Slashdot Mirror
Nasty New Virus Variants
Lucidus writes "Numerous journals, such as Mac Daily News and The Motley Fool, are reporting that the latest versions of the Beagle/Bagle virus can infect users' computers whether or not they open an attachment. Apparently, the simple act of selecting the message activates the code. Given that you have to select an E-mail to delete it, how are users supposed to protect themselves from this one?"
Don't use Microsoft products... or use them and have an up-to-date modern Anti Virus scanner.
the ISPs need to have some server-side virus scan running. we do through our company's email server, and so far, it seems to work like a champ
Alcohol & calculus don't mix. Never drink & derive.
Given that you have to select an E-mail to delete it, how are users supposed to protect themselves from this one?
Well, this one is gonna start a whole slew of flaming and trolling over the virtues of one platform over another as it is kinda a loaded question with a simple answer:
Switch
So let's start right off with a big razz towards Windows users from both the Linux and Macintosh communities.........
Thhhbibibibibbbpt!!!
Seriously though, when are you guys gonna get the picture? Microsoft if chasing a moving target here and they will always be behind the curve, reacting to the latest virus outbreak until they fix what is fundamentally wrong with the Windows architecture. Hopefully this will happen with Longhorn in 2006......or 2007.........or whenever.
How about...
a. Turn off preview pane
b. Use OWA
c. Stop using Outlook/Outlook Express
?!
Given that you have to select an E-mail to delete it, how are users supposed to protect themselves from this one?
Simple. Don't use Windows.
Don't blame me, I didn't vote for either of them!
How about they, PATCH THEIR DAMN SYSTEMS how about they, STOP USEING OUTLOOK how about they, stop useing a unsecure operating system (come on, if you like windows back patch to me, most of these virus's don't work on it)
come comment on the madness at http://slashdot.org/~phreak03/journal/
pine (or mutt)
Jon Bardin
Maybe the summary should specify that this is limited to Outlook/Outlook Express. I mean, most people probably know, but it sounds as if ALL email clients are vulnerable, which is hardly the case.
Right-click
err...
One word, hyphenated.
Use thunderbird, connect to exchange via IMAP4, use the web interface for calendaring.
Karma: Chameleon (mostly due to the fact that you come and go).
I head straight to the Motley Fool. Likewise, when I want financial info, I'm on Slashdot.
Disable the preview pane.
I don't know. Webmail, one of the numerous non-vulnerable email clients for Windows, maybe give up email entirely?
This flies in the face of science.
Don't use Outlook/OE.
There are tons of other options out there that aren't vulnerable, such as Mozilla and Thunderbird.
The viruses have mutated in the wake of developed resistance (slightly more educated users). It's an evolutionary battle being fought...
But as there are way too many deployments of Outlook as it is, and because it is Outlook/IE that is being exploited, the first solution would be to increase diversity in that field. Other mail clients, such as Thunderbird, or Eudora, will thrive while Outlook continues to succumb to these new diseases.
Oh who am I kidding, Outlook will continue to wreak its wrath upon the Net and cause us to all suffer as a result.
Doing the Right Thing should not be preempted by making a buck.
As per the article (Motley, at least) ... the virus is executed by some malicious HTML in the message, which would be activated if the message is viewed in full or preview(pane) modes. Simply clicking on the message in the list (you -did- turn the preview pane off, didn't you?) won't infect the machine. However, this does mean that similar HTML, from a web browser, might also be dangerous. Anyone have info on that idea? (Malicious websites giving you the virus by visiting the site?)
How to fix this? Install mozilla!
Anyway, according to this article here,
"Bagle exploits a flaw in Outlook, revealed in October of 2003, that allows a hacker to upload and execute a file on a user's PC without that user opening the file. Microsoft has issued a patch for the flaw in October, but users who have not updated their systems with this patch are at risk."
If you run an MS machine, and don't know that you have to update regularly, you need your head checked. Besides, updating an MS machine really is easy.
Is that guy clueless??? People still open attachments even though they don't know what it is. Remember a few weeks ago?? It happened and will happen again. This "new" twist of a virus is still crap news though...
DrkBr
One feature of MS Outlook that is missing from most other email clients is the ability to download just email headers. I use this feature to review sender/subject and I can identify all spam just from that.
