Nasty New Virus Variants
Lucidus writes "Numerous journals, such as Mac Daily News and The Motley Fool, are reporting that the latest versions of the Beagle/Bagle virus can infect users' computers whether or not they open an attachment. Apparently, the simple act of selecting the message activates the code. Given that you have to select an E-mail to delete it, how are users supposed to protect themselves from this one?"
As per the article (Motley, at least) ... the virus is executed by some malicious HTML in the message, which would be activated if the message is viewed in full or preview(pane) modes. Simply clicking on the message in the list (you -did- turn the preview pane off, didn't you?) won't infect the machine. However, this does mean that similar HTML, from a web browser, might also be dangerous. Anyone have info on that idea? (Malicious websites giving you the virus by visiting the site?)
So IIS has had more security issues than Apache and SQL server more than Oracle becuase they are more widely used right? Oh...
There has not been ONE single Linux virus that has propagted in the wild: given the huge nubmer of viruses out there I would have thought someone* would have written and released one for Linux just to show it can be done.
* probably one of those fanatical Windows apologists who think that Linux users are communists** or worse
** despite the fact that it is MS that advocates central planning.
I have had received more than a few patches from Microsost which:
a) Failed to solve the problem in the first place,
b) Caused another problem to appear in a seemingly unrelated application, resulting in significant time spent debugging, uninstalling, and otherwise wasting time for something I had no control over,
c) Ended up adding significantly to the amount of unusable space on my Windows XP system,
d) Added considerably to the bloat of the System Registry.
I moved our entire company off Windows to SuSE Linux after one of our primary public facing servers became infected with a worm which enterprising hackers used to store (and later serve) German porn movies. This despite our sysadmin religiously installing patches.
That is a big part of the reason why I no longer find the argument that Windows is just simply the largest target even remotely accurate. My sysadmin also does some coding work, and every patch that needs to be uploaded reduces his profitable time; to have something that compromises the integrity of our system in such an egregious manner is not acceptable.
I would rather have a good sysadmin that knows what he's doing maintaining a secure Linux system than having a less competent sysadmin maintaining a Windows system because the system tools are easier to use, even if it means paying more to the Linux admin.
False positives aren't that bad if you handle them well. The trick is to never silently discard an email. It's much better to send a friendly error message like:
I do this with a 5xx rejection during the SMTP session. So what happens is: