New IM Worm On The Loose

elfarto writes "Techweb is reporting that a new worm that spreads via Microsoft's instant messaging client began badgering users Monday, several security firms said. Dubbed Funner, the worm propagates by sending itself to all the contacts listed in the user's copy of MSN Messenger, Microsoft's IM client. There is an analysis on Symantec Security Response Site; apparently the worm tries to download stuff from www.78p.com and adds entries to the hosts file pointing to more that 400 Chinese porn sites. The worm also sends itself to the whole contact list as funny.exe so it requires the user interaction to actually execute it. "

Another reason to move to GAIM

[JosephusTX]

Had to be the first - I enjoyed the Screen Savers segment!

Re:Another reason to move to GAIM

[Mstrgeek]

Great section on the show hope we get more users out of that bit of air time

Re:Another reason to move to GAIM

[Carnildo]

Switching to GAIM wouldn't help here. All the worm is using MSN Messenger for is as a carrier for the file; there's no particular security hole involved. It's no different from sending a virus attached to an email.

Re:Another reason to move to GAIM

[Lehk228]

damn, i knew they should have left the gaim file xfer broken

Re:Another reason to move to GAIM

[superpulpsicle]

Or you can use Trillion. You end up with AOL, MSN, ICQ and a million other accounts under one. That way you don't put all your eggs in one basket.

Re:Another reason to move to GAIM

[tonsofpcs]

Not necessarily, but it is a nice reason to move away from Microsoft Windows.

Linux Anyone?
SuSE (Novell)
Red Hat
Mandrake
GenToo
Slackware
And get others from Distrowatch

Re:Another reason to move to GAIM

[Lehk228]

actually gaim handles AOL, MSN, ICQ, Yahoo!, IRC, and Jabber.

Re:Another reason to move to GAIM

[Teknogeek]

As does Trillian, actually.

Re:Another reason to move to GAIM

[eean]

You got it back words. In general, switching to Gaim won't help, cause it isn't any vulnerability in particular being spread. However in this case it would help, because if you set your little sister up with Gaim and she ran the funny.exe one could assume it wouldn't be able to spread itself further (funny.exe not familiar with Gaim).

Even better, set your little sister up with Linux and not have to worry about all the other crap funny.exe will do.

Re:Another reason to move to GAIM

[Curtman]

You forgot Gadu-Gadu, Novell Groupwise, Napster, Zephyr, SNPP, and Silc.

Re:Another reason to move to GAIM

[RLiegh]

and you forgot poland, as well.

Re:Another reason to move to GAIM

[Curtman]

and you forgot poland, as well

What, Gaim can communicate with whole countries now? That could have saved the Americans a bunch of cash with the Iraq plugin. LOL. I'm pretty sure you're talking about Gadu-Gadu which I did mention.

Re:Another reason to move to GAIM

[Tongo]

Why couldn't someone write a worm that infected IM clients on Linux. Damn, don't you get it? Any box that isn't physically isolated from the rest of the world is vulnerable. Linux and GAIM are both less vulnerable only so far as people don't target them.

Re:Another reason to move to GAIM

[tvon]

Does trillian offer anything Gaim doesn't?

Re:Another reason to move to GAIM

[jobeus]

No, I bet he was talking about http://www.youforgotpoland.com/.

Re:Another reason to move to GAIM

[Yartrebo]

GAIM would help, though only because you would be running Linux. The worst that can happen under WINE (which you would need to execute the payload) is that it screws up your WINE installation. Once you kill the WINE process, anything memory resident is wiped clean. Furthermore, only a handful of viruses manage to run under WINE, as viruses can do some tricky stuff.

Re:Another reason to move to GAIM

[oddfox]

I know that I prefer Trillian in Windows simply because I don't feel like loading the GTK+ toolkit and everything in Windows. Memory usage isn't a huge concern anymore though since I'm off 256MB and up to 1GB, but GAIM used to be horrid compared to Trillian in WinXP on 256MB. I dunno, Miranda IM is one of my fav light-weight multi-protocol clients, and it's on Windows if it hasn't been ported already.

My recommendation is try them out and find out which one is right for you. They're not big downloads and they're not long installs, everything in any modern IM system is stored server-side so there's no pain switching between clients in the first place ICQ is the only protocol I've ever had problems w/getting contacts off the server, and that seems to have gone away completely sometime in the past, can't quite put my finger on when.

Re:Another reason to move to GAIM

[GundyRage]

"GAIM would help, though only because you would be running Linux."

Bzzzzzzz!

http://gaim.sourceforge.net/win32/index.php

Re:Another reason to move to GAIM

[wheany]

Tell me how any of those things stop someone from making a worm that sends itself to all your Gaim contacts, and how they stop you from executing the worm when you receive one from your friend.

This worm does not exploit a hole in MSN Messenger. Users have to execute the worm themselves. It does not execute automatically.

Re:Another reason to move to GAIM

[ATMAvatar]

Why switch to GAIM? If you were using the regular MSN client, you'd be up quite a bunch of money - 400+ chinese porn sites times $240

Re:Another reason to move to GAIM

[spitzak]

Are you sure the worm could not take advantage of data files saved by previously running IM and also send messages using IM even though you are running Gaim?

Re:Another reason to move to GAIM

[balloonpup]

Yep, it doesn't require one install the GTK+ toolkit, and the interface seems better IMHO. Granted, others may prefer GTK and the interface. I also rather like the plug-ins that Trillian offers.

Re:Another reason to move to GAIM

[Tongo]

lmao, I knew this would be modded a troll. If the mods out there can post AC and tell me why this is a troll, please do so. Did I just become a victim of /think?

Re:Another reason to move to GAIM

[It'sYerMam]

Yeah, I prefer the Trillian GUI to almost anything else I've seen. Especially in the default skin (at least in the free version) where you have that large globe, whereby you can easily access all areas of the program.

Re:Another reason to move to GAIM

[B2382F29]

Unfortunately, Trillian can't handle Unicode Messages. I don't remember which protocol (ICQ, AIM or MSN), but a message with e.g. chinese characters would just produce an error message like "Unicode not supported in this version", whereas GAIM worked like a charm with no problems at all.

Conclusion: forget Trillian if you don't want to restrict yourself to ISO-8859-1 Characters.

Re:Another reason to move to GAIM

[BlackHawk-666]

Furthermore, only a handful of viruses manage to run under WINE, as viruses can do some tricky stuff.

The WINE team are working hard every day to improve their compatibility with modern Windows viruses for the Windows enthusiast who insists *all* of their software runs.

Re:Another reason to move to GAIM

[smacktits]

Yes, it doesn't crash horribly or use enormous amounts of RAM, unlike win32 gAIM.

Re:Another reason to move to GAIM

[lordtelamon]

Well there is still a big difference between gaim and trillian. gaim is opensourced while trillian isn't.

Re:Another reason to move to GAIM

[Tongo]

Just to pick nits, but physicall isolation includes media IMO.

I agree with you totally about the problem being with the programmers and I agree that open source usually will get fixed faster. But it's not inherently more secure, which is what my first post was trying to point out.

Re:Another reason to move to GAIM

[3770]

Is that Dr. Seuss?

I saw Cmdr Taco post this live on TV

[Araxen]

I saw him post this live on G4TechTV! They have very nice interface to weed out and post the news to the site.

BTW, it was posted via a Mac.

Re:I saw Cmdr Taco post this live on TV

And Hemos, even after having seen Taco post this live, will be posting a dupe momentarily.

it finds porn?

How is this a bad thing?

Re:it finds porn?

[Carnildo]

The summary is misleading. The worm actually hides about 900 asian porn sites, redirecting them to the worm's homepage.

Re:it finds porn?

[strider44]

Don't worry, the worms website will be down in 10 minutes.

Re:it finds porn?

[strider44]

Too late

This will be successful.....

[bob65]

Because we all know everyone executes a file called "funny.exe" without thinking.

Geez, who cares. If a dumbass like me thinks that would be ridiculous, I'm sure everyone else in the world would think so too.

Re:This will be successful.....

[mr_don't]

I'm with you, but you know, my users a t work will run ANYTHING...

Users can be psychotic sometimes...!

Re:This will be successful.....

[Zakabog]

Let's see, the average persons friend sends them a file called funny.exe. The average person really enjoying the kind of crap that their friend's send them online, executes funny.exe (which by the way will show up as just "Funny" on the average computer as extensions are hidden by default) gets infected by the worm, notices they get a ton of pop ups, porn sites, all kinds of junk and their computer runs really slow, blames the manufacturer of the PC (Gateway, Dell, IBM, whatever.) Never realizes it was an issue with MSN to begin with, continues on with their life promising to never buy another computer from Gateway, Dell, IBM, whatever. I've seen it happen so many times. My uncle even blames me for the crap that gets installed on his computer (usually while I'm not there, as I live 300 miles away) and doesn't really thank me when I install ad-aware and get rid of the junk (thinking whatever he just did on the computer made everything work right.)

Re:This will be successful.....

[Ghostgate]

You are seriously underestimating the general cluelessness of the average computer user. I think it could be named "worm.exe" and a lot of people would still run it.

The knowledge (or lack thereof) of the average computer user is the real reason that security is such an issue today.

Re:This will be successful.....

[HermanAB]

No, worm.exe won't spread nearly as fast as virus.exe...

Re:This will be successful.....

[JohnnyGTO]

I finally told my Uncle to to pull his head out. He didn't like that but boy once he found out how much I was saving him in tech bills he started calling again. To bad for him, I now have better things to do.

Re:This will be successful.....

[HangingChad]

notices they get a ton of pop ups, porn sites, all kinds of junk and their computer runs really slow

But how would Windows users notice? That's normal operation for most of them.

Re:This will be successful.....

[MmmDee]

... as extensions are hidden ... Never realizes it was an issue with MSN to begin with

I'm sure you meant the virus/worm writer, as I don't believe MSN is in the habit of authoring and distributing malware. And remind me again, just what significantly more recognizable file extension that Unix/Linux uses to differentiate executable files. The many of us who have used (abused?) quite a few architecturally different OS's realize each has their vulnerability. I and many more seasoned (read "old") technology folks know Linux's days are coming. It's comforting to realize as great as new inventions seem, there will usually be something "better" in the next generation (though nothing will ever exceed VMS).