Actually, I use my own program to download headers, score them for likely spam, delete the garbage emails(without ever downloading the actual content), then start outlook to get the real ones.
Obviously, if a legit sender transmits a virus, it's a problem, but I guess that's why I pay Symantec.
Given that you have to select an E-mail to delete it, how are users supposed to protect themselves from this one?
place 2 other junk emails around it, select the top 1, hold shift, select the bottom one.... DELETE.
Users can either : 1. Switch on automatic updating in which case they don't have to do anything. 2. Go to http://windowsupdate.microsoft.com and download the patches. Microsoft provide fully automatic solutions to do it. If a user gets infected they are STUPID. It isn't Microsofts fault.
... using email software which doesn't render HTML, and instead shows it as plain text without images?
... well the program has a link so you can view it in your default browser, if you really have to.
Yes, I wrote it. I wrote it because 99% of the messages I receive in HTML format are advertising. Most of those use dinky little images with referrer IDs to verify your email address is valid. The 1% I really need to see in HTML
I know it's going back to the dark ages, but maybe NOT running javascript, html, etc is actually GOOD when it comes to emails.
I'm not advertising this thing, it's freeware anyway. I was a moderately happy Outlook Express user for years, but the lack of spam torturing implements drove me to write my own. Yes, I tried Mozilla, Eudora, etc etc. I think Thunderbird looks interesting too, and I recommend it. But personally I can't do without my POP3 preview window with colour tagging for spam, valid mail, blocked senders, ignored, etc. And deleting stuff before download. And bayesian filtering. And anything else I feel like adding, whenever I want to.
Hal Spacejock: Science Fiction with Nuts
I pity you so :'( tsk tsk
Proud user of Pine since 1994. Thank you, Univ. of Washington!
? HELP - Get help using Pine
C COMPOSE MESSAGE - Compose and send a message
I MESSAGE INDEX - View messages in current folder
L FOLDER LIST - Select a folder to view
A ADDRESS BOOK - Update address book
S SETUP - Configure Pine Options
Q QUIT - Leave the Pine program
Copyright 1989-2003. PINE is a trademark of the University of Washington.
? Help P PrevCmd R RelNotes
O OTHER CMDS > [ListFldrs] N NextCmd K KBLock
An Indian-American Hindu committed to non-violent thought/speech/action alarmed by the global explosion of radical Islam
Except that it's on by default. :)
I found that out when I started work at a new company with my PowerBook. Connect to the Exchange via IMAP4 for mail, point the address book at the exchange server via LDAP. iCal wasn't around then, but using that along with groupcal would allow you to do your calendaring, and all without using a single 'authorized' MS client.
On windows...dunno, perhaps there something similar to the groupcal/ical combo to get your calendaring done without Outlook, but I'm not aware of one offhand.
Karma: Chameleon (mostly due to the fact that you come and go).
It really ensures the user wants to open attachments to emails, and it integrates fine with Norton Antivirus. It even comes with a Bayesian Spam filter (Which really works, once you get a lot of spam emails for it to learn from).
The Bat is a great program, and it's really improved, especially over the past year.
The mime-type bug has been known for a long time. Microsoft has corrected it (twice :-)). I know this because my parents' computer was infected between their first and second attempts to fix the problem.
.exe, and it was executed.
In a nutshell, Microsoft uses the filename extension, not the mime type, to decide how to open a particular file. On the other hand, Outlook uses the mime type to decide whether or not to automatically launch images, sound files, etc. So all you had to do was to send a mail with an embedded image with a filename ending in
It has been more than a year since Microsoft crippled^H^H^H^H^H^H^H^Hfixed IE/OE sufficiently to remove this vulnerability.
I must concur with previous posters that the best approach is to avoid these software products.
It has been STANDARD practice for quite some time to not use the "Preview Pane" feaute in Outlook. Since html code is displayed as if it were in a browser, this has been open to malicious attacks for quite some time.
This is not New.
This is not News.
This doesn't even matter.
This is not even accuratly portrayed. Selecting an email isn't the problem, displaying it is the problem.
"Hard work never killed anyone." -- Some Dead Guy
Also nice are programs that let you delete the email at the server before you download, such as mailwasher, and with free versions.
