Posted by
Roblimo
on from the who-opened-the-cage-door? dept.
Neil Andriessen writes "Wired has released a story that tells of how Bubbleboy is now in the wild. It was found on an unnamed Japanese website. The Bubbleboy virus was mentioned in this discussion on Slashdot. A patch is now available from Microsoft.
I wonder were it will go from here."
In essence, something like this would be a virus OS, rather than a conventional virus. Conventional viruses can be dealt with, but a virus OS is a much greater challange.
Soo... You're saying you're waiting for someone to write a smaller version of Win98??
However, I guess I can look at the bright side. I've been worried, for a long time, that a virus writer would exploit file dead-space. There's plenty of room at the end of most binary files to tuck a routine or two, then all you'd need is a bootstrap and some way to re-assemble the fragments in the correct order. A trivial task.
But what about the "bootstrap"? The virus has to be started, and the code for that needs to be in a place where stuff is normally executed, and that's where virus scanners are looking. If you hide a virus too well, it never gets executed and is no virus at all.
--
The illegal we do immediately. The unconstitutional takes a little longer. --Henry Kissinger
Re:Microsoft ultimately responsible for viruses
by
Tom+Christiansen
·
· Score: 2
The concepts of protection and security are relatively new concepts in the personal computer world.
First of all, that really depends on your definition of a personal computer. It seems clear that this means a computer used by one person, not merely a Wintel box. You yourself cite other non-Wintel PCs.
My first personal computer was a Sun-1, followed by a Microvax. I've since moved on to various brands of Sparc and Intel chips, but those are still mine and mine alone. And I assure you that they all run free anti-viral software loosely referred to as Unix.:-)
This was back in the early and mid-80s, and I don't ever recall there being any problem hooking one computer up to another as you mention. Certainly ethernet and ftp/telnet were easier than serial lines and uucp/uux, but it was hardly black magic.
If you want to discuss business computers, those too had operating systems once upon a time. I never had much fun with Sperry UNIVACs, HP 3000s, or MVS boxes, but you can't say that business has always been accustomed to the negligently insecure systems foisted upon them today.
Second of all, I'm not sure that this would be exculpatory. Just because Microsoft and Apple have inured or lulled hapless consumers into accepting an explosive situation would not appear to my mind to get them off the hook. Yes, it is a wonder that notions of security are not end. Anything else is madness.
Re:RSysadmins don't have unlimited time...
by
Wonko42
·
· Score: 2
Hehehe, silly sysadmin...
You think you'll have fewer problems with Netscape? Wow. Take a look at Netscape 4.7, why dontchya'. It's the biggest steaming pile of crap that's ever been dumped on the web. And if you think it'll be easier (much less more secure) than IE, ha, think again.
And as for Outlook...wouldn't it be much easier just to install the patch than to go install a new mailreader on a zillion machines and then educate everyone on how to use it? Besides, Outlook is by far the best mail-reader for corporate Windows-based environments.
Re:It isn't an antimicrosoft conspiracy
by
Tom+Christiansen
·
· Score: 2
Most computer users use Microsoft's products. Most virus writers will, therefor, statistically use Microsoft's products. Most virus writers will target systems with which they are familiar, which happens to be Microsoft's products. Thus, most virus/worm/trojan products target Microsoft products.
I see what you're saying, but I still think those who argue as you doing are playing right into the hands of the Evil Empire spin machine by turning a needlessly blind eye to the root cause of this situation: that Microsoft has negligently foisted off on endless droves of consumers a system which is fundamentally unsound insofar as security is concerned, that they did this knowingly, and that they continue to ignore the underlying cause of this tragedy with a neverending series of post-facto band-aids and duplicitous finger-pointing.
There just isn't enough damage to an individual to warrant an action, class or not.
Are you sure? Consider all money paid by people to buy and install anti-virus software plus all the costs associated with the damages caused by viruses. Once you prove that Microsoft knowingly negligent, then it seems that triple damages aren't far off. Even if you can't prove the knowingly part, there are still simple damages.
It was Microsoft's fault, so they need to cover the costs others have incurred because of them. It's as if a car manufacturer would they shipped a car with an insecure gas line. They'd have to pay to fix the problem, and any damages as well. And if it could be shown that they knew they were shipping such, boy, the feeding frenzy would not be a pretty sight.
Then again, if the menu were to feature Lord Bill's Evil Empire pummelled, diced, and stewed, this might be a pretty sight after all.
Just something to think about.:-)
Re:This doesn't belong on slashdot
by
Tom+Christiansen
·
· Score: 2
I'd bet the majority of/. readers use MS at work and a Linux box at home.
Only the miserable ones stuck in a shitty job under inhuman conditions. Are you really telling me that you believe most people are so afflicted? God help them if they are so desperate as to put up with that kind of bullshit. If they're talented, they walk away from that kind of abuse. If they're not, oh well.
Now that you mention it, I guess in some senses my own situation is similar. It's just that I use Linux network at work (save for firewall etc, which are BSD), but at home am fortunate enough to use BSD for everything.:-)
Any recursively enumerable set of hunks of code can be checked for by a virus scanner, regardless of the size of those hunks of code. The code you describe is not too small for a virus scanner to search for, and is probably (these things can never be exact) unique enough not to conflict with existing code.
I recall this issue having come up in Phrack, in essays on "mutating" code. A way to make viruses "mutate," it was argued, would be to keep the main virus instructions "encrypted" (obfuscated, really), and wrap encryption/decryption code around that (usually this was very small XOR "encryption", not very large code at all). The problem was that a virus scanner could check for this encryption code and thus detect the virus. The same dillema would exist with bootstrapping code.
Doctors amputate Turkish earthquake survivor's arm [This story contains video]
All these viruses that take advantage of holes in MS products, are they being written just for the sake of writing a virus (a stupid occupation if ever I heard one) or are they specifically targetting MS products in order to speed up their downfall? It can't be doing the MS PR engine a lot of good to have to continously fix these "little glitches"...
And i'm just wondering when the last time you actually tried to uninstall IE4/5 from Windows 98 was.
You need Revenge of Mozilla. It completely removes IE from Win98, although you will need three files from later versions of Win95. Personally, I removed IE4 and then installed IE3. You get a good web browser, a fast and stable desktop without all the cheesy web integration, and IE3 provides the libraries needed to run Office 97. Win98 with Revenge of Mozilla is faster than Win95; without ROM it's much slower.
If the virus writer wants to attack Unix, assembler and a knowledge of the OS is a must.
Ah, and precisely which assembly language would that be? I'd dearly love to see the machine language virus that someone is going to use to attack my Sparc/OpenBSD system, my PowerPC/MkLinux(Mach) system, and my Intel/Redhat system all at once. Even if they get over the extreme and proven hurdles that I, a mundane user, am not privileged enough to take pot shots at random bits of memory or disk, they still have dramatically different kernels and instruction sets to contend with. It's not just inherent security keeping the script kiddies out of our recta.
Even if we were the idiots in Unix the way they are in slobbering consumerist MicroAppleSoft-land--and as some predict will inevitably occur if we `win'-- our hybrid vigor makes us strong. Their monoculture is an accident waiting to happen. And happen. And happen.
Apple figured this out, and are moving to a BSD platform. I've played with it, and it's nifty.
I don't agree. I think its not the attention that brings these particular brands of viruses (virii?).
You were right the first time. The answer to your question is that in English, it's viruses. Pretentious pseudo-intellectual script kiddies cursed with "3133t"-speak are prone to using whimsically invented forms, either out of out of ignorance or playful "k3w1ness".