Re:This will be successful.....

[PhoenixFlare]

Gotta love how insulting generalizations are "Insightful" around here when you're referring to a MS product. Just because some MSN users are ignorant, does not mean all of them are.

That's like saying "All Linux users are elitist snobs", just because there's some jerks mixed in out there.

Re:This will be successful.....

[PhoenixFlare]

Okay, didn't read quite close enough, but still - these kind of comments are asinine. Hardly insightful.

Re:This will be successful.....

[aardvarkjoe]

That's like saying "All Linux users are elitist snobs", just because there's some jerks mixed in out there.

Well, to be fair, I think that his comment was more akin to saying "Most Linux users are elitist snobs." Of course, some might argue that that one's true, too :)

Re:This will be successful.....

[mikji]

>My uncle even blames me for the crap that gets installed on his computer (usually while I'm not there, as I live 300 miles away)
>and doesn't really thank me when I install ad-aware and get rid of the junk
>(thinking whatever he just did on the computer made everything work right.)

What a fucking dumbass. Stop helping him, it's not worth your time.

Re:This will be successful.....

[cyfer2000]

virus.vxd and virus.com days were brilliant, sign...

Re:This will be successful.....

[elhedran]

When I heard about it, first thing I thought was "Hey, at last a practical use for those Turing test AI's"

virus: hey its [nick gotten of settings] here, you gotta check this out.
* virus sends file
bob: did you check it for virus
(match word virus) virus: yeah, I checked it out, its safe.

Also could check for 'is it...you', various 'bye's, etc. Actually get around the 'don't run stuff you shouldn't trust thing'.

Now mod me down before a worm author sees this comment and actually writes a messenger worm like that :)

Re:This will be successful.....

[GMFTatsujin]

Everything except a virus checker...

*sigh*

Re:This will be successful.....

[jack_csk]

Just like everyone opens a jpg file called "hello.jpg"

By the way, what's wrong with goat.se? It seems that I can longer retrieve that hello.jpg

Re:This will be successful.....

[bakes]

Even faster than that would be do_not_open_me_I_am_a_virus.exe

Re:This will be successful.....

[bmo]

"Gotta love how insulting generalizations are "Insightful" around here when you're referring to a MS product. Just because some MSN users are ignorant, does not mean all of them are."

Not only are MSN users ignorant, most Joe and Josephine users are that ignorant *in general*.

I just spent 3 hours today cleaning up a machine that had upwards of 60 trojans and other malware on it. One of which was a keylogger. It was amazing that this machine ran at all.

Does the owner of said computer have any clue about how all this malware got there? Nope. He's got 3 kids, though, that all use the same computer. I

He is ignorant, in the truest sense of the word. He is also *typical* of most home computer owners. People these days expect their machines to simply work, like toasters, because the interface hides the real complexity. I have been trying to educate him, and it's been a battle.

But regardless of that, MSFT has never done any User Education itself. Bill prefers it that way, and that's a shame. Keeping the users ignorant allows MSFT to Blame The User when it comes to exploits (You Failed to Upgrade!), allows them to force DRM down their throats, and basically allows the company to run roughshod over its customer base, without complaints.

So yes, MS users are ignorant. They simply do not know better, and their precious vendor, Microsoft, is aiding and abetting this ignorance.

So what are *you* doing to educate your users?

--
BMO

Re:This will be successful.....

[BisonHoof]

I tried clicking on your "funny.exe" link and it did nothing. Please advise.

Re:This will be successful.....

[Demanche]

I work for tech support for one of the mentioned companies.. and I can tell you now.. tomorrows prolly gonna suck :)
*thinks about taking a day off*

Re:This will be successful.....

[Yartrebo]

I generally run just about anything I find. At worst, I'll spot the file when doing clean up, and I don't want to risk deleting something useful. Funny.exe isn't very descriptive, so I probably will execute and have a look.

That said, I won't execute unsolicited stuff, but only if I can recognise it as such. Dump it to my download directory silently, and I'll get around to executing it, though I won't allow it to run as root if it asks (I'm not that reckless).

And BTW, I consider myself to be a fairly experienced user. It's just that viruses have never given me trouble, but I have lost data in the past, so I check everything before I delete.

Re:This will be successful.....

[Yartrebo]

let's see ... perhaps because the executable bit is set, and in the console it's displayed in bright yellow and with an asterik next to it. Same goes for shell scripts, which can be as risky as an executable.

This doesn't apply to files that require an interpreter or emulator, like .EXEs or ROMs for video game emulators, but that is only because you call the interpreter and pass the file to the interpreter, so the OS has no way of knowing it is an executable.

Re:This will be successful.....

[drawfour]

What's the issue with MSN? That it allowed you to download an executable? Don't accept the file. Oh, that it doesn't warn you it may contain a virus. Wait, it does. (Most people probably click on "Do not show me this again" after the first or second time it pops up.

Sorry, I don't see an issue with MSN. _Maybe_ .EXE/.VBS/.COM/.whatever extension should be auto-denied (with an explicit option to turn it back on). Maybe that's a good feature to put into the next one. But sorry, you download _and run_ an application where you don't know what it is, that's your problem.

The first thing I do when I receive a file is ask the person "What's this?". If they don't respond, I figure it wasn't sent from them, and I'm not gonna run it.

Re:This will be successful.....

[rainman_bc]

I work for tech support for one of the mentioned companies..

So how's the weather in India then?

Re:This will be successful.....

[MmmDee]

It would definitely be helpful if Windows would display a "marker" of some sort adjacent to all executable files/scripts. But then, who would have thought that opening a jpg could be harmful. Thanks for the feedback.

Re:This will be successful.....

[oddfox]

You know I didn't really think about it before but you make a really good point mentioning Windows XP's (Maybe 98 as well) default behaviour of hiding file extensions, it really helps those people who are trying to disguise stuff. All these years I've been wondering "Why in the HELL would you open a file with like 10 freggin extensions that was obtained off a file-sharing network?!" and then, bam, that's why. Microsoft should release a "patch" for Windows OSes that turns off that behaviour by default, not only because it's dangerous in modern-day computing, but also because it's just, blah, am I the only one who can't stand not having the file details avail to me right in the same window the files are being displayed in?

I mean really, it's a security hazard for a large amount of PC owners and/or users, and if they think that their Security Center is a step in the right direction, I think this would be at least a small leap. :)

Re:This will be successful.....

[wheany]

...that would pop up a dialog saying "Seriously, I'm a virus. Dou you really want to execute me? [YES] [NO]" with "no" as the default, and that would really respect the user's answer.

Re:This will be successful.....

[wastingtape]

Mmm vxd. I've always had a twisted respect for virus authors who spend enough time to learn how to create a virtual device driver. None of this VBA drivel...

Re:This will be successful.....

[16K+Ram+Pack]

I get into some arguments with some friends of mine over this.

When they try and send me an exe of "you gotta see this", the answer I always give is to send me the URL of the website to get it from.

Any .exe is a risk, but by at least going to a known download site and getting something that's over a month old, you are unlikely to pick something up.

It just shows - the major problem with viruses isn't technical - it's a human problem (although if Windows had two defined logins like Red Hat, I'm sure it would help).

I know people who are PC techs who used to make money out of building PCs for people, who now spend a heck of a lot of time cleaning viruses and spyware off machines as well as having to reinstall systems for people.

Re:This will be successful.....

[Jace+of+Fuse!]

ROMs for video game emulators

Unless someone has found some way to crash and exploit an Emulator, I know of NONE that are harmful as of yet.

In the game consoles examples of SNES, NES, GENESIS, TG16, N64, and other systems, even a rom designed to be Malicious could never actually do any real damage to the host system because unless the Emulator supports features that didn't exist in the emulated system, they have no way of knowing they're not actually running on a real hardware and are totally incapable of writing out data to the host system other than SRAM/MemCard files (which are self contained.)

In a way, you could think of Emulators as being a Sandbox, and the ROMs they run don't have access to anything on the system that could be harmfull.

Of course, this is in an ideal world. There is nothing to say that some kind of buffer overflow couldn't exist and a malicious rom author couldn't take advantage of that. But I don't see this happening.

As a final note, I do realize that some OS emulators such as UAE, BOCHs, and the like could very easily mount existing hard drives off of the host system, and software could be written that might be able to tell the system is being emulated, seek out the mounted drives from the host system, then do some real damage. But that's a totally different story altogether.

Re:This will be successful.....

[Rallion]

It's not really MS's responsibility to educate users. Do car manufacturers give defensive driving courses? No, even though their design flaws can (and do, very frequently) get people killed. If you're upset about MS, you must be really upset about those car companies! And then there's cigarette manufacturers...

Anyway, this virus IS purely user stupidity. There's no hole being exploited here, just programs working as they should.

Re:This will be successful.....

[Cybrr]

Maybe vires checkers should find a less spooky name.

Re:This will be successful.....

[DrJonesAC2]

I maintain a number of my family's computers. My Dad was always getting all kinds of crap on it. So much so I would have to wipe and reinstall his system on a monthly basis. After the last round with viruses and trojans I finally got fed up and installed Linux on his system. It took a little education but, for the most part, the differences are minimal enough he hasn't had any issues using it to browse the web, check his mail and play the games that he likes.
So for those out there who have contemplated moving thier family to Linux just to avoid the weekly cleaning chore on thier system, I say do it. It wasn't as hard as I thought it would be.

Re:This will be successful.....

[blowdart]

But regardless of that, MSFT has never done any User Education itself.

Yes, SuSE arranged for Alan Cox to visit my home after my first install to guide me through getting X to work. He ate all my chocolate biscuits though.

Setting aside your rant the point being do you see RedHat attempting to educate? SuSE? Aside from manuals and help text of course. Nope. Why the heck should they?

Re:This will be successful.....

[Jesus_666]

I got the same effect just by putting a NAT router between the PC and the 'net and teaching my parents how to use Firefox.
If you are considering paying for anti-virus software or a firewall - go get a router instead. Nothing keeps Windows as healthy as NAT.