Of course, there are a number of alternate email clients out there that will also help block this beastie
"It is a greater offense to steal men's labor, than their clothes"
I've said it before, and I'll say it again: people need to start being responsible for THEMSELVES. It's not Outlook's fault that the user didn't patch their system.
I'm sure that if someone wanted to take the time and analyze the source for Thunderbird, they could easily write the same type of worm/virus. However, you won't get the same type of media coverage that the others written for mainstream products will get. And yes, MS does write some exploitable code.
Most users who aid in the spread of these viruses/worms are ignorant. Time after time, news report after news report, they CONTINUE to fail to keep their systems up to date.
What's funny is each and every mainstream worm has been written AFTER the patch has been released.. and it's not like the day/week after, it's 5-6 months after. That's sad.
We have secretly replaced these Slashdot mods' sense of humor with a rusty nail. Let's see if they notice!!
Switch to pine.
Or emacs/VM.
Or mutt.
Or...
Re: My Photo by Cindi
Re: Hi Sweetheart by Melissa
Re: From you Secret Admirer by Linda Lovelace
etc.
Moderate this comment
Negative: Offtopic Flamebait Troll Redundant
Positive: Insightful Interesting Informative Funny
Nothing to see here
The problems come about when you have a bunch of software set up together that works. Then MS goes change something in IE and Acroreader stops working forcing you to go upgrade or reinstall acroreader. Things seem OK for a while, then something else stops working...
This is fire-fighting of an out of control software platform. It is not exactly a great user experience. MS stuff was never really designed to be hooked to the internet.
Engineering is the art of compromise.
It occurs to me that both of the articles in the post are extremely light on facts. Furthermore, one of them has the rather pithy headline "Five new Windows Bagle virus variants break nasty new ground; Macintosh unaffected". Frankly, I don't care enough about the story to go hunting for news from appropriate sources like Symantec or McAffee, but it would be nice to see /. posters and/or editors go the extra mile to get out there and find information that is slightly higher than tabloid-quality.
Normally, I would bite my tongue on something like this, but it seems pretty obvious that in this case, the underlying theme of the article is "ha ha, isn't Microsoft terrible", which is pretty juvenile and meaningless. Here's a company that provided - in October - a working patch to prevent the flaw that is exploited by this virus. I'd say that's pretty reasonable, given the circumstances.
[Cue flames.]
...Whether my Maker is prepared for the great ordeal of meeting me is another matter.
Churchill
Shouldn't the headline have been "virus exploiting known Outlook vulnerability" or similar?
So while the headline gives a different impressions, everyone using Opera, Mozilla, The Bat or others are still not affected.
Clever signature text goes here.
My drive died this weekend, so I wanted to reinstall Windows 2000. Easy task. Normally speaking yes, but as soon as you want to install the windowsupdates and connect your machine to high-speed internet via your cable company you will instantly get infected - like I did.
Yes, I did have NortonAV installed, but of course it's definitions aren't up to date until it connects to the net too.
Fun times - and many hours into the night with manually editing the registry for bad GUIDs I now have a virus free/locked down 2000 machine.
Some of the new worms we even smart enough to mangle Explorer.exe so you couldn't get to the system32 directory. The only way: cmd.exe.
Microsoft just lost my business.
My next OS is linux.
You should try extorting sex for fixing women's computers. You'd be surprised how often it works. ^_^
My policy has always been to disable html-enabled mail. Aside from this recent issue and the hundreds before it, html-enabled e-mail is a major security/privacy invasion. Just use plain text. If you're still using Outlook, no comment.
I've said this before, SWITCHING FROM WINDOWS TO LINUX WILL NOT ELIMINATE THE PROBLEM. .zip file prove that.
If a user does not know how to run a windows machine (keeping up to date on patches, running antivirus software, etc) then please explain to me how they'll be able to admin a linux machine. The truth of the matter is, they can't and they won't. The ranting of *nix fanbois aside, the problem exists between chair and keyboard. The email viruses that require you to open a password-protected
I'm certainly not trying to hold up windows as the platform of choice, because it sure as hell isn't mine; but regardless of your operating system of choice, if you're clueless you're clueless; and unless you fix that first, you're not going to fix the overall problem.
I'm not saying this to single out Windows users. Most non-professional Mac users are the same way. It's just that Windows is used by people who use what everyone else uses because they feel safe in doing so. They may not know how their computers work, but they're more afraid of looking deviant than having technical malfunctions.
