Hillis' virus solution: Limit OS Usage

robobabe writes "The NY Times today (free login) has a front page article on viruses. The article has a history of the origins of the terms in science fiction, and ends with an interview of Danny Hillis (Connection Machine founder). Hillis argues that the current vulnerability to attacks is due to running a single OS and that a solution is "no government agency should be allowed to run more than 34% of its personal computers on one proprietary operating system."

Errata

Actually, Danny Hillis didn't suggest that policy as a solution, Art Amolsch, editor of FTC Watch, did.

Re:WORD macro viruses?

I've always found the GNU 'strings' program to be quite entertaining when dealing with Word documents - you can often see keywords like 'is a big jerk', as well as the function calls that turn off virus-protection features whenever you close a document. Gotta love that security model :-) Plus you often get to see "deleted" text from previous editors of the document.

BTW, if you opened this user's document on your computer, you might want to virus-scan your own machine now...

Re:*multi-user* is the right solution

Well, there was bliss, but that was kind of cheap -- you still needed root permissions. It's doubtful that we'll see any unix virii capable of smashing the stack on their own, as long as code remains open enough that people can nitpick out the simple things (overflows, etc).

Really, the problem with UNIX-style OSes are DOS (denial of service) attacks, which generally don't harm the box -- they just render it useless to the outside world. Which isn't to say this can't be done to any other OS, of course. ;)

34 %of a proprietary operating system

[Zack]

>"I propose that no government agency be allowed
>to run more than 34 percent of its personal computers
>on one proprietary operating system by a date certain," he said.

So then if the government was using any open OS then they could be running 100% of one OS? With an open OS this makes much more sense... all the bugs found are quickly patched... Might this mean that the government might start leaning towards open OSes?

Re:security on unix

[Trepidity]

The point is that a virus/worm could do rm -rf / on a UNIX system too, deleting everything, even if it was run as a user. All it has to do is exploit one of the many security holes in suid root programs. Once the virus/worm gets itself root access, your "security" is worthless.

And don't tell me there aren't security holes. Ever taken a look at rootshell.org? Every time one is fixed, 5 more pop up.

security on unix

[Ripley]

The security of unix does a huge amount to limit the damage of the virus/worm. instead of doing the equivalent of "find . -name '*.xls' -exec rm {} \;", what prevented the author of the latest worm from doing the equivalent of "rm -rf /"? On a windows 95/98 system, any user can execute that command and destroy the system. On unix, if one user is compromised, he can only delete his stuff. That is why you shouldn't run as root, even if you are on a single user system.

Also, if virus writers only attack systems with large market shares, why didn't they write virii to disable sendmail, which handles most of the e-mail on the internet (maybe they did, I don't know)? How about a virus to disable apache web servers. You could disable more than half the internet's web sites (estimate depending on the quality of the sampling done by netcraft).

Maybe I don't know the mind of the typical script kiddie, but I wonder what the real reason for virii is. Is it just the recognition factor (like the egoboo of Linux development), or the knowledge that you crashed machines (because I'm sure the writers would not want to be recognized and caught)?

Imagine if you will

[gavinhall]

Posted by beer4me:

First of all, there is the old problem of keeping all your eggs in one basket; Sure, splitting to 3 different os's will reduce the impact of a single type of attack, but it will triple the chances of a smaller attack, and in the gov't, that's not a good thing.

Not to mention the administrative headache that would be. Between having to integrate different OS's, to getting 3 licences for each piece of software you want to run company-wide, to people changing OS's all the time, because some new guy comes in that only knows 95, it's just not worth the hastle... --A good thought, and if this guy wants to do it for his company, that's fine, but let's not push the issue on others.

Re:Imagine if you will

[jafac]

no, he's right.
Say there are 900 viruses in the world, 300 for Windows, 300 for Mac, 300 for Unix.

If you're an all Windows shop, you are vulnerable to only 300 viruses. If you're a fully hetero shop, you're subject to all 900.



"The number of suckers born each minute doubles every 18 months."
-jafac's law

Re:Imagine if you will

[Rob+Riggs]

it will triple the chances of a smaller attack

That reasoning is flawed. You still have the same number of computer systems in place. The problem is that currently the most common OS is the least secure. Increase the mix and you can't help but to increase the security. That argument would hold only if all OSes had the same level of security.

Re:It's a flawed argument

[gavinhall]

Posted by Lord Kano-The Gangster Of Love:

I think you miss the point. OS diversity in and of itself is a form of protection. Worms/Virii/Trojans that affect win/32 will not hamper un*x. Ones that target un*x can't hurt a Mac. Malicious code that targets Mac will leave a Be system unscathed. This is the point.

No one piece of code can disable an entire network when there is diversity. Maybe 34% of your machines will go down and as bad as that is, it's still better than 95%+ of your machines going down.

Here, where I work, for example I have a Mac on my desk, but in the back room I have Linux and NT servers that I administrate. I can remain (fairly) confident that nothing short of an environmental disaster (be it large or small) will take down all of the machines that I am responsible for.


LK

Re:Wrong - easier solution is cross-platform.

[gavinhall]

Posted by Lord Kano-The Gangster Of Love:

Who determines what is "business related"? Even if it is deemed by the priests in the Ivory Tower to be "business related" things can still slip through by accident. I recieved an e-mail mack in march from one of my suppliers that was infected with a MacroVirus. It was a Pricelist, most definately business related. Fortunately, I was procrastinating and never opened the file. But then again I have a Mac, so only MS Office apps would have been effected.

LK

Re:Educating users is not total solution

[gavinhall]

Posted by Mary CW:

I disagree with the various comments about how the virus problem would be solved if those "stupid lazy" users would just do as they're told.

One great truth about human civilization: Every existing problem would be solved if people would just do what they're "supposed" to do. But they don't. For various perfectly good reasons. Just because people don't behave the way you think they should, doesn't make them dumber than you.

Human (incl tech) systems need to be designed with the expectation that people will NOT do what they're "supposed" to do. That's reality.

So, yes, education is good, but you can't shrug off the problem as being totally the fault of "those dummies." People don't like this when their government, bosses, or teachers say it to them -- why should they like it any better when IT guys say it to them?

Re:Wrong - easier solution is cross-platform.

[gavinhall]

Posted by Lord Kano-The Gangster Of Love:

Blame M$. VBA being incorporated into office apps is a gaping security hole. I need excel macros for doing the math on orders. If I were using a Windoze box I'd be screwed. I can handle a macro virus on the Mac because in my situation it would be confined to excel documents. If I were using win9x I'd have to be concerned with everything from my word processor to Outlook...

LK

Re:the problem with concrete OS ...

[questor]

As a Unix admin for over a decade, this is the one thing that has most boggled my mind about WNT since I've had it inflicted on me in the last year: almost no attention is paid to file system security. When installed from scratch, the default file system (FAT) doesn't even allow for the possibility of security (ACLs), you have to convert to NTFS, and at that point, all the ACLs are blank and wide open. This makes negative sense to me.

Re:Stop, please

[coats]

sharpei diem -- seize the wrinkled dog

Sorry

Latin day is dies (accusative case diem), so your neologism mean something more like

sharpei diem -- Hey, wrinkled dog -- attack the day.

Re:Yes, an intelligent solution at last

[Masem]

Just some comments:

First, I think that the frequent problems with viruses are due to places that rely strongly on WinNT/9x, rather than Unixes. (I know there are Unix viruses, but if you are a script kiddie, who are you going to have more fun putting out of commission - a thousand or a billion users?) Worksites that, in general, are unix-run tend to be more secure to virus and other hacks than NT places, only because that unix admin are that much more diligent.

You wonder how people can run unauthorized code without having the source. Again, we're talking Windows-run shops, not unix. Additionally, when I buy Office or Quake from the vendor, I don't have the source, can I trust this code? There *is* a certain degree of trust that vendor-supplied software is virus-free, but....

About pgp-trusted mail: I'm only speaking when it comes to the attachments. Additionally, I'd expect, *especially* in the gov't, that the email is for work-purposes only (even though I know this is naive), and thus, I should only be trusting of attachments that come from my PGP-identified coworkers. The key thing is that unless you've stupidly enabled such an option, the end user *HAS* to initiate the program that launches the virus; just getting does nothing.

About the sysadmin: Yes, more than likely, a virus will go unnoticed until it's too late. However, with both Melissa and Zip.Explorer, *BOTH* were warned about on news.com, here, and other sites that specilize in such info. Yet, the *NEXT* day, the problems got worse. Understandable, there is some lag in the news, but this can be measured in hours with a diligent sysop. If this was truely the case, these problems would not have been as severe. If 100% realiablity and functionality of your systems are required, and your sysadmins are pushed to the bone above and beyond such that virus warnings cannot be monitored, then it would make sense to just hire another sysop for this security, and spend the extra $100k a year compared to the millions lost by the system failure.

