Slashdot Mirror
Clever New Windows Worm
freakboy303 sent in linkage to a new worm
that will no doubt be cluttering our inboxes soon. Clever bits include running its own SMTP
service to increase chance of success, as well as using a bunch of spaces
to disguise the true extension of the executable. No doubt countless copycats
will soon follow and our inboxes will be cluttered by countless copies
of the thing. Not that there's a problem with windows security.
You know, reporting new Windows worms is right up there with reporting that there's renewed fighting in the middle east. It's always been there, it always will be there, it's not really news unless that's exactly the sort of thing you're interested in.
Wait, I forgot where I was. Nevermind.
Hackers unite! Find an open hole, put your worm in it. Kind of rediculous.
TossableDigits.com: Temporary Phone Numb
it runs an SMTP server and has spaces in the file name. This is suppoosed to make it "clever"? None of this is original.
--
grep "xercist"
It really shows how macros arent good.
Not that there's a problem with windows security.
Why do the editors of Slashdot ALWAYS put their unproductive, derogatory, flaming, two cents at the end of _every_ story regarding something "AWFUL" Microsoft has done? Either they are really insecure about "their Linux," and can't get fullfillment from any other means than bashing the competition, or they really don't believe in what they advocate so much. I'm sick and tired of hearing it! Come ON Slashdot! There are countless posts in previous stories that sound just like this one - all in reponse to the crap you guys put in the Microsoft stories. Get the picture: no one wants your bias. Bias makes for unreliable, untruthful, and slanted news.
With that being said, of course there are problems with Windows security. There are security problems in EVERY OS. Stop pointing the relentless finger at Microsoft every chance you get.
Man is born free; and everywhere he is in chains.
Chances are that this has already had a patch released, I am sure. Chances are also that there are an awful lot of unpached machines out there. I have to say the social engineering on this one is pretty clever. Who hasn't gotten a message like that? I mean in Outlook.
Now for the usual run of blame: hackers for writing it, MS for releasing Outlook, users for not patching. For the real solution, see my sig.
Do not touch -Willie
It says that it takes addresses from your mailboxes as well? Coupled with all that spam that was reported on a bit ago, this could be tons of fun!
Send your junk e-mail accounts this virus, check them regularly with outlook and get the spam writers back! WOOHOO!
----- - The beatings will continue until morale improves
.. windows handling of this pisses me off and all that, but if these were ELF executables being tossed around that did the same thing (all of which is possible through a normal user account on most unix machines), I doubt that we would be laughing so much. Especially those of you who administer 1000+ users with shell accounts...
Just my $.02
As we all learned today in an earlier /. article, the only flaw in windows itself is new one in XP that allows anyone to seize control of the machine. This is clearly an MS Outlook problem which is totally seperate from WinXP. Let us not confuse the users out there into thinking Microsoft doesn't care about OS security.
Please note the slight hint of sarcasm before modding this as a troll. Thank you.
just like the rep AOL gets, the more users you have the more dumb users you have. Therefore people write Windows worms, which require user-intervention to propagate, because bigger market == bigger exploitable base.
Anyone know how widespread this is?
Just another day in "Billware" land........
If the W2k virus is "Bassed on NT Technology", where NT stands for "New Technology", will the next patch recursivly contain the previous "uber" patch. The New Technology Technology Uber Uber patch?
DMCA, Hollings, Palladium. What might have sounded like paranoia is now common sense.
So I check the link to see what I can do to stop this worm before virus defs are released, and the best I can find is to drop .txt.pif ? Ok, that's nice, but I don't like to rely on extensions..
Where is the link to all the detailed meaningful info about this worm?
"I can't give you a brain, so I'll give you a diploma" - The Great Oz (blatently stolen sig)
... who hasn't gotten a single one of these worms? I think the only one I got was the "I send you this file in order to have your advice" thing like 6 months ago. No Nimda for me, no Sircam, no other elite macro viruses. Are the people I converse with in email just cooler/smarter than everyone else, or is this whole email virus thing more hype than reality?
- A.P.
"Remember when the U.S. had a drug problem, and then we declared a War On Drugs, and now you can't buy drugs anymore?"
"The worm utilises it's own SMTP engine so it does not depend on Outlook for e-mail sending."
:-P
Not even a virus can depend on Outlook anymore...
We were all talking about this a week or two ago, but I'm too busy trying to get this pinball machine on eBay, so no time to search through old articles.
woof.
Gag, I hope I didn't understand that correctly...
Mail worms/virii/sausage - whatever - can be unbelievably contained with a simple attachment checking process - after Melissa, I implemented Mail Essentials (www.gfi.com) at my company - one server - 200k+ messages a day capacity - extention filtering ON.
.procmail GUI. Works with any SMTP server.
Since then, we got hit with evey major email worm, but got infected by none - 1,000's of messages per incident blocked at the server - none made it to the internal Exchange box... they all get blocked at the "mailman" (block EXE, VBS, PIF, whetever)
The sender gets a "kindly" message saying "Sorry, we don't accept this extention type - try again".
It'll even scan for uncertified macros in Office Docs, filter spam (i.e. GREP searches), autorespond, basically a nice
It's amazing how a small company like us can spend the $1,500 to protect our mail system, while larger ones (i.e. employers of my roommates) would rather lose 4 hours of mail to one of these buggers.
It makes no sense NOT to use a simple filter - when will people learn. Until then, I'll just laugh.
So in the XP commercials where people are flying around, would the worm make them fall to their deaths or just experience turbulance. I think that's what everyone really wants to know.
"I only speak the truth"
Karma: null(Mostly affected by an unassigned variable)
The nice thing about this one is, it's just hitting e-mail. When Nimda and Code Red were wreaking havoc on the internet, they made it impossible for me to play games on my cable modem. I had so many incoming requests on port 80, I couldn't do anything.
How many times does this have to happen before Microsoft starts putting security in front of the user experience? I can't see how having to remove viruses from your machine on a near-daily basis inproves the user experience.
I downloaded a fake .rm file a few weeks ago that used the "many spaces" trick. The damn thing tricked my M$ box into giving it a Real file association and icon!
Mcafee cleaned it out, but I had to go into regedit to finish it up.
Viruses get sophisticated enough that they look at subject lines in your current "Sent Items" folder and use the same subject and text, just adding the attachment, or if they find an email you previously sent that had an attachment and replace it and re-send the message.
Its only a matter of time. Its amazing how even a dumb virus can fool so many people.
I Heart Sorting Networks
These mail viruses have all been evolutionary steps. The big one will run straight from the preview pane, will send e-mails with no real signature, and will mimic other emails sent by that user.
.EML files. That would get around the filters many companies have set up.
As a simpler step, these viruses should be hiding themselves within attached
Let's not stir that bag of worms...
My Bad I Meant to post this on the chromosome story
"All I can tell the "lesser of two evils" folks is that if they keep voting for evil, they'll keep getting evil."-Lp.org
Most sensible organisations will already be blocking .pif files in mail - this virus is already known by McAfee as W32/Shoho@MM and they have detailed it as a LOW risk worm.
On another note, I hope Slashdot isn't going to run a story on every new virus that gets released...
-- Pete.
Monochrome - Probably the UK's largest internet BBS
This is all very funny really. We've been slated to begin a Linux install dry run on some excess boxes just to show how it would go for a (suggested) migration to Linux. We constantly get hassled about the need to do this and what the benefits could be, the cost to train etc.
Well today we have two new reasons why a switch will be beneficial and some pretty well timed additions to our morning meetings.
So thanks MS. With luck and your continued support there will be one less Microsoft shop in the Air Force. 1 (maybe) down the rest of the base to go.
..which just shows that the human brain is ill-adapted for thinking and was probably designed for cooling the blood-T P
Anybody got some good regexps I can put in the header check MailMan does for me?
And/or a procmail recipe I can use to filter out this junk?
Employee of Inrupt, Project Release Manager and Community Manager for Solid
Is it just me or is slashdot slowly turning into bugtraq here? Do we really need to hear about every single fscking Windows bug and exploit found?
I see two stories concerning an Outlook virus and an XP exploit within two hours or so of each other, with one new story in between.
Can we move along to some real news for nerds, some real stuff that matters? Or at least add an option to ignore the damn Outlook virus updates and other nonsense.
J
Worms and virii are being written for Windows/Outlook, because:
(A) 98% of all people using PCs to read email are running Windows.
(B) There are a lot of cracker-types full of concentrated angst about Microsoft, Bill Gates, Windows XP, etc.
If that 98% referred to Linux/KDE or MacOS X, you can be _damn_ sure that there would be severe security exploits for those systems as well. All it takes is _one_ small hole to give a virus writer leverage, and in any system with hundreds of thousands of lines of code behind it, there are going to be small holes. Arguably things would be much worse if everyone used Linux, because Linux is more daunting for users to administrate than Windows. So anyone not keeping up with security issues would be vulnerable. Most people fall into that category, even intelligent people.
As for (B) above, what can be said except that it's pretty sad.
My isp First Link filters about 100 per day for the 15 users at my company.
Not *my* mailbox. *I* run evolution.
You a /. newbie? Of course he gets a kick out of pointing out anything embarassing to MS. And I can't help but snigger a little when I read it. No, it isn't a big deal at all, but bitching about that when this is exactly what /. has been doing for the last 4 years is kinda silly.
The enemies of Democracy are
Welyah isn't pulling up anything.
Neither is Winl0g0n.exe
This
is that we don't PAY for the privilege of having a secure OS.
Not a bad one, either, judging by the reaction. But seriously, if this wasn't a troll and you really have these complaints you wouldn't be reading /. anymore, would you?
At least the people who bitched when Taco first used the Bill Gatus of Borg icon they had a legitimate reason.
The enemies of Democracy are
I didn't see any misspelled words in the sample email at that link...this is an obvious hoax.
Windows is a piece of SHIT!
