Don't Forget That Worms Happen Everywhere

friday2k writes "Securityfocus has a nice column on Worms and their origin in 1988. It explains what everybody should never forget. We have dealt with *NIX worms (Sadmind, li0n, ...) and they will come back again. Maybe then the MS fanatics will laugh and say: didn't we always tell you Open Source is insecure (too?) ..."

different cultures...

[webmaven]

I think that the real reason that MS systems were hit so hard by Code Red and it's descendents is that there is a real difference in the culture of the respective developer communities.

There is no reason why all those home systems and corporate desktops should have IIS running in the first place. There is also no reason (generally) for a home linux system to be running, say, BIND or wu-ftpd.

So why does Microsoft encourage the installation of unneccessary software on it's systems, and why doesn't it make it easier to not install those services in the first place?

It comes down to culture. Unix-like operating systems are minimalist and modular, because the development communities appreciate elegant code (not neccessarily elegant interfaces).

Whereas Microsoft prizes a DWIM (Do What I Mean) approach, which encourages adding functionality 'just-in-case', as Microsoft seems to think that actually asking a user to install a component is a failure on their part.

In the long run, elegant, minimalistic code is easier to understand, and therefore easier to secure (examples are Sendmail vs. qmail, or BIND vs. djbdns).

Don't forget Morris!

[HiredMan]

On November 2, 1988 the "Morris Worm" was unleashed on the net. It jumped from college to college (that was most of the net then) and, because of a bug in the code, would reproduce itself within the machine until it ran the machine into the ground as it tried to infect others.

Imagine Code Red in which almost all servers are NT/IIS and there is no web, no central authority, no "experts"...
It caused the Inet as it was to cease to function. People had to pull their boxes off-line to keep from getting repeatedly infected.

The confusion and panic that followed lead to the creation of CNet and was the start of most of the big, early Inet security organizations that exist today.

<old codger>
You young whippersnappers don't know from worms. We used to create worms on punch cards and you had to mail them around to get infected! Those were the days!
</old codger>

I suddenly feel old and have to go lie down....

=tkk

If that happens...

[SpanishInquisition]

We just have to claim that Linux worms :

• are faster
• are more portable
• use less ressources
• can be more easily modified since you have access to the source
• Aren't tied to a single vendor

That should make the point of the superiority of Linux worms over Windows worms and end all the FUD.

It can happen

[huh_]

You all say that Unix admins know more, or that open source programs have patches out faster, but what about all those people who know little about linux and install it. They can just as easily leave their computers unpatched, running 24/7 using some cable provider. More and more people are trying out linux, it doesn't mean all of them are smart. So of course the same thing can happen.

Re:It can happen

[Rick+the+Red]

You're absolutely right, which is why it's just as important for Linux distributions to come locked down tight as it is for Windows distributions to come locked down tight. Microsoft isn't listening; are RedHat and the others?

Also, Microsoft is supposed to be open to XP configuration changes by the hardware vendors. Does that extend to default security settings? If so, we can only hope that PC Magazine and the rest will rate new computers on how secure they are out-of-the-box. Are Dell, Compaq, Gateway, and the others listening? Is the computer press listening? If I know Dells come secure but Gateways ship Microsoft-default-wide-open, I'll recommend Dell to my friends and family. If I know Debian comes secure but RedHat installs wide open I'll recommend Debian. But only if I know, and I'll only know if the press does their job and tells me.

This is a social problem, not a technical problem, and it requires a social solution. That means that everyone in the society must play their part -- the companies, the press, and the consumers. If Microsoft won't be a good citizen, bad on them. But why should they be a good citizen if their enemies are not, and especially if their friends are not?

Code Red

[briggsb]

Talked about his experience as a worm. In the interview here. It has some advice for newer worms and viruses.

except

[linuxpng]

don't most UNIX admins need to know something about the OS other than the size of the install base therefore actually patching their security holes in a reasonable amount of time. Let's not forget the issue is NOT microsoft's security hole. All oses have that, it's that the userbase is not up to date on installing the security fixes. We just hope everyone who bashes MS will patch their own holes come unix worm time.

Sendmail? Elegant? Minimalistic?

[alispguru]

In the long run, elegant, minimalistic code is easier to understand, and therefore easier to secure (examples are Sendmail vs. qmail, or BIND vs. djbdns).

That's the first (and hopefully only) time I ever hope to see the words "elegant", "minimalistic", and "Sendmail" together in the same sentence.

I'm a heretic, baby

[kisrael]

I'm not a very close observer to any of these things, but it seems like the recently noticed telnetd exploit has really screwed over more sites than Code Red has, which seems more of a bandwidth hog. I mean, a years-old simple string buffer overflow giving root access on so many linux boxes is inexcusable for people trying to "sell" Linux on its general security and reliability...