About backups: Yes, the backup might be infected, but who doesn't, when restoring from a wipe or crash, doesn't rerun a virus scan on just recovered backup files ? (Again, a virus cannot launch itself by itself). Then, of course, backup again with the clean system.

However, I strongly stand by education at the key way to defeat these viruses. Neither Melissa or Zip.Explorer would have done as much harm if the users were smart enough not to initialize them.

Yes, what an intelligent solution (NOT)

[Masem]

I can tell that this 34% is going to get a very
strong slam here today, so instead, let's actually
look at the *REAL* solutions:
- Teach users what email is (including basics of email, including POP, IMAP, MIME, and sendmail & friends at a very basic level so they known how their mail gets routed. Teach users that opening an attachment on an insecure OS is asking for trouble, and should never be done unless the source is absolutely trustworthy... which leads to...
- Using PGP/GPG or other secure identification methods to be able to trust the validity of the mail. Just because it's from a co-worker doesn't necessarily mean it's legit.
(These two stand out only because the latest big virii have been email ones, not that this is the only route)...
- Make sure all installations that require it have a quality and up-to-date virus program.
- Have the sysadmin be diligent about reading the various virii advisory lists and visiting the web sites of the makers of the virii programs on a daily basis. I've yet to see any major virii come out (at least in the states) and not have a virus eliminator or such within a 24hr day.
- Um, backup frequently and often. A virus may just eventually get through, but a virii can't do damage to tape backup, only possibly reside on there.
The situation with virii today is that we have a bunch of lusers running around thinking they know everything but end up in these situations, *and* because we have lazy sysops in many places. Fixing both these problems would cost *much* less than reequipping gov't offices with up to 66% in new computers, as opposed to just simple training and effective sysopping.

Re:Yes, what an intelligent solution (NOT)

[copito]

people have to know that running untrusted code is like signing something they did not read!!!

You'll have to find a better metaphor than that. People sign things they didn't read all the time :-)
--

Re:Yes, what an intelligent solution (NOT)

[hany]

... wipe the all drive clean of any program that will run any untrusted code without user intervention

that's not enought. outlook and co. is asking whether to run or not so definite solution is ONLY education.

people have to know that running untrusted code is like signing something they did not read!!!

Re:Yes, what an intelligent solution (NOT)

[Raindog]

I agree, but there are some problems with this that need to be addressed.

1. I've done tech support, I have no faith in the idea of eductation of users. It would be nice, but I'm not holding my breath.

2. Some viruses are spreading fast than the AV vendors and sysadmins can catch up. This worm had hit millions of computers before the AV software had a fix. The same applies for sysadmins, and most are overloaded as is.

3. PGP and backups, definetly, now, no excuses.

I dont think that anyone is recomending the 34% thing seriously (I could be wrong), but it is a good point. Greater OS diversity would slow these puppies down, but I dont think windows users should go throw out their OS for viral reasons....after all there are enough other reasons.

Re:Yes, what an intelligent solution (NOT)

[robocord]

I couldn't disagree more with you point about education. Users should *NOT* have to know anything about pop,imap,mime, or any of the other fecal matter what we geeks enjoy so much. Computers should be like toasters where the average non-technical user is concerned. Not only do people not give a damn about the underlying substrate, they shouldn't have to!

The solution to this problem is to not solve it. It sucks when it happens, but it's always going to happen so deal with it. Some sort of "invisible" backup system (like "GoBack") might mitigate the damages, but that's the best you can do.

Re:Yes, what an intelligent solution (NOT)

[little+alfalfa]

I strongly agree that we must educate our users. Having worked in a shop where most of the users of our systems had absolutely no idea of how those little black boxes on their desks worked, I've gotta say that #1 has to be teaching the computer user what they are doing when s/he opens up a mail message in outlook/messenger/pine/etc. It really should go beyond just teaching how email works, but that's another topic entirely....

Re:Yes, what an intelligent solution (NOT)

[Shotgun]

The only intelligent solution is to wipe the all drive clean of any program that will run any untrusted code without user intervention. It is the ludicrous to allow code from anonymous email to execute code on my machine, and with the current unsecure state of the Internet all email can be considered anonymous for all pratical purposes. There is simply no way to reliably verify most email unless some type of security is used above and beyond the norm.

The current crop of 'macro-virii' isn't just a problem of a monoculture computing environment. It's a problem of a daffy, head-in-the-sand, bare-butt-stuck-in-the-air-for-script-kiddies-to-k ick, non-resilient monoculture. The current monoculture is akin to bread mould. Take it out of its closed, warm, secure environment and expose it to the light of the sun and it just dries up and dies.

A culture that has a better immune system, and is designed to weather a variety of environments would not wither and die nearly as quickly as what people are using now.

Which is why advertising is using PCs, not Macs.

[bkosse]

Woops, got that wrong. :)

Yabbut the POINT is that...

[bkosse]

If X percent of your users have a given system, than only X percent of your whole system can go down.

Now, this would necessitate the use of open standard or at least multiplatform systems (e.g. StarOffice or *god forbid* pure HTML for word processing).

I don't see too much difficulty sharing documents with that type of issue in place.

Re:Yabbut the POINT is that...

[substrate]

If only X percent of your users have a given system, only X percent of your system can go down is only true as the other (100-X)% of the system isn't attacked. If some punk with a computer, too little of a life and too much time on their hands knew that a certain government agency or a company relied on the variety of machines in their domain as a part of the security you'd start seeing more multi-system attacks. Especially if the target was a big enough feather in their cap.

Open standard software is a great idea, but it defeats part of the purpose of going to a multi-system approach. Once you've got a common file format it becomes easy to do damage. The guys argument was a bit like the security by obscurity argument. Yeah, you're secure in the short term, but once a determined thug works at it you're still compromised.

Re:Yabbut the POINT is that...

[Alan+Shutko]

Once you've got a common file format it becomes easy to do damage.

Ok, how do you propose to damage my Amiga with a JPEG JFIF?

Re:Yabbut the POINT is that...

[matguy]

It's not quite that, it's X percent of the users on a givensystem * Y percent of the users that got infected * Z percent of the users that were affected by the infection. Comes out to a small number usually unless the virus spreads and infects an ap that all people in a given environment either use by choice or by rule and share documents from the particular ap and the virus doesn't take affect instantly, then it can bring down a whole segment of a system that uses the same system. Although, if there were a few different systems going on between users doing the same work just for variety sake then your support team must multiply by the number differces in the different systems running. This becomes a horrible nightmare real fast. I wish I could see a real solution to the scenario. Every solution I can come up with has serious drawbacks, I do belive there is no magic fix yet. damn and I do with there was one!

matguy
Net. Admin.

Re:All of this, articles and comments, is wrong!!!

[jafac]

Even if you backup all changes to WORM, a virus can still harm you. The damage is in the time lost, not necessarily the data.

While backing up everything can insure that you get your data back, you're still going to take a productivity hit from a successful virus infection.


"The number of suckers born each minute doubles every 18 months."
-jafac's law

"Homogenous" vs. "Homogenized" vs. "Homogeneous"

[Frater+219]

"Homogenous" isn't a word in general usage; it's a biological term. The words people are probably thinking of are "homogenized" and "homogeneous".

"Homogenized" means "blended into a uniform mixture". Milk that has been homogenized will not separate into milk and cream.

"Homogeneous" means "all of one kind".

"Heterogeneous" is the opposite of "homogeneous" and means "consisting of dissimilar or diverse ingredients or constituents".


Hence, for operating systems at a site to be homogenized would mean that regardless of their different origin, they were indistinguishably and inseparably mixed together. This might be accomplished by having a common user interface. A site with Windows and Linux systems, where both were running Netscape Navigator and StarOffice and the Linux systems were running fvwm95, might be the beginning of a homogenized site.

For operating systems to be homogeneous would mean for them to all be the same in origin and appearance. An all-Windows site is homogeneous.

And a heterogeneous site would be one which had diverse, clearly distinct, yet intermixed systems -- for instance, one where Linux, Windows, Unix, and MacOS systems all shared data over common protocols.

IMHO, a heterogeneous site is a much better approach than a homogenized or a homogeneous one. :)

Re:It's NOT a flawed argument

[tzanger]

The security is better in unix, but its nowhere near insurmountable. Once a user is compromised, even through their own stupidity, its very possible to wreak havoc outside of the scope of that users account. Even disregarding the potential of denial of service attacks a bored script kiddie could implement a number of scripts from rootshell.org.