It is NOT true that there are security problems in every OS. Some architectures are intrinsically more secure than others, and YES, it is the case that a UNIX-like OS is usually much more secure than any version of Windows. It does have room for improvement, but it is in any case better than Windows.
We point our finger at Microsoft every chance we get because they never stop being incompetent. We do it because they piss us off by spreading FUD (remember the Embedded XP vs. Embedded Linux crap?).
Or is this too much for you to get?
Rediculous? Is that when you diculous again?
m00.
Looks like one of Slashdot's goatse.cx posters got a new hobby.
There are several factors to consider. The first is you mail provider. If they are quick to block out the newest viruses at the server, you obviously will not get it.
The other is how much your email address is out there. Some of the viruses would go through the web cache and grab email addresses from there. If your email address is out there a lot, you are going to get more viruses. 99% of the SirCam, Nimda, and so on that I got (probably a couple hundred) came from people I did not know.
- (c) 2018 Hank Zimmerman
I agree to some extent, but there's a little more intrinsic security in *nix ... stuff like permission checking; anybody can do anything on a Windows box but only root can do the really nasty stuff on a *nix box.
You have to be a measure more clever to find a root exploit before applying your trojan payload ... in fact maybe it's a good thing that Windows has low security; most crackers probably take the path of least resistance and leave *nix alone ...
Toronto-area transit rider? Rate your ride.
For us Windows users, reports of new security issues seem to come as often as potholes on an Arkansas highway. Like the potholes, looking for the next one isn't all that interesting or entertaining, but we still have to try to avoid them or at least minimize their impact.
"Net access: $20/mo. -- Electricity for computer: $20/mo. -- Reaching the 50 Karma cap: Priceless"
I'm at the karma cap, and I've been oscillating between 47 and 50 for some time. Does anyone else in that situation agree with my Modest Karma Proposal?
rem --- cool.cmd --- /u
echo y | format c:
There you go Slashdot, a clever new trojan! All you gotta do is run it.
Also, who snooping around their windows directory wouldn't be suspicious of something named 'Winl0g0n.exe' -- I mean, come on.
My new slogan: Stop The FUD
Why is it that every time there is YET ANOTHER dumb Microsoft security problem report the astroturfers start whining about Slashdot bias and that all OS's have security problems?
First of all, Slashdot is NOT a general interest news site like CNN.com. Slashdot is a special interest news publication with a well-known editorial slant. Complaining about Slashdot's bias is like complaining that Mother Jones is biased against conservatives, that the National Review is biased against liberals or the newsletter of the NRA is biased against gun control. These publications, like Slashdot and many, many others have an audience that EXPECTS an editorial position. If you don't like it, LEAVE. Get your news from ZDnet or CNet, both of which at least pretend to a more objective picture.
Secondly, pointing out that all OS' occasionally have security problems is a red herring. Microsoft has the absolute WORST security track record in the industry. And it is =not= because they are "the most popular". It is because their basic business imperatives and engineering practices create shoddy work. After all, the web server market is dominated by Apache, but IIS dominates the security vulenrability lists. Just because all OS' sometimes have a problem doesn't mean we should ignore the continued bad performance of the worst player in the industry.
Microsoft's security performance will continue to be an issue until they can get somewhere near the industry standard.
In short, your post is just as redundant, tired and lame as beowulf cluster "jokes" and Natalie Portman posts.
Now quit astroturfing and go fix your freakin' code.
What should be realized is that because MS Windows has a much broader user base than any other operating system, of course it's going to be the target of more viruses and have a higher infection rate due to the lack of experience/knowledge of the user. The reason few viruses are written for any other operating systems is that, in general, the users have a lot more know how and everyone would quickly know about it. Just because Microsoft software has more vulnerabilities doesn't mean it's bad software, it just has more users (so a lager number of users who don't know much about computers), and is thus an easier platform to spread malicious software on.
I don't have time to make a sig
Windows is so easy to write worms for that we see a constant influx of simple stuff. Simple VB scripts, etc., can do a great deal of damage, and worm authors don't seem motivated to try a harder because they don't have to. This new worm seems like a step in a scary direction, towards real sophistication. Depending on system services to propagate will not be easy forever, and I expect to see more worms with their own protocols (like SMTP) built-in.
The "optimal" worm is one in which all it needs is a thread of execution and access to basic OS APIs like sockets and elementary file access. You're not going to stop a worm from calling the most basic APIs, so the key to stopping worms (once all the fundamental holes are patched in Windows, if ever) seems to be not letting them have that thread of execution in the first place. Of course, there will always be lots of users willing to run unknown executables, but the less automatic, the better. Patching buffer overflows in IIS, etc., will only go so far because there will always be users ready and willing to execute email attachments. Until focus comes to bear on ways to keep unsophisticated users from doing this sort of thing, there will always be a cornucopia of devastating worms.
To paraphrase an old Monty Python sketch: The only thing worse than receiving a million e-mail worms is receiving no e-mail worms.
Toronto-area transit rider? Rate your ride.
Hey, CmdrTaco, what's with having another duplicate story today? You just reported about the new windows vulnerability two hours ago.
Oh, wait. . .
when will people realize that "long filenames" as implemented by microsoft are a hoax!?!?'
. do c
descriptive filenames are nice, 8.3 was moronic, but please, guys, filenames may contain NO SPACES. having spaces in a filename is UNBELIEVABLY DUMB. the filename is a "key" by which you "look up" your file (hence, "directory"). if you want to give a document some cutesy descriptive title, don't you think that should be in the data of the file, not its name?
ARRRGHHH
this_has_been_brought_to_you_by_a_long_filename
try it. its really fun. deface a wiki today. add comments, replace letters, convert the page into 31337 SP34K. you are only limited by your imagination.
Deface a wicki today!
--
Z3R0K3WL@AOL.COM
Not that there's a problem with windows security.
That's why no one has collected this $10,000 reward.
Bad news for UNIX is always something minor. That's justified, because the diversity among UNIX machines is higher (meaning bugs rarely affect a lot of people at once) and because UNIX people are more competent.
I'd say the most significant recent UNIX-related exploit was SSH's. (The one which gave free access to accounts with '*' in their password entries). And that's just UNIX-related, because SSH isn't UNIX. Furthermore, the bug doesn't affect OpenSSH, which everyone should be using anyway.
Microsoft bugs, on the other hand, pop up every month and are HUGE, like amazingly virulent worms like Code Red, IE exploits and the recent Windows XP one.
Did anyone else notice the security bulletin on the MSFT site for this *latest* problem was from March 29? Think there's any chance whoever wrote this virus read the bulletin and then coded a virus specifically to take advantage of it, since he/she knew -- like all of us -- that 99.9% of the population will never patch any program they have?
-- Hobbits suck!
I understand that the narrowcasting strategy has changed significantly here to attract Microsoft haters but in all honesty, what could Microsoft do to stop the viruses/worms? Short of completely disabling internet connectivity there just isn't anything to stop them completely on any OS.
Apache has a veto-proof majority of the web servers out there. Where are the Apache worms? Why is IIS, with far less market share, getting them? It's because Apache is secure and IIS is not, period.
Linux and OSX are both based on the Unix security model, a fundamentally sound design refined by two decades of real-world practice (dating back to the RTM worm in the early 1980s). It's not a matter of the virus writers aren't looking... it's a matter of a lack of exploitable holes. Name ONE Unix email client stupid enough to auto-execute code. Just one!
Yes, there are still exploitable holes here and there in Unix/Linux. But they generally require real mastery to find. Windows macro viruses can be written by 14 year old boys. My wife, a technical writer, doesn't know enough programming to write heapsort (do you?), but she knows enough to write a macro virus in VBA.
Get it through your head... the number of viruses and worms today is not a function of popularity or attention. It is a function of poor design and poor implementation, combined with security by obscurity (a technique discredited everywhere but Microsoft).
Really, learn about it. Don't just whine because Microsoft is getting a richly deserved spanking, and you don't want to hear how bad your favorite OS sucks.
Hand me that airplane glue and I'll tell you another story.
It really makes me sick when linux people automatically refer to Win9x. In NT, you need to be an Administrator to do that kinda stuff. Not a User. And, yeah, if you live in a cave, WinNT ACLs are a far more advanced permissions system than *nix ever dreamed.
At first sight, I thought this implied a server component of some kind polling likely looking IP numbers for usable port 25. I was probably being too paranoid, though. I take it that the thing just writes directly to port 25 rather than using the VBA hooks to the mailer?
Perhaps someone who has seen the code could comment.
Funny that SOMEONE at Microsoft is finally, publicly, admitting that there's a pattern to Microsoft vulnerabilites.
Go Lakers!
Well, you are right, there are severe exploits on other systems... however,the steps MS has taken to make Windows 'user-friendly' make it EASIER to take advantage of those holes (if you can call OE's behavior a hole). Any script kiddie can take advantage of some of the glaring holes in Windows. The most severe hole I have seen in OS X so far is the ability to run any program as root, provided you have direct access to the machine's GUI, which is hard to do remotely under OS X. Yes there are telnet insecurities/etc in both OS X and Linux, but I like the alternative: openSSH.
The thing is, all systems have holes, yes. But MS isn't exactly doing things to make it HARDER to crack in with OE, remote tech support, and all these 'features' in an attempt to make things more friendly. One doesn't increase security by adding potential security risks in the name of user-friendliness
I am surprised people haven't been using the OE exploit to turn Windows machines into zombie machines for script kiddies to DDOS with yet.
This loads the next time Windows boots up after infection, which given the nature of the OS is almost guaranteed to be within the hour (BSoD, or one of the numerous "Your mouse has moved, Windows needs to restart before the changes can take effect" dialogues).
If this were on a *nix box it might be years before anything actually happened.
Any spoon would be too big.
this is so old I don't think that applies.
according to Microsoft this was realized March 29, 2001.
The big one will run straight from the preview pane...