But lest you think these people peculiar in this, notice please how virtually every definable sub-group delights in forming their own invented jargon, and that these sociopaths (crackers) are no different in this regard. Why? Because an "in-speak" serves to separate the "them" from the "us". Anybody who thinks about it for half a second can come up with numerous examples in each of the discrete groups that they belong to. It's just something that we humans do. We like to know who's who, and who's not. It's part of defining the sub-group. The use of the k3w1t0k (yes, that word is an autolog:-) *virii is one such marker.
the fact that MS left the door wide open that keeps these 'viruses' circulating
Bingo! That's exactly right. Microsoft is guilty of selling a system that they know is designed to be easy for anybody to blow up. It is missing the customary and expected safety mechanisms that have been common knowledge for several decades now. I'd like to see Ford Motors get away with this sort of complete negligence. I wish as many people were as upset with the utterly unreliable crapware (speaking of subgroup-specific neologisms:-) that Microsoft keeps foisting off on the public as so many of us are with the monopoly problem.
Ah, and precisely which assembly language would that be?
There is truth in that. No matter what, the virus would fail on some percentage of the machines attacked due to being for the wrong archetecture/instruction set. That would make things much harder for them. So far, only 'THE WORM' has gotten around that problem to my knowledge.
MS attracts the most virus writers because it's an easy target. All you have to do to wipe out the system is get your code executed (and there are MANY ways to do that). In Unix, (where there is real memory protection, and the GUI isn't running in the same ring as the OS) you have to get your code run as root to do much damage.
By no means do I claim that Unix is virus proof (it certainly isn't!) but it's a harder target to hit. If the virus writer wants to attack Unix, assembler and a knowledge of the OS is a must. Macro and VB writers need not apply.
I suppose the real difference is that the Unix world designs to minimise the risk of such things, and MS designs for whiz-bang features and then band-aids over the holes.
IIRC, Eudora was affected by some java problems or viruses, recently. Weren't Outlook, Eudora, and Netscape Mail the three programmes that have had problems with bad email?
I worry about this win98 auto update feature. This looks to me like an extremely exploitable feature! Has anyone tried to DNS poison a domain and get the auto update program to install a virus that way? This scares me! Mike
-- Mike Mangino Consultant, Analysts International
If the author sent it directly to the security boys 'n' girls, how did it get into the wild? Either the author isn't on the side of the angels after all or there's a trojan horse in the anti-virus world. Which would be ironic.
The other thing I noted in the story was that it's patchable if you go to the microsoft site. This places the onus on users to make sure they're not infected; Microsoft can say 'look, it's available; it's not our fault if you don't download it.' I don't want to start another anti-MS diatribe (I hate windows, not MS), but unless I'm over-inferring, this is another example of passing the buck; MS bring out the OS, it's up to the users to use it responsibly.
The other thing I noted in the story was that it's patchable if you go to the microsoft site. This places the onus on users to make sure they're not infected; Microsoft can say 'look, it's available; it's not our fault if you don't download it.
Uhm, isn't that exactly what all the Linux distributions do when a security issue is found? I remember one of those "hack this box" PR things where everyone complained that they hadn't gone to the Red Hat site and installed the security-related updates.
Did anybody ever doubt it would be?
by
jht
·
· Score: 3
I, for one, never had a moment's doubt that Bubbleboy would make it out into the open. If nothing else, the arms race between virus writers and anti-virus companies guarantees that viruses will show up in public. I wouln't even blink if you told me that it was spread by one of the antvirus companies (even by accident), because what will happen as a result?
That's right - more antivirus sales. And now that Macs are popular again, there's even viruses that affect them: for years, Mac users could putter away in safety knowing that not even virus writers developed for the platform. Now Macs aren't even safe.
I'm sorry, viruses are just not a sufficient reason (yet) to switch my whole company over to Linux.
I guess I'm just a hardened cynic. Oh well, time to go make sure I remembered to set the filter on Groupshield...
I really believe this is the fault of Microsoft. As much as I love computers (and dis-like windows), I don't like spending my time downloading patches and being worried.
I just wish Microsoft would think before releasing new gizmos. Why can't they just explore the possibilities of, say, HTML mail before releasing the damn product. Sure, it's the user's fault for not patching, but Microsoft could do a lot to make it not so bloody easy to write these things.
MacOS is now doing this too
by
Chris+Johnson
·
· Score: 2
Not mine: I run system 8.1. However, the new version of Sherlock (impressive search tool) does network activity without asking and tries to update its plugins, MS apps try to autoupdate and there are other system software components that try to autoupdate. That's where I get off, frankly: I _will_ _not_ go along with that. If that means I run system 8 until it can't be usefully used and then go with Linux, so be it: it's absolutely true that it's an exploitable feature, but what you are not acknowledging is how unhealthy it can be even WITHOUT virii being installed. Supposing all the Lotus Notes users had NT autoupdate the NT fixpack that 'happened to' kill Lotus Notes? This whole scenario _might_ be permissible if all commercial developers were responsible and did extensive compatibility testing (HA!), but as things are, it's a recipe for rapidly losing control of your machine, not knowing why it's increasingly broken, and not having the power to even fix it, even if you know all kinds of things about the machine and can debug the installation and troubleshoot it infallibly. We're talking sort of plug and play hassle at the software level- instead of cards fighting you every step of the way, it's the potential for software itself to get into fights with other software, and every time you turn around something downloaded an update which turns out to break something else. That's an absolute nightmare waiting to happen, and as I said, I could easily see it driving me to Linux fulltime in the long run if people don't STOP trying to do this insane behavior. Auto update assumes that the newer a version or update is, the better. Almost any computer user can identify cases where the opposite is true. I was forced to stop using iCab and return to Netscape _because_ newer versions became hopeless crashfests- and I'm not using a newer version of Netscape, either, I'm using a particular version that seemed to like my machine more than usual. And it only takes _one_ autoupdate to a broken or conflicting application to hose you- in the case of system software or always-resident software, it can cripple you entirely.
The other thing I noted in the story was that it's patchable if you go to the microsoft site. This places the onus on users to make sure they're not infected; Microsoft can say 'look, it's available; it's not our fault if you don't download it.'
with win98 you have a nice feature called "windows update" which brings you to a page listing all the critical patches, and other dowloads (such as new themes and new versions of media player and whatnot). All you have to do is check a box and click a button. This patch was on windows update as a "critical update" a month ago. It wasn't that hard to download.
------------- The following sentence is true.
-- The following sentence is true.
The preceding sentence was false.
Re:This doesn't belong on slashdot
by
deefer
·
· Score: 2
"Most of us just sit and watch in amusement as the MS world infects itself." Most? I'd bet the majority of/. readers use MS at work and a Linux box at home. So quit the "I'm alright, Jack" mentality, OK? Just because you don't get affected, don't assume everybody else won't - I don't mean you getting directly infected, but having to clean up after John Luser got sent something. You've obviously never been infected by any quickly replicating virus; when that happens, you say goodbye to your next 48 hours. Fine if it's your PC, not so good if it's your office's network. "It really isn't interesting, so why post about it?" Depends on what you do. If you wear sandals, have a beard, and are horrendously condescending, then you probably run SCO or Solaris and are not interested in the machinations of MS and "the MS world", apart from some smug sort of justification of your OS. Face it, someone you know must run MS. Would you rather know about this, so you can help other people who might not be so IT savvy, or assume your granny who runs W98 (so she can play Unreal:) knows there's a threat to her PC?