Not entirely true. On mixdown we've had many attempts from outside but nothing has gotten through. So much for rootshell. What they read there I also do and patch it up if necessary. Rootshell sells to both sides of the war. :-)

As far as internal security, I was tempted to set up a test/test account on the system and let you guys have at it but I want to do a double-check on our permissions first. From the outside, it has no known exploits. From the inside, I've set up fairly tight ulimit regulations, including CPU time of 5 seconds and and data size of (I think) 8 megs. That keeps any rootshell surfing script kiddies from keeping it bogged down for long. I get paged if the number of users grows above a set limit and also if the box 15min load goes above 5. Internal security is much harder to imlement than external security.

Anyway that's my take on it. Unix-style security may not be infalliable but it is a lot better than the WinDOS "a root for every user" methodology.

There is another thread around here about how these virii would exist in a Unix environment as well since they're spread through email. This is true, but you would not achieve the same level of destruction unless you read your mail as root. I also don't know of any hooks in Pine which would cause it to automagically run my email attachments. :-)

Why Virus Writers Do It (one opinion)

[tzanger]

Maybe I don't know the mind of the typical script kiddie, but I wonder what the real reason for virii is. Is it just the recognition factor (like the egoboo of Linux development), or the knowledge that you crashed machines (because I'm sure the writers would not want to be recognized and caught)?

Actually it's neither... at least not for me. I used to be one (back when I was a teeny-bopper) and I did it just to see if I could manipulate DOS on the level that DOS manipulated itself. I directly played with MCBs to grow the last allocated block of memory to hide in. I discovered that if you followed the last MCB (theoretically the end of memory) you were in high memory. In fact, that's exactly what LH did: it changed the last MCB to a link rather than an end and you suddenly found yourself a chunk of memory in HMA. I intercepted int13h and int21h calls. I intercepted DOS calls to change interrupt vectors to link myself in and then set up timer interrupts to make sure I didn't get taken out of the loop by direct access to 0:0. I intercepted int03h and wrote code that would detect debugger activity. I wrote virii that occupied memory but couldn't be found through normal means. I wrote a stupid little TSR that caused the drive to do a complete end-to-end seek before it wrote any block of data. I wrote virii that attempted to go out and intecept other virii. Christ, it was the thrill of manipulating a machine without the user knowing what I was doing because I could do it quickly and unnoticeably (well, except for the seek thing :-). that is why I did it. I didn't have destructive payloads but I could have easily done a drive scribble every time the user went to get a directory listing and a file had a "q" in it. Or opened a .wp5 file.

From my studies I wrote a few little utilities. One told DOS to allocate according to "best fit" or "last fit" instead of the default "first fit" algorithm. I wrote a little MCB follower that told you what was where and whether it was a device driver or other program. Another was a program that allowed access to HMA regardless of LH being called before.

I did it because it was fun and becuase I learned more about how DOS worked than I could ever learn from any book or class or other means.

Our current approach

[alank]

I have seen quite a few ways of dealing with this, none of which has really worked. And most of which are expensive and time consuming - to deal with a problem that MS created!
Our approach goes something like this.
PCs - general on Ghost or BootP so they are instant cleaned.
Email - using twig - and planning to write simple virus blocking software to it - so we can ban known virus before they get in.
Web Proxy with known virus files blocked.
User education - it helps but dont rely on it!
Moving away from MS - this is an aim, but not a reality yet, when all the core apps are ready on Linux, we will have a very strong case - eg. graphics, 3d, midi(compose). We are close but not quite ready to say rm /mnt/c/windows.

Hillis, Dawkins

[SEGV]

Hm, I was just reading about Hillis' work in a genetic algorithms book when this was posted. Talk about coincidence.

The article also mentions Dawkins. I've been doing some alife reading lately and they're both in there.

Of course virii/worms have great alife analogies.

Bring on the Lawyers!

[copito]

Think about this though. If you write a program and spent a lot of time on it, and somebody finds out it's got a bug that prevented them from saving a large document and they lost it, should you be sued?

Absolutely. If there is a bug that was due to clear negligence on the part of the programming/QA team then they should be held responsible. At very least you should have to obtain a signed disclaimer of warranty if you want to sell software without the legal protection.

If the industry worked like this, nobody would program anything out of fear of being sued by some litigous clown.

While I agree that some limits (Perhaps only actual damages etc.) would be in order, the system now is terrible since it shifts the cost for bad software to the user. If the cost of bad software were on the hands of the programmer, then less software would be written, but the software that was written would be of far greater quality. I'm tired of the notion that software is impossible to get right since there are so many variables. Civil Engineering in Los Angeles is difficult too, but an engineer that negligently designed a bridge that collapsed in an earthquake would be sued. Engineers have malpractice insurance, perhaps programmers should get it too.

You seem to have support in the legislative system. UCITA threatens to make it trivially easy for a company to produce software that does not work even as claimed in advertising or documentation, and as long as he disclaims the warranty on shrinkwrap, the user has no legal recourse.
--

Plural of "virus" (offtopic)

[copito]

Second of all, you mean "viruses". "Virii" is not a word. Details available upon request.

OK, I'll bite. Why is virii not a proper plural of virus.
--

A user proof OS

[copito]

As many have pointed out, there is no OS currently in wide use that would prevent ill-informed users from damaging themselves and others. There have been several proposals including.

• infinite undo
• no macros without user intervention
• Well designed, diverse OSes and CPUs

These all are valid and have their place. I think that most users have no need to run any executable that is not provided by their network adminstrator. Those that do are probably intelligent enough to take reasonable precautions.

Hence the following precautions would be reasonable:

• Restrict the executable loader to only load programs owned by root. (For extra points, integrate a virus checker in the loader).
• All user owned executables would run in a Java-like sandbox which would not allow file access. This would have to include any scripting or macro functions as well.

Clearly, well designed OSes and programs are essential for any solution to work and infinite undo is great for other reasons, but it is important to change our view of the OS and realize that most users in a business setting do not need, nor should they have, full access to a general use OS.
--

Re:A user proof OS

[Dwonis]

All user owned executables would run in a Java-like sandbox which would not allow file access. This would have to include any scripting or macro functions as well.

That's a bit extreme. Many useful things need file access, so:

• Allow the user to specify (prior to running the program) exactly which files are to be accessed.
  
• A 'chroot' type environment
  
• Or, for those who don't trust chroot, a dynamically-sized hardfile (filesystem inside a file), which the user can insert and extract files with sysadmin-provided apps (like mtools, but different)
  

--------

Nevermind

[copito]

I see that you answered it already
--

Re:Broken all the time?!

[Millennium]

Actually, I don't think it's scary. In fact, it may be the one good thing M$ has taight us.

Unix and its clones are very powerful, stable operating systems. This is a Good Thing. However, the stability itself tends to create a problem: the sysadmins get too cocky and never think about possible problems, simply because "they'll never happen; this is Unix."

Well, the thing is, they do happen. The law of averages (to say nothing of Murphy's Law) demands it; eventually something is going to happen. The fact that it happens with Windows and especially MacOS so often has led to one thing: they tend to recover from crashed in a relatively graceful manner; seldom in more than fifteen minutes for MacOS and a day or two for Windoze. No Unix-related problem I've ever seen has ever taken fewer than four days to fix, due to various combination of user-hostility on the OS's part, a lack of tools to help get the system back up (particularly in the Open-Source OS's but in all Unix-like systems to some degree), and other factors.

You can understand the reasoning behind this: if errors never happen, why plan for them? But the fact is, errors do happen. The worst-case scenario is that everything is always broken, and this scenario must be planned for, because at some future point it will pop up. It's like the proverb goes: "Hope for the best, prepare for the worst."

Re:It's NOT a flawed argument

[substrate]

The security is better in unix, but its nowhere near insurmountable. Once a user is compromised, even through their own stupidity, its very possible to wreak havoc outside of the scope of that users account. Even disregarding the potential of denial of service attacks a bored script kiddie could implement a number of scripts from rootshell.org.

I'm not knocking Linux or other unix, I use them at home and work, but anybody who thinks migrating the world to a unix quality system would stop these attacks needs to think it through a bit more carefully.

It's easier to grab control of a Windows box because of its lack of security, but bored malcontents would quickly adapt. It's more attractive to attack these because there are a buttload of them out there, but as the status quo changes so will the targets. The recent increase of the MacOS is a case in point as was pointed out by somebody else. MacOS users used to brag about the lack of virii when in reality it was just a result of the lack of market share.

It's a flawed argument

[substrate]

I'm not sure how Art Amolsh expects OS diversity would help things. Essentially right now the other OSes are somewhat safer from viral or worm attacks than other OSes. Not necessarily by design or the capabilities of the operating system, but by having a small market share. The wastes of flesh who code these things target Windows systems because they can then nail greater than 90% of the systems with knowledge of one code base. If other systems were more popular more virii and worms would appear for them as well.

