Linux and the Smile.D Virus keeps us Smiling

pstreck writes "News Forge is running a humor filled satire on the the recent Smile.D cross platform virus. It's a good read and just another reminder of why that other operating system needs to figure out a new security policy."

Newer Windows *does* have a newer security policy

There is a whole privelage system there, unfortunately, it can't be used by many people right now because of some brain dead applications. Quite a few programs won't run as anything other than administrator. Over time, once the apps get replaced, Windows will have a more viable security system, which will hopefully prevent many of these types of problems.

No need to be left out

[PD]

- YOUR HAVE NOW RECEIVED THE UNIX VIRUS -

This virus works on the honor system:

If you're running a variant of unix or linux, please forward
this message to everyone you know and delete a bunch of your
files at random.

Smile.D?

[CBNobi]

Linux and the Smile.D Virus keeps us Smiling

That pun would work better if it was actually called the Smile.D Virus.

Symantec and ZDNet appear to call it Simile.D.

Advice To Roblimo From The Bible

[Carnage4Life]

He Who Is Without Sin Should Cast The First Stone

I personally felt the article was childish. Windows has a lot of malware that take advantage of gullible users by sending them deceptive emails with enticing attachments. Linux on the other hand typically has more savvy users. However pointing and giggling is what I'd expect from teenage high schoolers flush from teh rush of their first kernel compilation and not a supposed journalist like Roblimo.

PS: Yes, I work for MSFT. Yes, I run both Windows and Linux at home. Yes, I've been hit by a Windows virus once (CodeRed off of a web page) and had my RedHat box r00ted twice before I learned the hard way.

Re:Advice To Roblimo From The Bible

[cybermage]

...and not a supposed journalist like Roblimo.

This is a common mistake made by site visitors and regulars alike. Here's the reality:

Stories posted to Slashdot come in one of three varieties:

1. Stories submitted by readers and approved by editors
   
2. Stories found by editors
   
3. Stories written by editors
   

Do not expect the Slashdot editors to fact check the first two . Although the Slashdot staff have given themselves the title editor, they do not play the traditional role of editor. Be glad for that: News is biased enough when written by trained journalists/editors. I, for one, am happy to have the links to news items and access to the collective opinions of other readers. Whatever the submitters and editors wrap around the link is just one person's opinion.

Try to think of Slashdot as a club and the editors as activity coordinators. They post/approve stories they believe club members will be interested in. Often, they add their insights to the paragraph linking to the stories, as do the submitters. These insights should always be taken with a grain (or lump) of salt; if the insights were subject to moderation, probably half would score "-1, Troll."

To appreciate the service provided by Slashdot, learn to ignore the words around the links provided. Read the links you find interesting and participate in the associated discussion.

Re:Advice To Roblimo From The Bible

[ConceptJunkie]

It wasn't even preaching... it was more along the lines of, and I quote:

Neener, neener, neener.

And had about as much insight. I'm a Windows user and developer with more experience than 95% of the folks on /. and I'll tell you that Windows succeeds for the masses because it is easier to install and use. Period. I've set up and run Linux a few times, and while it's fun for me (though occasionally frustrating), the idea of any non-savvy person installing and using Linux is laughable. Windows these days pretty much installs and configures itself with you only entering your ISP phone number. For all it's stupidity, monopolistic advantages, and just plain evil on Microsoft's part, I still believe Windows deserves to be successful (to what degree is another matter).

If this is what passes for insightful, or even funny, than the Linux community is never going to get past the childish l337 h4x0R pimply-faced nerd image that I imagine the average person (or at least those few who actually know what Linux is) thinks of Linux users.

I think Linux has a lot going for it and wish it the best of success, and hope it takes Microsoft down a few pegs, but with this attitude, no one (new) will ever take it seriously.

Re:Advice To Roblimo From The Bible

[HiThere]

Easier to use is arguable. If ease of use is the criterion, however, you should use a Mac.

Easier to install?? Windows may be easier to install than Debian, but not than any of the other Linuxes that I've tried in the last year or so. Even Prodigy was easier than windows, though I will admit that the ppp connection was broken. And Prodigy was version 1.0 (I suspect that it should have been called version 0.9.8, but nevermind).

Now I admit that I have consistently refused to agree to the license, and will only install it if someone else agrees to the license instead of me, but Windows has caused me considerable grief at installation time. Occasionally I've even given up and reverted versions. Even Debian has never caused me so many problems. The trouble with Debian is that it doesn't auto-detect hardware very well, and even when you get the basic install finished you still need to configure X Window. None of the other installers make this mistake (and perhaps Debian will also soon be correcting this). Windows, however, intends to coerce you to use the most recent version, and NEVER to go back. (Once I ended up reformatting a hard drive just to revert a version.) If you only intend to do what Windows wants you to do, then perhaps it's easy. Maybe. This, however, has rarely been my experience.