"neither news for nerds?" You've obviously never read up on viruses. Get a book, read up. Plenty of nerd material there; self modifying programs, mutating code, understanding & exploiting OS features & holes. Just because you think you've got a handle on your security, doesn't mean everybody else does. Slashdot is read by all people from all walks of life; grow up a bit and start accepting not all people on Slashdot are IT gurus, and realise that/. is a far more interesting place for it.
Windows Update takes care of all of this. Unfortunately, in my experience, this feature is like the vast majority of windows features..it looks great on paper, on the side of the box, and everywhere else, until it crashes unexplainedly when you try to use it.
Personally I wouldn't hate M$ so much if they just fixed the programs they have instead of releasing new versions with more (buggy) features, but that's what you can do when you're a monopoly and quality doesn't count only the need to be percieved as innovative, and to get a "new" product on the shelves.
BTW, NT is impervious to this attack, so keep that in mind while M$ bashing.
Re:Microsoft ultimately responsible for viruses
by
Imperator
·
· Score: 2
And I assure you that they all run free anti-viral software loosely referred to as Unix.:-)
I'm not quite sure why you assume that Unix is immune to viruses. If I send you a script: #!/bin/sh rm -rf/ and you run it as root, there's no antivirus software to intercept the unlinks and ask you if you're really sure you'd like to go ahead with it. Almost every aspect of a Unix system assumes that the human is fully aware of all security problems--even today, many Linux distros run finger, portmap, telnet, and the like by default. Unix's "immunity" to viruses is based on the awareness of security issues among Unix software developers and Unix users.
I'd venture that in a few years when enough nontechnical users are running as root on their home systems, Unix viruses will become more prevailant.
--
Gates' Law: Every 18 months, the speed of software halves.
Someone to sue...not really
by
copito
·
· Score: 2
It is a common idea that buying a commercial product should give you "someone to sue" if something goes wrong. Indeed this is true for most classes of products, especially if there was provable negligence. It is not true for any software that I am aware of, and certainly not for Windows. If you read the Windows EULA (or GPL for that matter) you'll see that they deny any liability or warranty. So there is, in fact, no one to sue in either case.
There have been some questions raised about the legality of such "shrink-wrap" licences, but I don't know of any case in which they have been overturned. In any case the UCITA, which will soon by passed by the states, barring divine intervention, will put these licences on unassailable footing.
The way big companies protect their truly expensive hardware and software is with on-site support contracts with guaranteed uptime. These contracts tend to limit liability as well, and are available for open source as well as proprietary offerings (including Microsoft).
In short, if you want assurance about a software product, you need to spend a lot of money on a support contract or trust your staff to build reliable systems and support them well, no matter who made the software.
I suppose that my children aren't free because they are not free to sell their children into slavery? --
--
"L'IT c'est moi!"
Re:Microsoft ultimately responsible for viruses
by
Tom+Christiansen
·
· Score: 2
If you think I automatically run any program upon its mere receipt, let alone doing so as the superuser, then perhaps you'd be interested in some beachfront property in Florida.
To do out of ignorance those things is to be idiotic. Microsoft and the mindless morons who produce software for that crapware non-O/S platform encourage people to do both. This passes beyond the idiotic into a realm that is negligent at the best, and criminal at the worst.
I work with MS Windows (as a developer), and I am forced to use Outlook 2000 (by the company I'm at). If it hadn't seen this newsstory, I wouldn't have innoculated myself until the IT folks sent out a technical builiten... and that could be weeks. Thus for people in my situation, this is very helpful. Incase you didn't notice there are Linux, BSD, Mac, Amiga, Palm AND Windows folks here. That's what tolerating differences is all about.
A lot of people on/. are also system administrators who need to make stuff like this known to their (l)users, and be able to answer questions about the latest and greatest virus scare.
Finally, this is news. This is the first (reported) email/web virus that doesn't require the user to actually run something. (Yes, viruses that didn't require execution existed before, but this one is the first (reported) web-virus.)
That's true, but virus scanners look for unique pieces of code. The bootstrap can afford to be extremely small - it only needs to check if the end of a sector contains a virus routine, then copy that into a block of reserved memory, based on routine number * size of routines.
That's too small a piece of code for a virus scanner to recognise. There's nothing that's unique, to identify.
-NOW-, many virus scanners also detect changes to files. -This- could successfully recognise the bootstrap, no matter how small or how carefully disguised it was. As you say, it has to be executable. But this assumes you have a record of what the file -should- look like. If you've got a disk or a file that's infected, you won't know until it starts infecting other files.
-- It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
VMS had the curious property that you could put shell scripts inside regular e-mails (such as the subject line, or the main message). These would get executed when viewed.
As Dec Mail would (by default) display the subject line of the message, when you received an e-mail, this means that you didn't even need to open the message to be infected. Receiving it was enough.
Whilst not quite as powerful as ActiveX or Javascript, the Dec shell scripting language was, nonetheless, very powerful. Easily enough to do everything BubbleBoy can do.
-- It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
Someone please tell Roblimo to stop posting about Windows viruses. They're neither news for nerds, nor stuff that matters. Slashdot readers are extremely likely to know about the dangers of viruses, and what measures to take to prevent catching them. Most of us just sit and watch in amusement as the MS world infects itself. It really isn't interesting, so why post about it?
I couldn't disagree more. Now, there are lots of reasons why I think this is interesting and worth talking about, but disregarding all of those, the simple fact is that/. is not a Linux site, or even a non-MS site. Even if most/.ers hate their guts, a very large portion of them works with Windows networks as part of their job, and even more are employed at places where most of their coworkers use Windows. Important viruses like Bubbleboy are vital news for a large contingent of/. readers.
Beyond that, Bubbleboy isn't just any old virus; it's the first self-executing email virus, and probably the closest any virus has come to the 'ideal' of infecting a machine despite the user not doing anything wrong (no, running Windows doesn't count). Indeed, your assertion that "Slashdot readers are extremely likely to know about the dangers of viruses, and what measures to take to prevent catching them," is precisely why this story needs to be run--because Bubbleboy turns the conventional wisdom on viruses on its head a little bit. (Of course, one could argue that that's because most viruses don't actually target OS bugs, but rather legitimate functions; in some sense, Bubbleboy is more of an exploit than a virus.)
In the end, I think (and not that I haven't felt like posting "does this really belong on/." posts every once in a while) that, with the possible exception of the decision to interview John Vranesevich, it's usually not too appropriate to second guess the/. staff for posting an article. If you don't find it interesting, don't read it, and post on it. If lots of people don't find it interesting, then there won't be many posts on that subject, and eventually Rob and Roblimo and Hemos will figure it out. Furthermore, if the discourse of whatever posts there are is no good, they'll eventually catch on to that, too. And they'll be less likely to post on that subject on the future.
The thing is, it doesn't hurt you one bit for this article to be here. If the subject doesn't interest you, then fine: move along. But don't automatically presume that everyone agrees with you. Just because (wow--just clicked on your user info) you were around when/. was just a couple thousand strong doesn't mean that you automatically speak for the entire/. community now. Just because this may not have been "the sort of thing that got posted in the olden days" doesn't mean it's not what should get posted now. Besides, I may not have been around as long as you, but I've frequented/. for a decent amount of time, and certainly wouldn't have been at all surprised to see this story, or even a similar but less important one posted, say, a year ago.
I suppose what I'm trying to say is, let the people in charge of/. do their job. I think we'll both agree they make the right decisions most of the time, and when they don't, they're good enough to figure it out on their own.
The answer to your parenthetical English uses viruses. If you were curious what the Romans appear to have used, the short answer is that they didn't.:-) A longer answer is also available.