The subconscious refrain of Windows users around the globe is, "Well, at least I'm not the only one with this problem."
Those Windows users who actively try to prepare themselves against the almost daily barrage of new worms, viruses, vulnerabilities, and other Windows annoyances still have a difficult time keeping up with it all. Even experienced Windows power users frequently find themselves overpowered by the ongoing war against malicious code.
So the solution to this vulnerability is simple. But when you look at the situation in context, the potential for widespread havoc is a lot greater.
Read the EFF's Fair Use FAQ
AV solutions can and do break. Our's did at my provider. We still haven't got it back online. Our users have had to endure the full brunt of infected email for far too long.
No single AV solution can be up-to-date at all times. For starters we can't update our virus definitions within minutes of a newly discovered virus. It just doesn't happen. AV companies couldn't afford the bandwidth without raising our costs beyond what's considered reasonable. Free solutions such as ClamAV certainly couldn't afford it. Also, not all AV companies discover viruses at the same time. F-Prot might find the latest version of MyDoom before Symantec does. The fact that they found it means it's already in the wild as someone has had to analize it, create a patch for the defs to match this virus, get the patch through Q&A, and get it approved for the next release. There could be numerous hours between the virus getting into the wild, being discovered, being analyzed, and being caught in the latest virus defs.
Finally no defense of any kind should ever be one layer thick. One layer thick means you have no backup plan. No backup plan means you have no contingency for failures. No contingency for failures means your DRP (disaster recovery plan) has either been written fraudulently or you don't have one. In today's business world that means you'd better start updating your resume. A provider's mail system should not be the only line of defense from email-based viruses. Every single end-user desktop should have an up-to-date AV tool scanning all mail ahead or as a companion to the MUA. This is the *only* acceptable means of defense. You have to have end to end protection.
Many AV company's licensing scheme take both mail system users and desktops into account. Read the wording carefully because you may very well be able to use the end-user license to cover that user's part of the mail system....
Well, actually, I do well helping out joe sixpack with exactly this sort of thing. Not everyone is a programmer.
and you might be interested in these articles
Eric Raymond's rants: Part Onet ml
http://www.catb.org/~esr/writings/cups-horror.h
Some follow-ups:e ux.html
http://www.catb.org/~esr/writings/luxury-part-d
And mind you, I really don't like bill gates, either. So your criticism might be slightly off base. have a beer or take a pill, please
"It is a greater offense to steal men's labor, than their clothes"
Outlook and Outlook Express give you the option to view all messages as plain text, which strips the HTML out. Anyone know if that renders them safe to the content, or the content is still interpreted and executed?
A lot of organizations use Outlook in some form or another, so a quick fix like this one could be very beneficial -- if it is a fix.
If you select more than one message, the program actually doesn't open them, you can then delete those message in block without ever activating the virus.
-click on your last legitimate email,
-bulk select by clicking on the most recent one using the appropriate modifier key (viruses are also on other platforms, except, maybe, osX which has luck, youth and good design on its side)
-unselect legitimate emails in the selection block using the appropriate modifier key
-use your menu command to send them to trash (draging with your mouse might slip and select if you are a sloppy clicker like me) or the appropriate folder (junk or anything)
Of course you have to know first which message contain the virus but if you are like me, you only open email from people you know bearing a subject line that is logical and/or precise. It's actually well regarded by people when you ask them to always write a subject line that contains keywords for you to know that they haven't been generated by a virus sending itself using the incredible Microsoft technologies, anything, usually some passphrase other than generic stuff like "I wanted to get back to you" or stuff like that.
For the people I don't know of yet but want to reach me legitimately I often go in my junk mail folder (created using simple rules) and look for legitimate subject line and sender address, anyone who has "funny" names and uses generic subject line simply is out of luck with me. Much like we tell kid not to open the door to strangers we shouldn't open anything that comes in the email box, even if the stranger is his uncle, if the kid doesn't know him he is well advised not to open the door, the uncle will understand and the parents will be proud.
Why do Windows users get all the good viruses? You people do know us Mac users are still alive, right?
MS stuff was never really designed to be hooked to the internet.
Well, sometimes, it seems like it was *too* designed to be hooked to the internet... after all, aren't a lot of these worms based on exploits in code that is designed to allow remote access to your machine?