Sure, this piece of malware won't be stopped, but the auto-infecting stuff stays out.

Re:This will be successful.....

[Jesus_666]

That's like saying "All Linux users are elitist snobs", just because there's some jerks mixed in out there.

No, dude. Linux users are paranoid anti-Microsoft zealots who try to convert Win users to Linux 24/7. The Mac folks are the elitist snobs.

Re:This will be successful.....

[Tony-A]

default behaviour of hiding file extensions, it really helps those people who are trying to disguise stuff.

In general, anything sneaking around pretending to be something other than what it is, is up to no good. That rule was good for detecting malware five years ago and it will be good for detecting malware five years hence.

I mean really, it's a security hazard for a large amount of PC owners and/or users, and if they think that their Security Center is a step in the right direction

Right. And security is a perimeter-type thingee. Security Center and blinded guards is a good way to ensure the lack of any effective security.

Re:This will be successful.....

[webmedic]

This is so true. I run a shop and do almost nothing but clean peoples systems from this garbage now.

Re:This will be successful.....

[Firefly1]

Or not.
I fail to see how hiding file extensions is dangerous, especially given the following:

1. detailed folder view or the dialog box from the context menu's 'Properties' entry will show you the correct file type;
2. the icon is pretty much a dead giveaway (referencing ILoveYou, the icon for .vbs files is not repeat not the same as that for .txt files); and
3. given that many extensions are hidden, the very appearance in a filename of a common one like .txt or .jpg would suggest that something is amiss.

Re:This will be successful.....

[Syntax+Heir]

HA! Your .sig goes into my library!

Re:Posted live on The Screen Savers

[orb_nsc]

I am watching the internet happen, in real time!!! Thank you Screen Savers!

Time to switch, perhaps?

[kgbspy]

Just like everyone urged their friends and family to switch from IE to Firefox, now could be the time to recommend gaim to them in place of their regular IM client. Except, maybe, those who like chinese porn.

Re:Time to switch, perhaps?

[Doppler00]

Although I don't see a 30% cpu usage, I do notice that Gaim is currently consuming 19MB of memory. I'm almost certain that's due to some memory leak because it increases over time. That's ludicrous for a program who's purpose is to send TEXT messages.

I have almost considered helping them instead of complaining, but I have no idea where to get started on an open source project.

I'll still continue to use Gaim until another GPL/LGPL multiple IM client comes along.

Re:Time to switch, perhaps?

[dn15]

I'll still continue to use Gaim until another GPL/LGPL multiple IM client comes along.

Disclaimer: I've never used Miranda as it is a Windows program and my home machines run Linux and Mac OS X. That said, check out http://miranda-im.org/ It supports multiple protocols and is distributed under the GPL.

Re:Time to switch, perhaps?

[AvitarX]

Try Tic

It is tcl/TK
Kind of ugly, but works great for text messaging. It was also the first IM I had that supported buddy pounce.

I used it for a while because it was cross platform before GAIM (I think) and it stored your buddies server side when AOL's did not.

If all you want is an Open source AIM client it is good. If you need some other protocal or pictures or something like that, it will not work though.

Re:Time to switch, perhaps?

[sqrt(2)]

Most apps are just as stable on windows as on any other platform, why should gaim be any different? And switching to Linux/mac/*BSD just isn't an option for the vast majority of people, but that doesn't mean someone can't complain when something doesn't work right.

Re:Time to switch, perhaps?

[oddfox]

I don't think you realize the amount of effort in making a program run great on multiple platforms. GAIM's largest userbase in *nix users, Windows users, unfortunately, are simply going to have to deal with the quirks that come out to play every great occasion from porting stuff over. I mean sheesh, there are tons of Windows programs that send the OS down in flames.

It's easy to sit there and criticize a project for bugs in the software, and say stuff like "Most apps are just as stable on windows as on any other platform, why should gaim be any different?". The reason it's different is not only because it's running on a platform it wasn't originally designed for (And GTK+ for Windows is only avail pre-compiled from Dropline, IIRC, so I think it's a special build), but the development team most likely consists of *nix users. We can sit here and speculate all day long but it really all boils down to this -- squashing bugs takes time, and there are priorities, obviously your annoyances (Which I have never noticed) have not caught anyone's eye yet. Or if it did, well, damn, why not just ask for them to take a look at it? Developers don't bite, often.

Re:Time to switch, perhaps?

[Zen+Punk]

I use Windows too, and I also use Gaim. I understand your frustration with memory usage, window management, and widgets that don't do what they should.

I'd like to point out that this is not the fault of the developers of Gaim. Gaim was developed for Linux using the GTK toolkit. The only port of this toolkit available for Windows, GTK+, is buggy as all get-out and responsible for all that odd behavior. AFAIK GTK+ is not open source, so there's not much to be done(someone correct me if I'm wrong.)

Still, I appreciate Gaim's functionality(and hate AOL's software) enough to put up with GTK+ quirks, which seem to become more tolerable with each new release(but maybe that's just because I'm getting used to them.)

Re:Time to switch, perhaps?

[Darren+Winsper]

You are so wrong it's not funny. Gtk+ is actually LGPL.

Re:Time to switch, perhaps?

[tangent3]

Actually, you might just be on to something. The XUL framework seems to be perfect for developement of a cross platform multi-protocol IM client. Gaim is nice and all, I use it and love it, but the gtk requirement (esp on Windows) is quite a put-off. The reason I'm still sticking to gaim and haven't gone back to miranda is the lack of unicode support in miranda. Now if someone developes a XUL based multi-IM client (maybe a plugin architecture to standalone chatzillas?) that would be perfect.

Re:Time to switch, perhaps?

[Chris_Jefferson]

Actually, if they just move to GAIM and continue using the MSN network then they will still have the same problem. All this worm does is try to use MSN's "send file" facility, which GAIM will recieve.

It is true that if you have GAIM you won't be able to infect other people which is one thing, but you'll still have the worm yourself.

Re:Time to switch, perhaps?

[Cybrr]

Operating systems differ. Thus the apps must be specific to run properly.

Which is to blame for the lack of speed here? *reminded of only being able to run crappy WMs at a reasonable speed on my old Pentium 200*

Re:Time to switch, perhaps?

[toddestan]

I can second that, Miranda is a great little program. I initially found it when looking for a lightweight ICQ replacement for an old Pentium running Windows 95, now I use it on all my Windows machines. Really surprises me that no one seems to know about it.

Re:Time to switch, perhaps?

[dn15]

Yeah, it looks like a nice little program. Almost makes me want to run Windows to try it out. Almost. ;)

Woohoo!

[Gogo+Dodo]

Time to cash in!

Re:Woohoo!

[pHatidic]

No way this is just a hoax. More likely what really happened is the sysadmin who removed the virus found 400 chinese porn sites and when the user was confronted about this he just blamed the virus.

Re:Woohoo!

[cyfer2000]

Aparently, it is something related with China Porn Crack Down

Re:Posted live on The Screen Savers

[Manhigh]

So how long did it take to make it to the cache? Anyone pay close enough attention?

why MSN is having trouble?

Is this why MSN messenger seems to have been down for about 12 of the last 24 hours?

Re:why MSN is having trouble?

Is this why MSN messenger seems to have been down for about 12 of the last 24 hours?

No, that's normal.

Re:why MSN is having trouble?

[Dhalka226]

No, it was for about twelve of the last 24 hours.

I started experiencing issues at about 10pm last night (could not update status, if I logged out it would be very difficult to log back in, etc); at 10am this morning, my logins were rejected completely. I tried again around 2pm and it looks to be working fairly well right now.

Still, last I checked 10pm one day to 10am the next was twelve hours.

Perhaps you shouldn't criticize without the facts?

Re:why MSN is having trouble?

[Random+Web+Developer]

The same fenomenon could be noticed in Europe (belgium at least)
The msn status pages said the network was down but didn't give any reasons

Re:why MSN is having trouble?

[Random+Web+Developer]

Here is some extra info on the issue:
http://news.com.com/2100-1023-269529.html? legacy=c net
http://www.eweek.com/article2/0,1759,1674255, 00.as p

Impact?

[mind21_98]

Fourty-two million users worldwide verses far more for AIM. The impact shouldn't be too big, although one has to wonder why people blindly accept and run files in the first place. It boggles the mind.

Re:Impact?

[RAMMS+EIN]

You mean AIM is a bigger target than MSN Messenger?

Well, here's another argument against "Microsoft software gets broken into more, because it is more widely deployed". (Besides Apache vs. It Isn't Secure.)

Re:Impact?

[MmmDee]

Well, I think AIM has had a plethora of its own vulnerabilities exploited and over nearly a decade now have had the opportunity to shore up security a bit. As the primary target gets "better", virus writers move on to the next easy prey... MSN Messenger. No mystery.

Re:Impact?

[mrbcs]

Unfortunatly (sp?) Most home users are totally clueless and actually proud of their incompetence. That's the mind-boggling part imho. Why would someone be proud of being ignorant? We never hear this about their cars.. Oh the engine needs oil, well, I don't know anything about cars, I just drive em till they drop.

There was a great sig here (slashdot) a while back about gates lowering the collective i.q. of computer users . Wish I remembered it.

Re:Impact?

[MmmDee]

blindly accept and run files in the first place

I've often thought the same thing about people who take other people's prescription drugs.

Re:Impact?

[Fishstick]

>We never hear this about their cars

Actually, I knew a guy here at work that never once had any maintenance performed on his new cars -- he was proud of the fact that he could afford to just go trade in when the original tires wore out.

Then again, he was 40+ sharing an apartment with his brother.

Wonder what the dealer thought about a car that was driven over a year with the original oil never changed?

It does boggle the mind when you find people that are willfully ignorant about their computers. I can't tell you how many times I've asked my mother in law to stop forwarding these "cute little programs" that she gets. She gets them from god-knows-who, clicks on them to see what they are, and then forwards to everyone in her address book.

The response when I politely remind her that this is dangerous and she could be infecting her computer and passing on the infection on to all her contacts? "Well, I don't worry about things like that."

bah

Re:Impact?

