Death To Virus Writers

davemie writes: "Looks like everyone is out to get the virus writers now!. But it sure is funny when a friend double-clicks on that latest virus and sends everyone in the company a copy. You get to slag him/her off for the rest of the week :-) 'Virus writers are the lowest form of life. AnchorDesk's David Coursey says we should put them out of their misery with a quick, permanent solution. Why waste time and money with due process?' I spent a total of an hour and forty minutes on hold making two different calls to the ISP which serves my mail. Both times the polite phone reps I eventually reached were shocked to find that there was an Outlook-borne nastiness filling up customers' mailboxes.

Better solution

[ptomblin]

Put virus writers and spammers into gladiator contests. Once they've whittled down to one surviving spammer or virus writer, shoot him.

--

Re:wrong problem

[astrashe]

I agree with 90% of what you're saying here. But I believe MS deserves special credit for the virus plagues we've seen.

Why? Because the vulnerability of MS machines to viruses is a direct result of business considerations colliding with technical/security ones, and the business considerations rolling over the others.

MS's whole schtick is to leverage dominance in one product to another. That's why they're so into integration. It just doesn't make any sense to have an email program automatically open a file that someone sends you -- at least not for many kinds of files. And it doesn't make sense to have complex vb macros in word processor documents.

Think about how much pain office macro viruses have caused, and how little benefit the average person gets from them. One user in 10,000 probably writes vb code to manipulate office documents. I'm not saying don't make word scriptable -- let people program it through COM. But that would put Delphi on an even footing with VB.

Despite the flames you read here, MS has some of the smartest tech people on the planet. Plenty of people inside of MS knew it was stupid to make an email system that would run programs that come in through the email. People outside of MS complained about it from the start. But the business logic won.

As far as I'm concerned, they don't get nearly enough grief for this stuff. It's different from a buffer overflow in IIS. That's an honest mistake, and you're right, there are plenty of those in Linux.

MS's decision making process about security is corrupt. You can see it in these macroviruses, and you can see it in their lame explanations for why they're pulling Java out of the OS. The security policy dances to the tune of the business logic people. They don't care about the billions it costs their customers.

I know they fixed the outlook hole. And I would even say that they have the right to leave java out, as long as OEMs have the freedom to put it in. (Whether or not they really do -- contract aside -- remains to be seen. If I were at Dell, I'd be afraid of po'ing MS, no matter what their press releases say.) They are getting better on security. After years of outlook viruses they plugged the hole -- for the small percentage of users smart enough to dl the patches.

Let's roast them for their real problems. Because when the press gets bad, they do respond, and that will make the world a better place. As everyone who uses the product knows, the MS-SQL Server story was BS, a cheap shot. This is proof that there are still plenty of fair shots to go around.

The Armys' response

[wiredog]

This came recently...

From: NISA CIRT

Sent: Thursday, July 19, 2001 8:04 PM

Subject: CIRT ALERT: Web Traffic Limited to Military Sites Only

** Unclassified - For Official Use Only **

As of 1900 hours, 19 July 2001, the Joint Task Force-Computer Network
Operations (JTF-CNO) has ordered that the DoD gateways be disconnected
from the Internet on TCP port 80 (protocol http) from now until a time to
be announced. The reason for this outage is the proliferation of the Code
Red worm.

All traffic between military installations will continue without
interruption. However, access to domains other than *.mil will be
limited. This restriction means that connections through a commercial
ISP, such as AOL or Earthlink, will not be available. Your military
organizations web-based Outlook will not be accessible from a commercial
ISP. Furthermore, if you are connecting from your office, you will not be
able to access *.com, *.net or other non-mil domains.

Any questions regarding this outage should be directed to the agency or
service CERT or JTFCND.

** Unclassified - For Official Use Only **

Man...

[Palshife]

Viruses have just lost their mystique. I remember my Dad telling me about Michelangelo back in the 80's. I remember being so impressed that something so devilish and evil could really exist.

