Melissa suspect arrested

Stone Table writes "MSNBC reports that the FBI arrested a suspect believed to have authored the Melissa virus " This is definitely a tricky one: course, its a windows email virus, so it doesn't affect most of us, but he was tracked using the MS GUID. Justice? Big Brother? I'm not sure which.

Doesn't anyone care WHY this can happen?

[dsfox]

Everyone believes its a law of nature that all software is susceptible to viruses like this. Even word processor documents! Why is it so impossible to explain to people that the outrage is MS-Word, not the Melissa virus!

This should be a warning to all OS's

[Anil]

As with all virii that expose a security flaw, I hold no grudge against the author of the Melissa virus. But, I think that while Microsoft somewhat to blame, in this instance, this should also be a warning to Unix comunity. This isn't just an email virus. It also plays social-engineering tricks on you. This virus comes from a known email address.

If a friend sent me a PERL script and said it was amusing, it's very possible that I'd run it. I would hopefully look at the source first; and wouldn't run it as root. But, what if I felt lazy that day.

If we aren't lazy this isn't a huge problem. Many of us would be wary of a binary, and know enough about programming to examine source code. What will our community look like next year? The Linux community is expanding quickly. We've got project s like KDE and GNOME trying to make things more user-friendly. The hacker-quotient is, and will continue, to drop rapidly.

In this instance, User-Friendly is what caused the propogation of this bug. User-Friendly is what makes it possible for some virii to spread. Either by having automated startup routines that a user rarely sees, or doesn't know about (Mellisa would auto-run through an init file), or automated features that make you lazy. The 'user-friendly' thing for an email client to do is to make attachments automatically run, or make them easy to run.

As we, as a community, become more user friendly; as we attract more hands-off users, I feel that we will be opening up possibilties for this kind of virus to sneak into our ranks. I can't really think of anyway to prevent this kind of program from propogating, aside from awareness. But, as we increase automation we seem to also decrease awareness.

Security for Dummies

[purp]

It was handy once, and will be handy to catch abject imbeciles, but the MS GUID (and the Pentium III digital serial number) won't be of any help to catching the moderately intelligent criminals. They'll skate around it somehow (I can think of two ways right now) and we'll still pay the viral price.

My mother-in-law, a woman in her 50s who's firmly turned-on to the digital age but remains innocent of all but the most basic knowledge regarding computer security issues, is an easy target for these virii. She's still a digital toddler; she trusts all the digital adults out there and doesn't know that some of the misguided ones are out to hurt her. She's got some top-flight viral protection on her machine, but that only helps for the known virii.

In the end, it comes down to education. As much as I hate it, I get to shatter her innocent enjoyment of computing and show her a bit of the darker side; she'll be wiser for it, I know, but watching her take such joy in the medium that I've grown inured to was quite pleasurable to me -- like hearing a five-year-old laugh at a silly joke you heard ages ago and chuckling to yourself, knowing how much more pleasure is ahead.

Thanks, VicodinES, for dragging her into your world.