[tshak]

Nope, the argument still holds, you just don't understand it (read some of my past posts for an explanation, I'm getting sick of repeating myself).

Dammit

[badfrog]

Guess my workday tomorrow has been planned out in advance. (I have dumb users.)

Re:Dammit

[NuclearDog]

Ir "I have lusers." will ensure the statement has the intended meaning (it explicitly states they are dumb, it doesn't imply it), and is only one letter longer than your suggestion.

ND

LUA

[dioscaido]

I'm dissapointed that MS hasn't done a big enough push to get people accustomed to running as a limited user, versus running as Administrator all the time. This is the main reason why linux/OSX are more 'secure' -- programs like these would execute as user, not as root, given the OS's both discourage people from runnin their every day tasks as root. If the users who get this funny.exe were not running as Administrator, their system wouldn't get infected. The app may be able to propagate itself, but a quick log off/log on would kill the virus.

Re:LUA

[iametarq]

That'd be nice, if MS pushed for user vs admin accounts, but i would think that most normal windows users would find that "annoying". They seem to prefer "convenience" over "functionality".

Re:LUA

[Telastyn]

Not exactly. Their system would still get infected, and if any of these virus/trojan/worm writers actually felt like using a malicious payload, totally fubar their data even if permissions protect the rest of the system.

Re:LUA

[BurritoWarrior]

...because a TON of windows software won't run or install if they do?

Seriously, they would have 19 gazillion support calls the next day.

Re:LUA

[myowntrueself]

In my experience the main cause of applications failing to run as non-admin user is copy protection on games.

Frequently, these start up a service when they run. It would be very hard to make these work as non-admin.

Personally, the first thing I do when I find a game like this is download a no-cd patch/crack. Then I can run it unprivileged.

There are exceptions; the last icq client I tried won't even run as 'power user' and must be run as administrator.

The developers of this sort of rubbish need electric shocks applied to their genitalia every time someone gets infected through their crap application.

Re:LUA

[RAMMS+EIN]

You can still do a lot of harm using a regular user account. Deleting a user's files (often more valuable than the software, which can be reinstalled), propagating over the network, to name a few. You can also try to exploit local vulnerabilities to gain full privileges, or trick the user into giving them to you.

And don't think loggin out and back in would solve the problem; you just install in the user's logon scripts rather than the system boot scripts.

Apart from protecting other users' files, non-privileged accounts don't add a whole lot of security. And on Windows, it hardly works anyway. There are many things that should work for regular accounts but don't, and other things that shouldn't but do.

Re:LUA

[robhancock]

Often the reason these games won't run as a limited user is that the copy protection software needs raw access to the CD drive which would be unsafe to allow for a limited user..

Re:LUA

[Phroggy]

Actually, the main problem is when an app tries to write to files that aren't in the user's home directory, i.e. tries to write to something in C:\Windows or C:\Program Files instead of assuming those locations are read-only and only trying to write to C:\Documents and Settings\username like it should. Sadly, Mozilla is still (intermittently) guilty of this (although it sounds like this time it's a new bug that will be fixed in the next release).

Re:LUA

[Justin205]

And on OSX even running as an admin would require a password (all the sysadmin stuff is done by a system similar to sudo), and most OSX users have been cautioned (by many books, manuals, etc.) to not use their admin password in any program they don't explicitly trust.

So it's really only if they are smart enough to set up root as a accessible user account (which takes smarts), but yet are stupid enough to use it all the time, and stupid enough to run random executables. Which I don't think there are that many so smart/stupid people in that combination...

Re:LUA

[\kludge]

Bingo. I've gotten really really tired of the old "user permissions" rhetoric. It doesn't help the problem at all except that it limits the amount of harm a single user can do to a multi user system. Problem is that most desktop systems in the home are accessed by a single user. Even in the enterprise world, it's more common to have a single user login per station. Privilege separation between users/admins breaks down because the value of user data is generally much greater than the value of the system configuration and program files. Most home users can just do the reformat/reinstall dance and spend some hours customizing their settings to get back to where they started (or hire someone to do it for them). Any competent IT department will most certainly have an effective backup/restore solution for getting things up and running again should a nerfarious destroy administrative data. So what's the big deal? Let's enumerate the advantages of setting up a typical multi-user system:

- Robustness: Users can't (easily) take down the entire system due to error, ignorance or deliberate malice.
>> This is moot on most desktop systems.

- Safety: Users can't destroy data that is of value to others.
>> This is moot in most workplaces since users generally have wide access to a LOT of shared state on mapped network drives, etc... Also think of shared resources like network, email and printers that privilege separation really doesn't protect in most applications. At the least, they can -- or programs running under their name can -- make a nuisance of themselves. So really all you get is a limitation of liability.

Unfortunately even when logged in as a user, there is a lot of value in the data that can be accessed and altered (else why have it). Damage to this smaller portion of property can do a lot of harm. Backups are only a partial solution to this problem but most users don't have the discipline to manage them. Worse, corruption may not become apparent until long after the tapes have been recycled.

- Privacy: Users can't see or access data that they shouldn't (for whatever reasons).
>> This is useful in a large organization but not so much at home or on an employee's private workstation. If there's only one user account... who cares if you log in as Administrator?

What else is left? Computer security is still at a laughable state! The very idea that privileges can even be assigned to users on a static basis is broken. There must be more control over how data is created, located, manipulated, shared, verified, reconciled, and recovered so that it becomes impossible (or impractical) for malicious scripts or user error to wreak such havoc as they can now even in authenticated user domains. Until that's solved the whole admin/user issue is rather academic.

*Grar* Sorry for this silly rant...

Re:LUA

[spitzak]

Actually the Unix-style permissions would stop such programs from modifying the system itself or starting up unkillable services.

However I agree that it's not going to stop much. I certainly believe it would not stop a virus from reading your email address list and sending itself to everybody you know. Also it can probably clobber the startup files that are run when you log in so that can get malware programs to run then, and can mess up your browser settings, and in general do almost all the nasty things that Windows viruses do.

Re:LUA

[ocelotbob]

No, their account is infected. Which means that instead of a 2+hour problem, it becomes a half hour problem. Nuke the infected account, reinstall a recent backup, you're good.

Re:LUA

[noselasd]

So, we have this funny.exe spreading itself. It will(and does) continue to do that running as administrator or as a user.
Sure, running as administrator it *could* do alot more damage, but
it doesn't do any "damage"(wipe files, retireive protected files etc.) anyway, so for this worm the argument is irrelevant

Re:LUA

[uglyduckling]

Which is what OSX does - works a treat.

Re:LUA

[Minna+Kirai]

Nuke the infected account, reinstall a recent backup, you're good.

You forgot to cancel all your credit cards, as well as every other painful step needed to recover from identity theft.

Re:LUA

[skiman1979]

reinstall a recent backup, you're good.

If we're talking about your average Joe User here, what Joe User performs backups anyway?

Re:LUA

[Jesus_666]

Is using a non-admin account annoying? Under Linux, he answer is "su". Seriously, handling user/root differences is not difficult at all if you have the proper tool (which needn't be more complicated than su with it's "switch users for this terminal session" concept).
Of course Win users might be turned off by the notion of using a command line to install software etc.

Re:LUA

[Phisbut]

I'm dissapointed that MS hasn't done a big enough push to get people accustomed to running as a limited user, versus running as Administrator all the time

There are 2 reasons why this doesn't work at the moment.
1) non-power-user don't even know what I limited-user account is (or that it even exists).
2) power-user usually use other OSes for day-to-day tasks, but keep Windows handy for gaming. However, 95% of the games won't work in limited-user mode... not because the game developpers are lousy and can't make a game that runs in limited-user -- I've been in the industry, most game could very well run in limited-user -- it's only the whole copy-protection thigny (or shall I say paranoia) that requires administrator account (because it has to play with a bunch of registers and hidden "system" files).

So even power-users sometimes have to run as administrator to do non-administrative tasks on their computer.

Re:LUA

[myowntrueself]

Ok, let me clarify;

The sort of thing you refer to is fixable by appropriate granting of permissions to certain files or folders.

For example, create a 'gamers' group and allow full access to the c:\games folder for members of this group.

The sorts of problem I am referring to are the ones that can *never* be fixed.

I've even tried creating 'trampoline' (non-login account which can run a service and using runas to allow a nonprivileged user to run the games startup program).

This seldom works. In fact I doubt that its possible to work around this sort of copy protection bullshit in such a way as to allow a non-privileged user to run these games.

Re:LUA

[RexxFiend]

They are finally starting to; I just attended a course on AD 2003 (have to - it's my job ;-( and they were actively pushing the whole "logon as normal punter and use runas when you need elevated priviledge" methodology.
Give it another 5 years and this sort of thing may be commonplace. The problem at the moment is that it seems to be comletely random whether a program wants admin access to install. So even if you educate your home users, they will still get used to the idea of needing to type the admin password from time to time. If they get used to it, they won't think about it when they get hit with a virus asking for the password, they'll just blindly type the damn thing in regardless.

Terminology question

[rackhamh]

I'm not up to speed on the terminology (yes, I've been living under a rock, and it's very cozy under here). Is it really a "worm" if it requires the user to execute it?

Re:Posted live on The Screen Savers

[Araxen]

Less than 5 minutes for sure. Not sure of the exact time though.

Worms...

[TrancePhreak]

Doesn't sound like a worm to me at all.

A computer worm is a self-replicating computer program, similar to a computer virus. A virus attaches itself to, and becomes part of, another executable program; however, a worm is self-contained and does not need to be part of another program to propagate itself.

Computer Worm

Re:Worms...

[ewg]

Let's agree to call it "malware" and take the rest of the day off.

Re:Posted live on The Screen Savers

[natron+2.0]

Yeah keep in mind the live TV delay as well...

Re:saw this posted live on the screen savers

[Aaton]

If you had a subscription you would have seen it show up in under 30 sec (at least thats about how long it took me to see the post). Yazz

d'oh

"..and adds entries to the hosts file pointing to more that 400 Chinese porn sites"

First good reason i hear to switch to Windows.

worm isnt going to do much damage

[Indy1]

host www.78p.com
www.78p.com has address 1.10.5.89

Re:worm isnt going to do much damage

[Pakaran2]

Especially since it's now been linked from here. Heck, that's a solution to any worm that tries to "phone home" - just include a link in the /. article about it!