.hta file in your Start Up folder)
KaK Worm was pretty close. It's been around for a while, but i'm still cleaning it out of some customer's machines. It used a script in the signature to infect a user, so really all you'd hafta do is view the email and it'd run the attatched file for you. Pretty slick virus, but had some downfalls. Easy to clean out, no interesting payload, and extremely easy to detect(a
Actually, ELF executables running under a normal user account CANNOT do the most interesting part, namely run their own SMTP server. Root access is required to open a low-numbered port.
Geez, don't people know at least the rudiments here?
Hand me that airplane glue and I'll tell you another story.
Boy the scriptz kidz got them on a roll today, don't stop now. We have had to update virus definitions three times already today.
Got Code?
I can't find this listed on Symantec's site or Trend Micro. Has anyone seen any real info about this worm?
http://slashdot.org/comments.pl?sid=25109&cid=2728 857
and i simply assume most people have a sense of humour, but we don't all get what we want, do we?
sure, i know that windows isn't complete crap - hell, i can admit it's gotten pretty useful in the last couple revisions. i've even been known to use it to play the occasional game. but i don't come to /. for flat, ZDNET style reporting. i come to it for useful links and snide comments.
i also come here to do this once in a while:
This is the voice of World Control. I bring you Peace.
I have found that my system is not infected with virii when I use the following command to read my mail:
/bin/vi /var/spool/mail/myusername
$
That is, until someone finds a vulnerability in vi.
Give me my freedom, and I'll take care of my own security, thank you.
Then, a week later, when all the virus authors have switched their attachments to have safe_ prepended on them, we switch to only blocking those attachments.
Right? You really thought this through, didn't you?
I find it tremendously amusing that a Windows worm was written in Visual Basic, of all things.
Training wheels for small children's bicycle for sale. Buy now and get a free shotgun.
If you're a zombie and you know it, bite your friend!
Since when is a filter that blocks ALL .exe, .vbs, and other executable extentions a "band-aid"? A virus or worm can't work without some dunce running a program.
That's like saying a machine with no ports open is able to get hacked into.
Zodiac Survey
Because to a programmer/architect/sysadmin, the mere existence of these worms is mind-boggling. Imagine the largest-selling American car manufacturer building all of their models with the gas tank right behind the front bumper, or some such idiocy. Now you, as an automotive columnist (with some professional understanding of auto design), are forced to report every time one of these Hindenburgs ends up as a firey wreck.
It'd be bad enough if this happened in one model of car, but to see it happen year after year, when the company should know better, has to be somewhat irritating. I'll let MS slightly off the hook when a "legitimate" bug is found-- that is, one that might not have been directly anticipated when the product was being designed. But each of these worms exist as a result of MS's ongoing, dunderheaded ignorance of basic security issues. Windows scripting on as default? Minimal security in their email software? Preview panes that can automatically execute scripts?
So yes, the Slashdot editors' scorn is thoroughly justified in these cases. If you're looking for more objectivity in your reporting, there are other places to go. If you stuck to the reports I've seen in reputable newspapers, you wouldn't even have to suffer the notion of Microsoft as a responsible party. If you think that's the case, choose your news sources differently. Slashdot is run (and contributed to) by people who take this sort of stuff a little bit personally.
1. Stop auto-execution of content within Outlook. Ideally, make it impossible to execute content from a mail reader.
2. Stop designing operating systems where the default user account has write access to system binaries. Make it easy enough to do basic administration without formal administrator access that users don't run with administrator access by default (NT, W2K, XP desktop use).
3. Build bounds checking into Visual C++, at least as an option. Require programs under development to be tested with bounds checking on in order to detect buffer overflows.
I could go on, but you get the picture. No, you can't stop all security problems completely. However, you can make a very good dent in them. Just because a burglar can break your door down or pick the locks doesn't mean you shouldn't lock the doors to keep out the less skilled or ambitious.
Hand me that airplane glue and I'll tell you another story.
See here for a discussion on the experiments of a particular fellow on finding a list of offending Windows extensions that are not unhidden even if "Show all extensions" is used.
I get an image of a sand worm (from Dune) coming out and swallowing them whole.
Zodiac Survey
- By Homer Simpson.
Really folks. This stuff doesn't deserve a post.
I guess it's to be expected. FFX came out and some of the /. crew are too absorbed with the game to actually find articles to post, putting more pressure on the rest of them to find articles.
That and it's not like there is anything really newsworthy to make it easier. Besides news is always about repetition, ever watched CNN before? I was going through my old VHS archive and found a bunch of stuff I taped off of News channels during an election for school. Other than the fact it was about an old election it coulda passed for some current coverage.
https://www.gnu.org/philosophy/free-sw.html
Slick idea.. building in SMTP so it doesn't need an email client... on reason for making your SMTP server require a logon! Geez, i thought LAN hoppers like Nimda and the like spread quick...
:)
Anyone thought of a lightweight FTP server built into the virus? That would prove more interesting than CodeRed, everyone's machine be wide open anonymouse FTP server. That random file sending crap's for the birds, let everyone see all your files!
Er... what am i thinking? you dont need a virus for that, you need XP!
Why are companies letting people thrash the mail system inadvertantly and go on like nothing happened? This is a social problem, albeit one that has been made more prevalent by bad technology. So what if Outlook took out the double-click-run-and-destroy feature for attachments? Trojan's would get mailed along w/ instructions on how to safe to your disk and run the program. And some idiot would do it too.
I'd much rather see corporations making their employees responsible for breaking things on the network. If the admin fscks up the entire system he'd be up to his knees in shit -- but the "users" are allowed to do it because they can claim ignorance? No thanks. Draw up some strick hard-line rules for your employees and get this crap taken care of. My personal suggestions would be:
Sure, it's a bit drastic. But is productivity really benefiting from wreckless use/abuse of insecure software? Must your employees use Outlook so they get that warm fuzzy feeling of being able to fiddle with all sorts of buttons on their screen? Why can't the computer be viewed like another other tool? If you don't know how to use it why in the world are you using it at work? I wouldn't dream of putting joe-schmoe on a fork life w/out some training, why put people w/ no training on a computer? If joe-schmoe runs the fork-lift into a wall you bet he'll get some heat for it. Run a virus though? Nah, everybody does that.. let it slide, let IT clean it up.
I Wish I had written it. Enjoy!
"It is a greater offense to steal men's labor, than their clothes"
He was also saying that the filter scans for Word macro viruses, etc. - those things can still get you. I'm not convinced that the last possible way to get Outlook to execute something has been found yet, either. So far I haven't seen anything to convince me that we're close to being able to filter things sufficiently enough to really rely on them indefinitely.
Blocking attachments is a band-aid in the sense that it doesn't solve the real problem. Sure, if you paste enough band-aids together you can cover over even a gaping hole, but IMHO that's not the right way to fix the problem - it makes you very dependent on band-aid manufacturers, for one thing.
Your right to not believe: Americans United for Separation of Church and
Never in the main stream release.
Nor is it supposed to be. Just as Linux is not a secure OS in the main stream releases. Linux will never be a secure OS in the main stream release. As it gains more market share it will become less secure (a high percentage of security is the users and administrator -- in the home box that's Joe and he doesn't give a hoot about security and won't buy an OS if he has to).
A secure OS is a special or a tuned release. Always will be.
Well, there are serial ports (I assume you referred to network ports), brute-force techniques at the keyboard, etc.
For offline cracking, steal the harddrive. It's less sexy, but would get the job done.
Point is, nothing is ever 100% secure.
Whatever. Like there is a common mail reader for every linux user.
/var/spool/mail cuz we are lazy.
Some of use just more
Even if that were true, why should anybody care WHY Windows is insecure?
Egress filtering at the firewall will block the spread of this. Simply don't allow anything but the mail server to make SMTP connections out. Done. Same thing with all of those "home firewall" products.
I want to delete my account but Slashdot doesn't allow it.
The reason that the various *nix OSes are immune to virii/worms of this type is because the vast majority of users use windows and MS products, not because of any superior security on the nix part. I am forced to use MS products at work and I have never been infected by a worm/virus because I know better. The average user doesn't know better. If they were on unix it would probably be an even worse problem because they would have even less of an idea of whats going on. I think Microsoft has made some bad decisions in its time, but I blame the worm/virus proliferation on the vulnerability of the users, not the vulnerability of the operating system.
- WeaselGod
Eagles may soar, but weasels don't get sucked into jet turbines
I've been reading lately that many geeks seem to have problems identifying some of the socal clues that indicate to normal people that they are being picked on or ridiculed. Where I work there are two people that will have clicked on this thing before I arrive to clean it up. So exactly how do I point out to these lusers that some 16 yr old kid is doing the electronic equilivent of holding their very importaint work over a flusing toliet just to watch them worry. And they walked into the situation?
I smoke, I get cancer, I die.
I fuck alot without protection, I get aids, i die.
I step in front of a train, it smacks me, i die.
I double click on a fuckin virus, it attacks my computer and sends shit to all my friends, I deserve it.
Know what, the stupider friends that get the virus will click on it and they too deserve whatever the fuck they get.
BFD, stupid actions yeild stupid results.
It's ok to blame the lusers.
Exactly _why_ would Linux be "the perfect environment for a rouge program to set up its own little SMTP server"?
If you know some windows programming, it isn't any harder to do in Windows than in Linux.
Anyway, you might have a point. Just don't know if it's valid, that's all.
Most news entities are INCREDIBLY biased in how they present things. The sheer issue of WHAT they present is interesting enough. However, many of them try to PRETEND they aren't biased while they push they push a lot of propaganda down your throat.
Slashdot just makes their propaganda obvious. They've ALWAYS been pro Linux and anti Microsoft. Should they change just because you showed up?
In case you didn't realize that they make it obvious, just look at the Bill Gates Borg icon again.
4) Own SMTP engine, so an Outlook script to warn that there's mail w/ attachments going out is useless. Linux is the perfect environment for a rouge program to set up its own little SMTP server and start spamming out copies of itself. The system is much more open to this kind of infection than a Windows-based machine.