That's very interesting. The last time I looked this up in Perseus, they considered it an indeclinable form. In fact, they still do. Curious.
I looked through the vira entries that your cite referenced as well, but of those that one could pull up via a link, none actually used that form. I don't have the non-linked source at hand. How do you explain Ammian?
I'm still looking for more sources, and will happily update my document if and when new research turns up, as it did recently.
And I'll still use viruses when writing English.:-)
Microsoft ultimately responsible for viruses
by
Tom+Christiansen
·
· Score: 2
Use your brain, man. Of course MS is going to represent the lion's share of virus targets. It is by FAR the most widely available OS out there, making it the most visible target.
You seem to have misunderstood a crucial element: Microsoft is ultimately responsible for these so-called viruses because of their negligence in systems design. An operating system is supposed to provide a protected interface to the hardware. MS-DOS does not do that. This notion of carefully controlled, mediated access to the computer's underlying raw resources is hardly a new concept today, nor was it back when Multics was doing rings of protection -- which, you will note, antedates Unix significantly.
The primary reason we don't have viruses for Unix operating systems is because of our security model. The primary reason you do have viruses for Microsoft's soi-disant operating systems is their lack of a sound security model. There are others reasons, but this is the crux upon which hang untold zillions of dollars of needless costs.
Re:Microsoft ultimately responsible for viruses
by
Imperator
·
· Score: 2
If you think I automatically run any program upon its mere receipt, let alone doing so as the superuser, then perhaps you'd be interested in some beachfront property in Florida.
s/I/a user who doesn't understand their computer/ s/Florida/Florida/ (perhaps you originally meant Colorado?:)
While I think your attack of Microsoft is just a wee bit of a stretch, I agree that MS OSs have negligible security. They were built for non-networked computers, where physical security is the most important type of security. (Not that fdisk/MBR c: was much fun.:)
--
Gates' Law: Every 18 months, the speed of software halves.
Re:Microsoft ultimately responsible for viruses
by
Tom+Christiansen
·
· Score: 2
MS OSs have negligible security. They were built for non-networked computers, where physical security is the most important type of security.
Unix was originally built for non-networked computers. Your point? MS has stuck most of the unsuspecting world with a form of technology that was already out of date before they came on the scene. And they've developed an entire culture in which people now expect this sort of shoddy craftsmanship. And then they wonder why they get burnt. There comes a time to throw out the old crap and do it right. That time is long, long, long past.
Re:Microsoft ultimately responsible for viruses
by
Mr+Z
·
· Score: 2
An operating system is supposed to provide a protected interface to the hardware. MS-DOS does not do that. This notion of carefully controlled, mediated access to the computer's underlying raw resources is hardly a new concept today, nor was it back when Multics was doing rings of protection -- which, you will note, antedates Unix significantly.
The concepts of protection and security are relatively new concepts in the personal computer world. Microsoft has never really embraced these concepts either, it would seem, and I imagine it's because most of their customers don't care. (Or, at least didn't care.) Rather, they seem to be more interested in the opposite -- integrating everything with everything else and separating nobody from anything.
Part of the reason for this, I imagine, is that the original user base for PCs and related equipment really didn't want anything in the way between themselves and the machine. The OS was a glorified boot loader that additionally provided some useful routines. Look at the Apple ][, Commodore 64, IBM PC, etc. at their inception. The only machine that truly insulated you from the hardware (TI-99/4 and TI-99/4A) died earliest.
I remember someone musing around this time (early/mid 80s) that the hardest thing you could try with your computer was to hook it up to another computer. This remained largely truly until the last decade, and for the bulk of non-business computers, the last few years. Is it any wonder that the notions of security and paranoia just aren't built in?
No, you aren't wrong. In fact, you're exactly right.
You have to treat the cause, not the symptoms. The viruses are the symptom. Microsoft's inability to design a robust, security-minded operating system is the cause. And installing one of the innumerable Linuces, a BSD, or various commerical Unixen (yes, those are bogoplurals:-) is the most cost-effective cure. It's difficult to imagine Microsoft ever escaping from the single-user ghetto mentality in which they have sequestered themselves for all these years.
This is considered a "new kind of virus"... People never learn from history, it would seem. This type of virus has existed with DEC VMS 5.5, and probably both earlier and later versions. Don't learn from history, and you'll sooner or later repeat it.
However, I guess I can look at the bright side. I've been worried, for a long time, that a virus writer would exploit file dead-space. There's plenty of room at the end of most binary files to tuck a routine or two, then all you'd need is a bootstrap and some way to re-assemble the fragments in the correct order. A trivial task.
This would give you an almost undetectable virus, as many virus scanners check files, not sectors, and the files themselves would be unaffected.
Even if you -did- write something that could detect a fragment, all you do is clear that fragment. It'd be child's play for anyone to re-write a single routine. The bootstrap/saver routine could probably do that.
In essence, something like this would be a virus OS, rather than a conventional virus. Conventional viruses can be dealt with, but a virus OS is a much greater challange.
-- It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
Re:This doesn't belong on slashdot
by
Tet
·
· Score: 2
Interesting to see the number of replies that assume I'm running Linux, and was complaining because it's not a Linux related story. As it happens, I run many OSes (of which, yes, Linux is one). My point was meant to be that/. isn't a virus alert forum. There are plenty of other places that are meant for that sort of thing. Yes, the first mention of this particular virus was vaguely interesting because it uses a new method of transmission. However, I stand by my view that the fact it's out in the wild is neither news for nerds nor stuff that matters.
-- "The invisible and the non-existent look very much alike." -- Delos B. McKown
Uh, you're insane. I manage my school's network, and I installed the patch on all their Win98 machines with no problems. Also on my home and work machines, still no problems. You must've done something weird.
Re:Illegal to write a worm?
by
Wonko42
·
· Score: 2
Bubbleboy is non-malicious, takes up very little space (and therefore does not use a lot of resources), and makes everyone's day just a little bit more exciting. Not to mention that McAfee is having a blast with all the software purchases they're getting off this.;)
Microsoft released this patch in August, people!
by
Wonko42
·
· Score: 4
It seems that a lot of you are jumping to some pretty dumb conclusions, bashing Microsoft when you really shouldn't be. As usual...
But anywhow, I just wanted to point out that Microsoft released the patch for this vulnerability in August. That was a few months ago; way before any viruses had actually made use of the hole. In fact, I also remember a Slashdot post being made about the patch, and it got quite a lot of media coverage. Yes, Microsoft was alerted of a vulnerability, and they fixed it, months before anything actually exploited that vulnerability.
And yes, if you use a vulnerable flavor of Windows and were too stupid to upgrade, you deserve to have your computer's Owner name and Company info reset. Heh, geez people, it's not like BubbleBoy is malicious or anything...;)
Re:It isn't an antimicrosoft conspiracy
by
sjames
·
· Score: 2
Based on their behaviour, I'm inclined to believe that MS really doesn't care about security. One of yesterday's articles showed that WinCE XORs your NT password against a FIXED KEY in it's registry. That's about as secure as rot-13 in usenet. If they had the slightest bit of concern for security, they wouldn't do that. I would have thought they had learned in the 80's when they used roughly the same sort of scheme to password protect word documents and a cracker program came out that could retrieve the password in under a second.
Re:Microsoft and patching
by
Just+Some+Guy
·
· Score: 3
Sure, it's the user's fault for not patching...
I have to disagree with that. If the user is informed, yet choses not to follow up, then it is their fault. However, a lot of us here tend to forget that: 1. Not everyone is a computer expert, and a lot of people don't know what a patch is, let alone where to get one or what to do with it. 2. There's nothing wrong with that.