Re:worm isnt going to do much damage

[maximilln]

Traceroute to www.78p.com
08:21:54 MDT (-0600) Tue Oct 12, 2004

1. blah.blah.net (aaa.bbb.ccc.ddd) 0.8 ms
2. blah2.blah.net (aaa.bbb.ccc.ddd) 5.1 ms
3. blah3.blah.net (aaa.bbb.ccc.ddd) 6.7 ms
4. *
5. *
6. *
7. *
8. *
9. *
10. *
11. *
12. *
13. *
14. border10.s6-4.pcisys-1.den.pnap.net (216.52.42.13) 7.4 ms !H

Trace complete.

Stupidity at its best

[FiReaNGeL]

Am I the only one with no compulsive need to open each and every funny.exe files I receive, even from people I know? Send me jokes on my email with 40cc repeatetly might get you an ignore, even if you're a good friend. Same for 'funny' executables... Jokes as text or images I can understand... maybe I'm just too serious, sometimes. I can't believe people STILL don't pay attention to extensions?

But 400 chinese porn sites? Add me to your MSN, quick!

Re:Stupidity at its best

[lseltzer]

I'm pretty sure that if you sent out a worm named fuckupyourcomputer.exe enough people would run it to keep it going.

I've read the descriptions on this one and I see no social engineering at all other than the name "funny" - the bar on the human element is far too low.

Re:Stupidity at its best

[MillionthMonkey]

Windows XP hides extensions by default. You have to find and uncheck the "Hide extensions for known file types" checkbox which renders "ILOVEYOU.TXT.vbs" as "ILOVEYOU.TXT".

The sole purpose of hiding extensions is to avoid scaring imbeciles who freak out at the sight of a period and three letters.

Re:Stupidity at its best

[bheerssen]

Unfortunately, it seems that file extensions do confuse computer illiterates. My own dad, for example, simply doesn't get the filesystem, windows, or desktop metaphors. To him, an icon on his desktop is not necessarily the same as an identical one in the start menu. If the icons get jumbled or change in any way, he freaks out. Worse, no amount of explanation seems to make any difference. It's as if he has a mental block when it comes to things digital. I suspect that many, many users have the same problem.

It's frustrating to say the least.

Re:Posted live on The Screen Savers

[artemis67]

Yes, but you'll notice that he didn't credit "elfarto" with the story on the air...

Porn?

[Lord_Dweomer]

"adds entries to the hosts file pointing to more that 400 Chinese porn sites."

So...horrible virus...yes...only affects MS Messenger people..horrible..um......

Ok look, anybody have a copy of it? Or at least the URLs?

It's all part of life

[nz_mincemeat]

With enough publicity the average Joe User will learn safe IMing habits...

It's just a matter of how much damage is done before that happens, though.

Re:It's all part of life

[Izago909]

With enough publicity the average Joe User will learn safe IMing habits...

The average Joe won't learn safe computing habits until Dell, Gateway, HP, and Compaq start issuing keyboards and mice complete with 10,000 volt negative reinforcement "bad user, no treat" features. People with no computer knowledge are the last to admit their ignorance caused their problems.

A step back

[Sheepdot]

Wow. We've gone from viruses pretending to be porn in order to do funny things to your computer to viruses pretending to be something funny that give you porn.

Obligitory windoze comment...

[mark_space2001]

What kinda of doofus writes an OS where you can execute privelleged code (changes a system file like hosts) from a MESSAGING CLIENT?!

Sorry, I know /. bangs on MS a lot, but jeeze, stop executing stuff sent to you remotely, fer chrissakes.

Re:Obligitory windoze comment...

[dioscaido]

Well, if you are running as root, well, the answer to your question is EVERY OS. Run your desktop as root, and it'd take me 5 minutes to write an executable that will hose your whole system.

The fact is, Windows has a solid, well implemented, priviledge system. The second fact is that they gave this up in favor of app compatiblity (crappy programs that expect to write to the windows directory just to run, versus to user directories) and ease of use. This is biting them in the ass, and they are working on getting people away from running as Administrators. Just not as heavy a push as I'd like.

Re:Obligitory windoze comment...

[san]

The problem with Windows and these worms is that you do not explicitly have to give execute permission to the file in question. It's just recognized as an '.exe' file by Windows and treated as an executable.

The kind of people who would execute this file, are the same kind of people who wouldn't know how to give some file execute permissions if they were running a Unix-based workstation (probably even OS X).

Re:Obligitory windoze comment...

[ad0gg]

Messaging client isn't executing the code. The user is recieving the file and executing it manually. We can blame ms for allowing users to recieve .exes with messenger, but after they ban .exe, virus writers will just zip it first.

Re:Obligitory windoze comment...

[glsunder]

You can blame gaming companies for requiring people to run windows as administrator.

Re:Obligitory windoze comment...

[Foolhardy]

Ah yes, that tired old argument.
First, Microsoft guidelines (since NT3.51) specifically specify that you should not use a privledged process to create windows on the interactive desktop because doing so exposes them to attack.

Secondly, Job Objects, when used correctly completely negate this attack with the JOB_OBJECT_UILIMIT_HANDLES flag: "Prevents processes associated with the job from using USER handles owned by processes not associated with the same job." Put your untrusted processes in a job with this flag set and it cannot get a window handle from another process to exploit. A process cannot leave a job and any child processes will also belong to the job. The job object itself has an ACL.

Win32 doesn't have the greatest security integration since the design is a holdover from Windows 1.0. Instead, security is located on top.
Base NT, on the other hand, is (by design) very secure with a high level of granularity. I believe that the OP was referring to NT security.

Re:Obligitory windoze comment...

[Tony-A]

Linux: bash: ./foo: Permission denied
Windows: Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item.

Linux: ls: Anytime I see file sizes or dates, I see the owner and group and the permissions for owner, group, and world.
Windows: While it is possible to set and view the permissions, it's not something to be undertaken lightly with a few thousand files.

The defaults, to a very large extent, do determine what will be done.
If turning off the executable attribute for one file is a big deal, how much trouble is it worth to turn off the executable attribute for all the files on a Windows system that should not be executable?

Re:Obligitory windoze comment...

[slittle]

You seem to have missed the part where the users deliberately execute these files.

Users are dumb fucks like you wouldn't believe, but once they learn to make files executable (and they will need to, so long as there is anything worth downloading on the Internet), this advantage is nullified, so there's really no point bothering.

Dumb shits deserve to get pwned. And their regular upgrades to deal with their crap-infested machines just subsidises hardware for the rest of us.

Re:Obligitory windoze comment...

[drawfour]

Along will come some *nix based application that will read a MIME-type header, realize that the file is an executable, and automatically make it executable after saving and give you the option to run it.

MSN could have just told you the directory to the saved file and not allowed you to launch the file directly. Then you would have to explicitely launch it. But who cares? The same user that runs "funny.exe" is the same one that would click on "Open the folder" and go find "funny.exe" and run it.

If you require all users to chmod +x the file, once they know it, they'll do it for EVERY file, whether it's an executable or not. Why? Because once an uninformed user thinks they're informed, they'll perform the same steps every time. Someone sends them a VALID executable and tells them how to run it, and they'll do it next time.

Users need education not extra steps.

Re:Obligitory windoze comment...

[Tony-A]

The hard part is determining exactly what files you need which permissions for.

Right.
And even worse is determining exactly what files need to have their permissions changed from what they currently are.

Re:Obligitory windoze comment...

[Sprinkels]

It can be a pain, but not as much as you might think. You can process all files under a given directory in one go. The hard part is determining exactly what files you need which permissions for.

Windows 2000 NTFS (and the registry) has a feature called inheritance, which makes it easier to manage permissions.

Windows 2000 also introduces security templates and group policies which can be used to standardize filesystem (and registry) permissions, a la Cfengine.

You can use auditing to log which files are accessed by which program and in what way.

Re:Obligitory windoze comment...

[tshak]

This still would affect users not running as root/admin. It's accessing your contact list which is accessible to the user no matter what. This same type of worm could be trivially written for gaim on linux with a locked down user.

Re:Obligitory windoze comment...

[Dahan]

Linux: bash: ./foo: Permission denied
Windows: Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item.

More like:
Linux: bash: ./foo: Permission denied
Windows: C:\temp>
Access is denied.

Although I don't see what your point is... bash and Windows Explorer have different error messages. So what? bash and cmd.exe have different error messages. Gnome Nautilus and cmd.exe have different error messages.

The defaults, to a very large extent, do determine what will be done.

I agree; it would be nice if Windows defaulted files to non-executable.

If turning off the executable attribute for one file is a big deal, how much trouble is it worth to turn off the executable attribute for all the files on a Windows system that should not be executable?

Who said it was a big deal to change one file? It's not. Is changing the attributes of a few thousand files under Linux something you would undertake lightly? No? Well it's not under Windows either.

My point is that there's no inherent limitation in Windows that requires all files to be executable; it is certainly possible and feasible to turn off execute for files that don't need it. While it is true that on a default installation, "you do not explicitly have to give execute permission to the file in question," it is not true that "it's just recognized as an '.exe' file by Windows and treated as an executable." It is treated as an executable because the execute ACL is present, not because of the file extension.

Bleh. Jabber

[tute666]

Jabber, Gaim-vv, ... Pretty good solutions.

Trolling...

[Mori+Chu]

Well this shouldn't be any problem; it requires the user to actively click an attachment, and users are educated enough not to do that...

And they don't run as Admin anyway, so the worm couldn't even infect them if they did click it...

And Microsoft will surely release a prompt fix to address this issue...

So I don't see what the problem is here. :-)

Re:Trolling...

[RAMMS+EIN]

``And they don't run as Admin anyway, so the worm couldn't even infect them if they did click it...''

I don't know about Windows, but on unices I can install software just fine as a regular user. I can even make it start automatically from my login script, or periodically from a cron job. It has full access to all my files and regular network access...you see where I'm going: malware can still do a lot of damage when run by a normal user.