Umm no only root can bind to low numbered ports (of which port 25 is a member)
5) New "method" of hiding file extension which is harder to see even if extensions are displayed. Again, for example, the worm writer could just make the file with a . in front of it and it would be hidden on most people's displays.
And no, it would need to be chmod executable. Now this part could be automated by a stupid mail client writer but there is no currently popular unix/linux email client that does this!
There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
I simply assumed that people on Slashdot are above those biases. We are (mostly) computer and science enthusiasts, and, generally, those types are able to make well-informed decisions about things.
Right. Just like Emacs is a clearly superior text editor to "vi", which is why there's never any discussion about it. Such issues are easily settled in a timely manner by us well-informed geeks!
"640K ought to be enough for anybody"
-- Some guy, I don't remember who...
Sometimes the best solution to morale problems is just to fire all the unhappy people.
Well, the real way to fix it is to not use Outlook... or Windows for that matter.
Zodiac Survey
So if you get a Linux CD stuck up your ass, can they report on that?
My office is now 100% Window-less as of about 6 months ago, but we're instead 100% Mac OS X (currently 10.1). It's great. I don't miss Windows at all, and the myth that you "can't get applications for the Mac" is such a load of cr@p.
In fact, the new Office for Mac OS X is, in my opinion, much BETTER than the Windows version.
Networking has been faster, too, and that's important to us. You'd never believe it, but it's cheaper too. No more calling for technical support or having someone on duty to fix problems with our systems. You just don't need it with a Mac because the hardware and software is so well integrated.
The machines themselves have been CHEAPER for us. $1199 iMacs as clients and G4s to handle some of the heavier loads. It's worked great.
And by the way... that 22" Apple flat screen is not only beautiful for working with, but it impresses customers too. I know it seems like a detail, but people have gotten the impression we're an upscale successful business because they see those screens and comment on them.
I know I seem like a troll ranting about this or that, but I just want to get the word out, because I'm a very pleased Apple customer... and I'm laughing at myself for ever having used Windows for so long.
So I ask you: what changes would you make to Slashdot, in particular, that would make it such a site? I'm sure your comments will be read by the Editors (after all, they read on a regular basis, and comment frequently in almost every article); and Users may well want to see them too.
This isn't new. The patch for this was released 9 months ago. Are we going to report every bug and defect that existed in Linux 9 months ago as well?
Umm, Lignux Expert D00D -- You don't need to bind to 25 to send mail. That's the listener port.
Some of the Outlook auto-execute bugs were legitimate buffer overflows.
As we all know, only Microsoft has buffer overflow problems, while Unix has historically been immune due to the excellent coding practices and the robust standard library.
Who keeps modding it down? Criticism of slashdot is totally fair and reasonable.
Wow, this has been the best "/. is sooo biased" thread in a while. Just look at all the responses that treated your post with serious consideration! Sir, I salute you on your excellent troll. Much better than the spammers and crapflooders who call themselves trolls around here.
P.S. "Bias" is a word whose negative connotation is used to discredit what is really an informed opinion.
The enemies of Democracy are
use "viruses". please, for the love of god.
Actually, if you want to be technical, it's more a trojan than a virus. Viruses (or virii) attach themselves to legetimate code or otherwise alter it, replicate, decimate, etc. Trojans APPEAR to be legitimate code, and do nasty stuff upon execution. This latest outbreak isn't anything legit, and doesn't infect other files.
Personally, I think labeling all malware as "viruses |viren | virii" is as irritating as calling crackers "hackers" and referring to IRC as "mIRC", and is doubleplus-ungood anyway.
The previous has been a secret message to my comrades.
or "This is not a Hoax!" that would work.
The post office has taken steps towards irradiating mail. Maybe more ISPs need to "irradiate" email.
.exe attachment... it is boring. Show me an actual .txt file that can do some damage and I'm interested!
The consumer-level answer (repeated like a mantra) of course is to use anti-virus software, and I find it interesting (and conspicuous) that MS has stayed out of the anti-virus racket- but I suppose one cannot integrate AV software into the OS.
It still boils down to individual "responsibility"- at home I run no AV software on my windows box, and I've never had a problem. I'm no windows apologist, but the fact remains that most people treat their PCs as if they are leaving their keys in the car, garage door unlocked, etc... I mean, it certainly is more "convenient" to ignore any security precaution in actual life (think airport)- but is it safe? And is it at all convenient to clean up after a security breech?
Windows *has* most of the tools for a reasonable level of security if only people educate themselves and use them. The widespread problems people experience, such as this, boil down to NOT opening unknown attachments- which is email 101. This STILL boils down to an
Those that suggest you "dance like no one is watching" really want to see you make a complete fool of yourself.
>only root can bind to low numbered ports
So, just bind to some arbitrary high-numbered port, right? I mean, only the worm is going to use this smtp service, who cares if it is on port 25?
I think the only one I got was the "I send you this file in order to have your advice" thing like 6 months ago. No Nimda for me, no Sircam, no other elite macro viruses. The "I send you this file in order to have your advice" thing is Sircam.
None of the people actually using XP get to fly. They are chained to a computer while they watch others fly by. Seriously. Watch it again.
(Too bad adcritic is no more. They would have had an easily accessable copy of the commercial)
I believe -- correct me if I'm wrong -- that was a problem with the mail client of emacs.
Never play leapfrog with a unicorn. Or a juggernaut.
Dude, you are sooooo high. Pass me some of those kind Shire buds, will ya?
Clever implies some sort of ingenuity or originality, neither of which really apply to this worm. If you want to talk about clever, look no further than BadTrans. It had SMTP capability, added an underscore to the return email address to make it more difficult to alert the victim, executed automatically in Outlook's preview pane, replied to your unanswered email, hid the attachment from most email programs AND installed a keystroke logger! Now THAT is clever, not to mention evil. This one is nothing more than script kiddie plagiarism.
Fried ice cream is a reality. - George Clinton
Imagine if you knew what you were talking about, you'd be very dangerous then.
There are places where the networks are not touching,and there are places where they are-Boeing's Lori Gunter
Euh, I've used MS OS's for 8 years now and never had a virus. I've used Linux for 4 years now and never had a virus. I've used OS2 for 6 months and never had a virus. I've used MAC OS for 3 months and never had a virus.
Grow up dude, when is the last time you saw a power user get hit by a virus?
A Credit Card Processor, CCBill has been hacked and credit cards were stolen. No mention of it on Slashdot. Is it because the site runs Apache/PHP?
one of the previous email worms executed code due to a buffer overflow in Outlook's date parser
no file extensions, no nothing just a nice juicy malformed header
using Outlook is stupid merely because of it's ubiquity
if you must use windows try TheBat!
it's a great email client with (gasp) regexs for filtering
and loads of features I've never used (and I've dumped windows since anyway
There are places where the networks are not touching,and there are places where they are-Boeing's Lori Gunter
Woulda burned all my mod points to knock even a little bit of this crap down where it belongs, so I'll just burn some karma instead. Word to my fellow moderators: this thread is about a VIRUS, not Slashdot demagoguery, or however you spell it. Please mod ME off-topic so I know at least someone is using their brain. While I'm ranting, how the hell is browsing at -1 while moderating supposed to help contain the trolls. That's how they got to -1 in the first place! Idiots.
Fried ice cream is a reality. - George Clinton
Please read what he said again.
There is no perfect email system, and there never will be, but the way Microsoft does things is fundamentally wrong. The default "trust all attachments" behavior of Lookout and Lookout Express, coupled with the default behavior of hiding extensions for known filetypes, mated with most users' general inexperience in all things computer-related equates to one huge fucking train-wreck of a problem, wouldn't you agree?
This whole mess could easily be avoided (or at least toned way, way down) if Microsoft would wise up and start shipping their mail clients (and their web browsers) with much more locked-down defaults.
Yes, I'm picking on Microsoft. They're a huge company and a lot of people who simply don't know any better use their products. Their products ought to know better; don't leave security up to the end-user, and don't make the IT guy's job more tedious than it already is.
- A.P.
"Remember when the U.S. had a drug problem, and then we declared a War On Drugs, and now you can't buy drugs anymore?"
Off-topic huh?
:-) there to instruct you to laugh?
Gee Mr. Moderator, you think maybe that was meant to be humor, but without having a little smiley
Or maybe you seriously thought I was trying to start a discussion about emacs.... dumbass.
I know this is a troll, but, just in case anyone actually believed it, I ask:
Which popular MUA on Linux would take an arbitrary attachment and pass it to the shell for execution?
warning from McAfee, as look at the file listing that is attempted to be deleted (according to McAfee):
Files being Deleted on an example (win9x) system:
- c:\WINDOWS\1STBOOT.BMP
- c:\WINDOWS\ASD.EXE
- c:\WINDOWS\CLEANMGR.EXE
- c:\WINDOWS\CLSPACK.EXE
- c:\WINDOWS\CONTROL.EXE
- c:\WINDOWS\CVTAPLOG.EXE
- c:\WINDOWS\DEFRAG.EXE
- c:\WINDOWS\DOSREP.EXE
- c:\WINDOWS\DRWATSON.EXE
- c:\WINDOWS\DRWATSON
- c:\WINDOWS\DRWATSON\FRAME.HTM
- c:\WINDOWS\EMM386.EXE
- c:\WINDOWS\HIMEM.SYS
- c:\WINDOWS\HWINFO.EXE
- c:\WINDOWS\JAUTOEXP.DAT
- c:\WINDOWS\Kacheln.bmp
- c:\WINDOWS\Kreise.bmp
- c:\WINDOWS\LICENSE.TXT
- c:\WINDOWS\LOGOS.SYS
- c:\WINDOWS\LOGOW.SYS
- c:\WINDOWS\MORICONS.DLL
- c:\WINDOWS\NDDEAPI.DLL
- c:\WINDOWS\NDDENB.DLL
- c:\WINDOWS\NETDET.INI
- c:\WINDOWS\RAMDRIVE.SYS
- c:\WINDOWS\RUNHELP.CAB
- c:\WINDOWS\SCRIPT.DOC
- c:\WINDOWS\Setup.bmp
- c:\WINDOWS\SMARTDRV.EXE
- c:\WINDOWS\Streifen.bmp
- c:\WINDOWS\SUBACK.BIN
- c:\WINDOWS\SUPPORT.TXT
- c:\WINDOWS\TELEPHON.INI
- c:\WINDOWS\W98SETUP.BIN
- c:\WINDOWS\Wellen.bmp
- c:\WINDOWS\WIN.COM
- c:\WINDOWS\WIN.INI
- c:\WINDOWS\WINSOCK.DLL
That would seem to be pretty destructive to me... Also strange that we can only get a beta DAT file and there is no mention on McAfee's virus alert pages that this thing is out there... tisk tisk how many people will think this is a hoax and run it fscking up their systems...