I suppose that's why I became a programmer.

No, wait. It was for the babes.

Freakin script kiddiez.

Sircam victims violate the DMCA

[bwt]

The DMCA bans distribution of TPM circumvention devices absolutely, without regard to knowledge or intent. It treats circumvention devices on par with stolen property in this regard. Since Sircam forwards one file off of your computer it circumvents login and read permissions that control access to a copyrighted work.

Thus everyone who executes (falls victim) to the sircam virus is guilty of a 1201(b) violation for distributing circumvention devices.

Obviously anyone who receives the trojan email has a cause of action, but actually anyone who uses the TPM in questions does too. That is, everyone who uses a computer that is susceptible to sircam can sue anyone who fell victim to it (in addition to the person who wrote it).

Anybody know anyone at the MPAA, RIAA, or Adobe that got hit?

Re:You'd think outlook would filter this by now.

[MrKevvy]

You would think that Norton AntiVirus 2001 7.0 would filter it as well. After all, that's what it's designed to do.

Yet, if you have a look at Symantec's Discussion Forums you will see many NAV2001 users complain that their e-mail scanner does not pick up SirCam attachments. Detaching those same attachments and running a manual scan of them then does find SirCam. Thois has been an issue since day 1 of SirCam (six days now) and Symantec still has yet to acknowledge it.

So you're a corporate user. You have a locked-down image with hidden extensions. Your NAV templates are up-to-date. E-mail scanning is active. You receive an e-mail from your boss with the title and attachment as a .DOC Word file that you know he's been working on, and he's usually too busy to check his spelling and grammar for every quick note. Your NAV scanner clearly checks it (there is an animated system tray icon that shows it working.) So you open it...

Sometimes it's not always the user's fault.

God Bless Microsoft!!!

[toupsie]

If it weren't for the shoddy products released by Microsoft and the people that abuse the holes in those products, I wouldn't be able to put food on my table. I never get upset when a new virus/worm or security hole is found in Windows or Outlook. To me its a happy day because I get to hear my favorite sound, "Cha-Ching!".

The last thing in the world I want is Linux/BSD/Mac OS to become the mainstream operating system of choice. With Microsoft ruling the roost, I will never be poor. Instead of punishing these virus/worm writers and the script kiddies, I would like to erect a monument to praise their work. Without them, I would be destitute.

wrong problem

[egomaniac]

Tempting as it might be to go after the virus writers when something like this happens, the real problem is the buggy insecure code which lets it happen in the first place.

I'm not just picking on Microsoft - open-source projects have had their fair share of security holes as well.

But the fact is that Outlook, ISS, and various other products didn't even have security as an afterthought, it was just no thought at all. The charge shouldn't be "kill the virus writers", it should be "stop buying unsecure software".

After all, if you left your front door open for a week, and someone made off with your stereo, I'd argue that you had it coming. I'm not sure viruses are any different -- we just need to secure our damned software.

Death to virus spreaders

[isomeme]

I can understand where Coursey is coming from, certainly. Virus (and worm) writing is a blatantly antisocial activity with huge costs and light (if any) penalties, and it would be viscerally satisfying to shoot a few of the perpetrators.

Oddly, though, with this SirCam outbreak, I find more of my wrath landing on those who help spread the stupid thing. Every single one of the hundreds of emails I have received thanks to SirCam resulted from some otherwise intelligent person being incredibly negligent about network security. I have spent significant amounts of my own time paying for their lack of caution.

I have taken to sending a standard reply to each person from whom I receive SirCam, pointing out that connecting to the net without proper precautions in place is both silly and rude. I'm hoping to trigger a shame response that will motivate people to think about security enough to avoid being so rude again.

If we can foster a culture in which abetting the spread of a virus or worm though lax security is considered a serious social faux pas, we may have be able to contain them better. People are motivated by considerations of power, prestige, and group acceptance; push those buttons properly, and you can sculpt behavior as you will.

--