In order to really use diversity to hamper the spread of worms and virii you'd have to go to much wider extremes anyway. Not only would you have to have different operating systems, but users would have to use a variety of different packages for storing information complete with different file formats. Of course that would diminish the benefits of having a shared network: interchange of information would now be much more difficult.

In reality until software is developed which can detect and respond to software threats autonomously people will always be susceptible to the whims of worm and virii coders. You can minimize the risk somewhat by using a robust OS or a non-mainstream OS. Once that OS becomes mainstream you've lost the 'protection'.

Re:It's a flawed argument

[hany]

they can then nail greater than 90% of the systems with knowledge of one code base.
that's why if mentioned 34% limit applies you can get to knees only those 34% with one code base (if counting only native binary code)

Of course that would diminish the benefits of having a shared network: interchange of information would now be much more difficult.
you're kidding. if we both use mail clients which implements e-mail standards correctly, than we have no problem to send e-mails to each other.

your statement clearly talks about MS-like systems, which introduces incompatibilities also called "features" (by manufacturer).

i'm repeating: intechange of information is no problem in heterogenous environments IF your tools conform standards!

... which can detect and respond to software threats autonomously ...
without real AI you can't do that; because such a system have to be more inteligent and educated as (almost) all hackers/crackers in the world; otherwise it is limiting users abilities

so i think the only way out of this is education: tell the users basic rules! (like if you are applying for driver licence)

all this "heterogenou environment" argument is based on same principles as nature itself: if all people are same than one desease is enought to kill us all. but while we are all slightly diferent, there's still somebody who survive.

why is nature avoiding monocultures?

Re:It's a flawed argument

[hawkfish]

In the last six months there has been a noticable increase in MacOS viri. Same old lame deployment schemes (MBDF in a Sherlock plugin was the last one I saw) but I took it as a good sign - the Mac has to be back if teenage wankers who can't find porn on the net start writing viri for MacOS.

Re:It's a flawed argument

[Raindog]

Its not a flawed arguement, it just needs not to be taken out of context. The idea of using a nondominate OS like, oh, say linux for security reason is following the old "security through obscurity" mentality, and yes, is invalid. But OS monoculture does dramatically speed up the rate at which viruses spread. Look at melissa and this worm, they hit millions of computers in days...think about how increadable that is. This rapid transmition is aided by the fact that virus coders can reasonably bet on a certain software set and use that to propigate. A more diversified OS base will not stop this, but it will slow propigation (though the virus being stopped at a greater portion of computers) and makes things harder for the virus writter by lowing the possibilities of a single exploit.

Right now writting MS viruses is too easy. I have the source code for melissa hanging on my cube, its less than two pages. I'm a noncoder and its basic enought that I think I could effectivly modify it. Thats frightening.

Serendipity

[Epeeist]

I used the word "monoculture" in my response to the Linux: Look Before You Leap article. Glad to see that the consequences have been raised here. Now let's see if someone comes up with an article containing Serendipity.

Communication systems exist to communicate

[sphealey]

"Here's a better rule - simply strip binary attachments from email automatically on the mail server"
Communication systems exist so that people ("users", or in other words the people who pay the bills) can communicate. Solutions which destroy the capability of the system to communicate, for the convenience of the system administrator, will be rejected by the user (that is, customer) base.
Yes, I know the pain-in-the-ass consequences of the above statement: I have been doing this kind of work for 12 years. But (IMHO) that's reality and we have to deal with it.

sPh

Re:The Ultimate Virus

[RenQuanta]

what makes you think the operating system will become an irrelevant concept? That doesn't seem possible

The Real Issue - 95/98 Sucks.

[Teman+Clark-Lindh]

This isn't about OS diversity, or the biological nature of machines, it's about Windows 9x being a buggy hack of dos. Funnily enough, that means it doesn't have a security model. On any other decent OS (I think I'll even include NT in this), what 9x users consider a virus would first be considered a root expoit or DOS attack. You'd notice there still seem to be alot of those, but they are due to minor patchable flaws in the design of software, not major flaws in the design of the OS.
Virii will really be solved when everyone moves to an OS (be it WinNT Consumer 2010, linux, etc..) that actually has some internal permissions-type safeguards against, say, random writes to the HD.

throw away windows

[hany]

... I dont think windows users should go throw out their OS for viral reasons....after all there are enough other reasons.

like repeatedly lost work because of error in system? (not necessarily virus :)

education - YES!

[hany]

i fuly agree with education

people have to know that running untrusted code is like signing something they did not read!!!

Re:education - YES!

[hany]

maybe we have to construct real AIs which will think for ourselves (and think better! to avoid such a manner you mentioned - for example :)

then maybe we have to give arms and legs to those AIs so they can work for us.

and then, we shall silently die, we are not necessary anymore.

:)

Re:education - YES!

[Alan+Shutko]

Bad example. People sign stuff they don't read all the time.

the problem with concrete OS ...

[hany]

the problem with "the one" (call it that way - do not want to advertise :) OS is that making it "multiuser" (i.e. splitting things into "root/admin" and "user") broke almost whole system - nothing will work; it'll take a lot of time and work to get it to the same usability as before this "secure patch"

Re:the problem with concrete OS ...

[hany]

i make a quick search through NT installed from start on NTFS and list some files in this post.

"virii": there's no such word

[Mawbid]

This has been explained too often already so I won't bother.
--

Re:"virii": there's no such word

[Tom+Christiansen]

This has been explained too often already so I won't bother.

Here is the abbreviated form of what the OED says about "virus":

Etymology: a. L. virus slimy liquid, poison, offensive odour or taste. Hence also Fr., Sp., Pg. virus.

1 Venom, such as is emitted by a poisonous animal. Also fig.

2 Path. a A morbid principle or poisonous substance produced in the body as the result of some disease, esp. one capable of being introduced into other persons or animals by inoculations or otherwise and of developing the same disease in them. Now superseded by the next sense.

b Pl. viruses. An infectious organism that is usu. submicroscopic, can multiply only inside certain living host cells (in many cases causing disease) and is now understood to be a non-cellular structure lacking any intrinsic metabolism and usually comprising a DNA or RNA core inside a protein coat (see also quot. 1977). [ Formerly referred to as filterable viruses, their first distinguishing characteristic being the ability to pass through filters that retained bacteria. ]

c colloq. A virus infection.

3 fig. A moral or intellectual poison, or poisonous influence. Also in weakened use, an infectious fear, anxiety, etc.

4 Violent animosity; virulence.

5 attrib. and Comb., as (sense 2 b) virus disease, infection, particle; virus-carried, -containing, -free, -induced, -infected, -like adjs.; virus pneumonia, pneumonia caused by a virus rather than a bacterium.

Notice that the OED lists the plural as "viruses". Not "viri". Not "virii". Just "viruses". Latin had quite a variety of different words that ended in "-us". Only some of these (2nd declension nouns) form plurals using an "-us" => "-i" rule. Several other prominent patterns occur as well, including as the 3rd declension neuters (e.g. genus, corpus, opus) and the 4th declension nouns (e.g. abacus, status, apparatus).

Fortunately, we're not speaking Latin, we're speaking English. But even if we were, I have never heard of a "-us" => "-ii" rule, be it in Latin, Greek, or in English, nor can I discover any exemplars in which this alleged rule is active. Until such time as you prove otherwise, I shall continue to consider "virii" nothing more than a perverse, analphabetic corruption.

*multi-user* is the right solution

[RelliK]

The problem is *not* that they use a single OS, but that they use a *single-user* OS. Ever since I started using Linux, the concept of single-user OS seems totaly stupid to me, esp. in a company or government agency. It's kinda like running every single application as root.
The key to defeating viruses is not in limiting the percentage of machines running a particular OS, but in limiting user's permissions. Not only is it an excelent way to get rid of any virus problem, but also a great way to prevent stupid users from doing stupid thing, subsequently cutting on support costs.
This is guaranteed to solve 90% of the problems, and frequent backup will solve the remaining 10%.

I haven't heard of any Linux viruses, btw... I know there are troyans, but they are harmless unless ran by root.

Re:*multi-user* is the right solution

[sammy+baby]

I haven't heard of any Linux viruses, btw... I know there are troyans, but they are harmless unless ran by root.

Don't bet the farm on that kind of track record. IMHO, people running Linux are much less likely to shoot e-mails containing binary executables to each other, for three reasons:

• There's a decent chance there are compatibility issues
• They would rather point folks to a URL from which the recipient can download stuff.
• They know better than to send binary executable attachments.

Throw tens of thousands of casual users into this mix, and we'll see how long it is before Linux virii start appearing in force.