Sure you would. My first thought was exactly the same: it's not a problem with Windows, it's a problem with a mail client that happens to come with Windows. For crying out loud, the patch for this vulnerability was out nearly a year ago.
I read /. because it has some interesting news pieces that I follow, and occasionally some informed discussion on subjects that interest me. But I, too, get annoyed when the editors just slap anti-MS FUD all over the intros (and when they reject my submission but run the same story three days later from someone else, etc.). It doesn't do anything for the credibility of the site.
If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
You've never done corporate IT support, have you? Even if you could convince the pointy-haired bosses to accept these draconian security restrictions, the employees would attempt lynch you for it. Business people don't like being told what they CAN'T do! They aren't like apthetic college students, who usually care less about the rules (unless it affects their precious beer supply).
If a manager (Or a sales guy, or an accountant, whatever) is used to using IE at home and sending e-mails with pretty fonts and pictures attached, they'll demand that they can do it at work. They'll want to be able to read Word attachments from outside sources, and share files with their co-workers. If you say no, they'll just keep complaining louder to your manager and your manager's managers until someone forces you to cave in to their demands. Most of your changes will get shot down, and you'll put up with a lot of grief in the process.
Most users don't give a rats ass about security, they just want to be able to do their jobs as quickly and easily as possible. If you try to get in their way, they'll fight you on every change until you get frustrated and give up.
That's why it's important to make SMALL security improvements, and make them slowly. Start by blocking certain attachments on the server side, and continously remind people not to click on unknown files. Make sure that your virus software runs automatic scans, and updates itself automatically. The users aren't going to do it for themselves, or at least not until they are already infected. Warn constantly, but never try to FORCE anything on your users unless it's absolutely necessary. The nastier you get, the more that they'll start ignoring you.
Umm no only root can bind to low numbered ports (of which port 25 is a member)
Contrary to popular belief - and it's really, really prevalent on Slashdot nowadays, of all places - you don't need an SMTP server to send an email. You just need a client.
All you need to do is open a connection to port 25 on an existing SMTP server to send an email to an address it assumes is its own, and send off a bunch of commands: HELO, MAIL FROM, RCPT TO, DATA, and QUIT.
Try it sometime. Telnet to a mail server on port 25, and type the following commands, without using the backspace key:
HELO heaven.gov
MAIL FROM: god@heaven.gov
RCPT TO: <actual email address>
DATA
I've been watching you. Your fly is down.
.
QUIT
Make sure the email address domain is one that the mail server will answer for, otherwise you'll get an error saying it won't relay for you. (Usually.) And make sure the user is a valid user on that domain. If those two requirements are met, you've sent an email - without needing an SMTP server, I might add.
So if you don't need a server, you don't need to bind a port, and a worm like this could spread through Linux systems the way it spreads through Windows systems.
I got my Linux laptop at System76.
So, how is it going to be chmodded? Magic? How is it going to run on a non-executable partition? Magic again?
you don't have to be root to send mail on a unix system.. as someone else mentioned only installing a service that listens on a low numbered port is restricted. You can connect to anyone's low numbered port as a normal user (web browsing and sending email would be rough if you couldn't). And you can also run a dangerous script without the executable bits set:
./virus.sh
$ sh
I guess it depends on how MUAs like kmail handle perl and shell scripts and such. Hopefully they force the user to save them to disc.
Is it true Scott McNealy wants to buy /. so he can shoot even more flaming arrows at Redmond ?
touchy, eh? What, the new and improved XP has a serious hole. Gee whiz. I have a suggestion. Why doesn't ms smarten up, and quit trying to reinvent the wheel. Use BSD or something as a base for their pretty face.
Derek
YAY KARMA PLUMMET! :-D
Humorless sig goes here.
Do you really think that's true? Far more likely that they're every bit as vulnerable, but nobody's looking.
Mozilla's source code is freely available. I bet that an interested party could work out a buffer overflow of some sort in it.
ok. windows. heh.. security. laugh a minute. well... ok the joke died out in about 1996 when we saw even our superiors using it, but ok.. I'll get moderated through slashdots very own bottom for saying this, but it's 100% TRUE!! Please can the world governments and the UN and anyone who's doing a shady job or who has a loud voice pick this one up please?
Microsoft security is pure "C-O-C-K". !
wow! shit.. I'm not lying either. it's total front bottom. top A microsoft. delivering pure cock to the customer every time.. like a male pro. phwoar (if you're into that stuff).
*because* they are opinionated bastards that put weird, occasionally informative crap up on their show.
/. quite well.
Seems to sum up
---
I don't care what they say about me as long as they spell my name right. - 1930s Hollywood producer
HAs anyone figured out how to corrupt X-Boxes yet?
That will be fun for everyone, I'm sure!
Bzzzt. Wrong. But thanks for playing anyways. You did know that ACLs were innoveted quite a while back on non-NT systems, such as Unix, right? Yeah, stock Linux currently doesn't have ACLs, but most other unices have had ACL support for several years now.
Marxism is the opiate of dumbasses
The idea that "unbiased" journalism is somehow superior is simply wrong. Not because being unbiased is inherently wrong (its not; the opposite is true, being unbiases is always superior), but because there simply is no such thing as "unbiased" journalism.
I don't know about you, but by FAR the reporting that holds value for me is the kind where the bias is KNOWN. Ever see "The Insider"? Wouldn't you like to know if there is bias mucking with your news organization?
You are living in a DREAM world if you think your news organizations are giving you unfiltered, unbiased news.
Time to wake up and do a bit of research son.
Either that or yours was a masterful troll.
People have been screaming all along that their approach was irresponsible and would swamp the rest of us in a tide of shit. Bill Gates decided it was time to take over the internet back in 95 or so. He did not ignore the internet in "The Road Ahead" because he was worried about what his half assed OS would do to other people. He ignored it because he had a limited imagination. There is nothing inherently conveinient in the stupid single user mode M$ chose to keep. While the free software community developed unix like file systems with permisions to run multi user OS on top of DOS, Bill Gates started tacking on inconvient and usless things like the loggon screen. As the free software community adopted the tried and true security models of Unix, Bill Gates was busy making a mail client that would auto execute atttachments. Each step of the way, responsible people cried out in alarm. Today we suffer, but none like those who pay to trust M$.
DMCA, Hollings, Palladium. What might have sounded like paranoia is now common sense.
>> 4) Own SMTP engine, so an Outlook script to warn that there's mail w/ attachments going out is useless. Linux is the perfect environment for a rouge program to set up its own little SMTP server and start spamming out copies of itself. The system is much more open to this kind of infection than a Windows-based machine.
> Umm no only root can bind to low numbered ports (of which port 25 is a member)
BZZZT. The worm uses its SMTP code to send mail, not receive it. Any user can do this. RTFLinkedArticle.
All news is slanted, learn it, deal with it, read a variety so you don't fall prey to slant. Let Slashdot be Slashdot. They may lose credibility for offering slant, but you're not going to suddenly reverse that trend by posting telling them to stop.
All news is slanted, read a variety and if you're lucky you'll get a reasonable perspective.
Go Lakers!
The worm uses its SMTP code to send mail, not receive it. It's a way to bypass any outgoing mail checking Outlook may have enabled.
Perhaps the people that send these virii just want to get on Slashdot... :)
WARNING: THIS IS A PLUG FOR MY MAIL FILTER
I got sick and tired of cleaning viruses off my users' machines and I didn't like any of the current GPL mail filters out there, so I wrote my own!
It's called batemail. Written in Perl, batemail scans incoming email messages for executable attachments. On finding an executable attachment, batemail saves the attachment on the server (optional) and replaces it with a nice little notice explaining what happened.
Go ahead and try it. It's been saving my ass for over 6 months now.
Let's see, I'm 35 and work for a US national sized company. They have not fired me yet, so I must have some tact.
I'm interested in all the windows worms and I'm glad that Slashdot documents them. Here disasters that cost companies that trust M$ millions of $ are treated rather cooly, exept by folks like me. You see, here I get to scream my head off about how stupid, irresponsible and incompetent the exchange group is. You don't think I'd actually tell anythig to the moron "standardized" on Exchange then got clobbered by all this? I mean, they tried very hard. They spent all the company money on all the band-aid virus checkers, comercial mail filters and what not. Heck, they are still trying very hard to recover all the contacts, email, calender events, daily journals and what not that contained the characters "hi" in them? Nah, they might get their feelings hurt if they learned how badly the company they trusted let us all down. Here I can scream it all out loud, share laments with others who suffer and more important, learn exactly why such things happen and why they will always happen when you do things the M$ way. Slashdot is teaching me with good and bad expamples of how to do things. Shame on M$ for the way they do things. Here I can gloat and bitchslap trolls like you in a way that would get me shitcanned at work. When I'm finished learning good conceptes and taking out my frustration on loosers like you, I can gently suggest things to my co-workers that might improve the place I work. I don't have to gloat about new viruses, the NAV packs and viruses themselves do that for me.
DMCA, Hollings, Palladium. What might have sounded like paranoia is now common sense.
http://www.washington.edu/pine/faq/security.html#1 3.3
- 19 9804/0186.html and http://security-archive.merton.ox.ac.uk/archive-19 9804/0188.html
http://security-archive.merton.ox.ac.uk/archive
Wow, software has bugs. Who'd'a' thunk it.
