Slashdot Mirror
Virus Piggybacks Microsoft Mail Worm
metacell writes "A virus (a version of the Chernobyl virus) infects an email worm executable (the Klez worm), and is spread along with it. "
It's a damn good *delete* thing that Microsoft has been *delete* spending the last few weeks
doing a *delete* security audit *delete* of all of *delete* ah never mind. My wrist hurts
from deleting over a meg of mail worm viruses a day.
Because, there hasn't been an Outlook patch kicking around for some time now. And because no open-source software has bugs. Ever.
So, in short, there's two lines of Microsoft bashing there, accompanying a really dull story about a virus that no AV software has any trouble detecting?
Must be the slow season I guess.
Score:-1, Funny
Okay, as a long-time Mac user and a reader of Linux sites like this, I know that Windows carries a massively larger burden of virii than other Operating Systems out there. Time and time again, I have heard it said that this is due to their market share - hackers want to be seen and thus make their virii attackers of the software that most people have. But this really rings hollow for me - the MacOS has always been relatively free of virii, as has Linux, as has BSD, as has AmigaOS, as has BeOS etc. This seems to imply that maybe aside from marketshare, Microsoft engineers (or marketting staff) are doing something wrong.
Let's take a constructive approach to this topic. With so many SysAdmins out there, what are the TOP TEN things that Microsoft (or any OS maker) can do to prevent virii? I am just a humble Business Analyst, but here are a few ideas that come to mind for me (I hope the coders will forgive my ignorance on some of the finer points):
10. Disable scripting in certain programs (e-mail) by default.
9. Automatically download security pactches to PCs if they are of a sufficient severity level (but put measures in place to make sure the same mechanism is not used to transmit virii/worms)
8. Auto-detect large numbers of e-mails being sent at once and alert users before sending
7. Make the default install for all systems the most secure install
6. Create a system to auto-report virus/worm infections to a central (independent) agency for monitoring (user-selectable kill switch for this functionality should be available tho)
5. Allow purchase of "health insurance" for PCs by Microsoft to reimburse for lost productivity/hardware due to infection - monetary incentive for MS to push quality and security
4. Create a module of the OS to track virus reports/alerts and display them in the taskbar - produces one trusted source for alerts and to decrease the effectiveness of e-mail hoaxes
3. Integrate virus alert into mail program for incoming e-mails - advise users when a known large-scale e-mail virus/worm is out there to decrease openning of infected mail.
2. Give sysadmins the ability to change e-mail setting for all users when a large-scale outbreak is going, to specifically turn off scripting, html reading, java, etc.
1. Provide a method for a daily audit of all processes running on a machine to identify all those not initiated by the user, and flag those taking part in suspicious activity.
Not sure if those are insightful or lame. But feel free to improve upon this list, ad infinitum.
Then again, maybe Mail/System Admins could install some AV software with daily updates and the Outlook Security Patch along with a backend server (Exchange or OpenMail [now Samsung Contact]) that can implement server-side policies to prevent users from overriding and running executables anyway.
With this done, viruses and worms have little effect.
And the constant reminders to your user-base of proper e-mailing habits does eventually sink in.
Outlook is insecure...yada yada yada...people should take responsibility for their systems and stop blaming Microsoft for everything...after all, they're only responsible for maybe half of the world's problems.
metacell writes "A virus (a version of the Chernobyl virus) infects an email worm executable (the Klez worm), and is spread along with it. " It's a damn good *delete* thing that Microsoft has been *delete* spending the last few weeks doing a *delete* security audit *delete* of all of *delete* ah never mind. My wrist hurts from deleting over a meg of mail worm viruses a day.
Maybe you should tell the people on your contact list to stop opening attachments (or at least get the latest patches). Microsoft is all but Moron proof.
linux machines get hacked into every day. Is it a linux flaw? no...it's a user flaw. So why should Microsoft be nay different? Maybe because they're against open source?