Now it you want ease of installation, you could look at DOS. That was an OS that was easy to install. Of course, there were a few problems with it, but installation was easy.

Re:Newer Windows *does* have a newer security poli

[iangoldby]

That's "more advanced" in the sense of "so complicated no one can really be bothered to figure it out and use it as intended". [Ambiguity intentional.]

When you live in a glass house...

[Fair+Use+Guy]

Admittedly, Microsoft Windows has a horrendous reputation for security. Because of many poorly-designed applications (such as Office), bloated, insecure web browsers (like IE and Mozilla), and Outlook [Express], Windows has earned and rightly deserves a reputation for being the largest security threat on the internet today.

But that doesn't mean that the Linux security model is perfect - it just means that the Smile.D virus writer was too lazy to actually try to get root on the Linux boxes the virus gets exposed to. Consider the following facts:

• Local root holes are everywhere on a Linux box. Most distributions, especially Red Hat and SuSE, install literally dozens of setuid-root applications. Most of these applications are completely useless to the average person, and serve only to open up holes in system security.
• Setuid root applications are a necessary evil because the UNIX security model is outdated. Need to change the system time? How about binding to a low-numbered port (hello Apache and fingerd)? Or making files immutable? Or mounting a floppy disc? Every single one of these operations requires root privilege, either by the user or by the command a non-root user invokes. The more paths to root there are on the system, the more potential holes exist.
• Remote root holes are everywhere. Ever run wu-ftpd? Or sshd? Or BIND? Or rpc.statd? You probably do, but the average Linux luser doesn't even realize it, and doesn't waste their time playing sysadmin and keeping up with patches constantly. So she will have no idea why her system was 0wned and is being used to run an eggdrop bot on dalnet. At least Microsoft has the sense to ship systems with unnecessary services disabled.

I once saw source code for a worm written by several Polish nationals. This worm was able to exploit weaknesses in Linux systems to gain root access and spread. Don't think it can't happen just because the Smile.D author was an idiot - or else you will be rudely awakened when it strikes.

Fair Use of the Day:

OmniPage Professional 386 OCR for Win :s/n: 2804B-D00-999999
Backup Exec 7: :s/n: 04-4382-0006-031770
WebEdit v1.4c for Windows(95) :#/1KEO01E8KAP name/Last Soul
Canine Mail v.80b9 :Name: PREMiERE Code: Ronald McDonald
Inversible AntiVirus (2) :access code: 930437233 s/n: 21623728

/fug

Damn, I tried it

[joshtimmons]

$ rm -f -r /
rm: /: Permission denied

I can't even get the unix virus! I'm such a luser.

Re:Damn, I tried it

[rtaylor]

Perhaps, but:

rm -rf ~

The above can be just as fatal if not more to most people.

It's easy to reinstall the system, it's tough to re-create all of those projects you were working on.

What? People other than Katz can write?

[hymie3]

Ya know, for the longest time, I really thought that they only thing the /. editors could do was post links to other articles (they sure as heck can't be bothered to run ispell). Every once in a while, though, I see something like this. I'm not saying that this was a brilliant piece of journalism or even satire, but at least roblimo can write a real article (where "real article" is being very generously applied to something that only has 23 sentences in it). Why doesn't this happen on /.? It happens on newsforge....
Just wondering.

Amusing, but wrong

[wadetemp]

1) Any of the Windows viruses/worms that are of the "double click the attachment" variety would work just as well on Linux as they would on Windows, were there more "Windows users" using Linux. They modify/damage user files and replicate themselves though email... who needs root to do that? I think the main reason you don't see as many of these is 1) the ratio of Windows desktops to Linux desktops is very large, and 2) Linux users usually know not to touch attachments like this. So if you're a virus/worm writer, why bother with Linux at all when your code can spread 100 times as fast though the Windows systems?

2) That comment about a Linux virus being easier to clean up is a bunch of crap. I've seen plenty of novice Windows users try to remove viruses from thier system using instructions and fail, and it's not because "there are no hidden files." It's because manual removal of viruses on Windows usually involves using system utilities and commands that most Windows computer users have never used before (regedit, command prompt.) Sure, the instructions are easy to follow for Linux... it's because you're a Linux user, and have to use the equivalents of these Windows utilities in every day tasks anyway.