Re:Trolling...

[magefile]

Informative? Funny, I can see. Insightful, maybe. Troll, at a stretch. But WhoTF modded this "Informative"?!

Re:Trolling...

[snyps]

it seems to me that there is no real security threat here, if the user is required to activate the executable. the hosts file is just in the windows directory which most users don't have restricted from use, i personally use it to block banner ads.

Re:Trolling...

[skiman1979]

Actually, in Windows, can't a normal user install software if they install it to their \Documents and Settings\ folder? I thought the main reason regular users could not install software was because it installs to c:\Program Files by default. It should work if the user changes that setting to a folder they have full access to. I've installed a couple apps this way as a regular user. Of course then, just like in *nix systems, this app would have access to anything the user has access to.

Re:Worm VS. Virus

[chris+mazuc]

It's a trojan with worm-like properties.

As someone else pointed out, a worm is self-propogating and self-contained. A virus piggybacks on some other program and copies itself, or "infects", other programs. A trojan is something that looks cool, but turns out to do stuff like this one does.

Clever!

[ATomkins]

Ohhhh... I see the plan... we slashdot 78p.com, thus limiting the 'worm's damage!

Good thinking, guys!

Just doing my part. ;)

Re:Clever!

[bigberk]

Stop <<sob>> it's already dead!!

Re:Clever!

[Pakaran2]

Sounds good to me.

*opens a tab in background with each link*

Hmm, they're all still loading. Funny that.

pakaran% netstat
Active Internet connections (w/o servers)

tcp 0 1 192.168.1.101:40652 1.10.5.89:www SYN_SENT

(and yes my family uses a rfc 1918 address)

Re:Clever!

[magefile]

I feel stupid, but I don't get the joke. Is 1.10.5.89 some sort of synonym for 127.0.0.1?

Re:Clever!

[GWTPict]

It's internal IP address, ie to be found on a LAN behind the firewall to the big bad world outside. Hmm... Deja Vue...

Re:Clever!

[Pakaran2]

I didn't know 1/8 was internal. I know 10/8 is, and I meant my own address (192.168/16) is a rfc 1918 address

Re:Clever!

[blasphemi]

No. You are wrong. It is a public IP adress.

Re:Clever!

[Halo1]

No, it's reserved. Ask arin if you don't believe me.

Re:Clever!

[GWTPict]

Holds hands up, goes looking for a refresher on IP addresses.

Re:Requires User Interaction to spread?

[The+Bungi]

No, but it still gives slashbots a chance to bash "M$" with glee. Also I love how some of them are already yelling "SEE?? M$ MUST DIE!!!" when their own "monoculture" theory does not hold up in this case - there are far more AIM users than MSN could even hope to have.

The problem is between the keyboard and the chair. It doesn't matter what OS or IM client you're running.

Worm name in article is wrong

[diagnosis]

It should be 'more fun', not 'funner'.

------------------
Rate free iPod offers: RateTheOffers.com
(Flat screens and Desktop PCs too)

Re:Worm name in article is wrong

[drjoe1e6]

Actually, FUNNER is in the Official Scrabble Players Dictionary, 3rd edition. That dictionary was derived from 5 source dictionaries, including Merriam-Websters, American Heritage, Funk&Wagnalls, and Random House.

So, it's a word.
-DrJoe

Re:Worm name in article is wrong

[Ricwot]

No it really can't.
More fun is the correct usage.

horrible

[GoatPigSheep]

People should be using jabber instead of msn, worms like this make me sick...

Maybe if the developers of jabber actually learned a thing or two about interface design more users would begin using their software instead of the insecure msn.

Re:400 porn sites?

[Daniel+Ellard]

Imagine the time and persistance it took to find 400 Chinese porn sites, what with the Chinese government breathing down your neck and all that. This author is no simple script kiddie; this is a wormer who has corporate sponsorship and/or does all his browsing with one hand...

Symantec Analysis

[a7244270]

The analysis at symantec is a little skimpy on the details of how an infection starts, but from what I gather, the recipient of the instant message still has to click on the executable (unless I'm mistaken). Seems like this is destined to propagate only among the stupid. (insert obligatory comment about MSN Messenger users here).

Other than that, not much info there, except it points out the obvious, that osX users are not affected, since this appears to be a Visual Basic bug.

If nothing else, the listing of some 940-odd asian porn sites on the Symantec page will be useful to someone...

Re:Posted live on The Screen Savers

[Aaton]

I reloaded twice before seeing it hit the frontpage. Now mind you I have a subscription so I'm counting before it goes "live." -Yazz

Uh Oh

[pHatidic]

...and adds entries to the hosts file pointing to more that 400 Chinese porn sites.

In other news, Firefox and Linux usage dropped dramatically today and Apple has just declared bankruptcy.

Whoa!

[Piranhaa]

"In other news, the virus actually only attempts to connect to 127.0.0.1 on port 80 or 8080 and use the host as a proxy server"

Re:Bleh. Jabber

[dioscaido]

It would be just as easy to write a funny.exe that used the jabber interface to propagate itself.

Computer Baddie Etymology

[sparkmanC]

Technically it is a virus and not a worm. Virii (physical and electronic) cannot spread by themselves; they need someone else to help them spread. Worms, on the other hand, can spread and multiply without anyone else's help.

Since this virus requires human interaction, it is a virus and not a worm.

Re:Computer Baddie Etymology

[groomed]

No, it's a trojan. The difference between a virus and a trojan being that a virus spreads itself as a side effect of normal user behavior (inserting a floppy into the disk drive, running an infected executable, ...), whereas a trojan spreads itself by seducing the user into running it.

Re:Computer Baddie Etymology

If you are going to nitpick, at least spell viruses correctly.

Comment removed

[account_deleted]

Comment removed based on user account deletion

OH NOES!! THE APOCALYPSE!!1

Ahhh! The Screen Savers are trying to slashdot slashdot! Quick! Duck and Cover! The bandwidth bomb cometh!

Re:Posted live on The Screen Savers

[jamie]

I'm watching the show too... "cache" is a bit of a misnomer, I mean, pretty much every chunk of data in Slash is cached, but basically we just post stories n minutes ahead of time. During that time (for n < 20) they are visible to subscribers -- and then they go live for the rest of the world whenever we've scheduled them to.

Re:Thats no worm

[contagious_d]

No, it's snot.

Is there a problem?

[mcrbids]

apparently the worm tries to download stuff from www.78p.com

Slashdotted already. (sigh)

link?

anyone have a copy of the video?

Re:I tried to go to the pr0n.........

[LordPhantom]

Oh, sure, mod this guy down... it's only FUNNY (stupid mods)

You can be rich !!

[ganhawk]

Is the worm author most benovelant guy or what ?

China rewards porn snitches
1)run windows 2)get infected 3)receive list and fwd to the chineese authority 4)profit!!

Re:And here's your answer to the Chinese porn boun

[EtherAlchemist]

Why switch OS's? Just switch clients. I use (ha! There, I admit it!) AIM. Why? No crap spam messages like you get with ICQ, It's not a MS product so I can limit the amount of fluff I see, it's free, doesn't require a sub to anything, and it's not an interface using an account I'd have to create anyway (hi Trillian) just so I can say I don't use it.

Yes, it has an ad in the main window with my buddy list, so what? I don't see that part of the app 99% of the time anyway. Nobody sends me messages at random asking if I want to enlarge my penis, see hot teenagers, buy Viagra or need a free mortgage calculator.

I use Win XP primarily (look at that, another confession), and AIM works fine for my needs. And if you really want to get rid of the tiny ad, there are ways to do it.

Besides, if I was doing anything sneaky, I'd just use Waste. (oh, did I say that?)

Re:Bleh. Jabber

[tute666]

please do. or report the vulnerability and help the jabber community

PROFIT!

400 chinese porn sites x 240 dollar bounty =

MSN downtime

[secolactico]

Does any of you know if this worm might be the cause for the sporadic outage in MSN messenger service yesterday and today? At first I thought it was my Trillian (yay!) client being blocked, MSN's own client was unable to log in as well.

Almost all of my contact list confirmed having the same problem.

Re:MSN downtime

[Professeur+Shadoko]

I was logged on MSN yesterday evening.

First, I got messages opening in a window, from people that I don't know.

Then, some messages from people I know, appearing in that same window, instead of their own window.

And after that, a pop up message, from MS, stating the service was going down for maintenance.

It lasted more than one hour.

Re:MSN downtime

[bheerssen]

From El Reg: Botched maintenance - not worm - blamed for MS IM glitch.

I'm trying to follow this issue rather closely, as it directly impacts one of my projects. What I'd really like is a utility or script that monitors uptime for msn messenger. If anybody knows of one, please reply. I am also considering writing one of my own if I can't find something off the shelf. If you are interested in that, again, please reply.

The Screen Savers

The show will air in rerun tomorrow at 12:00pm EDT/9:00am PDT. (They eliminated the midnight eastern run)

Keep in mind that the show is a shadow of what it used to be. The new host (Alex) isn't near as knowledgable as the host he replaced, though he does seem to be getting better. Also, they put tons of commercial plugs into the show now in the name of "give-a-ways." Ever since Comcast bought it, cancelled half the shows, then integrated TechTV into G4, the show hasn't been the same, though it is getting better. They are also in deperate need for more intelligent callers with questions. So call an hour before the show at about 6pm ET/3pm PT to 1-800-839-7880 with your insightful questions.

Re:The Screen Savers

[eean]

Its easy to tell which shows originated from G4 and which from TechTV. The G4 shows always have a kind of a lame sense of humor and they're always fawning over whatever product or game that they're talking about. Based on the humor, I'd say the target audience of G4 is the likes of that annoying guy in your eigth grade class. TechTV shows (Screen Savers, easiest to see the difference with X-Play) can actually be funny.

Basically I think LA is a lamer city then San Francisco. If LA notices something it becomes lame practically by definition. Before they were able to have various notables of Silicon Valley live... now they have actors live. Great.

Re:400 porn sites?

