affected. And what about the people using Linux who depended on people using Windows for information? Suppose I ran a Linux machine at work, and one of our clients running Windows got knocked out by the ILOVEYOU worm. I wouldn't be able to get any information from that client. Thus, I'm an affected Linux user.

Things like this can't be pinned down to one specific group of people. Linux people can't sit back and laugh at Windows people for their grief. Well, they can, but they shouldn't to the extent that they are. Just because your actual Linux box wasn't infected doesn't mean that you weren't affected.

Genetic diversity in face of infection ....

[taniwha]

Actually I decided a while ago that the main thing that Linux has going for it is 'genetic diversity' - in the sense that we're all using lots of different mailers/browsers/GUIs/etc.

The virus/infection analogy fits well here - consider a genetically engineered corn crop - a monoculture - every plant has identical DNA - and the whole thing will die if a blight mutates to fit just that particular DNA. On the other hand wild corn has tremendous genetic diversity - a survival mechanism evolved to combat just this sort of threat.

Of course that was the whole reason sex was created in the first place - to increase genetic diversity within a species to allow it to adapt better.

So far my experiments in this area have failed ... I tried to mate KDE and GNome ... but they just stood in the room with their backs to each other arms crossed pouting .... seems their a lot like pandas ....

Re:Email Security

[jafac]

Where should the line be drawn?

Simple! The same place web-browsers draw it by default! When a use action causes executable code to be downloaded and run, we get a nice little warning dialog. Those of us educated enough to know it could be harmful, will click "NO", and go on with our lives. The rest will be formatting and reinstalling Windows, and thinking twice the next time.

The fact that Outlook installs the capability to run executable code WITHOUT a human's capability to stop it, that is the problem, the security hole, the bug. It is a simple thing to add this kind of safety check, and Microsoft wont do it. The guy who wrote the program to test if his 150 users would format their hard drives PROVES that as a "system" humanity is vulnerable to this kind of exploit. As individuals, some of us aren't, but as a whole - we are. To quote MIB; "a person is smart, people are scared stupid animals, and you know it."

Humanity as a whole is now a critical, functional component of a system, known as the internet. That component is vulnerable, in that a certain % of them will run ILOVEYOU worms. Giving everyone a second-chance warning dialog would significantly reduce the damage such worms can cause. It won't protect everyone, but a higher percentage.
Microsoft does not take this into account.
I call that irresponsible. Even negligent. As is running anything mission critical on a system with such vulnerabilities.

I just remembered this old Metallica song. . .

It's not the software - it's society.

[cr0sh]

In the past several days, I have read many accounts as to why this virus spread, as well as for/against reasons as to whether or not this could happen on the Linux platform. Everything I have read seems to indicate that this "virus" (I would prefer the term "trojan" as being more accurate) relied on two seperate things existing in order to propagate: 1) That of the user clicking on the attachment to "run" it, and 2) Outlook being installed (for the sake of the address book).

In other words, this could have happened on a Linux box, had such a thing as Outlook existed for Linux (although I think damage would still have been minimal, since the user should be running as a user, and not as root). Now, if the user was using some other email client, and clicked on the attachment, if it wasn't Outlook, nothing happened (not that the code couldn't have been written to take this in account, however, such modifications to the code would have made it much more complicated).

So, for this particular case, what we have here is not a software problem, but a societal problem. If the code auto-executed, or used some blatent hole or "feature" of Windoze, that would be one thing. However, it didn't.

Our current society (which many geeks are not a part of - we dwell within it, but we generally don't subscribe to it's beliefs) is one in which limited attention span, a need to quickly satiate desires without thinking about consequences of action, and a lack of responsibility - has caused such manifestations of chaos.

Society's limited attention span has caused the forgetting of history, in society's mind, about such past transgressions such as the Morris Internet Worm (which I remember as being newsworthy, but I wasn't on the Net at the time, to be affected by it's "destructiveness"), MS-DOS viruses, and the Melissa Email "virus".

Society's need to quickly satiate desires, without thinking about ramifications of actions, allow for such acts to continue, over and over again - because it seems like the reward should be obtained at any cost (or it should just be obtained, without thought to what hooks are buried within). Sort of like ordering a Big Mac meal at Mc Donald's - "Would you like to upsize that?" they ask, and when you say "No!" (being a geek), they look at you like "Aww, don't you want an extra cup of grease to go with that fatburger?" - you know what the hooks are, but most people see "Wow, more for less than the cost of it seperately! I'll take it!" (on a side note, this reminds me of a Jack in the Box trick - a couple of their meals are wierd; if you order one of the meals, and then a seperate sandwich, which has it's own meal, it is cheaper than getting that same sandwich as a meal, and the sandwich of the other original meal seperately - only by a few pennies, mind you - but imagine thousands of people doing this every day, without nary a thought about it - instant money).

Finally, society's lack of responsibility is what is ultimately responsible. Someone, somewhere (and if we believe the reports and source code, that "somewhere" is the Phillipines) has said to themselves "I am not going to be responsible to myself or my feelings - I am NOT going to work out my problems. I am instead GOING TO LASH OUT, and send this scourge upon the world!", the outpouring of a 3-year old's tantrum.

Why does society let this continue? Why isn't society educating itself to deal with problems that occur in the individual's life, rather than blaming the other guy (and in the end, making the lawyers rich)? Why does society always need a "quick fix" - why doesn't it step back, and realize that what it has is actually pretty damn good?

Why does society continue to forget, and repeat history - has society not learned the maxim?

Answer these questions, and fix the problems - and I bet many of the current issues facing us today, simply disappear.