Re:The Ultimate Virus

[Alan+Shutko]

It would be very, very difficult to write a virus which would simultaneously damage a Win95 PC, a Solaris/Sparc box, a BeBox and an MVS mainframe. It would get insanely more difficult to damage all the different OSes there on all the different chips, somehow choosing the right bugs in each OS version to exploit to get privileges to do anything.

This isn't a matter of virus writers being dumb. It's a matter of the problem being nigh impossible. After all, how many apps do you know which can use the _same binary_ on all the different platforms around? And people actually want to run them....

Re:Wrong - easier solution is cross-platform.

[Jeff+Monks]

>Win CE

I could be wrong here, but I was under the impression that PocketWord that comes with WinCE is more akin to WordPad with a spell-checker, and doesn't have any of the more "advanced" "features" of Word, such as macros and what-not.

I've no first-hand experience with WinCE (I've got a Psion 5), but everything I've read has bemoaned the dearth of features in all the WinCE "Pocket" applications.

*multi-user* wouldn't have helped here :-(

[Slayer]

Well, while your argument holds for most virii, it does not hold for this explorer.worm thing. Let's go quickly through it's behavioral patterns:

- It comes in an attachment. Well, I also use attachments under linux, and have done that for years.

- Clicking on that attachment automatically performs an action based on file type. Hmmm, most advanced graphical mail programs do that under linux (xfmail, kmail, netscape mail, ...).

- It goes through the users hard disk drives and wipes out all productivity related files. Well, while most of my file system under linux can not be hit by a normal user, most of a user's productivity related files do indeed sit in his/her home directory, which is writable by that user. Or at least I can't remember the last time when I put a Starwriter document in /var/run :-)

- It catches all incoming mails and automatically replies to every one with a delayed response. This is no problem whatsoever under UNIX and linux. Everyone with basic knowledge in system programming could hack such a thing within a few days (or probably less).

I fail to see one action in this list that requires root privileges. Ok, you could wipe out only your own files and not everybody elses, but since this worm/virus spreads around via email and I get emails from my friends and coworkers all the time, it would barely make a difference ...

And I hope you do not suggest that people run a process viewer at all times and check every minute whether there is a daemon running that shouldn't be there. As linux installations get easier to install and more and more people with very little computer knowledge use linux regularly, you simply can't expect that (it would even be a pain for experienced users).

I do agree that well written multi user OSs can prevent a lot of trouble and stop a large number of really lame virii from spreading around. But they are definitely not a siver bullet. Combine that with the fact, that many users hate the multi user concept and circumvent it where possible (I know lots of people who run NT always as admins to avoid lame permission problems. And look in the average linux news group and count the newbee posts with sender root@localhost ...)

Cheers

Rudi

PS: The reason why there have been so few linux virii in the past is because linux is not on everybody's sh*t list. Most people with more than average computer knowledge despise Microsoft and their products (although they might use them at work and thereby gain programming knowledge under Windows) and I could assume that it is considered cool in certain misguided communities to write virii that trash a Windows box. I can hardly believe anyone would get peer recognition for writing a virus/worm that shreds a linux lab and takes down www.linux.org.

Re:It's NOT a flawed argument

[ocie]

You are comparing apples and oranges here. The latest round of worms and trojan horses that are moving thru email don't do anything that needs root permissions. It would be quite easy to write a Linux program that would look thru the users mailbox, get a bunch of email address, and send a copy of itself to all of those users. Then, just for kicks, it could do a "find" in the users home directory for all .c, .h, .cpp, files etc. and rm them.

Any system where you implicitly trust unknown users on the internet to send you non-malicious programs is inherently flawed. The reason I will never be hit by an email virus is that my email reader can't spawn other processes on behalf of my email messages. Imagine if each user got to include an X-pager line to tell me to use emacs, or less, or more (or rm -fr ~) to read the email!!

Even if such a virus were to attack and delete all my files, it would be a short walk down the hall to ask our sysadmin to restore my directory from backup files. I'd be bitter about the few day's work I'd lost, but otherwise OK. I realize this doesn't translate to home users that well.

Re:All viruses should cause Micros~1 to get sued

[Optic]

Hear hear! I agree. I have spent time explaining to people that the recent virus problem is with MS's OS and tools, and not with the virus programmers that the FBI is enjoying a major publicity-stunt/witch-hunt over.

It's hard to get people to understand that perhaps a word processing macro should not be able to modify your system registry. It seems common sense to me.

Re:34%??

[matguy]

A segment failing isn't always because of a lack in management, but many times lies in fault of users on the segment.

BTW: NT SP3 and NT SP4 are different and why would microsoft imply there was a difference if there wasn't, not like they sell the 30 some odd meg service pack that you use their bandwidth to download for free.

matguy
Net. Admin.

34%??

[matguy]

If 34% of my computers that I manage went down due to a virus I'm reletively sure I would still have a major problem, and I'm no government agency by far. As I now think about it what would we have to do to justify different os's, do different distributions of Linux count?

matguy
Net. Admin.

Re:34%??

[sammy+baby]

BTW: NT SP3 and NT SP4 are different...

I think the author meant that MS would claim that NT SP3 and SP4 should qualify as two different operating systems under the rule, and therefore be considered for two segments.

Educating

[True+Dork]

Educating the users is nice in theory, but almost impossible in practice. I deal with this constantly. I had a scene which was amazingly like a uf cartoon. She was convinced that the OS at her previous job was "Gateway 2000" and Netscape was their ISP. All I could do was smile, nod, and say "Oh yeah! I've worked on those before". And we all also know that any jerk-off who has bought a Packard Bell at CompUSA and managed to get it on the internet is an expert now and can tell you how you should fix problems. You cannot tell this kind of user how not to use email. They know better.

One of the main education issues I can see is the same faith that some people put in the government they put into Microsoft (microsoft.gov? who knows). Microsoft is in the media the same way the white house is. They can spin stories just as well as the Clintons can. Trying to tell your average user that GUIDs and sending personal data through the Windows 98 Update Wizard is bad is like trying to tell media zombies that the internet and quake do not make kids go bonkers with weapons.

Basically, I think all of us who admin Windows machines have a massive challenge as far as this goes. I can rant about it until I lose my voice around here, but heh, I'm just the long haired weirdo geek in the back room with the servers that run that other OS. What does he know.

Why just one OS?

[coreman]

Seems to me that one of the weakest points in the whole thing is the fact that most computer systems are monolithic. Even SMP is still modelled after a monolithic machine. What we need is multiple independent machines coexisting in the same memory space and able to run checks and balances on each other. This has the added benefit of being able to run multiple platform apps in their native format. Seems to me that this type of watchdog system would prevent a lot of lower level crap that the current systems allow. A cooperative file system based on a server metaphor would allow only authorized access and it could be that programs were allowed certain rights upon initial execution (which is what the encryption stuff I'm working on now enforces)And I mean at the level of a specific Word Macro, not ALL Word Macros. Most people would do fine with this since once something is installed and loaded, it would have the rights it needed and wouldn't be any different than today.

Another Login requuired web site.

[Kamelion]

I wish people would quit posting links to these logon news services. There is no way in Hell am I going to fill out their demographics survey so they can target me with more advertising.

Re:Another Login requuired web site.

[Rombuu]

Then you don't read the article. What's the problem with that?

Re:Login:

[mattc]

Or just create a real login. It's free.

Re:Totally unrealistic

[Graymalkin]

The US gov't has spent hundreds of thousands of dollars on toilet seats, different OSes wouldnt cost them much more. Ever heard of not putting all your eggs in one basket? If you drop it you break all of your eggs, Windows 9x is like a basket with a big hole in the bottom. Yes it would cost alot primarily to have multiple OSes in an office, but the long term benefits would highly outweigh the short term cost. When a new linux kernel patch is released, or an entirely new kernel for that matter, a hardware upgrade is rarely if ever needed. The upgrade from Windows 3.1 to 95 in most cases took a major hardware upgrade. If you put OSS unices on some of your computers, you have a large initial cost but your TCO is much lower than your Wintel machines, and when you need to upgrade your wintel machines you can recycle the old ones by putting an OSS unix on it.

Some good AV resources....

[Raindog]

I havent had time to make sure thay have detailed info on macro viruses, but they have some..

http://www.sarc.com/
http://www.av.ibm.com/current/FrontPage/
http://www.cert.org/
http://www.avertlabs.com/

all of these are commercial with the exception of CERT, who I recomend as a good resouces to watch. Usually, when they say somethings up, it is, though they are abit slower than the vendors. Have fun.

Re:It's NOT a flawed argument

[BeBoxer]

You are comparing apples and oranges here. The latest round of worms and trojan horses that are moving thru email don't do anything that needs root permissions. It would be quite easy to write a Linux program that would look thru the users mailbox, get a bunch of email address, and send a copy of itself to all of those users. Then, just for kicks, it could do a "find" in the users home directory for all .c, .h, .cpp, files etc. and rm them. The fact that the worms aren't able to destroy the whole system doesn't mean that they can't spread and make the user's life hell.