My sister bought a new computer last year and is happily browsing and ICQ'ing away. She doesn't know Jack about security, nor do I believe she should be expected to. I mean, should every newbie make support.microsoft.com their home page, and check it for new misfeatures every time they go online? That's not reasonable. The vast majority of users simply want to get on the 'net and run around without having to bother with all of this, in much the same way that they want to use the phone without knowing the difference between packet-switched and circuit-switched networks.
Yes, I think that people should learn more about their new computers than most people usually do. However, I think that patching goes beyond the skills and abilities that the average user should be expected to know.
To make an analogy, have you checked to see if there's a recall on your car? No? Why not? Consumer Reports lists current recalls in the back of their magazine, so it's publicly accessible information, but I'd dare to state that not many people bother to check. So, if someone's defective car causes an accident, was it their fault for not taking it in for a "patch"? I guess, technically, it may be. In reality, though, I don't think that's a reasonable expectation.
-- Dewey, what part of this looks like authorities should be involved?
It isn't an antimicrosoft conspiracy
by
FreeUser
·
· Score: 4
Most computer users use Microsoft's products.
Most virus writers will, therefor, statistically use Microsoft's products.
Most virus writers will target systems with which they are familiar, which happens to be Microsoft's products.
Thus, most virus/worm/trojan products target Microsoft products.
The fact that such an overwhelming number of these attacks are successful, indeed devistating, is a testiment and real world demonstration of just how severely flawed Microsofts entire security paradigm continues to be. That the so-called "service" packs and security fixes generally break more than they fix (whether maliciously or through negligence) is a strong indication of how flawed Microsoft's development process and QA/QC procedures are.
Re:Microsoft and patching
by
Stonehand
·
· Score: 2
It does; search for an 'autoRPM' daemon. It's not exactly an MS creation (although it MIGHT be to promote e-mail clients that execute everything in sight with minimal concept of permissions...)
-- Only the dead have seen the end of war.
Re:Illegal to write a worm?
by
Stonehand
·
· Score: 2
Like the infamous RTM worm?
I'm sure it's been written up, and IIRC there were some charges that actually stuck...
-- Only the dead have seen the end of war.
Dark side of the force (Re:what I'm wondering...)
by
Hanno
·
· Score: 3
Years ago back in high school, I wrote a "virus" that basically just copied a short segment of source code to GW-Basic programs it found on the hard disk - yes, GW-Basic, that old thing for DOS 2.11 that existed before Visual Basic and Turbo Basic were known.
It didn't do any harm, it didn't "infect" EXE files and I did it just to find out if it was possible and what writing a virus is like.
Scary thing though that this simple program (just a few lines of code), despite being harmless and doing its task clearly seen in the open light (is that an English phrase, anyway) followed all the requirements to be called a virus. Today's macro viruses actually do exactly the same thing.
While I never spread "my virus", it was an interesting experience. From a pathetic viewpoint, those virus writers could be called seduced by the dark side of the force; being among crackers, script kiddies and other menaces to IT society must be like being in a street gang. They have their own set of values of what is "cool" and what gives you "respect" among the peers.
It sure would be nicer if those talented hackers (which they often are) would use their talent for something useful and write "good" software to gain a kind of respect that's actually worth gaining...
To answer your other question, I doubt that MS itself is the target. A virus must find a common platform as a host to spread itself, and Microsoft software, both Dos/Windows operating systems and Office/Outlook application software, are commonplace. This makes an obvious target.
WARNING!!!!!!! INTERNET VIRUS
by
rebrane
·
· Score: 3
The FCC released a warning last Wednesday concerning a matter of major importance to any regular user of the Internet. Apparently a new computer virus has been engineered by a user of AMERICA ONLINE that is unparalleled in its destructive capability. Other more well-known viruses such as "Stoned", "Airwolf" and "Michaelangelo" pale in comparison to the prospects of this newest creation by a warped mentality.
What makes this virus so terrifying, said the FCC, is the fact that no program needs to be exchanged for a new computer to be infected. It can be spread through the existing e-mail systems of the Internet. Once a computer is infected, one of several things can happen. If the computer contains a hard drive, that will most likely be destroyed. If the program is not stopped, the computer's processor will be placed in an nth-complexity infinite binary loop -which can severely damage the processor if left running that way too long.
Unfortunately, most novice computer users will not realize what is happening until it is far too late. Luckily, there is one sure means of detecting what is now known as the "Good Times" virus. It always travels to new computers the same way in a text email message with the subject line reading "Good Times". Avoiding infection is easy once the file has been received- not reading it! The act of loading the file into the mail server's ASCII buffer causes the "Good Times" mainline program to initialize and execute.
The program is highly intelligent- it will send copies of itself to everyone whose e-mail address is contained in a receive-mail file or a sent-mail file, if it can find one. It will then proceed to trash the computer it is running on. The bottom line here is - if you receive a file with the subject line "Good Times", delete it immediately! Do not read it" Rest assured that whoever's name was on the "From" line was surely struck by the virus. Warn your friends and local system users of this newest threat to the Internet! It could save them a lot of time and money.
--- cut here ---
ah yes. it's true what they say about fiction becoming reality. and we have microsoft to thank.:)
--neil
Re:This doesn't belong on slashdot
by
Erik+Hollensbe
·
· Score: 2
I'm a self-proclaimed nerd.
I also had to look at the previous link to see what bubbleboy was, and I'm glad I did considering the windows boxes that I use have both of these components, not to mention my GF's machine, who probably is more than likely to find this surfing.
In other words, please, leave your definition of "news" out of the subject.. This is an issue for many computer users AND nerds.
Is it just me or has the "I don't know how to filter content or not click on the links therefore I'll just be lazy and complain to rob" quota jumped through the roof lately?
Rob has an email address. The article pos(t)ers all have email addresses, just click on their names. Please, please, please, don't send your bandwidth wasting flames and complaints to the forums, where they won't be read by the posters who probably have a small amount of time in the first place. Send it to THEM.
Slashdot Mirror
In essence, something like this would be a virus OS, rather than a conventional virus. Conventional viruses can be dealt with, but a virus OS is a much greater challange.
Soo... You're saying you're waiting for someone to write a smaller version of Win98??
Kintanon
Check out JoshJitsu.info for Brazilian Ji
But what about the "bootstrap"? The virus has to be started, and the code for that needs to be in a place where stuff is normally executed, and that's where virus scanners are looking. If you hide a virus too well, it never gets executed and is no virus at all.
The illegal we do immediately. The unconstitutional takes a little longer.
--Henry Kissinger
My first personal computer was a Sun-1, followed by a Microvax. I've since moved on to various brands of Sparc and Intel chips, but those are still mine and mine alone. And I assure you that they all run free anti-viral software loosely referred to as Unix. :-)
This was back in the early and mid-80s, and I don't ever recall there being any problem hooking one computer up to another as you mention. Certainly ethernet and ftp/telnet were easier than serial lines and uucp/uux, but it was hardly black magic.
If you want to discuss business computers, those too had operating systems once upon a time. I never had much fun with Sperry UNIVACs, HP 3000s, or MVS boxes, but you can't say that business has always been accustomed to the negligently insecure systems foisted upon them today.
Second of all, I'm not sure that this would be exculpatory. Just because Microsoft and Apple have inured or lulled hapless consumers into accepting an explosive situation would not appear to my mind to get them off the hook. Yes, it is a wonder that notions of security are not end. Anything else is madness.
