Slashdot Mirror
Nasty New Virus Variants
Lucidus writes "Numerous journals, such as Mac Daily News and The Motley Fool, are reporting that the latest versions of the Beagle/Bagle virus can infect users' computers whether or not they open an attachment. Apparently, the simple act of selecting the message activates the code. Given that you have to select an E-mail to delete it, how are users supposed to protect themselves from this one?"
Don't use Microsoft products... or use them and have an up-to-date modern Anti Virus scanner.
Given that you have to select an E-mail to delete it, how are users supposed to protect themselves from this one?
Well, this one is gonna start a whole slew of flaming and trolling over the virtues of one platform over another as it is kinda a loaded question with a simple answer:
Switch
So let's start right off with a big razz towards Windows users from both the Linux and Macintosh communities.........
Thhhbibibibibbbpt!!!
Seriously though, when are you guys gonna get the picture? Microsoft if chasing a moving target here and they will always be behind the curve, reacting to the latest virus outbreak until they fix what is fundamentally wrong with the Windows architecture. Hopefully this will happen with Longhorn in 2006......or 2007.........or whenever.
pine (or mutt)
Jon Bardin
Disable The preview pane.
Use thunderbird, connect to exchange via IMAP4, use the web interface for calendaring.
Karma: Chameleon (mostly due to the fact that you come and go).
I don't know. Webmail, one of the numerous non-vulnerable email clients for Windows, maybe give up email entirely?
This flies in the face of science.
Don't use Outlook/OE.
There are tons of other options out there that aren't vulnerable, such as Mozilla and Thunderbird.
because it would cost $thousands for companies to switch?
The viruses have mutated in the wake of developed resistance (slightly more educated users). It's an evolutionary battle being fought...
But as there are way too many deployments of Outlook as it is, and because it is Outlook/IE that is being exploited, the first solution would be to increase diversity in that field. Other mail clients, such as Thunderbird, or Eudora, will thrive while Outlook continues to succumb to these new diseases.
Oh who am I kidding, Outlook will continue to wreak its wrath upon the Net and cause us to all suffer as a result.
Doing the Right Thing should not be preempted by making a buck.
How to fix this? Install mozilla!
Anyway, according to this article here,
"Bagle exploits a flaw in Outlook, revealed in October of 2003, that allows a hacker to upload and execute a file on a user's PC without that user opening the file. Microsoft has issued a patch for the flaw in October, but users who have not updated their systems with this patch are at risk."
If you run an MS machine, and don't know that you have to update regularly, you need your head checked. Besides, updating an MS machine really is easy.
This is scare journalism at it's finest. The solution is very simple-turn off the preview panel in Outlook. Both Slashdot and the article writers imply some huge new technological boost in virus authoring. I'm stunned by the hypocrisy of the abstract-this is essentially FUD, something which Linux users rightly complain about
Is that guy clueless??? People still open attachments even though they don't know what it is. Remember a few weeks ago?? It happened and will happen again. This "new" twist of a virus is still crap news though...
DrkBr
One feature of MS Outlook that is missing from most other email clients is the ability to download just email headers. I use this feature to review sender/subject and I can identify all spam just from that.
Actually, I use my own program to download headers, score them for likely spam, delete the garbage emails(without ever downloading the actual content), then start outlook to get the real ones.
Obviously, if a legit sender transmits a virus, it's a problem, but I guess that's why I pay Symantec.
Mozilla Thunderbird is a great lightweight email client replacement for Outlook. Your average home user who has an imap or pop account from an ISP really has no good excuse not to uninstall Outlook from their machine and switch. Corporate users on the other hand are a little more screwed, since many of them use Exchange servers that don't have OWA turned on and/or aren't Exchange 2000/2003, which precludes using Evolution's commercial plugin to get calendaring integration and whatnot. However corp users that do meet those server-side requirements can do so. Or if you don't use or need the calendaring part in your organization and the exhcnage server has IMAP, then you can also go Thunderbird there too.
11*43+456^2
Many of them DO... but these variants have been coming out so often lately that they're hard to catch up with.
Users can either : 1. Switch on automatic updating in which case they don't have to do anything. 2. Go to http://windowsupdate.microsoft.com and download the patches. Microsoft provide fully automatic solutions to do it. If a user gets infected they are STUPID. It isn't Microsofts fault.
... using email software which doesn't render HTML, and instead shows it as plain text without images?
... well the program has a link so you can view it in your default browser, if you really have to.
Yes, I wrote it. I wrote it because 99% of the messages I receive in HTML format are advertising. Most of those use dinky little images with referrer IDs to verify your email address is valid. The 1% I really need to see in HTML
I know it's going back to the dark ages, but maybe NOT running javascript, html, etc is actually GOOD when it comes to emails.