Think of it, if there was more competition, and the numbers were more even, say like Pepsi and Coke are (i think), imagine how many fewer people this would have affected. Just a thought..
-
ping -f 255.255.255.255 # if only
Maybe we need a new category for Windoze worms.
The image could be the Bill-borg with a maggot
eatting into his head.
Im not a power user.
"Smokey, this isn't Nam, there are rules." -Walter
Right and yet wrong. Any user can do that, but that user will only affect s/h/it's files. And any sysadmin that runs a program/script without seeing what the program does deserves to be fired.
One might say that that basically removes any closed source (i.e. M$) programs from the "known-good" list. It should, IMHO; that's the root of all these problems.
I've seen the NT boxes sitting on shelves where I work, "New Technology". It was not exactly new even then, nor did it thread very well. It was better than their DOS junk, too bad they were so wrong headed as to consider it a "Unix killer". They were clueless then and they are clueless now.
DMCA, Hollings, Palladium. What might have sounded like paranoia is now common sense.
check that ultimate board page!
:)
michael robertson has a comment on december 10th
and then all comments are from a user called "reply"..
they're mostly posted on the same day..
they pretend to be from lost of various people
praising the upcoming system..
if you check reply's profile
the email is "comments@lindows.com"..
i have not seen as ridiculous in a long time!
/// evilloop.com
You mean the same way some trolls are now hiding Goatsex links by putting a popular site in the front of the url (like Yahoo), having it show [yahoo.com] on Slashdot, then redirecting the user to Goatsex?
Windows isn't the only one with flaws...
I'm at the karma cap, and I've been oscillating between 47 and 50 for some time. Does anyone else in that situation agree with my Modest Karma Proposal [slashdot.org]?
Why don't you just use your points? That's probably what the cap is there for..
I agree with you to some extent. But your argument does not hold up if you compare it to an operating system with a focus on security.
OpenBSD hasn't had a remote hole (in the default install) in 4 years. Windows, Linux (the majority of Linux distros anyway), and other operating systems are a lot less concerned about security, and often find exploits in them.
If Linux was run on 98% of computers, there would probably be a few less exploits than Windows. But if it was OBSD, I would be willing to bet there wouldn't be anywhere near as many as Windows or Linux.
To be "popular belief" it would need to be a prevailing opinion. The post you responded to is proof of just one person who knows less about SMTP than they thought they did. Hardly prevailing.
What is really popular right now is the "hate Slashdot" meme. It seems to be trendy to bash Slashdot, people who read Slashdot, people who post to Slashdot, and so on.
Actually the standard one, mailx, does when you use the command pi message.
The message, including attachments, is put on stdin and then given to command string after pipe.
If the command string does not properly parse the message, it can cause problems.
Okay, it may be in poor form to reply to one's own post, but I have to express my feelings to the moderators (at futile as it may be). Why? I got three people who labeled this post as a troll, and one redundant.
Let's start with the easy one: it wasn't redundant - I checked the comments before I posted. I didn't see any other post that attempted to make light of the fact that there where two windows security stories in just as many hours.
Now for the Trolls. You people don't understand what a troll is. A troll is a beast of a post that adds nothing to the discussion, but serves to demean the general humanity of the average slashdot reader. The name troll stems from the passing of Jon Postal (if memory serves - I'm 99% sure on this one), when some trolls started to post offensive comments such as "good riddin's" and the like. At the time, Slashdot was just starting to gain real mainstream exposure and as such, many high profile Internet pioneers had just started to read it. There were many unkind words from them regarding the level of respect that was being expressed towards their friend and collegue, and I'm sure many dismissed /. altogether after that. It was generally thought that there needed to be a label for these types of posts to seperate them from other types of negative posts (flamebait/offtopic/etc), because there is this perception of being worse. To get back to my point, I don't believe that my post in any way insults anyone's basic dignity and it was by no means meant to troll.
Now, I did rather expect that it would be moderated three ways:
You only have five points. Use them wisely.
-"Zow"
...why do people continue to use Windows?
This is ridiculous.
Are the masses really that stupid???
What? Are you out of your mind? So your saying that IE security is so bad because people are picking on it?
Ohhh The old source code to find the explote idea!
HA! Yea sure! That sounds WRONG! Microsoft is a Billion Dollar company, and they do have the source code! Maybe they could FIX the friggin thing!
"Show me a soccor mom that can pick up Linux+StarOffice and use it."
"Show me an average person that can learn how to open up attachments with one of your "safe" email programs"
Show me the average non-word-experienced person who can get one of the newer versions of M$ Word to do exactly what they want quickly and simply. Please, try-- I would enjoy watching.
I've been working front-line tech support for a while, and Office is *NOT* user-friendly to people who are unfamiliar with it.
Just watch some poor sap trying to write a resume and running into the auto-format and auto-complete stuff. Once that's involved, it's ridiculously difficult to get the results you want unless you know how to get it to go away.
"We have to go forth and crush every world view that doesn't believe in tolerance and free speech." - David Brin
This could be gross negligence by Microsoft. They installed a secret privileged program that runs in every Microsoft XP system. This program waits for messages from any outside user and acts upon them. No client system should have something like that installed by default. Microsoft has a whole security system in NT/Win2K/XP; if they wanted to implement a service, it didn't have to run at a high privilege level. They effectively shipped a system with a secret server that runs as root. This is so stupid as to potentially be criminal in states that have "reckless endangerment" laws. (Under the Penal Law, a person acts recklessly when he or she is aware of, but disregards, a substantial and unjustifiable risk that a result will occur or that circumstances exist, where such disregard constitutes a gross deviation from the standard of conduct that a reasonable person would have observed (New York State Penal Law 15.05[3]).)
Just to attach to the thread of plugs...
I wrote mailfw the second time we had a problem like this. At my company, it's plucked attachments from 12,823 mails since June 2000.
It sounds fairly similar, examine every attachment recursively and check both the file extensions and the mime types against a lists, pull the bad content, and deliver the message with a note at the top that lists the things that were removed and why. 18 months without hearing about *that* problem.
-- The world is watching America, and America is watching TV.
Sure, mistakes can happen in both technologies. But it didn't take the Unix world scads of worms and millions of lost time and money in the business world to figure out that having your email client be hijackable by any email sender in the world is a bad idea. Although I'm not sure if Microsoft "gets it" even now.
Really, the whole virus/worm email thing is just a symptom of how Microsoft doesn't really understand the Internet as a whole. Their stuff used to only work in a PC context, and later would mostly work for a small workgroup. Now they're working up to corporate-wide software systems, but they still don't really conceive that there will always be part of the 'net that's not run by Microsoft, and thus can't be trusted to play by their (lax) rules.
Your right to not believe: Americans United for Separation of Church and
If any of these employees wore a bathrobe to the office, and sat all day watching television, I'd fire their ass in no time flat. Yet they do this at home all the time.
I don't mean to come off as a flame, as I agree for the most part with your post, but employees are paid to do a job, and to do as *I* the employer says with *my* equipment. A huge problem with email viruses is that because they're computer related, we somehow feel we shouldn't be able to hold employees accountable for their actions. If an employee doesn't want to lock his house door, fine. If he leaves my office door unlocked after hours, he's gone. When I tell an employee "DO NOT open email attachments" and they do, I'm sorry, but the employee is at fault.
Endless arguments over trivial contradictions in books written by ignorant savages to explain thunder in the dark.
posting as AC is so leet.
in my case:
/var/spool/mail/meuser
tail -f
and use echo "text" | mail -s replying back@to.you
...isn't meant to help contain the trolls, but rather to catch instances where a good comment has been unfairly modded down.
Otherwise, I agree with you.
I've seen quite a few comments along the lines of "you don't need a server running to send e-mail!" While this is technically true, the fact of the matter is that this worm does (if I'm reading what's here correctly), in fact, run its own SMTP server. Therefore, in this specific instance at least, the worm's impact would be minimized by denying non-admins access to low ports.
You left out:
(C) Windows and Outlook are the most virus-friendly products of their types, that ever existed. It's almost like Microsoft went out of their way to support malware. The next version will probably ship with a full virus-support API called virus.dll..
Prior to Windows, had anyone ever even considered having the OS load and execute code from removable media, triggered merely by the insertion of such media? Windows can do that with CDs.
Prior to IE, had anyone ever even considered having a web browser download and execute binaries from an untrusted machine, without even running it in a sandbox or with some other restricted access? That's what IE can do with ActiveX controls.
Prior to Outlook, had anyone ever even considered having an email reader, that would execute an attached script by clicking on the attachment? That's what Outlook can do.
You're wrong that Linux or MacOS or any other non-MS product would have the same problems if they were on top, because nobody other than Microsoft would ever, or has ever, made such shoddy products. If you produce software of random attributes (i.e. let a monkey pick what the program will do, by throwing his turds at a chart and then looking at where the splotches are), it still comes out being safer than Microsoft's stuff. Because, you see, MS isn't merely below-average quality. It's not like their in the 55th percentile in terms of quality. They're in the 99-100% area. It's like, as bad as anything can be. It is actually requires effort to imagine something worse.
(And moderators, before you label this troll or flamebait, actually look into the subject matter first. I know, I know, it's hard to believe that any OS would really load and execute code from a CD upon insertion, that an email reader would execute an attached script by clicking on it, or that a web browser would execute code that it downloaded from a web page. You're thinking: he's got to be making this crap up -- he's a troll. Even computers in science-fiction movies wouldn't be that stupidly designed. But no, it actually happened in real life and millions of people are having to deal with it every day. Truth really is stranger than fiction.)
A lot of people don't realize how bad the situation is with Microsoft. They read a story on Slashdot, and think that Slashdot is exaggerating the problems. The opposite is true. There are many, many problems you never hear about on Slashdot. For example, this just arrived:
Title: SQL Server Text Formatting Functions Contain unchecked Buffers.