You think you'll have fewer problems with Netscape? Wow. Take a look at Netscape 4.7, why dontchya'. It's the biggest steaming pile of crap that's ever been dumped on the web. And if you think it'll be easier (much less more secure) than IE, ha, think again.
And as for Outlook...wouldn't it be much easier just to install the patch than to go install a new mailreader on a zillion machines and then educate everyone on how to use it? Besides, Outlook is by far the best mail-reader for corporate Windows-based environments.
It was Microsoft's fault, so they need to cover the costs others have incurred because of them. It's as if a car manufacturer would they shipped a car with an insecure gas line. They'd have to pay to fix the problem, and any damages as well. And if it could be shown that they knew they were shipping such, boy, the feeding frenzy would not be a pretty sight.
Then again, if the menu were to feature Lord Bill's Evil Empire pummelled, diced, and stewed, this might be a pretty sight after all.
Just something to think about. :-)
Now that you mention it, I guess in some senses my own situation is similar. It's just that I use Linux network at work (save for firewall etc, which are BSD), but at home am fortunate enough to use BSD for everything. :-)
I recall this issue having come up in Phrack, in essays on "mutating" code. A way to make viruses "mutate," it was argued, would be to keep the main virus instructions "encrypted" (obfuscated, really), and wrap encryption/decryption code around that (usually this was very small XOR "encryption", not very large code at all). The problem was that a virus scanner could check for this encryption code and thus detect the virus. The same dillema would exist with bootstrapping code.
Doctors amputate Turkish earthquake survivor's arm [This story contains video]
"Whatever happened to fair use?"
-- Duff-Man
All these viruses that take advantage of holes in MS products, are they being written just for the sake of writing a virus (a stupid occupation if ever I heard one) or are they specifically targetting MS products in order to speed up their downfall? It can't be doing the MS PR engine a lot of good to have to continously fix these "little glitches"...
I worry about this win98 auto update feature. This looks to me like an extremely exploitable feature! Has anyone tried to DNS poison a domain and get the auto update program to install a virus that way? This scares me!
Mike
--
Mike Mangino Consultant, Analysts International
Mike Mangino
mmangino@acm.org
If the author sent it directly to the security boys 'n' girls, how did it get into the wild? Either the author isn't on the side of the angels after all or there's a trojan horse in the anti-virus world. Which would be ironic.
The other thing I noted in the story was that it's patchable if you go to the microsoft site. This places the onus on users to make sure they're not infected; Microsoft can say 'look, it's available; it's not our fault if you don't download it.' I don't want to start another anti-MS diatribe (I hate windows, not MS), but unless I'm over-inferring, this is another example of passing the buck; MS bring out the OS, it's up to the users to use it responsibly.
I, for one, never had a moment's doubt that Bubbleboy would make it out into the open. If nothing else, the arms race between virus writers and anti-virus companies guarantees that viruses will show up in public. I wouln't even blink if you told me that it was spread by one of the antvirus companies (even by accident), because what will happen as a result?
That's right - more antivirus sales. And now that Macs are popular again, there's even viruses that affect them: for years, Mac users could putter away in safety knowing that not even virus writers developed for the platform. Now Macs aren't even safe.
I'm sorry, viruses are just not a sufficient reason (yet) to switch my whole company over to Linux.
I guess I'm just a hardened cynic. Oh well, time to go make sure I remembered to set the filter on Groupshield...
- -Josh Turiel
-- Josh Turiel
"2. Do not eat iPod Shuffle."
I really believe this is the fault of Microsoft. As much as I love computers (and dis-like windows), I don't like spending my time downloading patches and being worried.
I just wish Microsoft would think before releasing new gizmos. Why can't they just explore the possibilities of, say, HTML mail before releasing the damn product. Sure, it's the user's fault for not patching, but Microsoft could do a lot to make it not so bloody easy to write these things.
Not mine: I run system 8.1. However, the new version of Sherlock (impressive search tool) does network activity without asking and tries to update its plugins, MS apps try to autoupdate and there are other system software components that try to autoupdate.
That's where I get off, frankly: I _will_ _not_ go along with that. If that means I run system 8 until it can't be usefully used and then go with Linux, so be it: it's absolutely true that it's an exploitable feature, but what you are not acknowledging is how unhealthy it can be even WITHOUT virii being installed. Supposing all the Lotus Notes users had NT autoupdate the NT fixpack that 'happened to' kill Lotus Notes? This whole scenario _might_ be permissible if all commercial developers were responsible and did extensive compatibility testing (HA!), but as things are, it's a recipe for rapidly losing control of your machine, not knowing why it's increasingly broken, and not having the power to even fix it, even if you know all kinds of things about the machine and can debug the installation and troubleshoot it infallibly. We're talking sort of plug and play hassle at the software level- instead of cards fighting you every step of the way, it's the potential for software itself to get into fights with other software, and every time you turn around something downloaded an update which turns out to break something else.
That's an absolute nightmare waiting to happen, and as I said, I could easily see it driving me to Linux fulltime in the long run if people don't STOP trying to do this insane behavior. Auto update assumes that the newer a version or update is, the better. Almost any computer user can identify cases where the opposite is true. I was forced to stop using iCab and return to Netscape _because_ newer versions became hopeless crashfests- and I'm not using a newer version of Netscape, either, I'm using a particular version that seemed to like my machine more than usual. And it only takes _one_ autoupdate to a broken or conflicting application to hose you- in the case of system software or always-resident software, it can cripple you entirely.
The other thing I noted in the story was that it's patchable if you go to the microsoft site. This places the onus on users to make sure they're not infected; Microsoft can say 'look, it's available; it's not our fault if you don't download it.'
with win98 you have a nice feature called "windows update" which brings you to a page listing all the critical patches, and other dowloads (such as new themes and new versions of media player and whatnot). All you have to do is check a box and click a button. This patch was on windows update as a "critical update" a month ago. It wasn't that hard to download.
-------------
The following sentence is true.
The following sentence is true. The preceding sentence was false.
"Most of us just sit and watch in amusement as the MS world infects itself." /. readers use MS at work and a Linux box at home. So quit the "I'm alright, Jack" mentality, OK? Just because you don't get affected, don't assume everybody else won't - I don't mean you getting directly infected, but having to clean up after John Luser got sent something. You've obviously never been infected by any quickly replicating virus; when that happens, you say goodbye to your next 48 hours. Fine if it's your PC, not so good if it's your office's network. :) knows there's a threat to her PC?
/. is a far more interesting place for it.
Most? I'd bet the majority of
"It really isn't interesting, so why post about it?"
Depends on what you do. If you wear sandals, have a beard, and are horrendously condescending, then you probably run SCO or Solaris and are not interested in the machinations of MS and "the MS world", apart from some smug sort of justification of your OS. Face it, someone you know must run MS. Would you rather know about this, so you can help other people who might not be so IT savvy, or assume your granny who runs W98 (so she can play Unreal
"neither news for nerds?"
You've obviously never read up on viruses. Get a book, read up. Plenty of nerd material there; self modifying programs, mutating code, understanding & exploiting OS features & holes.
Just because you think you've got a handle on your security, doesn't mean everybody else does. Slashdot is read by all people from all walks of life; grow up a bit and start accepting not all people on Slashdot are IT gurus, and realise that
Strong data typing is for those with weak minds.
Windows Update takes care of all of this. Unfortunately, in my experience, this feature is like the vast majority of windows features..it looks great on paper, on the side of the box, and everywhere else, until it crashes unexplainedly when you try to use it.