[magefile]

Here's the link: http://www.google.com/search?hl=zh-CN&q=porn&btnG= Google%E6%90%9C%E7%B4%A2&lr=

And I learned something interesting as a result of that - google.cn (the Chinese tld) is run with phpBB. Obviously not Google! (At least, I hope).

Fact checking?

[Ratcrow]

"pointing to more that 400 Chinese porn sites"

How do they know that all 400 are porn sites? Did someone actually sit down and visit every one?

Also, are they hiring?

Re:Fact checking?

[10+Speed]

I did...and only a small percentage are....

Re:Fact checking?

[doublem]

You don't want that job

76 of them were tubgirl.jpg

Another 100 were even worse!

never in my life did I think I'd wish for at least ONE goatse.cx image to make things less traumatic.

is it just me or is it my friends

[Unknown+Poltroon]

But i would NEVER open something they sent me called funny.exe. I know about their senses of humor.

It just never ends!

No software that Microsoft writes seems to be free of this shit! And the worst part of it is; Microsoft is just about making these vulnerabilities mandatory!

IE, with its long list of vulnerabilities, has been so intertwined with the OS that it cannot be removed. Hell, the fact that they made Windows update dependent upon IE just about guarantees that everyone that runs Windows will have IE and, thus, be vulnerable.

Messenger is just as bad! This isn't the first vulnerability in Messenger and I'll bet damned sure it isn't the last! But XP installs Messenger without asking, there is no way to not install or remove it and if it wasn't for third party scripts to remove it everyone running XP would be vulnerable to every Messenger vulnerability whether they wanted to use Messenger or not.

There has to be some accountability here! If Microsoft is going to force me to run software in order to use their OS, then, damnit, they have to take some responsibility to make sure that it is not going to compromise my system!

Reward for Chinese porn sites

[HangingChad]

Wasn't the Chinese government paying a reward for porn sites? Wo-ho! Maybe we can forward the list and collect! Cha-ching, baby.

Re:Bleh. Jabber

[tuxedobob]

Jabber really doesn't allow any way for plug-ins to see your buddy list?

Where's my porn?!

[wvitXpert]

It's fine when you guys slashdot all those tech sites, news sites, etc. But when you slashdotted my porn, you went TO FAR!

Funny.exe funny extension

[Mister+Liberty]

What type of file is that anyway, exe file.

Re:Requires User Interaction to spread?

[aXis100]

That's what I was thinking.

I was under the impression that a worm was self spreading by exploiting a vulnerability in the target.

After reading the security response, it's clear that this is just a virus exe that uses messenger as a transport. The only vulnerabilities that this exploits is "ID 10 T User Errors".

well I don't get off on Chinese porn so please,

[museumpeace]

someone point me to a FAQ or help page that will tell me how to permanently remove MS instant messaging? If its typical MS crap, the devil is in the DLLs.

Re:well I don't get off on Chinese porn so please,

[LiquidCoooled]

Here you go: http://www.redhat.com/fedora/

But you should note, the virus is entirely run by the users. There is no exploit, or automatic running code.

The user HAS to manually download and choose to run it.

Re:well I don't get off on Chinese porn so please,

[BCW2]

And due to the thundering herd of DUMBASS that use that "service", this one will spread fast and by annoying for weeks.

Re:well I don't get off on Chinese porn so please,

[museumpeace]

[chuckle chuckle] yes, I think that would solve all my problems with MS

So much for natural selection

[Lurgen]

A worm that spreads via IM? Or a worm that spreads via stupid dumb-ass users who don't know better than to run a .exe they weren't expecting to receive?

One day, with a bit of luck, people opening attachments/files/emails/whatever like this will be considered much the same as people eating strange pieces of food that they find in the street.

For those in the support side of the field, remember that as long as there are stupid people (and there always will be) security vulnerabilities will always be a poor second cousin to humans. The bulk of your support calls won't come from clever little worms that capitalise on obscure security flaws in a product, they'll come as a result of idiots thinking that "nakedwoman.exe" is actually something they want to see.

Yet another reason we should embed cattle-prods into keyboards... "wow, some stranger sent me some naughty pictures of herself! Pity they're archived, I'll just double-click and let them extract themsel *zaaaaaaaap!!!*"

Re:it finds porn? And you would know this how?

[VirtuaKnight]

Hmmm... somebody's either not very tech savvy or really desparate for porn

Only 1 porn site

[jones948]

Symantec's page lists the information that it puts in the host file. Apparently all 400 entries point to the same IP.

Re:And here's your answer to the Chinese porn boun

[Babbster]

Nobody sends me messages at random asking if I want to enlarge my penis, see hot teenagers, buy Viagra or need a free mortgage calculator.

Nobody has done that to me through MSN Messenger, either. I get spam to the Hotmail account, but that's the extent of it (and to be expected since I give that address quite freely - see above for evidence of that foolishness).

Great Job Guys

[sH4RD]

Ah...the Slashdot effect has done some good. How can the virus expect to download anything from 78p.com if a massive ammount of /.'ers are accessing it?

How this is a useful worm.. . . .

[Synflex]

Knowing that the China gov is kidna tight on pron sites recently, this is a nice way to spread. :)

However it would be even better if the worm would simply redirect those some 400 Chinese pron sites to 127.0.0.1.

Then it would be a SP instead, except for the spreading part.

Well, I'm glad I found out how to uninstall MSN...

[r_jensen11]

Yep, I guess that's 1 less vulnerability I have for Windows now, since I uninstalled MSN Messenger. So here's my prediction: Since microsoft's solution to all of their vulnerabilities, they'll just send out a security update disabling their messenger. Little will they know that they're disabling their own product though, because honestly, who can keep track of all of the programs MS makes, especially the ones that have Microsoft in their names?

Don't forget...

[the+real+darkskye]

Linux isn't the only desktop alternative
FreeBSD
OpenBSD
NetBSD
DragonFlyBSD

Re:Don't forget...

[PygmySurfer]

And of course:

Mac OS X.

Re:Don't forget...

[databyss]

You can pick up your favorite Linux distro at http://www.linuxiso.org/

Re:Don't forget...

[Richard+Dick+Head]

You forgot HyperDOS! Lets not forget about the world's greatest desktop.

Who could dispute Compute Magazine's article mentioning it -

"HyperDOS is the neophyte computer user's best friend. In clear and concise language, this GUI (Graphical User Interface) teaches you what you need to know about your computer and gives you a great environment in which to apply your knowledge."

Its flexible, stylish, and yet striaghtforward GUI is hard to beat, and yet takes up no more than a floppy disk's worth of disk space.

And don't forget to pick up your copy of Dr. Sbaitso!

Heh, kidding aside, I saw a HyperDOS user manual in the library today. I almost got a contact high from all the memories that came back from paging through that thing.

Re:Don't forget...

[Zen+Punk]

Mac OS X isn't really an alternative for someone running Windows. It runs on a whole different architecture, which means you need to run out and buy an Apple computer, as opposed to just buying/downloading a Linux/BSD distro and installing it on your x86 machine.

Re:Don't forget...

[RotHorseKid]

What about Solaris?

Re:Don't forget...

[grolschie]

BSD? Really? I thought BSD was dying...

Netcraft confirms it, don't you know. :-)

Re:Don't forget...

[Zen+Punk]

Sure could. I hope you weren't planning on getting anything done with your computer. Never mind the fact that you still need to run another OS to run the emulator from.

Re:Don't forget...

[robslimo]

And if you've got crappy dialup internet only, you can find a local user group or someone in your area from the list/link below who'll give you (or sell you at cost) a Linux distro

Git yer Linux here!

Re:Don't forget...

[Baikala]

Sorry, nobody bite.

Re:Posted live on The Screen Savers

[pseudochaotic]

I'm just curious as to how the first moderation to a post can be 'overrated'. I mean, nobody's rated it at all yet, how can you tell?

Aargh!

[pseudochaotic]

Aargh! I don't get it, but enough other people do that it's +5 Funny. Enlighten me please.

Re:Aargh!

[GWTPict]

It's an internal IP address, ie to be found on a LAN behind your firewall to the big bad world outside.

Thanks Dennis

[GMFTatsujin]

You could have cigarettes in a black pack with a skull and crossbones on the front called "Tumors" and smokers would be lining up around the corner to by them...

Re:Thanks Dennis

[starm_]

Actually in Canada, cigarettes packs are required to have picture-based health warnings on cigarette packs that depict the devastating effects of tobacco. One of the picture is a lung tumor. This colorfull warning takes about a quarter of the pack. One of these picure appear on every pack.

But, surely people learn eventually ...

[c.ecker]

I mean, improved security was the reason to move from Win95 to Win98, and from Win98 to Win2000, and from Win2000 to WinXP.

Now, surely people have learned that security isn't going to get better with Longhorn, but actually get worse.

The only way to safely use a Windows PC on the Internet is to use a hardware firewall, get the best antivirus protection, and refrain from using *ANY* M$ software. Period.

www.openoffice.org
www.mozilla.org
www.knoppix .com
gaim.sourceforge.net

Suspicious...

[LavaDevil94]

Methinks this might have something to do with the recent ban on porn in China...

Re:400 porn sites?

Imagine the time and persistance it took to find 400 Chinese porn sites,

They stole my bookmarks....THE BASTURDS

Hell

[papasui]

When I was still doing phone cable modem support (I'm the network engineer now) I spoke with more than one person that said they opened the attachement in their email because they wanted to see if it a was a virus. This thing will spread like that goatse.cx guys ass.

Re:Hell

[dfj225]

"they opened the attachement in their email because they wanted to see if it a was a virus."

I guess they found out, huh?

Worm-ridden software

[LakeSolon]

Can't MS right anything that isn't susceptible to worms?

First it was their e-mail client, then their HTTP server, then their DB server, then their web browser, now their IM client... and their word processor has been spreading macro viruses/worms since before the popularization of the internet.

~Lake

Tell your uncle to go cheney himself

[frankie]

Provide free tech support for family members exactly ONCE. Explain what you did and tell them how to maintain it. If they get hosed again after that: GET A MAC.