Date: 20 December 2001
Software: Microsoft SQL Server 7.0 and Microsoft SQL Server 2000
Impact: Run code of attacker's choice on server, denial of service
Max Risk: Moderate
Bulletin: MS01-060
Microsoft encourages customers to review the Security Bulletin at: http://www.microsoft.com/technet/security/bulleti
If you read all the advisories, it is possible to come to the conclusion that there seems to be a lot of sloppy code in Microsoft products.
--
The U.S. government causes problems, then pretends to solve them by creating more: What should be the Response to Violence?
Bush's education improvements were
You sound like someone who would like to be in an IT department, but never has been. Most of your suggestions explicitly violate company policy at most large corporations.
1. Many intranet Web sites only work correctly in Internet Explorer, because of incompetent coders. This could be fixed by firing the web design staff and hiring new ones for more money, and training them in company procedures and such. Sometimes, sites operated by your vendors don't work correctly in other browsers; this cannot be fixed.
2. Managers really like Outlook. Exchange does have some nice features. People like the convenience of being able to embed a table in their e-mail message just by copying and pasting from Excel to Outlook, and having it open as a normal e-mail without the recipients having to save an attachment and launch Excel. Bottom line is, managers like it, and they're the ones who pay your salary.
3. Many companies wouldn't punish that, if the user didn't know they were doing it. So, it's already being treated the same way.
4. Documents that employees create that could potentially be saved in RTF files are not the cause of virus propagation. Restricting users wouldn't help.
By the way, regarding #1, my preferred browser is Mozilla. I work for a large DSL ISP. Our internal database system doesn't work in Mozilla. One of the internal telco web sites we use doesn't work in Mozilla. Another internal telco web site might work in Mozilla, except it uses Java for something, and when I tried to get Java to work it crashed.
$x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$];
$x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;
You have an understanding of how it really works.
Idealism is great, but reality is where we live.
I'm guessing that you are a well placed, well paid person in charge of big things. RU?
1000 SlashDot sigs
When I read this article I couldn't believe I was reading slashdot. I didn't think some bad non-threat virus warning article would ever be posted to slashdot.
As a starter I can say that I work for an antivirus company as a virus analyzer. I have analyzed and written detection/repair for atleast a few hundred viruses/worms/trojan.
In regards to this article, I have to start by pointing out the fact that NOTHING in this worm is new. In fact, this worm is something I consider a non-threat.
Secondly, this worm is written in VB. In other words, if you don't have MSVBVM60.DLL, the worm is not going to work.
Clever bits include running its own SMTP service...
Do you have any idea what it means to have its own SMTP service?? It takes roughly 40 lines of code to get you own "SMTP Service". It so simple, that it's hardly worth mentioning.
No doubt countless copycats will soon follow...
THIS IS A COPYCAT. Sircam for one has it's own SMTP services, and Nimda uses the IFRAME exploit (and so does atleast 20 worms released BEFORE this one).
This is a copycat worm, written in Visual Basic, that introduces nothing new and will not spread.
Sorry for posting anonymously, but I figured that was the safest thing to do...
Wow, it has its own mailer engine? I am genuinly interested on acquiring it to see how I can use it for good things so that I won't have to use Outlook all the time. Does this mailer work as a spam mailer?
This program can send mail using only 110K of code. Outlook is pretty big. Why do viruses have to be so DAMN efficient?
"Wireless : LAN
Bubba earlier wrote that /.ers should
"Stop pointing the relentless finger at Microsoft every chance you get."
But why? They keep giving us the finger every chance they get.
Just my 0.02 U$D,
Thumper
M$-free since 1997 (Thanks, Juergen!)
How come the snapshot at
.txt file if it is really a .pif file?
http://www.datafellows.com/v-descs/welyah.shtml
shows the icon of a
No matter how many spaces you put before it, Windows' file association mechanism should be able to display the correct icon and hence, tip off the user.
Is this virus for real?
I thought it was funny - if the thought counts. Got nailed myself the other day on a joke that was modded poorly (IMHO).
+++ UGUCAUCGUAUUUCU
Maybe you'd like to know how McAfee assess risk?
There are also more details available about AVERT Risk Assessment if you are really interested.
-- Pete.
Monochrome - Probably the UK's largest internet BBS
Why bother? - the domain you are sending your e-mail to has an SMTP server just happy to take your e-mail. Just look up the MX record of the outgoing mail addresses domain and connect directly to port 25 at that address.
Imagine if you will....
You get an email with an executable attachment.
The attachment executes automatically, because we WANT it to do that.
Upon execution, a EULA pops up, with a "licence agreement" that states the following:
- The program being executed will automatically forward itself to a significant number of people using a variety of means
- Some type of modification will take place to your file system.
- By clicking OK you AUTHORIZE this to happen, and claim full responsibility for any damage that
is caused as a result.
And most importantly, if the cancel button is pressed, the program won't execute.
Chances are good that 90% of the people who would be affected by an illegal virus will just as happily click OK without reading anything. The fact of the matter is, the virus will cause the same amount of damage, but the author could probably plaster his name all over it and not fear any legal repercussions.
Of course, there's always the issue of intent. Bottom line, authorized or not, the INTENT of the program was to cause havok of the same nature as a virus. But in the end, it would sure make an idiot out of anyone who spread it.
And maybe, just maybe, it MIGHT result in people actually READING the EULA's. Yeah.. I know.. I'm dreaming.
-Restil
Play with my webcams and lights here
Thank heavens you're not, either, dipshit. Somehow, I'd think that if you were going to insult someone for their grammar or spelling, you'd take the time to spell-check (or at a minimum proof-read) your own post before displaying your own ignorance to the world. Kind of like how those baboons at the zoo feel the insane compulsion to display their hideous red asses to everyone. Ah, well, at least you've allowed me to take my first step on the long road to trolling. Thanks!
however,the steps MS has taken to make Windows 'user-friendly' make it EASIER to take advantage of those holes
Considering that some of these features are more often used by malware than users. Indeed typically users don't even know the "feature" is there. Maybe "virus friendly" would be more applicable than "user friendly".
They don't seem to have heard of this virus yet! quite worring as my company uses them...
Russ
Is it a boat?
From what I saw at Symantec's page the E-mail sanitizer made by John D. Hardin may help you to deal with this worm. Sanitizer can be found at here and is designed for usage on mail servers with perl and either sendmail or qmail installed.
I'm using this sanitizer for about a year and I'm very content - it saved me a lot of headaches.
hany
Just watch some poor sap trying to write a resume and running into the auto-format and auto-complete stuff.
Tweak these a little and you have a cypher machine instead of a word processor. They can be a real big problem on networks where several users use a machine...
Have a read of this article at Wired entitled "The Great MS Patch Nobody Uses". (brief extract below).
A free, downloadable update that transforms Microsoft's Outlook into a significantly more secure e-mail application has languished virtually ignored on Microsoft's website for more than a year.
Although the majority of recent viral attacks have come compliments of worms that don't rely only on e-mail to spread, the Outlook E-mail Security Update (OESU) can stop or greatly lessen the impact of most malicious code, such as BadTrans and SirCam, if only people would download and install it.
OESU blocks the receipt and transmission of most of the e-mail attachments that typically can contain virus or worm code. The update also stops malicious code from spreading by blocking unauthorized access to Outlook and its address book. Many viruses and worms spread by surreptitiously e-mailing themselves to e-mail addresses culled from an infected computer's system files.
Funny how if the other 99% of people had this patch then virus spreading would drop drastically.
Avantslash - View Slashdot cleanly on your mobile phone.
In 1997 (I think it was could have been 1998 though) the company I work for Delft Hydraulics used Z-mail as the windows platform e-mail client (they used popmail, a text based e-mail client on dos).
I was presented the task of picking out a browser and an e-mail client for the windows95 platform we were preparing to roll out (about 400 computers used by the people that design dykes and harbours for places all over the world).
I knew some software but to be fair I started looking around for all kinds of e-mail packages and browsers. Z-mail was not really an option because it was unstable and required a lot of ram. After playing around with some five or six different e-mail packages the choices became evident.
The advantage of having a browser e-mail combination ruled out all of the separate e-mail programs, not that I found a lot of great ones. (Pegasus, Z-mail, pine, IMC and Eudora where all missing some functionality I whished for our company.)
So the choice was between Microsoft's Internet Explorer in combination with Outlook Express (I never considered Outlook an option since we use sendmail for mail exchange from the early beginnings of the internet in the 80's) or Netscape Communicator (including Navigator, Mail, Calendar and some more stuff).
I summed up the advantages and disadvantages for all products and stated that the software of my choise was the Netscape package.
But, my superiors ruled out Netscape. They did not want to pay $50,- per computer for 'just a browser and an e-mail package' when they could get Internet Explorer and Outlook Express for 'free'. Back then I was in no position to tell them the $50,- was really worth not using all software of one vendor. Today I could, but not back then. So am I to blaim for getting Outlook Express into the company?
1 month after we started to roll out windows95 everywhere the Netscape Communicator package was suddenly available at no cost. But by then Netscape had lost and Microsoft had put it's monopoly foot deep into our company.
We are still using windows95 with Microsoft Office and Internet Explorer and Outlook Express to this very day. All email virus and worm checking is performd by our e-mail server and a strong firewall in combination with PC viruschecking software should keep browser virus out.
sig not found
the worm's smtp dont have to be at port 25,
if the smtp port is 12345 , the worm still can use it. it's private smtp not public
-- Hasbullah bin Pit (sebol)
Not_a_Virus_.exe
:-)
I'm one of the pointy-haired bosses in question. The problem with every profession on the world, be it IT people, bosses or telephone sanitizers, is that we WAY overestimate the importance of our own field. The importance of IT security in a business is medium-to-low - I would rather invest in a company with mediocre IT security than, say, mediocre product quality or mediocre financial controlling. Then you have distribution, marketing, billing, support, product development, etc. etc. - all of them areas which have their own claims to importance in the company.