Personally I wouldn't hate M$ so much if they just fixed the programs they have instead of releasing new versions with more (buggy) features, but that's what you can do when you're a monopoly and quality doesn't count only the need to be percieved as innovative, and to get a "new" product on the shelves.
BTW, NT is impervious to this attack, so keep that in mind while M$ bashing.
+&x
I'm not quite sure why you assume that Unix is immune to viruses. If I send you a script: /
#!/bin/sh rm -rf
and you run it as root, there's no antivirus software to intercept the unlinks and ask you if you're really sure you'd like to go ahead with it. Almost every aspect of a Unix system assumes that the human is fully aware of all security problems--even today, many Linux distros run finger, portmap, telnet, and the like by default. Unix's "immunity" to viruses is based on the awareness of security issues among Unix software developers and Unix users.
I'd venture that in a few years when enough nontechnical users are running as root on their home systems, Unix viruses will become more prevailant.
Gates' Law: Every 18 months, the speed of software halves.
It is a common idea that buying a commercial product should give you "someone to sue" if something goes wrong. Indeed this is true for most classes of products, especially if there was provable negligence. It is not true for any software that I am aware of, and certainly not for Windows. If you read the Windows EULA (or GPL for that matter) you'll see that they deny any liability or warranty. So there is, in fact, no one to sue in either case.
There have been some questions raised about the legality of such "shrink-wrap" licences, but I don't know of any case in which they have been overturned. In any case the UCITA, which will soon by passed by the states, barring divine intervention, will put these licences on unassailable footing.
The way big companies protect their truly expensive hardware and software is with on-site support contracts with guaranteed uptime. These contracts tend to limit liability as well, and are available for open source as well as proprietary offerings (including Microsoft).
In short, if you want assurance about a software product, you need to spend a lot of money on a support contract or trust your staff to build reliable systems and support them well, no matter who made the software.
--
"L'IT c'est moi!"
I suppose that my children aren't free because they are not free to sell their children into slavery?
--
"L'IT c'est moi!"
To do out of ignorance those things is to be idiotic. Microsoft and the mindless morons who produce software for that crapware non-O/S platform encourage people to do both. This passes beyond the idiotic into a realm that is negligent at the best, and criminal at the worst.
I work with MS Windows (as a developer), and I am forced to use Outlook 2000 (by the company I'm at). If it hadn't seen this newsstory, I wouldn't have innoculated myself until the IT folks sent out a technical builiten... and that could be weeks. Thus for people in my situation, this is very helpful. Incase you didn't notice there are Linux, BSD, Mac, Amiga, Palm AND Windows folks here. That's what tolerating differences is all about.
/. are also system administrators who need to make stuff like this known to their (l)users, and be able to answer questions about the latest and greatest virus scare.
A lot of people on
Finally, this is news. This is the first (reported) email/web virus that doesn't require the user to actually run something. (Yes, viruses that didn't require execution existed before, but this one is the first (reported) web-virus.)
Myddrin
That's too small a piece of code for a virus scanner to recognise. There's nothing that's unique, to identify.
-NOW-, many virus scanners also detect changes to files. -This- could successfully recognise the bootstrap, no matter how small or how carefully disguised it was. As you say, it has to be executable. But this assumes you have a record of what the file -should- look like. If you've got a disk or a file that's infected, you won't know until it starts infecting other files.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
As Dec Mail would (by default) display the subject line of the message, when you received an e-mail, this means that you didn't even need to open the message to be infected. Receiving it was enough.
Whilst not quite as powerful as ActiveX or Javascript, the Dec shell scripting language was, nonetheless, very powerful. Easily enough to do everything BubbleBoy can do.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
Someone please tell Roblimo to stop posting about Windows viruses. They're neither news for nerds, nor stuff that matters. Slashdot readers are extremely likely to know about the dangers of viruses, and what measures to take to prevent catching them. Most of us just sit and watch in amusement as the MS world infects itself. It really isn't interesting, so why post about it?
/. is not a Linux site, or even a non-MS site. Even if most /.ers hate their guts, a very large portion of them works with Windows networks as part of their job, and even more are employed at places where most of their coworkers use Windows. Important viruses like Bubbleboy are vital news for a large contingent of /. readers.
/." posts every once in a while) that, with the possible exception of the decision to interview John Vranesevich, it's usually not too appropriate to second guess the /. staff for posting an article. If you don't find it interesting, don't read it, and post on it. If lots of people don't find it interesting, then there won't be many posts on that subject, and eventually Rob and Roblimo and Hemos will figure it out. Furthermore, if the discourse of whatever posts there are is no good, they'll eventually catch on to that, too. And they'll be less likely to post on that subject on the future.
/. was just a couple thousand strong doesn't mean that you automatically speak for the entire /. community now. Just because this may not have been "the sort of thing that got posted in the olden days" doesn't mean it's not what should get posted now. Besides, I may not have been around as long as you, but I've frequented /. for a decent amount of time, and certainly wouldn't have been at all surprised to see this story, or even a similar but less important one posted, say, a year ago.
/. do their job. I think we'll both agree they make the right decisions most of the time, and when they don't, they're good enough to figure it out on their own.
I couldn't disagree more. Now, there are lots of reasons why I think this is interesting and worth talking about, but disregarding all of those, the simple fact is that
Beyond that, Bubbleboy isn't just any old virus; it's the first self-executing email virus, and probably the closest any virus has come to the 'ideal' of infecting a machine despite the user not doing anything wrong (no, running Windows doesn't count). Indeed, your assertion that "Slashdot readers are extremely likely to know about the dangers of viruses, and what measures to take to prevent catching them," is precisely why this story needs to be run--because Bubbleboy turns the conventional wisdom on viruses on its head a little bit. (Of course, one could argue that that's because most viruses don't actually target OS bugs, but rather legitimate functions; in some sense, Bubbleboy is more of an exploit than a virus.)
In the end, I think (and not that I haven't felt like posting "does this really belong on
The thing is, it doesn't hurt you one bit for this article to be here. If the subject doesn't interest you, then fine: move along. But don't automatically presume that everyone agrees with you. Just because (wow--just clicked on your user info) you were around when
I suppose what I'm trying to say is, let the people in charge of
The primary reason we don't have viruses for Unix operating systems is because of our security model. The primary reason you do have viruses for Microsoft's soi-disant operating systems is their lack of a sound security model. There are others reasons, but this is the crux upon which hang untold zillions of dollars of needless costs.
You have to treat the cause, not the symptoms. The viruses are the symptom. Microsoft's inability to design a robust, security-minded operating system is the cause. And installing one of the innumerable Linuces, a BSD, or various commerical Unixen (yes, those are bogoplurals :-) is the most cost-effective cure. It's difficult to imagine Microsoft ever escaping from the single-user ghetto mentality in which they have sequestered themselves for all these years.
However, I guess I can look at the bright side. I've been worried, for a long time, that a virus writer would exploit file dead-space. There's plenty of room at the end of most binary files to tuck a routine or two, then all you'd need is a bootstrap and some way to re-assemble the fragments in the correct order. A trivial task.
This would give you an almost undetectable virus, as many virus scanners check files, not sectors, and the files themselves would be unaffected.
Even if you -did- write something that could detect a fragment, all you do is clear that fragment. It'd be child's play for anyone to re-write a single routine. The bootstrap/saver routine could probably do that.