3) "So it looks like the old dream of Linux eventually overtaking Windows and becoming the world's most popular operating system will never come to pass..." Well, if Linux was to become easier to use for the users who suffer from attachment-clicking syndrome, and who don't have the skills/balls to follow clean-up instructions, suddenly Linux will be alot more popular, will see alot more viruses, and virus scan software will still be business as usual.

Poor example of humor.

[SlashChick]

I don't even know where to begin. Should I begin by saying that calling people "morons" because these people don't immediately reformat their computer and install Linux is a bit of a stretch? Or should I point out that Lindows automatically logs users in as root on their Linux boxen? Or should I wonder aloud how Roblimo would like programmers to make money if not by making useful utilities like virus scanners?

This whole article takes the disgusting tone of insulting people who obviously aren't as "smart" as the article's author. I find this elitism disgusting, and frankly, embarrassing to the greater geek community.

How many of us are quick to insult people who don't know the difference between root and another user? How many of us call the repair guy because we don't know how to repair the air conditioner, refrigerator, or our car? Would you like it if your mechanic said, "I can't believe you don't know the difference between 10W30 and 10W40. You're obviously a moron."?

Face it, folks, not everyone wants to be a computer expert. Not everyone wants to get involved in flamewars like vi vs. emacs or Linux vs. Windows. They just want to turn on their computer and have it work. And with any operating system, those same people will have to learn how to maintain it by applying patches (just like you have to maintain your car by taking it in for maintenance every so often.)

The fact that this article is categorized as "humor" doesn't make the elitism any less inherent. We should be educating people about the importance of software maintenance, not bashing them for being "morons" because they don't want to know the technical stuff. To most people, computers are a tool to get a job done, not a religion. Windows makes it easy to do most jobs. Therefore, most people are pretty happy with Windows.

Mod me down if you wish. I have 50 karma and I don't care much about karma ratings anyway. But I think this is important for a lot of geeks to understand -- just becuase we may have more technical knowledge does not give us the right to call people with less technical knowledge "morons" -- humor category or not.

Re:Poor example of humor.

[Some+Dumbass...]

The fact that this article is categorized as "humor" doesn't make the elitism any less inherent. We should be educating people about the importance of software maintenance, not bashing them for being "morons" because they don't want to know the technical stuff. To most people, computers are a tool to get a job done, not a religion. Windows makes it easy to do most jobs. Therefore, most people are pretty happy with Windows.

First of all, this particular article was a response to that press release by Symantec. Sometimes sarcasm is a good way to put the overly serious in their place. "NEW LINUX VIRUS!!! LINUX VULNERABLE LIKE WINDOWS!!!!" yeah, right, whatever. Please don't ignore the legitimate aspects of the humor in this article.

Second, I bet that every group of people who are "in the know" about anything have their own bodies of humor. Ever insulted Britney Spears or her fans because you have much better taste in music than that? Yeah, I though so. Even if you didn't, I bet about half the population of the U.S. has :) Likewise, I certainly do call the electrician when my refrigerator breaks, and I bet he has jokes about dumbasses like me ("Here, try turning the knob the other way.") Why should the computer-literate SlashDot crowd be any different? Humor helps build a sense of community among people with similar interests, and in many cases helps relieve stress (ever wonder why there are so many tech support humor sites out there?) So let it be! It's just a joke.

On a related note, I'd also like to point out that the whole "Linux is a religion to most of its users" thing is not only a myth, but it's actually gotten in the way at my job. I've had problems with people refusing to use the Linux machines at work even when there are good reasons to use them, then accusing me of just being a "Linux fanatic" when I push the issue, even when I'm ultimately proven right. I do not doubt that the small vocal minority you see on newsgroups and SlashDot is probably not representative. On SlashDot you see a lot of arguments about controversial topics, which is probably the real reason why so everyone seems so angry. Still, there are plenty of reasonable people in the Linux community. Spend some time reading comp.os.linux.hardware (and not comp.os.linux.advocacy!) and you'll see what I mean. So please, give the "Linux users are fanatical jerks" thing a break already! The stereotype is making it hard on those of us who generally are nice guys :)

Re:Poor example of humor.

[reflective+recursion]

I bet that every group of people who are "in the know" about anything have their own bodies of humor. Ever insulted Britney Spears or her fans because you have much better taste in music than that? Yeah, I though so.

That's called elitism, and it actually alienates people. If you want to make a joke about something then you don't talk down at others. There are plenty of other ways to joke about Linux and viruses than to stereotype a group (Windows' users) as having a low IQ. Perhaps the reason people claim Linux is a religion or for fanatics is because they are alienated by crap like this. I've been in whatever this "Linux community" is for a number of years now and I'm feeling increasingly alienated. There is too much negativity towards Microsoft and too much seriousness about Linux for the masses. The fun has been lost between '96 and now, at least for me anyways.