The only thing that would keep this from spreading like wildfire is that the Linux community isn't in the habit of sending binaries around to each other, and so would probably be suspicious of such an attachment. But, as Linux becomes more mainstream you can expect this to change. It's only a matter of time before the newer Linux users start emailing around little gnome applets for their toolbars, etc. And when that happens, you can expect that the worms and trojan horses will soon follow. Expect some nasty back-doors too, as it's trivial to have a little program listen on an unsecure port and spawn off a shell for anyone who connects. Or when certain IP addresses connect. But I digress.

I'm not really sure what the solution is. Security will probably have to become much more fine-grained. Users should be able to have much more control over what a program is allowed to do. For example, I might not worry too much about running some binary that was emailed to me if I could keep it from performing file operations outside of a given directory, and from opening any sockets. Such a system should allow one to specify a wide variety of permissions for each individual binary that you might have. However, trying to make such a system usable by average-joe users would be very hard. Hell, it would be hard to make it easy to use even for savvy users. I can imagine what such a system would look like underneath the hood, but I don't know what you would use for a decent user interface. If it wasn't easy to use, most users would end up just giving everything all permissions, and we would be right back where we are now.

In conclusion, I think it's important for us to think about ways to deal with this type of problem before it actually becomes a problem. Just saying that "worms can't destroy my whole system, so I'm safe" is pretty naive. Everyone who thinks that should run the following command, and tell me how they feel afterword: "rm -rf ~", and don't forget to pretend that your user account isn't allowed to run "/bin/mail".

Sounds good

[AmirS]

Quick pointer (I wrote this a few days ago when the story was on slashdot).

http://slashdot.org/co mments.pl?sid=99/06/10/2319242&cid=242

Not just OSes

[AmirS]

We need a homogeneous mix of Platforms, OSes, Applications.

Each of these should use well documented open protocols to communicate with each other, so they all do the same things, but in different ways.

Diversity, it's how nature does it.

Re:Not just OSes

[AmirS]

I meant evenly mixed in, with a lot of variation. I think that uses both words, "heterogeneous" meaning lots of variation, and "homogeneous" meaning evenly mixed in, so it all "looks" the same.

(As things stand) I would have a company with different platforms on each desktop, eg an intel based WinXX machine on one desktop, a Sparc based Linux machine on the next, an Alpha based FreeBSD on the next, etc. (PS my examples are fairly bogus). So even a single department / office would be fairly resistant to any single point of failure / attack. Too bad that currently no-one would support anything like this, but hey, its something to aim for.

Re:Not just OSes

[Tom+Christiansen]

> Homo is latin (or greek?) for "same".

No, it's Greek in which it means same, which is what's going on in "homogeneous". In Latin, homo means [the race of] Man, as in Homo sapiens. This is entirely different from words like "homozygous", which are of Greek extraction.

The map is not the territory

[sethg]

A computer is not alive, and a program is not an infectious disease. "Computer virus" is a wonderful metaphor, but if we get carried away with it, we lose sight of the difference between computer-virus hosts and real-life virus hosts.

Consider a live, naturally-evolved plant. It can't be too picky about the kind of soil it's planted in, the temperature of its surroundings, the amount of sunlight it gets each day, the amount of rain that falls on it, the chemical content of the rain, etc. It has to convert whatever resources it has available into forms of matter and energy that it can use for growth, reproduction, and defense against predators.

Since it's competing with other plants for survival, it has to make engineering trade-offs. For example, a plant may secrete a bad-tasting chemical, protecting it from predators -- but the raw materials for that chemical may restrict the plant to certain soil chemistries, or the extra energy necessary to produce it may restrict it to environments with a certain minimal level of sunlight.

By contrast, our computers are designed to "live" in a tightly controlled environment. If a CPU is running a binary program, and comes across an instruction that makes no sense, it doesn't have to try "digesting" the program into a more sensible form. If a network router gets a packet with a syntactically incorrect header, it doesn't have to send the packet any farther.

Security-related protocols add to the level of control; they are filters between sensitive and untrusted parts of a computer system. Since our computers "live" off of electricity, not programs, they can be as picky as we want them to be about what programs they execute and what permissions they execute under. Since our operating systems are designed by (occasionally) intelligent humans, not evolved by natural selection, humans can design better operating systems, in which security against untrusted code is a fundamental part of the architecture.

Not spread by executables?

[layne]

Macro viruses are spread by executables. A "MS Office file" is a package of variables passed to an executable according to a conventional interface such as a *.doc to WINWORD.EXE.

Yeah right!

[pfournier]

I wonder how many NT sysadmin will read this article and decide they need 1/3 of 95, 98 and NT each to be secure...

---

Proprietary OSes [Was: 34%??]

[Ilmari]

It says "...proprietary operating system..."
I would hardly call Linux a proprietary OS, it being OpenSource(TM) Software. So I'd guess you'd be pretty safe with 100% Linux.
---
Ilmari
Remove the capital letters from the e-mail-address

Re:Proprietary OSes [Was: 34%??]

[SL+Baur]

I would hardly call Linux a proprietary OS, it being OpenSource(TM) Software. So I'd guess you'd be pretty safe with 100% Linux.

Except that 100% Linux and uneducated users wouldn't be safer.

The diversity in flavors of Unix (and other O/S-sen) is a Good Thing.

Re:WORD macro viruses?

[Gabey]

Yes, this is a Word Macro virus...it's of the Class strain (I believe it's class.b)...there's various ways to get rid of it; I've heard MacAfee or F-Prot does it.

(And the only reason I know is because my school got hit with it today too :>)

By the way, most of the actual code for it is stored in c:\class.sys if you want to take a look at it.

-Gabe

Re:The Ultimate Virus

[jaqbot]

How dumb do people think virus writers are? A single transgenopolymorph properly instructed would take out almost anything it came in contact with. Who is this guy to think it isn't possible?
Almost nothing upsets me as much as some ubercrackwhore that thinks mixing a stew or adding crackers to it, automatically makes it soup.

Re:It's NOT a flawed argument

[mjg]

Any system where you implicitly trust unknown users on the internet to send you non-malicious programs is inherently flawed.

Ah! But that's the thing, these macro virii that have been doing the rounds lately send themselves to people in your address book (and I believe the Melissa chose the people on the basis of how often you correspond with them). Therefore, you are hardly receiving the email from an 'unknown user', and it makes it quite a bit harder to discern whether what you've received is a virus or truly a legitimate file. (Remember that you might often get attached files from these people normally, so it's not unusual to be receiving one in this case).

It's a sort of 'social engineering' that the virii writers are using to get their malicious little programs run.

Remember that it's people's ignorance that is getting these files spread around, more than anything else. If the average user was educated about the issue enough to not blindly open attached files without virus scanning them, then the problem would be greatly reduced.

Re:Limit email to plain ASCII text

[Rombuu]

Ever hear of uuencode?

Re:Definitions reversed?

[Christopher+H]

The terms "virus" and "worm" originally referred to the form of the code, not its method of propagation. A "virus" was a object code patch which made a program or operating system do additional viral tasks (such as patching other programs); a "worm" was a stand-alone program or process which propagated. If you replace "worm" with "bacterium" the biological analogy is clear: a virus is inert except when it's integrated into existing executable code (DNA), a worm/bacterium is self-contained and directly infects a host (multi-cellular organism).

And then...

[davedavedave]

34%, that's approx a third (APPROX, I *know* it's not exact, don't flame me). So all that's required is three viruses (viri? :))

I'm sure it wouldn't be too much more of a headache for the people who write them one in the first place, and anyway, one third of the computers going down would still be a bit of a bitch.

Re:Wrong - easier solution is cross-platform.

[debrain]

You still have 7-bit encoding, i.e. uuencode/uudecode. There is no simple solution

The only suggestion that has viable merit is to disable the ease at which a user can destroy and propagate malicious code.

Implementing that is a whole other arena.

Diversity bad for support

[hab136]

Supporting 6.02^23 different configurations is bad, which is why businesses standardize.

I'm not saying standardizing is a good thing (I run my own stuff anyways), but with clueless users, it's about the only way.

True Accuracy

[DonkPunch]

"Some computer scientists believe that in the rise of the Internet and the World Wide Web, society has struck a Faustian bargain...."

Yeah, and I'm sure some computer scientists believe that JFK was a space alien. :)

Here's a handy rule:

#ifdef REPORTER_SPEAK
#define SOME_PEOPLE ALMOST_NO_ONE_CREDIBLE
#endif

Remember the handy guide to thesis paper jargon? ("It is generally acknowledged that...." means "I think that....")