In essence, something like this would be a virus OS, rather than a conventional virus. Conventional viruses can be dealt with, but a virus OS is a much greater challange.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
Interesting to see the number of replies that assume I'm running Linux, and was complaining because it's not a Linux related story. As it happens, I run many OSes (of which, yes, Linux is one). My point was meant to be that /. isn't a virus alert forum. There are plenty of other places that are meant for that sort of thing. Yes, the first mention of this particular virus was vaguely interesting because it uses a new method of transmission. However, I stand by my view that the fact it's out in the wild is neither news for nerds nor stuff that matters.
"The invisible and the non-existent look very much alike." -- Delos B. McKown
Uh, you're insane. I manage my school's network, and I installed the patch on all their Win98 machines with no problems. Also on my home and work machines, still no problems. You must've done something weird.
Bubbleboy is non-malicious, takes up very little space (and therefore does not use a lot of resources), and makes everyone's day just a little bit more exciting. Not to mention that McAfee is having a blast with all the software purchases they're getting off this. ;)
But anywhow, I just wanted to point out that Microsoft released the patch for this vulnerability in August. That was a few months ago; way before any viruses had actually made use of the hole. In fact, I also remember a Slashdot post being made about the patch, and it got quite a lot of media coverage. Yes, Microsoft was alerted of a vulnerability, and they fixed it, months before anything actually exploited that vulnerability.
And yes, if you use a vulnerable flavor of Windows and were too stupid to upgrade, you deserve to have your computer's Owner name and Company info reset. Heh, geez people, it's not like BubbleBoy is malicious or anything... ;)
Based on their behaviour, I'm inclined to believe that MS really doesn't care about security. One of yesterday's articles showed that WinCE XORs your NT password against a FIXED KEY in it's registry. That's about as secure as rot-13 in usenet. If they had the slightest bit of concern for security, they wouldn't do that. I would have thought they had learned in the 80's when they used roughly the same sort of scheme to password protect word documents and a cracker program came out that could retrieve the password in under a second.
Sure, it's the user's fault for not patching...
I have to disagree with that. If the user is informed, yet choses not to follow up, then it is their fault. However, a lot of us here tend to forget that:
1. Not everyone is a computer expert, and a lot of people don't know what a patch is, let alone where to get one or what to do with it.
2. There's nothing wrong with that.
My sister bought a new computer last year and is happily browsing and ICQ'ing away. She doesn't know Jack about security, nor do I believe she should be expected to. I mean, should every newbie make support.microsoft.com their home page, and check it for new misfeatures every time they go online? That's not reasonable. The vast majority of users simply want to get on the 'net and run around without having to bother with all of this, in much the same way that they want to use the phone without knowing the difference between packet-switched and circuit-switched networks.
Yes, I think that people should learn more about their new computers than most people usually do. However, I think that patching goes beyond the skills and abilities that the average user should be expected to know.
To make an analogy, have you checked to see if there's a recall on your car? No? Why not? Consumer Reports lists current recalls in the back of their magazine, so it's publicly accessible information, but I'd dare to state that not many people bother to check. So, if someone's defective car causes an accident, was it their fault for not taking it in for a "patch"? I guess, technically, it may be. In reality, though, I don't think that's a reasonable expectation.
Dewey, what part of this looks like authorities should be involved?
Most computer users use Microsoft's products.
Most virus writers will, therefor, statistically use Microsoft's products.
Most virus writers will target systems with which they are familiar, which happens to be Microsoft's products.
Thus, most virus/worm/trojan products target Microsoft products.
The fact that such an overwhelming number of these attacks are successful, indeed devistating, is a testiment and real world demonstration of just how severely flawed Microsofts entire security paradigm continues to be. That the so-called "service" packs and security fixes generally break more than they fix (whether maliciously or through negligence) is a strong indication of how flawed Microsoft's development process and QA/QC procedures are.
The Future of Human Evolution: Autonomy
It does; search for an 'autoRPM' daemon. It's not exactly an MS creation (although it MIGHT be to promote e-mail clients that execute everything in sight with minimal concept of permissions...)
Only the dead have seen the end of war.
Like the infamous RTM worm?
I'm sure it's been written up, and IIRC there were some charges that actually stuck...
Only the dead have seen the end of war.
Years ago back in high school, I wrote a "virus" that basically just copied a short segment of source code to GW-Basic programs it found on the hard disk - yes, GW-Basic, that old thing for DOS 2.11 that existed before Visual Basic and Turbo Basic were known.
It didn't do any harm, it didn't "infect" EXE files and I did it just to find out if it was possible and what writing a virus is like.
Scary thing though that this simple program (just a few lines of code), despite being harmless and doing its task clearly seen in the open light (is that an English phrase, anyway) followed all the requirements to be called a virus. Today's macro viruses actually do exactly the same thing.
While I never spread "my virus", it was an interesting experience. From a pathetic viewpoint, those virus writers could be called seduced by the dark side of the force; being among crackers, script kiddies and other menaces to IT society must be like being in a street gang. They have their own set of values of what is "cool" and what gives you "respect" among the peers.
It sure would be nicer if those talented hackers (which they often are) would use their talent for something useful and write "good" software to gain a kind of respect that's actually worth gaining...
To answer your other question, I doubt that MS itself is the target. A virus must find a common platform as a host to spread itself, and Microsoft software, both Dos/Windows operating systems and Office/Outlook application software, are commonplace. This makes an obvious target.
------------------
------------------
You may like my a cappella music
The FCC released a warning last Wednesday concerning a matter of major importance to any regular user of the Internet. Apparently a new computer virus has been engineered by a user of AMERICA ONLINE that is unparalleled in its destructive capability. Other more well-known viruses such as "Stoned", "Airwolf" and "Michaelangelo" pale in comparison to the prospects of this newest creation by a warped
:)
mentality.
What makes this virus so terrifying, said the FCC, is the fact that no program needs to be exchanged for a new computer to be infected. It can be spread through the existing e-mail systems of the Internet. Once a computer is infected, one of several things can happen. If the computer contains a hard drive, that will most likely be destroyed. If the program is not stopped, the computer's processor will be placed in
an nth-complexity infinite binary loop -which can severely damage the processor if left running that way too long.
Unfortunately, most novice computer users will not realize what is happening until it is far too late. Luckily, there is one sure means of detecting what is now known as the "Good Times" virus. It always travels to new computers the same way in a text email message with the subject line reading "Good Times". Avoiding infection is easy once the file has been received- not reading it! The act of loading the file into the mail server's ASCII buffer causes the "Good Times" mainline program to initialize and execute.
The program is highly intelligent- it will send copies of itself to everyone whose e-mail address is contained in a receive-mail file or a sent-mail file, if it can find one. It will then proceed to trash the computer it is running on. The bottom line here is - if you receive a file with the subject line "Good Times", delete it immediately! Do not read it" Rest assured that whoever's name was on the "From" line was surely struck by the virus. Warn your friends and local system users of this newest threat to the Internet! It could save them a lot of time and money.
--- cut here ---
ah yes. it's true what they say about fiction becoming reality. and we have microsoft to thank.
--neil
I'm a self-proclaimed nerd.
I also had to look at the previous link to see what bubbleboy was, and I'm glad I did considering the windows boxes that I use have both of these components, not to mention my GF's machine, who probably is more than likely to find this surfing.
In other words, please, leave your definition of "news" out of the subject.. This is an issue for many computer users AND nerds.
Is it just me or has the "I don't know how to filter content or not click on the links therefore I'll just be lazy and complain to rob" quota jumped through the roof lately?
Rob has an email address. The article pos(t)ers all have email addresses, just click on their names. Please, please, please, don't send your bandwidth wasting flames and complaints to the forums, where they won't be read by the posters who probably have a small amount of time in the first place. Send it to THEM.
:)
-Erik-