Slashdot Mirror

← Back to Stories (view on slashdot.org)

Virus Piggybacks Microsoft Mail Worm

Posted by ryuzaki0 on from the you-can't-make-this-stuff-up dept.

metacell writes "A virus (a version of the Chernobyl virus) infects an email worm executable (the Klez worm), and is spread along with it. " It's a damn good *delete* thing that Microsoft has been *delete* spending the last few weeks doing a *delete* security audit *delete* of all of *delete* ah never mind. My wrist hurts from deleting over a meg of mail worm viruses a day.

3 of 534 comments (clear)

  1. Re:Suggestion by SuiteSisterMary · · Score: 1, Redundant

    Or doesn't at least set up attachment filtering? Let alone local rules to automate such teduim?

    --
    Vintage computer games and RPG books available. Email me if you're interested.
  2. Re:Suggestion by ndege · · Score: 0, Redundant

    CowboyNeal.

    --
    Sig Return: 204 No Content
  3. You're missing the BIG ONE by melquiades · · Score: 1, Redundant

    There's one huge thing that's at the root of all these viruses: the fact that MS provides all sorts of scripting hooks in their apps, eager to execute code, which have degenerate or nonexistent security models.

    The solution is simple: anything which executes without the user explicitly installing and running it should run in a security sandbox.

    This is a very difficult thing to pull off. It's not simply a matter of setting permissions correctly -- untrusted code must actually only be able to access a limited subset of the system APIs. Opening a socket, for example, could lead to a security breach. So could reading a globally readable file. (What are the permissions on your Outlook address book?) And a clever program must not be able to bypass these security checks by exploiting weird pointer arithmetic, runtime code generation, or buffer overruns. The security model has to extend to all aspects of the system APIs and the runtime environment of the language, so the scripting language's runtime environment has to be designed from the ground up for it.

    Maintaining complete sandbox closure is not a simple fix; it is a deep architectural problem.

    It's a tall order, but it's possible. Java does it, and that's why (as far as I know) there's never been a Java applet virus. Applets get downloaded and execute on the client machine, but have a very limited ability to open sockets, read files, and so forth. Java's virtual machine model even makes it impossible for malicious programs to crash their host, or sneak through some backdoor into a protected API -- buffer overruns are ruled out as a fundamental language feature. The worst a malicious program can do is allocate a lot of crap and stage a denial-of-resource attack.

    There was one applet-based exploit I've heard of, but it exploited a weakness in ActiveX -- which demonstrates my point.

    All this is why MS's big security push is a joke. Security isn't just about fixing bugs. A system has to be designed from the ground up for security -- and Microsoft's products, especially the Office line and Windows itself, have a long way to go on that front. I'll repeat:

    Maintaining complete sandbox closure is not a simple fix; it is a deep architectural problem.