The comparisons between a real-life virus and a malicious computer program are quaint and romantic. It's just too bad they're not real accurate.

/* Sorry I'm so grumpy. I forgot BOTH my St. John's Wort AND my coffee this morning. */

Stop, please

[DonkPunch]

Arrrrrgh! Four semesters of Latin and you're giving me flashbacks!

sharpei diem -- seize the wrinkled dog
sharpie diem -- seize the felt-tip marker

Limits aren't the solution

[Restil]

While I am extremely supportive of any corporation that decides to limit its Microsoft usage for "anything else" (tm), doing it for the sole purpose of escaping viruses is both silly and doesn't solve the real problem. The acronym PEBKAC applies here (Problem exists between keboard and chair).

I see 3 reasonable solutions to this issue:

1 - Don't use any combination of programs that can facilitate the uncontrolled spread of any program, worm, virus, word macro virus, trojan, etc without direct authorization by the user. In this case, don't use Word and outlook express together if the two can be used together for the uncontrolled replication of viruses and other nasties.

2 - Limit the damage a single user can do. If a user receives a virus, fine. That's done. However, if that user doesn't share write permission on executable directories, then the virus won't be able to spread over a network without copying files. If the user is not able to forward .exe files to other users, viruses don't spread.

And 3, the most effective, yet most difficult:
EDUCATE THE USERS! Users have no business whatsoever sending executables to others which is traditionally how viruses spread. Teach them how to turn off those options which facilitate this madness. If you're going to stick an idiot in front of a computer, you had better damned well make sure that computer is idiot proof, or these problems will continue to happen.

Will switching a corporation over to all linux prevent this problem? Sure, or it will at least slow it down. But even on *nix boxes there have been worms in the past. Script kiddies enjoy easy access to well written exploit code, and while it is simple to patch this code up, most corporations are probably so mired down in procedure that these patches would take a great deal of time to get implemented, and any user that can gain root access, or any virus/worm for that matter, can do just as much damage regardless. And there will always be the users that only use the root account on their private systems, and one day will download a malicious program and wipe out their system. It happens, and it will continue to do so. Until computer users take proper care of their systems, viruses will continue to spread. Use a bit of intelligence, or in appropriate situations a raincoat, and viruses will become far less prevalant.

-Restil

Re:Limits aren't the solution

[flesh99]

Macro viruses are not spread by executables, and you cannot take away the users ability to share documents. The majority of viruses today are Word/Excel macro viruses. Users share work with one another so you cannot stop the flow as easy as you think, most Word docs fit on a floppy.

Re:Wrong - easier solution is cross-platform.

[Ob+the+Rat]

Stripping binaries from internal mail probably isn't necessary, and would actully remove most of the usefulness of an internal e-mail system.
It isn't a bad idea to have binaries stripped from external e-mail, and put into a directory where expected binaries could be picked up. With a policy of allowing only business-related binaries to be picked up, many of the social engineering worms would be filtered out without the loss of the usefulness attachments.

Re:Wrong - easier solution is cross-platform.

[Ob+the+Rat]

Yah.
Thus the heavy use of such things as "much" and "cut down on" in my post. There is no really good solution if your business requires the exchange of executables. (I refuse to believe that VisiBasic macros are really necessary entities)

Private key, anyone?

[HeatherMax]

If everyone is using encryption then these e-mail virii will have something new to send around the internet.

Private key, anyone?

Or maybe they'll just corrupt it for you. Wouldn't that be just great...

Limit email to plain ASCII text

[Yojo]

99.99% of all email consists of messages that do not require any technology more sophisticated than a flat ASCII editor. The majority of people who need more sophisticated transfers can be accommodated by HTML with embedded graphics.

The tiny minority of computer users who need anything more sophisticated are capable of making their own decisions about how to handle files.

Microsoft should be sued for the irresponsible actions of promoting highly complex formats that perform automatic actions that the majority of computer users cannot understand or control.

Re:Limit email to plain ASCII text

[Tom+Christiansen]

American Standard Code for Information Interchange. What a concept. :-)

A thought...

[Snowfox]

In a national radio broadcast of the Commonwealth Club, circa 1993 or so, Scott McNeally (president/CEO Sun Microsystems) suggested that the government shouldn't be able to buy closed operating systems at all.

Quite a few more tidbits on open systems and the "future" of the Internet which are interesting when looking back. I've got this on tape and could produce a transcript if there were sufficient interest.

The Ultimate Virus

[z1lch]

Of course, if we're to take Agent Smith seriously, it is humans that are the virus. In 20 years or so when the Operating System is no longer a relevant concept, these government agencies should be limited to "no more than 34% of the same species".

[btw: Did you ever wonder what happened in The Matrix after the credits rolled?]

Wrong - easier solution is cross-platform.

[L1zard_K1n6]

Word macro viruses can affect Word on multiple platforms.

Secondly, no the more OSs you support, the weaker your admin and security model will be, due to sheer complexity.

Here's a better rule - simply strip binary attachments from email automatically on the mail server.

Re:Wrong - easier solution is cross-platform.

[L1zard_K1n6]

Multiple in this case equals "two".

Win NT
Win 95/98
Win CE
MacOS

I count 4.

Site appears to be down

[barilla]

It's 10:05 am EST here, and it looks like the Times is having some trouble. Anyone else getting in yet?

some fools will execute anything

[Afrosheen]

I think this whole phenomenon is fed by the fools who will execute anything. "Oh what's this file? I have no idea what it is or what it's supposed to do but I'll try it." That's not good thinking. Consider this biological metaphor (since talking about virii takes you in that direction to begin with): Your computer represents your body. Applications are food. Would you try eating something that you haven't seen before with no guidance? Doubtful. What if you smell it (sniff it with a virus scanner) and it smells okay, but you're still unsure. Let's say your friend left it on your doorstep with a shady-looking note. I really doubt anyone with an ounce of sense would eat this mystery food.
For some reason, when people get near computers, and don't have much experience with them, they do one of two things. They turn into the paranoid freak (oooh don't click on anything computers are dangerous) or the gluttonous downloader/tinkerer. I promise you the people who are afraid of computers didn't get this virus. Just the clueless individuals (millions of them right?) whose curiousity got the best of them.
Things like this just reaffirm my notion that common sense isn't so common anymore.

no, focus on SW is misleading

[Mr.+Slippery]

I do not understand where this wrongheaded idea that "everyone needs to run the same mail client in order to work together" comes from. There's no need to all run the same software in order to work together. Using common protocols and formats, and letting users choose the software interface that they prefer, works much better.

Use SMTP and POP3 for email, local newsgroups (NNTP) for open discussions, web pages for read-only information, and NFS (or SAMBA) for file sharing. Let users pick the mail, news and web clients, and OSes, that they work with best. Then, Netscapers and IE-ers and Opera-ers, Exchangers and Notesers and MHers and Piners, Linux-heads and BSD-ers and Solaris-folks and Mac-fans and NT-ites and, yea, even those poor souls trapped in DOS, can all go boldly together into the bright brave new world.

Diversity good. Monoculture bad.

Diversity good for productivity

[Mr.+Slippery]

Let me use tools that function properly and that I know how to use, and I don't need support.

Yes, there's an expense in supporting diversity. (With proprietary software, there are also licencing cost issues; 100 copies of M$ Exmange might be cheaper than 50 copies of Exmange plus 50 copies of Bloated Notes.) But there's more of an expense when your talented and expensive Unix geek has to waste half an hour trying to get Bloated Notes on his Win95 desktop to attach a file to a message (only to find that it's a known bug that sometimes it just plain won't), when he could do it instantly using his client of choice, exmh.

You save on training, and increase productivity, when users can use tools with which they are already skilled. Let the clueless have whatever the local default is, but don't hobble the clueful.

It's actually a good idea

[Dwonis]

There are plenty of other systems in place on the internet in which to exchange files, just keep binaries separate from communication, and we'll all be fine.
--------

Re:Yes, an intelligent solution at last

[Tom+Christiansen]

``In short, just as the Multics mentality of careful access controls shows up throughout Unix, the cretinous CP/M mentality of uncontrolled havoc shows up in DOS and all its mutant children.'' --tchrist

I'll preface this by saying that I strongly agree with the original article. It's a meme I've been spreading for years, and it's nice to see it show up in such as prominent place as the front page of the NY Times.

I can tell that this 34% is going to get a very strong slam here today, so instead, let's actually look at the *REAL* solutions:

I'm not sure what "a strong slam" might mean.

Teach users that opening an attachment on an insecure OS is asking for trouble, and should never be done unless the source is absolutely trustworthy... which leads to...