Re:Tell your uncle to go cheney himself

[ocelotbob]

No, set up the damn computer so that he's got a locked down account. Have him install everything in his documents and settings folder. If it doesn't install into documents and settings\username, it's craptastically written and doesn't need to be installed. If something goes wrong, it means reinstalling a user account over rdp or vnc. This way, you get the software advantages of a PC without the real problems of malware that happen to machines with overprivlidged regular users.

Mod Down

[WindBourne]

you are thinking of 10.* as a private IP. 1.* are public.

Re:Mod Down

[Halo1]

1.0.0.0/8 is actually reserved by IANA for no particular use (so I guess you're simply not supposed to use those addresses, indeed also not for private networks).

Re:Mod Down

[GWTPict]

Ooops, my bad.

Re:400 porn sites?

[Bambi+Dee]

And it's spelled "Go Ogle". *giggle*

This is not a Unix security feature

[spitzak]

First of all, a "user friendly" program for getting a file off the net would certainly turn on the execute bit if it thought the resulting file should have it. So I don't think it's going to offer any protection as long as doofuses are writing the software.

Second, this "feature" is not there for any high-brow security reason. Back when Unix was first written reading disks was *very* slow. And the path tended to contain "." and people tended to pile many files into the current directory. When you typed "blah" at the shell it had to quickly locate the executable called "blah" that was first in the path. The only efficient way to do this was to read all the directories in the path and store the results in memory so you could jump straight to the file rather than read every directory before it in the path (the "rehash" command would re-read the directories if you changed them). Memory was also very expensive, so it was best to get that list as small as possible by eliminating all the files that were not executable. The only fast way to do this was to add a bit to the inode (which had to be checked for access permissions anyway), reading the first block of the file was out of the question. So that is why the execute bit is there, not for any security reason. If it was for a security reason you would need some special permission to turn it on that was different than creation permission.

Re:This is not a Unix security feature

[sw155kn1f3]

Just to clarify:
Well, you're right about the case where you receive the file from the net (you're the owner, so you can change exec bit as you like).
Your understanding doesn't apply for exec/suid apps normal user DOESN'T OWN, so user cannot change exec bit....
or generally apps certain users have access to (usually it's "games" group, and entire home directories mounted as noexec - was very common my days in university).
So execure bit has its purpose for access control.
And yes, it's valuable security measure.
For instance I can make
"runme" file with access "-xrw -x-- ----" root.apache and only "apache" group can run it, but not even read, other users don't have any access.
It works the same way in windows, although it all depends on the app.

No, it's a Trojan

[spitzak]

It's a Trojan in that the (stupid) user thinks the program's purpose is to do something "funny" when in fact it is contains something the user does not expect and that they don't actually want.

Nope, but fairly sure

[eean]

Nope, but I would be fairly sure. For it to do it without MSN but just the username, password and friend list one may assume is in the registry, funny.exe would have to include a builtin MSN client.

Re:Nope, but fairly sure

[lachlan76]

No problem - it's built into the OS.

Re:Nope, but fairly sure

[blowdart]

Actually the friend list is on the MSN servers, tied to your passport account.

The only reason it's easy to use MSN Messenger for this is there's a sort of exposed API. It includes listing your friends, getting their status and so on. *HOWEVER* you do have to be logged on first.

The login information (under XP) is part of the "secure" profiles service (hence you have to use the manage passwords part of the user accounts control panel applet to clear out saved details)

Re:Nope, but fairly sure

[eean]

We were assuming that you uninstalled MSN (its not like IE, you can uninstall it).

And as the other poster mentioned, the lists are apparently stored on the server and the virus requires you to be logged in.

Re:Nope, but fairly sure

[spitzak]

Any chance the fact that Gaim is running makes it think it is "logged in"?

Re:Nope, but fairly sure

[blowdart]

Doubtful, unless GAIM is exposing the right activeX object, interfaces and using the MSN Messenger GUID (which would cause real big problems)

Re:Nope, but fairly sure

[lachlan76]

How many people will uninstall MSN?

Re:Nope, but fairly sure

[eean]

5.3 people will.

Did I miss the memo?

[Ayanami+Rei]

When did webcam support become a requisite feature of _instant messaging_???

Was that when some attention-starved sluts starting showing off their boobs... or when cell phone companies started tacking CCDs onto their gadgets so you could spend $5 on data fees uploading blurry pictures in your mobile IM session?

Re:Did I miss the memo?

[blowdart]

Was that when some attention-starved sluts starting showing off their boobs...

You sound like you think this is a bad thing.

Anyway, it's not like IM is a professional tool, it started off as a quick way to send little messages and grew. Think about the main user base teenage kids, folks in their early twenties and geeks. Of course it's a reasonable guess to say 50% of that user base is male. So that's geeky males, student males or males going through hormone hell. Of course it became a requsitie when breasts appeared.

Re:Did I miss the memo?

[Stalks]

I am profoundly hard of hearing (basically, stone deaf).

I, and others like me, find that the msn webcam feature is a fantastic way for us to communicate adding a whole level of remote interaction that we are missing since we cant simply pick up the phone.

Re:Did I miss the memo?

[feepness]

Of course it became a requsitie when breasts appeared.

I was under the impression breasts had been around for awhile.

Elevated Privilege Unawareness Syndrom

[Sprinkels]

Most Windows developers (and also the rest of the world) are either not aware of the security problems or just very lazy. They always log on as an administrator (or run Windows 98).

It is not a requirement that the the program will run as an unprivileged user. Just put it in the manual that you must run it as an administrator or check at startup and cowardly refuse to run if your not administrator, if it is realy needed or not. They don't care.

Besides everyone runs at administrator, anyway. Security is for big important businesses, but not for home users or gamers. That's silly. Everyone knows that, right?

Another reason to move to GAIM or Jabber

[SgtChaireBourne]

One reason why one could not write a corresponding worm for Linux, BSD, QNX, etc., is that it's possible to mount all user-writeable partitions noexec and mount all executable partitions read-only.

Another reason is that there is usually a higher level of quality control in both design and production for tools made by just about anyone else than MS.

As usual the problem can be avoided by using products that have fewer design and production flaws. Perhaps it goes without saying, but that means no MS.

This is a virus

[uncommonlygood]

Hello friend!

I found this virus you would really like. It on installs your computer some program which ruins your system and break everything.

Please run the file attached for you, and you can have the virus too!

Billy

Comment removed

[account_deleted]

Comment removed based on user account deletion

In other news...

[bheerssen]

The art of pendantry has taken a giant leap forward today on slashdot. Sarcasm in the forum, sadly, is not so refined, although acrimony and ad hominem attacks remain popular.

Worms icon

[FnH]

Am I the only one who shakes his head when he sees a caterpillar classified as a worm?

Yeah, but my point is...

[Ayanami+Rei]

That what you're talking about is commonly called teleconferencing. Teleconferencing-capable apps often (and should!) include a text messaging capability, or at least voice support.

But when people start bitching that their instant messaging application, whose purpose is to convey packet-sized bits of text in realtime, doesn't support TELECONFERENCING, that I start to think people have things a little backward.

Never mind that AOL, yahoo and MSN are all piggybacking on MS Netmeeting components, which exists stand-alone or integrated into MSN the opposite way.
I really don't think netmeeting support should be high on the GAIM feature list, especially when you can just start a gnome-meeting session on the side to accomplish the same task.

Re:Yeah, but my point is...

[Stalks]

The inclusion of "teleconferencing" with MSN has totally changed the way I use the internet. I dont think you understand just how important it now is for the deaf community. Obviously you probably aren't particularly bothered about our community but with me being part of it, I am.

Netmeeting can do these things, but it wasnt widely used. Not everyone knows how to use netmeeting, and dont have it running ready like a phone. With MSN integration it has become a single click operation and has rapidly gained popularity making it now a much used feature in my everyday life.

Perhaps you disagree based on the principle of it has no place in IM, but im afraid from my point of view it has every place.

A feature is a feature, and if lots of people use it then why is it such a problem? If one person wants the feature added, and pushes for its integration how in that way does it affect yourself?

Re:Yeah, but my point is...

[Ayanami+Rei]

I think it's great for the deaf.

However, I think there may be some mis-understanding as my comments are primarily addressing this:
http://slashdot.org/comments.pl?sid=125289& cid=105 00125

Unless this person is _you_, and if so I apologize if I sounded harsh. But I do feel that in general, not supporting teleconferencing does not seem like priority one for GAIM or trillian. I would rather they support fully and completely the subset critical features common to all messaging protocols (text, markup, encryption, direct connect/file exchange, presence notification).
Otherwise, why get a 3rd party client? If I wanted all the MSN whiz-bang things, I'd just use MSN. If I want most of the features supported across networks in a small footprint, I'll use the 3rd party tool.

And if you wanna chat me up, I'll install gnome-meeting just for you. ^_^

You are probably right.

[Ayanami+Rei]

I was unaware that MSN/AOL/yahoo had moved on to internal solutions. At one time they did piggyback on netmeeting. IIRC, ICQ was probably the first offender, where you could use netmeeting as a "plugin".

Actually, I think email is a less suitable medium than instant messaging for file transfers. Because the MIME-encoding methods by which files are attached to emails is quite cumbersome. Messaging applications can just exchange some very basic metadata through the central server, and then the transfer occurs in a simplistic fashion at wire speed. That is, transferring files a trivial internet application, but announcing and setting up the transaction is difficult. The chat sssion is perfect, as the setup is conducted by means of both parties being physically present, and the intermediate server acts a reference point, so it can be coordinated even if both parties are behind a firewall.

Similarly, it follows that video teleconferencing is another natural thing to enable in a chat session.
But there is nothing about the video chat that crosses into the messaging component of instant messaging. IM should work on my phone in my car, just as well as it does in my house on my broadband connection.

(Why file transfer over video? Well, file transfer can be accomodated over slow, intermittent lines even without a streaming protocol, say though TFTP... so there's no reason why not to have it everywhere. Especially when you use it trade small artifacts, like business cards or maybe an screenshot from your webcam... etc.)

I'm not saying real time video isnt's not a good feature, but it shouldn't be considered a REQUIREMENT.

I mean, what do people do on IM when they're at work and they don't have a webcam? Do they beg their boss to buy them one? Give me a break.