Don't you wish your girlfriend was a geek like me?
It seems more and more questions are ending up having the same answer. Given that you have to select an E-mail to delete it, how are users supposed to protect themselves from this one?
What a stange question to be asked on Slashdot. I figure everyone else here but the poster know the answer. One hint. It starts with a moz and ends with a zilla and can be found at www.mozilla.org
Seriously - most of the questions end-users give me regarding their frustration with the internet are answered with that simple website. We do now have a choice of what we can use.... sooner or later we will have to just stop being suprised that anything starting with the word Outlook is a dangerous way to receive email, and abandon it for something safe.
That piece of crapware is like playing russian roulette with all six chambers loaded. Name one other program on the internet that has caused more virus infections than outlook. If MS bundled the application with little to no security it sure seems to me both them and their software is at fault.
Got Code?
.bat .com .exe .lnk .pif .reg .scr .url .vb .vbs .vbe .zip
with your favorite milter
>c. Stop using Outlook/Outlook Express
I dont know why slashdot posted this particular fact-free article and with the "what are users supposed to do?" tagline.
The patch is six months old, people. This isn't some major zero-day exploit that is tearing the internet apart.
I use firefox/tbird on windows, but still, lets be sensible here. People can use the IE/OE combo without too much fear as long as they keep auto-update running.
I use a program called "ePrompter" which is basically a simple text-based mail checking solution for Windows. Helps you read your email quickly and "see" what attachment exists, without providing any sort of access to that attachment. So, I use it to check and read my mail (even reply) when there is no attachment. When there is an attachment (i.e. an email with an attachment that i'm expecting), I use Outlook (or any other email program) to retrieve that file. I highly recommend it. Very simple interface and very intuitive to use. Get it either from www.eprompter.com or download.com from Cnet. Pranav
If I have seen farther than others, it is because I was standing on the shoulders of giants.
Their study specifically excluded email client and web browser vulnerabilities, the principal vectors of Windows viruses, worms and trojans. No wonder they found Windows to be "more secure" than Linux - their study left out most of the Windows security problems.
The firm doing the study are known bozos - they pretty much predicted armageddon on 1/1/2000, and still have much egg on their face from that. They also stretched the truth about their experience and expertise in the computer security field - they were doing something quite different for the first several years of the company's existence, but their press claims security expertise for the whole time.
An AC citing a "study" known to be flawed, designed to gain free press for the flawed company conducting it should not be trusted.
Even if you don't switch to a client that's more secure, switching to one that's *less used* will work equally well. How many viruses are going to target, say, Pegasus Mail, even if it's riddled with overflows? Not a hell of a lot. I can understand interoperability issues with Word, Excel, etc, but this is *email*. All the clients out there work fine together, and it's not as if it takes long to learn an email client. The main concern in such a switch would be moving old stored email, and I would guess that any major Windows-based email client would provide Outlook import.
Email is also a good candidate for a piece of software to be written in eiffel or ocaml or some other safe language (Java might use too much memory, but there are safe languages that aren't as RAM-intensive). An email client does very little that's computationally expensive.
May we never see th
As far as I can tell, groupware (well, specifically meeting scheduling) is a waste of time. It just lets people drag more people into more meetings. ("Hey, John Smith doesn't have any meetings scheduled for today!" [right, John Smith is actually doing work today] "Let's add him to our meeting!")
May we never see th
that virus WRITERS are not auto executing!!!
Crisis is the rule, not the exception.
I love Linux and have used it since 1996, but I don't love half-truths. Mods, do what you must:
1. Unless you have a special 'l00s4h' account for running network programs, you can lose anything owned by your normal account. Typically that's all your data (norp, zeraw, 3PMs, financial data, etc). You're saying losing all that stuff is _better_ than losing the core OS, which you can replace over HTTP in 10 minutes?
2. Even with 'l00s4h', if your kernel has priviledge escalation bugs, bad guys can still get r00t. Linux had two of these in the past six months.
3. You've personally audited mutt for overflow issues? How about the 1GB mozilla codebase?
4. You trust Debian? Gentoo? GNU? Even though they don't always cryptographically sign binaries and even though their servers were 0wned a few weeks back?
5. apt-get, emerge, etc don't typically use SSL, so how do you know you aren't being man-in-the-middled when you run it (as root)?