I can't believe that people actually run arbitrary code that they can't even look at the source code. What are they thinking?

Using PGP/GPG or other secure identification methods to be able to trust the validity of the mail. Just because it's from a co-worker doesn't necessarily mean it's legit. (These two stand out only because the latest big virii have been email ones, not that this is the only route)...

First of all, there's just no way that people are going to only accept mail from folks who give it an electronic signature. There's just too much going around to expect that. Second of all, you mean "viruses". "Virii" is not a word. Details available upon request.

Make sure all installations that require it have a quality and up-to-date virus program.

This is completely the wrong way to do it. Think about devising a networking ack/nak protocol, operating system scheduling algorithm, or database commit protocol. In all such cases, merely reducing the occurrence rate of the problem to a smaller, finite chance is utterly unacceptable. These is right and there is wrong. There is not 30% less likely. That's still wrong. The only correct way is to verify to 100% probability that a virus cannot infiltrate your entire system.

Your approach is the one used for a long time by those without an operating system. It is demonstrably insufficient. By way of contrast, the "make it impossible" solution employed by Unix has had markedly improved success.

Have the sysadmin be diligent about reading the various virii advisory lists and visiting the web sites of the makers of the virii programs on a daily basis. I've yet to see any major virii come out (at least in the states) and not have a virus eliminator or such within a 24hr day.

Now you're just shutting the barn door after the horses have escaped. This is not a viable approach. It requires constant diligence and luck. You can't expect these things.

Um, backup frequently and often. A virus may just eventually get through, but a virii can't do damage to tape backup, only possibly reside

This is good advice, but hardly insufficient. How do you know your backups were clean? You don't.

If you do not approve of the newspaper article's wise advice to diversify your hardware and software platforms, then the remaining simple solution to these insane virus problems is merely to install an operating system. One has but to compare the orders of magnitude of viruses for Microsoft systems compared with those for Unix systems to see the difference. How many Unix viruses are there? Since the RTMjr worm of 1988, which affected Suns and Vaxes only but left other hardware untouched, we haven't seen much.

My organization runs predominantly on three different chipsets (sparc, intel, power pc). Code that runs on one will not blindly run on the other. Moreover, there are several different operating systems installed on each chipset. This helps even more. But best of all, these actually provide real operating systems to get intercede between the program and the hardware.

Telling people not to read mail as root is one thing, but more important to make the mail reading procedure 100% secure against problems, and to make the operating system secure against user issues. Anything else is a joke doomed to fail, just like all the toy systems that have fallen prey to random attacks.

Number of viruses which I or people in my organization have been affected by in the last fifteen years: ZERO.

Beat those odds, Wintel.

All viruses should cause Micros~1 to get sued

[Tom+Christiansen]

In reality until software is developed which can detect and respond to software threats autonomously people will always be susceptible to the whims of worm and virii coders. You can minimize the risk somewhat by using a robust OS or a non-mainstream OS. Once that OS becomes mainstream you've lost the 'protection'.

The only flawed argument here is your own. It is not popularity which determines vulnerability. It is the robustness of the underlying design of the system. Microsoft doesn't have viruses because it is popular. Microsoft has viruses because it was created by an idiot who would flunk if this were turned in for a grade at an operating systems design course.

Here's an example: if you make it illegal for user code to access page table hardware, you need never worry about this form of attack. This is so incredibly superior to various techniques to scan for code that does this in advance or detects its effects after the fact, that there can be no question of efficacy.

The proper entity to be sued for these violation is Microsoft. Yes, you heard me, sue Microsoft for viruses. If you had a car that blew up if you put the ignition key in the wrong way, you'd sue the manufacturer. The source of these viruses is Microsoft. They carry the full burden of responsibility for creating an operating system only a drooling cretin could love, and which even a script kiddie can break into. They've sold you a car not merely without seatbelts, but one without brakes, a speedometer, mirrors, or a transparent windshield.

PS: *virii is a script-kiddie's nonword. The plural of virus is viruses.

...and kids wont ever go hungry again.

[DemonUrge]

I'm pessimistic that any of this can work for *.gov. Having been on both the program and the systems administration/support side of things in the federal government, the following are pretty clear:

1) There is no funding for proactive measures of any sort. What matters is that there is virus scanning on the system, not that the scan engine or virus defs are up to date.

2) There is no funding or urgency to train employees. Heck, they can't train employees to use win95 word processors much less train them about macros, DCOM, IMAP or anything else. And when training is provided, it is often tragically bad. Take a tour of offices and count the number of win95 boxes where the only app being run is wp5.1...

3). PGP/GPG would be swell. However, many government agencies are squeamish about encryption (at the top) and most aren't aware of GNU/free software. Those that are typically think of it in terms of "shareware" and dont trust it. Besides, most users face a learning curve to handle zipped documents much less PGP/GPG.

Could the government mix up OSes on the desktop? Not likely. The amount of money it would cost to cross train everyone would be prohibitive, and barring that, the Feds wont do it. Heck, they are still scratching and clawing to drag everyone from DOS to win95.

One caveat: this will vary tremendously from department to department. I know that there are some government shops that on top of things and which use and contribute to GNU and Free Software. But if you look at a large department like DHHS......

At which point...

[DemonUrge]

..its back to the old practice of trading/mailing floppies around. Hardly an improvement. Not that it doesn't still happen. Just last year I was mailed 5 floppies in the name of "security." Oy.

Definitions reversed?

[RimRod]

Biologically, a virus is a microscopic organism that reproduces (in layman's terms, I'm not a bio person :) ) by invading host cells an restructuring the cell's DNA to essentially "make" it a virus. These converted virii then go and find other non-infected cells to invade.

Biologically, a worm is a macroscopic organism that crawls slowly along the ground, eating any food it happens to smell nearby--at a much slower rate.

In the computer world, a worm, as the author correctly surmises, is self-propelling, that is, a program sent within the attachment can then send itself along without any action by the person who receives it.

In the computer world, virii have been (as the author again correctly surmises), software codes that infect computers by attaching themselves to documents or programs that are passed along.

It seems to me we have our definitions reversed. A computer worm is much closer to a "self-propelling" object than a computer virus, and a computer virus is much slower (with a geometric, not exponential expansion rate) than it's worm counterpart.

Re:Definitions reversed?

[Chessucat]

The F.N.G. is right, but lack tack! I suggest fulfilling the obvious and going with the S.P.A.R.
To keep in the spirit of the moment. If you don't
know where you are going, anyroad will take you there! {grin}

Re:WORD macro viruses?

[Velox_SwiftFox]

Up to date Antiviral software.

Life sucks, then you die, then the worms eat you.

[Velox_SwiftFox]

Be grateful that it happens in that order - with your computer, the worms have to come before last.

Seriously, people will just deal with this sort of thing. "Practicing safe computing" (I love that cybervenereal phrase) gets harder as new attack programs are written, seemingly at a more rapid rate for the "Average User" than for those using open source software. Unfortunate for all, but - that's life. As the capabilities of hardware, software, and network links get better, there will be more to be guarded against in turn.

So people will be more guarded, reasonably, dealing with the new tricks and inconveniences. The first massive parallel attacks on ADSL/cable modem users with "always on" Internet connections will be followed by appropriate firewalling, whether perpetrated against users of Microsoft Windows 9X/20XX or New Redhat Linux release ##.#.

Already all - well, most - of the users I deal with as System Admin are clued in enough to avoid most trouble using the Microsoft OS and suites. Nevertheless disaster may strike in the form of a quick attack of a novel type. Oh my. I hope it can be avoided. I issue memos. I back up. I update against root attacks on the Linux systems.

I keep spare parts too, tend the UPSes, place extra 200 volt MOV devices on incoming modem lines, watch for roof leaks. The Universe is as or more likely to deal an impersonal random blow as a malicious outsider.

Neither of these compares to the unavoidable havoc done by attempting to use the network and systems to get work done; the unravelling of anomalies, repair of data and programs damaged and destroyed - by the most careful attempts to use them in the manner intended.

That what I'm paid for, not to whine, to complain that there are bugs in the software purchased. Software development does not result in bug-free programs for any reasonable expense, and my boss won't wait for Windows 2010. I hope this type of event will spur the move towards the more robust OSS approach, but in any case... the world will go on.

--
[all incoming email will be automatically delayed 24 hours until further notice..]

Re: Latin lessons & Hillis info

[Drone+Head]

While where on the topic, can someone please confirm that virii is in fact the plural of virus, and not just some silly neologism (like octopi)? I'm pretty sure that virus is third declension, with plural viri.

Also, I'd like to point out that Danny Hillis was the founder of Thinking Machines Corporation, not "Connection Machines". The Connection Machine was TMC's core product. One of his current projects is to build a clock that will run for ten millenia.