I'm not advertising this thing, it's freeware anyway. I was a moderately happy Outlook Express user for years, but the lack of spam torturing implements drove me to write my own. Yes, I tried Mozilla, Eudora, etc etc. I think Thunderbird looks interesting too, and I recommend it. But personally I can't do without my POP3 preview window with colour tagging for spam, valid mail, blocked senders, ignored, etc. And deleting stuff before download. And bayesian filtering. And anything else I feel like adding, whenever I want to.
Hal Spacejock: Science Fiction with Nuts
I pity you so :'( tsk tsk
Proud user of Pine since 1994. Thank you, Univ. of Washington!
? HELP - Get help using Pine
C COMPOSE MESSAGE - Compose and send a message
I MESSAGE INDEX - View messages in current folder
L FOLDER LIST - Select a folder to view
A ADDRESS BOOK - Update address book
S SETUP - Configure Pine Options
Q QUIT - Leave the Pine program
Copyright 1989-2003. PINE is a trademark of the University of Washington.
? Help P PrevCmd R RelNotes
O OTHER CMDS > [ListFldrs] N NextCmd K KBLock
An Indian-American Hindu committed to non-violent thought/speech/action alarmed by the global explosion of radical Islam
And it costs MORE not to switch. Unfortunately, most companies can't see past their nose as far as technology costs are concerned.
"Nature doesn't care how smart you are. You can still be wrong." - Richard Feynman
It has been STANDARD practice for quite some time to not use the "Preview Pane" feaute in Outlook. Since html code is displayed as if it were in a browser, this has been open to malicious attacks for quite some time.
This is not New.
This is not News.
This doesn't even matter.
This is not even accuratly portrayed. Selecting an email isn't the problem, displaying it is the problem.
"Hard work never killed anyone." -- Some Dead Guy
Sorry. With Outlook Express, if you right click, the message STILL shows in the preview pane. You MUST disable the preview pane to prevent this kind of thing.
Same thing with web bugs - this is really not new in that respect. I've been using Outlook Express for several years now with no real problems, but I've had the preview pane off for exactly this reason.
Oh, and I also pay EmailSifter.com $35/month to filter my domain's email. They've been blocking around 70% spam on average, with 1% false positive rate, and only about 0.1% false negative rate, and have blocked about 800 virus-laden emails in one month...
--Brandon / Split Infinity Music
Switch to pine.
Or emacs/VM.
Or mutt.
Or...
In fact, I'm jobless right now ;). There are many sites out there dedicated to helping people track and keep virii under control. We don't need another one.
Re: My Photo by Cindi
Re: Hi Sweetheart by Melissa
Re: From you Secret Admirer by Linda Lovelace
etc.
Moderate this comment
Negative: Offtopic Flamebait Troll Redundant
Positive: Insightful Interesting Informative Funny
Nothing to see here
Now, one side of this is that SMTP needs (and lacks) a "this particular message will always be refused" error code. That would work well for virus filters, since the delivering system (eg Yahoo) could them just discard that message and continue with everything else.
The real fix is not to use these buggy mail clients. Like M$ LookOut!
And, though it's not applicable to the outright-buffer-overflow viruses like this one, not to use systems with the vile design flaw of letting users click on attachments and execute stuff. For example, my mutt mail reader has a mailcap that drives its attachment handling. Every clause runs a viewer. If I get a .exe I get told its size or offered an opportunity to save it to disc. It does not offer or try to run it.
This core distinction is the weakness in the windows mail world:
no attachment should have executable power. An explicit user driven
install ritual should be needed to get such a thing into
a context where it can be run.
i.e. it should be a safe action for a user to double click
any attachment - that act should always invoke a viewer of some kind.
Cameron Simpson, DoD#743 cs@cskk.id.au http://www.cskk.ezoshosting.com/cs/
Just strip all executable attachments. We do this and haven't had a single virus hit our network since implementing this simple step. Of course some worms have been distributing themselves inside of zips but that still takes more steps and hence more chances for the user to think about what they are doing, plus MS email clients can't auto-execute them (most people run Groupwise client on the Citrix farm but some do run Outlook via POP).
There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
Shouldn't the headline have been "virus exploiting known Outlook vulnerability" or similar?
So while the headline gives a different impressions, everyone using Opera, Mozilla, The Bat or others are still not affected.
Clever signature text goes here.
My policy has always been to disable html-enabled mail. Aside from this recent issue and the hundreds before it, html-enabled e-mail is a major security/privacy invasion. Just use plain text. If you're still using Outlook, no comment.