Linux can be made more secure than d0ze--but don't delude yourself, or others.
Turning off the preview pane isn't enough sometimes. Why take a chance that a message that looks like it might either be from a trusted contact, or a virus/spam?
In Outlook Express, you can right-click on a message, properties, and view the headers in the Details tab. If that's not enough info for you, hit the Message Source button and you'll be treated to a beautiful non-rendered view of the entire message, including any html code. If it's unreadable there, then you have got a virus, spam, or (even worse) an AOL user.
I'm too lazy to set up a filter, so I manually scan for spam like this.
Given that you have to select an E-mail to delete it, how are users supposed to protect themselves from this one?
This is nothing new. Leigh Stivers of DP Technology, researching in the wake of ILOVEYOU from May 2000, demonstrated in the fall of that same year that anything goes with poor products like Microsoft Outlook.
This revelation, like ILOVEYOU and all that followed, did nothing to move the masses away from their bad habits. AnnaK followed, and after that things only got worse, and still we find people trying to batten down the hatches and still use Outlook and Swiss cheese Microsoft technology.
So how do you avoid threats like these new Bagles? Easy. You stop using Windows because you're supposed to be smarter than that at this point in time - after getting the shit kicked out of you for four years straight.
Second, if you're simply too lame to abandon your beloved Windows, then you at least abandon Outlook and all IE-related email technologies such as Eudora. Any email client relying on Internet Explorer is a sitting duck, and you know it.
I am not telling anyone anything they do not already know; even posing such a question - 'how in heavens will we protect ourselves now?' - is so lame it's beyond description.
The Bagles are hardly the worst threat right now anyway. Phatbot is out there, harvesting machines like they're going out of style, and coming ever closer to the first million mark. This is outright organised crime. The machines are left as backdoored P2P bots and can harvest bank account details, credit card details, passwords all over the place, and the corrupted machines can be used in further spam attacks - where the unwitting, claiming ignorance and helplessness, go ahead and click on things and use Windows and Outlook and then ask 'how can we protect ourselves?'
It's not interesting anymore. There's no point in trying to help those who categorically refuse to help themselves and take the necessary steps to be safe. The only concern, voiced for years now, is that these ignoramuses are ruining the Internet for the rest of us - and that is a very real and very justified concern.
It's called the .NET runtime, and when Longhorn comes out and EVERYTHING including Windows itself is running on .NET libraries, you're going to have some damn secure systems. What will Slashdotters find to bitch about next? There's always something--it's impossible to satisfy people around here. The friggin' sky is always falling.
this is why I check my email on other people's computers...
New Outlook Hole Found
http://radsoft.net/news/roundups/luv
May 8, 2000 0:00 AM UTC
This is getting ridiculous. An email appears in Outlook's inbox, and even before the user does anything, a message pops up on the screen. 'Had this been a real virus, you would not be happy', it reads. The relieved user clicks 'OK' and another box pops up.
'Deleting hard drive now... Just kidding!'
It was written by Leigh Stivers of DP Technology, who is trying to draw attention to a hole in Outlook that is far more dangerous than the ones ILOVEYOU found - this hole allows any email to be loaded invisibly with a destructive program that could go as far as deleting an entire hard drive.
Unlike viruses like ILOVEYOU or Melissa, these programs have no attachment and give no indication that they are anything other than ordinary email.
And with Outlook's factory defaults, this program - which might have been set to wipe your entire hard drive clean - can start running without you having to click a thing, before Outlook even tells you mail is there.
'The script can do almost anything', said Stivers. ''We were amazed to see how open everything was in house here, and we take security pretty seriously.'
You shouldn't have been amazed, Mr. Stivers. But thanks for the tip. We shall now visit the C|net link and read the article and within 30 minutes be running a better email client - for this writing on the wall is surely enough for even the lamest Outlook user?
http://news.com.com/2100-1001-240189.html
Mail Washer lets you preview your mail BEFORE you download it. And it automatically ignores images and shows paths of links. It also has heuristics to detect viruses.
I guess you missed the study Slashdot itself posted that showed Linux was the most-breached OS. Incidentally, BSD was the least-breached.