Re:Poor example of humor.

[Some+Dumbass...]

That's called elitism, and it actually alienates people. If you want to make a joke about something then you don't talk down at others.

And yet the Britney Spears fans make fun of Christina Aguilera fans ("How can you like her? She sucks!") That so-called "elitist" humor may keep groups of people apart, but it also brings people within groups closer together.

Let's take this a bit further. Here's an idea: Let's ban black comedians! Too many of them tell jokes that only blacks get, often at the expense of whites! This elitism must stop now!

Obviously, I'm being sarcastic. But my point remains. Groups of different people (e.g. Windows and Linux users) are different. There are plenty of Linux users who make fun of Windows users, and vice-versa. There's not "elitism" involved, just regular old inter-group competition. It's natural and normal.

There are plenty of other ways to joke about Linux and viruses than to stereotype a group (Windows' users) as having a low IQ. Perhaps the reason people claim Linux is a religion or for fanatics is because they are alienated by crap like this.

Sure, and there's absolutely nothing like this coming from the Windows or Mac communities, or anywhere else (linuxsucks, *cough*, *cough*.) So why aren't "people" aliented by all the Linux-bashing Windows users? Oh yeah, I forgot, only Linux users are jerks who alienate people, while the linuxsucks people and the like are... ?

I'm not claiming that the article isn't rude, by the way. Although some of it is not (the "cool viruses" bit for example), other parts obviously are (though the article does not accuse Windows users of having low IQs! It says that Simile.D will only infect your Linux box if you have a sub-100 IQ -- please read the story more carefully!)

What I want to know is, why is this article considered to be an example of Linux fanaticism when some Windows users are throwing the same crap back at Linux? Why are "Linux users" in general accused of being fanatics, rather than "some Linux users" or "some Linux, Mac and Windows users"? Why do some people assume that every Linux user is trying to draw people into the emacs vs. vi "war" (like the poster I originally replied to)? I could care less about the emacs/vi thing -- although I have traded some light barbs about this with a co-worker (very tongue-in-cheek), and I'm pretty sure it actually made us better friends.

Anyway, my point is that some people complain about how Linux users stereotype Windows users, while simultaneously arguing the "Linux fanatics" stereotype. The poster I originally replied to, for one. It's really irritating.

Yeah, good read

[SetupWeasel]

Blah blah blah Windows bad.
Blah blah blah Linux good.
Blah blah blah idiots use Windows.

CmdrTaco posted this? I'm so shocked!

This article is not satire, is not it original, nor is it well written.

I wish I could moderate CmdrTaco down for being a troll just once.

SetupWeasel

Am I the only one here not laughing?

[boa13]

Here we go again! Let's laugh at people who think "that Bill Gates deserves their money", let's laugh at people who buy anti-viruses, let's laugh at Windows while we're at it, and of course, let's praise our wonderful unbreakable operating system. Ah! This virus fails to infect me, viruses are so uneffective against l33t linux! Nobody can root me, nobody can root me!

Am I the only one not laughing? Am I the only one watching with, not fear, but interest and attention, the great innovations being done in the field of the Linux viruses?

We have a virus that can infect both Linux and Windows binaries. A virus that can try to infect a Linux box from a Windows box. A virus that is extremely hard to detect and destroy on Windows. Sure, it doesn't work well enough, yet. It's, after all, only the third generation virus. But it is nevertheless a great technical achievement, a new milestone release, a step towards havoc.

When these viruses will be able to infect a Linux partition from a Windows partition, or a Windows partition from a Linux partition, each time bypassing the security and anti-virus of the operating system it is infecting - hey, the OS is not even running! - will you laugh that much? Nobody can root you? And what about a virus that has ext2-level access to your root partition? Yes, from Windows? Who is 100% Windows-free? Who never has two OSes on the same machine?

Virus authors are showing are growing interest to Linux, and as more and more viruses are able to spread on Linux, more and more anti-viruses Linux will need. You might not like it, but it seems unavoidable to me. And if you really hate the anti-virus companies, start an open-source project. Now.

Let's come back to this discussion in a couple of years. And we'll see if you were right to laugh. I hope so. I don't believe it.

The word of the day is FUD.

[bons]

FUD, aka, Fear, Uncertainty, Doubt.

We've seen a lot of it over the years from Microsoft and other major companies, but the people who once used to rally it no longer carry it on their news sites, but they actually have become a source of FUD as well.

OK. So this was posted as humor. But somehow it didn't read as humor. It read as an article that claims you need to spend money to prevent viruses on Windows while you could run a virus free linux system by just pumping an 80 IQ.

On Windows you're likely to get a virus from one of two places, either installing software or running software that allows scripts in it's data files.

Both of these are easy enough to defend against, however, it's seems like it's not in the best interest of the Linux community to let that be known. A little Fear, a little Uncertainty, a little Doubt is a much better weapon.

And when it's over, the truth is that had this been presented as a factual article on how simple it is to remain Virus Free on a Linux system, it wouldn't have even been read by many, nevermind submitted to Slashdot.

After all, FUD sells. It just doesn't make me proud to belong to the community selling it.

Re:The word of the day is FUD.

[reflective+recursion]

Exactly. Not only did Rob misspell the virus name (it's actually Simile--not Smile) but this article is not even satirical. When I think of satire I think of Dave Barry. These writers need to really work on their craft. As an example of how this could have gone:

Linux Catches a Cold

Linux anti-virus companies have been incredibly busy this past week. "Yessir... we have had to decrease our table tennis time by nearly 10 minutes to accomodate our customer's needs this week," says Roger, project manager at Linux Virus-Be-Gone. "We almost had to outsource our development because we were afraid that our main developer would not be out of school, er, free at that time, but in the end he pulled through," Roger added.

"It was a tough one to crack, I'll say that," Chris, main developer at Linux Virus-Be-Gone opined. "For the first ten minutes I didn't have a clue how to operate the virus," claims Chris. "Then I discovered that you had to login as root to start the magic It was all downhill from there."

I'm not a writer, but you get the idea. If it was funny I wouldn't gripe, but this just sounds like Linux bigotry.

Two Things Will Undo Linux Security

[istartedi]

1. The steady transition of Linux from a "geeks only" OS to a corporate mainstay. This will make Linux a more appealing target.

2. The arrogance of those who think that Linux isn't vulnerable.

Interesting quote from the article...

[supremebob]

"How many people do you know who habitually run their Linux systems as root?

In my case, the answer is 'zero.'

So that's the end of that."

Woah, not so fast there, buddy.

Lots of the newer "user friendly" Linux distributions like Mandrake and Lycoris allow Linux newbies to install the operating system without creating a separate user account. Worse yet, some of them allow the root user to have NO password at all! As these Linux distributions get more popular and easier to use, you can expect more and more computer newbies who don't understand computer security to leave their systems logged in with administrative accounts with no passwords to protect them.

One of the main reasons that Windows is venerable to virus attacks is that it's users often aren't as security savvy as *NIX users are. All it would take is a few thousand home users running Linux logged on as root without any passwords or security patches for a Linux virus outbreak to become a reality.

Re:Main differnece is philosphy

[reflective+recursion]

You would be correct, but only if security was an absolute. It is not.

What does it mean to "be secure?" It is easy to spew common *ix security logic when that is all you know and think about when security is the topic. You have to take a step back to understand the nature of security.

I'm rusty on *ix history, but I'm fairly certain security was never a top priority of the original Unix, until later. If you check up I'm sure you will find that security actually _was_ added to *ix on a as-needed basis.

As an example consider this: until fairly recently (mid to late '90s) denial-of-service was not a threat. *ix admins everywhere had to rush to turn off common "safe" services such as ping, finger, etc. as a result of what they believed was security.

The _biggest_ threat will always come unannounced and from a never suspected "location." What *ix has for security is simply barriers for the patterned attacks. Security has been a buzzword of sorts long before Microsoft--and will continue to be a "buzzword" as long as people foolishly believe that security is an absolute.

Re:Newer Windows *does* have a newer security poli

[cscx]

Yes, it's just so complicated. Here is an example of a few of the available group policies:

"Access the computer from the network"
"Allow logon through Terminal Services"
"Change the system time"
"Create a pagefile"
"Deny access from the network"
"Deny local logons"
"Deny logon through Terminal Services"
"Force shutdown from a remote system"
"Load/unload device drivers"
"Logon as a service"
"Logon locally"
"Perform disk volume maintenance"
"Shut down the system (locally)"
"Take ownership of files and other objects"

Wow, if those aren't in plain English I don't know who can't figure them out. NT's security model is very complex, yes, but very capable as well. It just so happens that the crack dealer under the Longfellow Bridge is selling MCSE certifications for $5 a pop as well, so MCSE's are a dime a dozen. If you're looking for a good NT admin, you need to look hard. Just the same reason you won't hire that 17 year old who "has 12 years UNIX experience."