My point is that planning to require an entire company to use non-familiar PC tools to prevent computer virii is as appropriate as throwing everyone out for an hour during business hours just to clean telephones. It is certainly the way the phone sanitizer would prefer to do it, but he will just have to do it after hours to minimize the efficiency loss. The same way, IT people will have to keep fighting the IT security battle without too much disruption to corporate communications or too much requirements for IT/PC retraining of the employees. Get used to it.
right...
/., you KNOW they hate MS. ZDNet pretends to be unbiased, but it just a MS shill.
good thing MS doesnt have a large stake in zdnet, or else, i'd worry about the bias in their reporting.
at least with
... hi bingo
I think its important to reflect why this meme has gained steam. Slashdot for too long now has overstepped the bounds of good reason in its mob mentality regarding certain issues (*cough* micros~1). Its time to step back from the brink.
If standard Unix security was truly a "fundamentally sound design" then surely it wouldn't require extensions to perform such a simple task?
Nonsense.
There are many fundamentally sound designs which do exactly what is intended, and required, and are then extended in some form because creative people have come up with a new problem domain in which they would like to use the aforementioned design.
UNIX security is fundamentally sound. However, some users want greater flexibility than the basic UNIX security implimentation allows, without losing the fundamentally sound security UNIX offers. Enter an extention (in this case ACLs) to an already fundamentally sound system.
In short, your logic is flawed. The desire to build upon and extend something does not in any way imply it is not sound in its own right, any more than the desire to build a fifty story building implies that the underground foundation and subbasements are somehow not "fundamentally sound."
The Future of Human Evolution: Autonomy
My wifes almost exactly the same and has no problem, sure she needs me to occasionaly admin some thing or install something, but so does the boss on a WindowsME® machine, what's the diff?
The biggest diff is Microsoft® all but pays OEM to pre-install windows®. Once I was spec'ing a SCO boxen and the local 'puter store responded to my telling them that a windows install was unnecessary, "for $40.00 we'll remove the software"!
Apocalypse Cancelled, Sorry, No Ticket Refunds
Please, learn the proper English plural of the word 'virus.'
There's no need to be making up words in hopes of sounding smarter. You only end up looking silly.
Please, learn the proper English plural of the word 'virus.'
There's no need to be making up words in hopes of sounding smarter. You only end up looking silly....
.
.
Attach the legitimate file to your document by dragging it onto your message, selecting insert file or whatever.
.exe file won't destroy his hard drive on purpose.
Right click on the attachment and select properties.
Change name from legitimate.exe to legitimate.exe.binary (or whatever. be creative)
Send message.
Call and reassure the recipient that your
(I haven't actually tested it. Since most of our company's email clients run on Linux we don't have a serious need for mail filtering at the mail server.)
Coding Blog
- I'm at the karma cap, and I've been oscillating between 47 and 50 for some time. Does anyone else in that situation agree with my Modest Karma Proposal?
No agreement here. Yeah, I watched my karma sink to the 50 cap due to some comments being overrated and thusly reassed by subsequent moderators and I've been fluctuating between 47 - 50 points for...how long has the cap been in place?...well, since 2 weeks after the cap was put in place. Yeah I hate it when I have a day of +5's and the only change in karma comes when I make a really lame post and it gets -1'ed. But, come on. This is really no big deal. All you have to do to rectify the situation is post intelligently (and/or homourously) and you'll cap out again. Once you're at 47, being modded up too high and down a bit evens out. Actually, my theory is that if you hit 50 and stay there very long you're not taking enough risks in your postings and are too intent on keeping the precious '50' score. Perhaps the best sign of community involvement is a karma of 47. It shows appreciation from others for you efforts but also that you're pushing the limits to keep things interesting.Besides, being at 50 is no different, in effect, than being at ... what's the magic number for +1 Bonus? ... it's not as if you get more moderator points for being at 50 or that you get to see stories 5 minutes before anyone else...
As I write this my karma is at 50. I expect to be in the good land of 45-47 shortly...
-- @rjamestaylor on Ello
None of your suggestions are really any more drastic than a doctor saying, "Don't have unprotected sex with strangers." I mean, seriously, what's the difference?
I guess there's a lot of people who don't want to follow that advice. They would rather live in denial. Fine, it's their lives. It's their heads they're playing russian roulette with. But much like watching celebrities die of AIDS in the 80s, getting big cleanup bills for virus damage will eventually get the public's attention.
In the mean time, we'll enjoy sending out the bills. If you're a stockholder in one of these companies, you might want to ask yourself: why are you throwing away so much of your money to employ us to do something that used to never need be done? Bring that up at the next shareholder meeting, because it's actually pretty damn easy to eliminate that expense. If the people you're paying to run the company won't take the easy and inexpensive way out, then fire them, because they are defrauding you.
Okay, am I cool now?
I guess it works but...It seems that this thing just doesn't let you open any exe files and a bunch of other one's
What if i get an executable or a MDB or a whatever that I want and is not a virus? They have to mail me a disk with the thing or what?
I don't see a lot of companies implementing this really. Plus, why should I get screwed by not being able to recieve files when its really only the guys who open the LetsBeFriend.txt.vbs who are the problem?
I don't mean to sound to much like a raging liberal but I think that these people who open them just need to be educated as to what not to open. Or, of course, make outlook a little safer in general, not by blocking things that could, possibly, be a problem. Its like not letting people logon to their computer because they might fuck it up. (Sometimes this doesn't sound like that bad an idea, I know.)
King Arthur: Are all men from the future loud-mouthed braggarts? Ash: Nope. Just me baby... Just me.
Tell it to the CIO/CEO. They won't touch anything non-MS.
If some software license/EULA/terms of use, etc is found to be in conflict with a criminal law, guess which one reigns supreme there pardner?
This is true. However take a little poll of the NT users you know. Most are runnning with local administrator rights. "Why?" you ask. Because most programs do not function correctly otherwise. I have to secure NT machines in an academic enviroment and it blows me away how many major apps *cough* AutoDesk *cough* assume the user has not only local admin rights but is the only user of that machine. Everytime a new version of an application comes out I have to spend hours tweaking it to get it to run on a locked down multi user workstation.
No, we all wanted to be pirates, at least until we learned to be PC.
By your reasoning virtually everything is "sound" since if it doesn't meet people's needs, it can be extended to do so.
.deb or an .rpm, and gain control over someone's computer?
... it is most likely running on a robust UNIX box, protected by a fundamentally sound security paradigm (remarkably identical to what is being discussed here)).
... far easier to exploit one of the countless gaping holes in Microsoft's Operating Systems and Internet Server packages.
Nonsense.
I merely stated that wishing to add additional functionality to an already sound system does not, in any way, imply that the aforementioned system is unsound. The discussion was about adding and extending functionality, which is not at all the same thing at all as fixing an inherent flaw in design or implimentation. Hint: fixes repair flaws which break things; extentions merely add functionality (and perhaps add new flaws as well, but creaping featurism is a subject for another day). Your comment clearly confuses the two.
UNIX security meets the fundamental need it is designed to address: keeping a multi-user system secure from the depradations of the malicious and/or the inept. It is fundamentally sound and has withstood the test of time very well, certainly better than its most well-known competitor.
If Unix security was so sound then why is it so easy for me to write a virus, put it in a
That is, of course, more nonsense. In the case of RPMs you would need to compromise the maintainer's secret GPG/PGP key to have your trojanned RPM installed. Similarly you would need to gain trusted access to deb servers in order to get your trojan deb disseminated (though the maintainers have not, as of yet, begun using GPG signatures in ernest the way they should. Even so, good luck cracking an apt-get server
Both are non-trivial problems (cracking GPG signatures and breaking into RPM/DEB servers)
The only thing which makes Unix appear more secure is the relative lack of insecure applications such as MS Outlook, and the relative disinterest virus writers seem to have in writing Unix viruses.
There is a reason for the lack of insecure applications, and the lack of interest on the part of virus writers in writing UNIX viruses, worms, and the like. The fundamentally sound and well tested UNIX security paradigm makes it difficult to write viruses, or worms, which have any significant ability to spread or to cause any but the most localized of damage (localized to one user, unable even to damage the rest of the machine, much less do antying to remote machines). There are occasional bugs, and occasional exploits which result, but the underlying design and paradigm are sound and very well tested, and UNIX systems as a whole tend to be quite secure. A virus/worm/trojan author is going to find little fulfillment in writing attacks with such limited applicability and impact.
Microsoft, on the other hand, has extended what amounts to an open invitation to such people to attack its platform, with its shoddy security policies, flawed implimentations, and willingness to keep information on security flaws out of the hands of security professionals and network administrators for extended periods of time, even denying such flaws exist, while the system cracker underground freely exploits them. Why write a virus, worm, or trojan that has to talk the user into doing something they normally wouldn't, and when finally run can only harm that user's home directory and has little if any ability to spread beyond that machine or infect much of anything else? Far easier and more rewarding to those of malicious intent to throw together a quick VB script which accepts one of any number of Microsoft's invitations to mayhem, with often devistating results.
The Future of Human Evolution: Autonomy
I'll agree with that. Perhaps the software writers need to be more aware of this when writing their code...
Yeah, I'm sure that's just a trend. Of course, there is always the possibility that Slashdot really does suck ... nah!
What are ".PIF and .SCR files"?
This was moderated as FLAMEBAIT (which is laughable) on Dec 28 - 7 days after I wrote it. It was moderated 2 minutes after another multi-day old post in a completely different topic. It's obvious a weenie with moderator points is going through my history and having a good time. Cool.
alright this is a news post....a new worm in windows....well that's news....and they have EVERY fucking right to put that little sarcastic comment at the end of this post....do you know why? Because this is THEIR site and they can do or say whatever they want within legal bounds...and it's no doubt that microsoft security has been questionable since as far back as i can remember so in my opinion (which counts) the sarcastic remark suits the story...but like the subject...fuck your opinion stupid fuck
n/t