I saw the study. It was done the British group Mi2, who is about as useful as IDC or Gartner, with their own vested interest. In almost every situation, the Linux openings were simple PHP's being hit on systems with multi domains rather than the systems being owned. Too be honest, I would love to see a company/group without a vested interest do a real study and report the numbers.
BTW, even though your BSD statement was a simple red herring, I suspect that it has merit.
I prefer the "u" in honour as it seems to be missing these days.
It's astonishing that you can do anything useful in it, let alone write a virus in it.
I spent a large part of my last job writing custom Excel applications in VBA. Most of them were for engineers who wanted an easy yet flexible way to input and summarize data. Excel provides an interface they're already familar with, and I provided a few bits of VBA code to make complicated tasks easy. Sure, I could have written a custom application for each task, but that would have been overkill, not to mention a waste of my time and my employer's money.
The virus writers started to piss me off when we switched to Office XP. XP automatically sets your macro security to maximum, and it became a big hassle to tell my users to lower their security. Anymore, they don't trust any macros, even from someone in the same company. (In anticipation of someone mentioning signed macros: setting up my cert on every computer is no easier than setting the macro security to medium.)
...I think he meant strip out Outlook too :).
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
Unfortunately it's simply someting approaching irresponsible of you to think that people are going to be "responsible" for themselves in this sort of situation. And you probably know it.
I just got an email forwarded from my own father in law asking me if this trick someone forwarded him will work. The email encourages everyone to create an "AAAAA@AAAAAA.AAA" entry in their outlook address book: they go on to explain that the worms will try this first and when it fails they will quit.
By the extreme number of angle brackets on the left side of this forwarded message... i'd say there's a lot of people with AAAAAA@AAAAAA.AAA in their outlook address book at this moment.
I think you are asking too much of these people to have them actually understand about patching, updates (btw, my father in law dials up via a not-too-fast modem... and lives somewhat out int he country), HTML exploits, etc etc.
I'm not saying it's 100% entirely their fault, but these worms spread because of SIMPLE factors like not patching the system, leaving settings turned on that really shouldn't be on, etc (and yes, that is more MS's fault than the end user's fault).
I get what you're saying in your analogy, but we're talking software here. It's not unreasonable to expect someone to get an update for a program if one is available. That's what it's there for.
If you buy a car, you expect it to be working properly. If it's not, there's a recall. Can't exactly download a patch for your tires. However, it IS your responsibility to drive it properly and to maintain it.
Yes, it is Microsoft's fault for making OE such an open and vulnerable piece of softare, but again, a patch WAS released for this worm MONTHS ago. It would be quite different if this was an exploit that just snuck up on most people out of the blue, but it's not, and these are the cases I'm referring to.
Even Code Red/SQL Slammer. Sorry, but if you got hit by this, it's not MS's fault, but your own since you or your sysadmin didn't apply the patches that came out 3 months prior.
Plugging your system in and expecting it to work perfectly from now till the end of time is extremely naive. I don't care how experienced of a computer user you are, you need to know the potential dangers of being online before you even connect.
We have secretly replaced these Slashdot mods' sense of humor with a rusty nail. Let's see if they notice!!
If you refuse to use a mail client besides Outlook Express:
1) Disable the preview pane. View messages by double clicking them. That way you're never forced to view a message you haven't made the decision to view, either by trying to delete it or by it being the top message in your inbox. This also helps to reduce spam, because spams with linked images can be used to verify that you read the email.
2) Only view email you trust. For the rest, view the message source or ignore the message.
3) The above will stop 99% or more of email viruses out there. To further reduce the risk, patching frequently and using a spam filter helps. Virus scanners like AVG also help but you can expect a noticeable slowdown in system response if you use one. I don't. No virus problems ever in 12 years.
Aparently they've never heard of e-mail software other than Outlook. Many e-mail programs do not execute the VBS code or other attachments of a message simply by selecting it from the Inbox.
signature pending slashdot approval
Does anyone have some tips for running these under Wine? I know that I can install Outlook XP under Crossover, with full support in Crossover 3.0 which is coming out soon, but I'm not sure if it supports these viruses yet. I know that Wine supports Sircam, but unfortunately there isn't a virus section in the appdb yet. I think the Wine devs don't get it. We run Wine for the full "MS Windows Experience", not just the software.
did you read the study and what they where calling 'breached'?
It was incredible.