I've said this before, SWITCHING FROM WINDOWS TO LINUX WILL NOT ELIMINATE THE PROBLEM. .zip file prove that.
If a user does not know how to run a windows machine (keeping up to date on patches, running antivirus software, etc) then please explain to me how they'll be able to admin a linux machine. The truth of the matter is, they can't and they won't. The ranting of *nix fanbois aside, the problem exists between chair and keyboard. The email viruses that require you to open a password-protected
I'm certainly not trying to hold up windows as the platform of choice, because it sure as hell isn't mine; but regardless of your operating system of choice, if you're clueless you're clueless; and unless you fix that first, you're not going to fix the overall problem.
I'm sure that if someone wanted to take the time and analyze the source for Thunderbird, they could easily write the same type of worm/virus.
The virus writers have the source code for Outlook? No wonder there are so many viruses for it!
who are those slashdot people? they swept over like Mongol-Tartars.
I'm not saying this to single out Windows users. Most non-professional Mac users are the same way. It's just that Windows is used by people who use what everyone else uses because they feel safe in doing so. They may not know how their computers work, but they're more afraid of looking deviant than having technical malfunctions.
The subconscious refrain of Windows users around the globe is, "Well, at least I'm not the only one with this problem."
Those Windows users who actively try to prepare themselves against the almost daily barrage of new worms, viruses, vulnerabilities, and other Windows annoyances still have a difficult time keeping up with it all. Even experienced Windows power users frequently find themselves overpowered by the ongoing war against malicious code.
So the solution to this vulnerability is simple. But when you look at the situation in context, the potential for widespread havoc is a lot greater.
Read the EFF's Fair Use FAQ
Many do, but the real problem here is patches.
The patch for this was released in October 2003. Users should have auto-update up and running if they're using windows. ISPs should make sure users have auto-update on and an anti-virus when they install broadband service.
It seems more and more questions are ending up having the same answer. Given that you have to select an E-mail to delete it, how are users supposed to protect themselves from this one?
What a stange question to be asked on Slashdot. I figure everyone else here but the poster know the answer. One hint. It starts with a moz and ends with a zilla and can be found at www.mozilla.org
Seriously - most of the questions end-users give me regarding their frustration with the internet are answered with that simple website. We do now have a choice of what we can use.... sooner or later we will have to just stop being suprised that anything starting with the word Outlook is a dangerous way to receive email, and abandon it for something safe.
That piece of crapware is like playing russian roulette with all six chambers loaded. Name one other program on the internet that has caused more virus infections than outlook. If MS bundled the application with little to no security it sure seems to me both them and their software is at fault.
Got Code?
So use a mail client that doesn't use ActiveX and if you can't (eg using Exchange) implement some server side virus scanning with auto updating or some gateway filtering of activex code
Normal people worry me!
I guess most ignoramous would be under the assumption that having paid $150+ for an OS/software suite, it should just work out of the box. On the light side, imagine if household hardware worked like this. Oops, chainsaw runs backwards! You idiot you forgot to patch it last month! I guess that is what we have recall's for. :D
How can you get a 0.1% false negative rate when 30% of spam is getting through?
He isn't saying that 30% of spam is getting through.... He is saying that they are blocking 70% of their incoming mail as it is spam. That means that 30% is determined to be real mail.
Even if you don't switch to a client that's more secure, switching to one that's *less used* will work equally well. How many viruses are going to target, say, Pegasus Mail, even if it's riddled with overflows? Not a hell of a lot. I can understand interoperability issues with Word, Excel, etc, but this is *email*. All the clients out there work fine together, and it's not as if it takes long to learn an email client. The main concern in such a switch would be moving old stored email, and I would guess that any major Windows-based email client would provide Outlook import.
Email is also a good candidate for a piece of software to be written in eiffel or ocaml or some other safe language (Java might use too much memory, but there are safe languages that aren't as RAM-intensive). An email client does very little that's computationally expensive.
May we never see th
As far as I can tell, groupware (well, specifically meeting scheduling) is a waste of time. It just lets people drag more people into more meetings. ("Hey, John Smith doesn't have any meetings scheduled for today!" [right, John Smith is actually doing work today] "Let's add him to our meeting!")
May we never see th
I love Linux and have used it since 1996, but I don't love half-truths. Mods, do what you must:
1. Unless you have a special 'l00s4h' account for running network programs, you can lose anything owned by your normal account. Typically that's all your data (norp, zeraw, 3PMs, financial data, etc). You're saying losing all that stuff is _better_ than losing the core OS, which you can replace over HTTP in 10 minutes?
