Slashdot Mirror
Latest WinWorm Spreads Via ICQ And Outlook
mgooderum was among the many to write in about yet another snippet of malice making the Windows desktop rounds: "The latest email virus -- 'Goner' -- is apparently running around this morning (AP news story on Iwon here - no login needed). The virus is a typical worm that spreads via attachments and user's address books. It appears as a message with an attachment that starts: 'How are you ? When I saw this screen saver I immediately thought about you...' Goner is apparently non-destructive other than the normal DoS issues with the load from it forwarding itself everywhere. What's moderately unique are two features. One is its ability to replicate via ICQ as well as the usual Outlook and Outlook Express. Two is its small size -- it has a packed form that is only 159 bytes. Symantec has details here; McAfee has details here." Update: 12/04 21:57 GMT by T : That should read 159 kilobytes. And as many posters have pointed out, "destructive" is in the eye of the beholder.
I know, I know, other email clients, etc.
However there is one thing I don't understand, why are flaws which convert your office network into a disaster area, somehow acceptable, whereas some esoteric calendar tool is so vitally necessary that people straight-faced claim that Linux isn't ready for the desktop?
It's not just Outlook either - every damn document format that MS produces is an attack waiting to happen. Apart from being susceptible to bit-rott and bloated.
The average user does simply not have the competence to operate a Windows system safely in an office environment. It's not enough to consider training costs when switching to Linux, you also need to consider TCO. That means your downtime, additional maintenance to repair user machines and lost or corrupted data, when using Windows systems.
Mmmkay, let's give this a try shall we?
1. Set up NTFS ACLs properly - this includes giving SYSTEM rights to what needs to have it, along with the Administrators group, etc. Users should only have read access. (Most experienced NT end-users should already have done this a long time ago; if you're on a properly set-up network, it should have been done already!)
2. Open up the MMC, go to users and groups, and add a user. Make it a member of the Users group, which you have already set up as to only have read access (heck, you can set it up to everything BUT delete access... NTFS ACLs are so specific and expansive it beats rwxrwxrwx hands down :-/) and also give it full access to its home directory under "Documents and Settings\user"
3. Log in as that user.
4. Open up a command prompt.
C:\>del /F/Q *.*
C:\New Text Document (2).txt
Access is denied.
C:\New Text Document.txt
Access is denied.
etc...
Oh wait, I didn't ever have to log in! Ever seen 2000's oh-so-cool "Run as different user" option on the property sheets? Guess not.
I think it's about time the zealots pull their heads out of their asses before they go and flame someone on a topic they know nothing about.
1. That doesn't work on Windows 95, 98, or ME. Those systems just don't have security. Period.
2. It doesn't work if you aren't using NTFS. A LOT of NT, 2K, and XP systems don't.
3. You don't have a short, simple description of how to "Set up NTFS ACLs properly". But I don't blame you - a short, simple explanation of that subject is impossible.
Compare that to Linux. The instructions I gave for setting up a throwaway test account are very simple, can be executed in seconds, and will work on any Linux distribution from the last five years at least.
That's impossible on Windows, and your post basically proved the point. Thanks!
Torrey Hoffman (Azog)
"HTML needs a rant tag" - Alan Cox