I don't care what OS they where testing, there test proved only one of two thing:
1) they're catering to who paid them
or
2) they have no clue.
Besides, the poster staement was about Apache, not Linux.
The Kruger Dunning explains most post on
This must be the dumbest story ever posted. If you run Outlook or Outlook Express on a Windows machine, you are gambling, and one day you will lose. People are such fucking slow learners.
The problem is with the mindset of most endusers.
I've enabled automatic updates friends' and co-workers' computers and they still don't go through installing patches even with ballon reminders. And MS does not even have automatice update for Office products.
1f u c4n r34d th1s u r34lly n33d t0 g37 l41d
Apparently, the simple act of selecting the message activates the code.
Apparently that feature is in the Outlook and IE combination only, based on their bugs.
We Mozilla users wonder why anyone uses those anymore.
Given that you have to select an E-mail to delete it, how are users supposed to protect themselves from this one?
Easy, I'll just select and delete it really fast.
-Colin
Given that you have to select an E-mail to delete it, how are users supposed to protect themselves from this one?
Disable the Preview Pane (Pain).
It's a stupid feature anyway, it's unsafe by design, and the last thing on earth I want is my computer opening my e-mails without my input.
This is OLD news. The Preview Pane shouldn't even exist until Microsoft can find some way to totally secure it, which probably won't ever happen as long as harmfull tricks can be planted in e-mail.
I've NEVER used the Preview Pane, and I don't miss it one bit. Maybe more so called "computer experts" should stop carrying stupid misconceptions and actually learn the truth behind the stupid ideas they so firmly hold onto.
"Everything you know is wrong. (And stupid.)"
Moderation Totals: Wrong=2, Stupid=3, Total=5.
Given that you have to select an E-mail to delete it, how are users supposed to protect themselves from this one?
From best solution to workaround:
1. Don't use a Microsoft E-mail client
2. Use a virus-scanner that catches it before it is opened
3. You do not *have* to view an e-mail in order te delete it, if you close the preview pane you can delete it without viewing (even in Outlook Express). This is not exactly what I'd call convenient, though.
Every expression is true, for a given value of 'true'
Donald 'Duck' Dunn: We had a band powerful enough to turn goat piss into gasoline.
Try Knopix or any other of the several live CD distributions.
Stop the excuses, you can try Linux today.
IANAL but write like a drunk one.
It is amazing how the Convicted Monopolist has managed to make a near-monopoly of the email client, and how people are so easily fooled into using such dangerous, insecure, bug-ridden trash. It does not even have a particularly good user interface.
The answer is in your hands!
Note to Sir Bill: You can't fool all of the people all of the time.... The end of your illegal monopolistic reign will come shortly, when your shareholders rebel, after the European judgment causes a collapse in the share price. And don't bother trying to get a job in software anywhere, your incompetence is not wanted anywhere.
Get better admins so the infected mails never reach the users' inboxes. Relying on users to protect the company from viruses is like letting them administer the firewall.
Which is more painful? Going to work or gouging your eye out with a spoon? Find out!
http://www.workorspoon.com
Almost all of the viruses from the last few years have been "open attachment to get infected" types. That this one isn't that way is fairly big news.
The Preview will execute the code contained within the mail message in exactly the same way as if you had opened it. It has been this way for a few years
What does that even mean? Execute the code? Do you mean "render the HTML"? Outlook Express doesn't execute script in the preview window or the "opened message" window. I'm guessing this new virus either forces script to execute via some exploit, performs an exploit in general HTML rendering, or performs some exploit against ActiveX. The important distinction here has never been between "previewing the e-mail" and "opening the e-mail", it's been between "looking at the e-mail" and "opening the attachments".
Let's not stir that bag of worms...
They make a good product, but just because they are the current market leader, makes them a big target. The problem is not Microsoft, it is the loose nut behind the keyboard, in laymans terms, the user. We have worked to train our users to be cautious of opening any e-mails, even from people they know. I have even done the impossible, trained my family. If we all work to training the users on how to pick out the trash or actually filter the mail, the problem will be fixed. If you have a good virus scanner such as Norton or Trend, it will help as well. We are never going to stop these variants, so the best we can do is train our people and use every tool we have to prevent them from being able to get through 99.9% of the time. Anything that gets through should be caught by your virus scanner if you have it up to date and set on a high enough setting. Josh