2. Even with 'l00s4h', if your kernel has priviledge escalation bugs, bad guys can still get r00t. Linux had two of these in the past six months.
3. You've personally audited mutt for overflow issues? How about the 1GB mozilla codebase?
4. You trust Debian? Gentoo? GNU? Even though they don't always cryptographically sign binaries and even though their servers were 0wned a few weeks back?
5. apt-get, emerge, etc don't typically use SSL, so how do you know you aren't being man-in-the-middled when you run it (as root)?
Linux can be made more secure than d0ze--but don't delude yourself, or others.
It's called the .NET runtime, and when Longhorn comes out and EVERYTHING including Windows itself is running on .NET libraries, you're going to have some damn secure systems. What will Slashdotters find to bitch about next? There's always something--it's impossible to satisfy people around here. The friggin' sky is always falling.
Color me cynical, but didn't MS tout the absolute security of W2k3? And Win2k before that? Sorry, with their record they're guilty until proven innocent.
I'm not saying it's 100% entirely their fault, but these worms spread because of SIMPLE factors like not patching the system, leaving settings turned on that really shouldn't be on, etc (and yes, that is more MS's fault than the end user's fault).
I get what you're saying in your analogy, but we're talking software here. It's not unreasonable to expect someone to get an update for a program if one is available. That's what it's there for.
If you buy a car, you expect it to be working properly. If it's not, there's a recall. Can't exactly download a patch for your tires. However, it IS your responsibility to drive it properly and to maintain it.
Yes, it is Microsoft's fault for making OE such an open and vulnerable piece of softare, but again, a patch WAS released for this worm MONTHS ago. It would be quite different if this was an exploit that just snuck up on most people out of the blue, but it's not, and these are the cases I'm referring to.
Even Code Red/SQL Slammer. Sorry, but if you got hit by this, it's not MS's fault, but your own since you or your sysadmin didn't apply the patches that came out 3 months prior.
Plugging your system in and expecting it to work perfectly from now till the end of time is extremely naive. I don't care how experienced of a computer user you are, you need to know the potential dangers of being online before you even connect.
We have secretly replaced these Slashdot mods' sense of humor with a rusty nail. Let's see if they notice!!
The cause of email viruses is Outlook right? But since you refuse to fix that then why don't you just treat the symptoms?
Your post makes no sense.
This must be the dumbest story ever posted. If you run Outlook or Outlook Express on a Windows machine, you are gambling, and one day you will lose. People are such fucking slow learners.
I love your logic. So what you're saying is that Linux sucks because it's free? I mean, it hardly "works out of the box" anyway.
Be careful with your rationalizations.
Web2.0: I love when people Flickr my cuil and digg my boingboing until my google is reddit and I start to yahoo
Apparently, the simple act of selecting the message activates the code.
Apparently that feature is in the Outlook and IE combination only, based on their bugs.
We Mozilla users wonder why anyone uses those anymore.
Lucky for you nobody else did.
- I'd prefer not to.
Given that you have to select an E-mail to delete it, how are users supposed to protect themselves from this one?
Disable the Preview Pane (Pain).
It's a stupid feature anyway, it's unsafe by design, and the last thing on earth I want is my computer opening my e-mails without my input.
This is OLD news. The Preview Pane shouldn't even exist until Microsoft can find some way to totally secure it, which probably won't ever happen as long as harmfull tricks can be planted in e-mail.
I've NEVER used the Preview Pane, and I don't miss it one bit. Maybe more so called "computer experts" should stop carrying stupid misconceptions and actually learn the truth behind the stupid ideas they so firmly hold onto.
"Everything you know is wrong. (And stupid.)"
Moderation Totals: Wrong=2, Stupid=3, Total=5.
This is fine until the AV service gets hit with a big outbreak and *all* emails with attachements are delayed by several hours.
Better to keep the virus checking in-house IMHO.
It is amazing how the Convicted Monopolist has managed to make a near-monopoly of the email client, and how people are so easily fooled into using such dangerous, insecure, bug-ridden trash. It does not even have a particularly good user interface.
The answer is in your hands!
Note to Sir Bill: You can't fool all of the people all of the time.... The end of your illegal monopolistic reign will come shortly, when your shareholders rebel, after the European judgment causes a collapse in the share price. And don't bother trying to get a job in software anywhere, your incompetence is not wanted anywhere.
Get better admins so the infected mails never reach the users' inboxes. Relying on users to protect the company from viruses is like letting them administer the firewall.
Which is more painful? Going to work or gouging your eye out with a spoon? Find out!
http://www.workorspoon.com
Of course that's very nearly the same list as the list of file types that most people want to attach for perfectly legitimate reasons.