Every time this story has come up, i've tried to see what ms has got on their site, Not once have I got anything resembling a web page, the latest is 'this page contains no data'.
I have seen quite a few ways of dealing with this, none of which has really worked. And most of which are expensive and time consuming - to deal with a problem that MS created! Our approach goes something like this. PCs - general on Ghost or BootP so they are instant cleaned. Email - using twig - and planning to write simple virus blocking software to it - so we can ban known virus before they get in. Web Proxy with known virus files blocked. User education - it helps but dont rely on it! Moving away from MS - this is an aim, but not a reality yet, when all the core apps are ready on Linux, we will have a very strong case - eg. graphics, 3d, midi(compose). We are close but not quite ready to say rm/mnt/c/windows.
Just having read Andrew Tridgell's discussion on emulating the netbench test, It seems that a modified kernel & samba can thrash NT at all client loads, (albiet at the cost of making risky changes), Im sure even with these changes, It would still be more stable than NT (Which crashed within 24 hours of delivery here!).
Apart from the client issues of NT/95/98, the other major concern for this test seems to be the choice of hardware. Mindcruft would be in a very difficult position if they turned down the offer by VA Research (or another vendor) to provide a machine of roughly equivilant value and similar spec that was known to have existing optimized drivers available. This would be equivilant to the first machine being hand picked for NT. The other serious concern is the stability - Rumors I have heard from a production enviroment indicate that NT will Never stay up longer than 49 days - due to bugs that still remain unfixed. Unfortunatly 49 days is a long time to wait for a reliability test, but with a sustained load, or repeated tests, I would be interested in seeing if NT could survive.
While I agree with alot of the comments concerning the question over real criminality and how microsoft definatitly has a certian amount of due negligence. This post is probably the most interesting. The only reason that this has not happened to the same extent with Linux, and Unix in general is not so much that it is not possible, but mostly due to the fact that the user base is slightly more technically knowledgable, and less likely to be caught by a similar trick. - eg. distributing a 'cool perl app...' The fundimental question is really what sort of ietf standard could be applied to prevent this from happening again? The forced re-entry of password check when sending out Userid (eg. non root) messages with over 5 to 10 recepients? One of the major problems is that this type of mail type virus has not been considered by any of the rfc and ietf drafters.. It is a new 'concept', pardon the pun. The outcome of various ideas to eliminate this type of attack mean that every major mail distribution system must be reconfigured. All clients would have to make allowances for the change in standards as well. - While this is not a big issue for open source, the effects of a major revamp of closed source applications is huge. This little virus may be the turning point where the justifiablity of proprietry solutions in mail and information transmition goes out the window.
In theory this can (an may have been) done using NSS and LDAP.
The NSS modules have been 'rpm'ed and the system designed around PAM. - although I'm not sure the neccesity of this for basic authentication - It think it's to do with password modification.
There has been a little discussion on the openldap and rage.net lists. I hope to have a go testing some of this soon....(albiet on a v.small scale!).
There is an RFC specifically on dealing with Password (among many other things) in LDAP. and utils to convert passwd files to LDAP. - And this is what I do for fun??
I have compiled vic under debian with the bttv drivers, The results and hints are on my web site, Alan's Linux Info Ctr, The link previously will get a version for windows - that is a precompiled binary. The Linux one needs to be compiled. (This needs an older version of tcl/tk, so there is a modified one on the debian site (instructions on my page). I have had mixed success with it so far, On a ethernet internal network it works great, however over the internet, It totally failed. Still looking for ideas, - looks like investigating a reflector might be a good idea.
Slashdot Mirror
TWIG-ISP
have a look through http://www.hklc.com/projects
We have done it with postgres, cyrus, exim, twig - handles multiple domains etc.
I was planning to port it to mysql - the only issues are modifing the pwcheck to use mysql instead of postgres - the webmail system is mysql ready.
Every time this story has come up, i've tried to see what ms has got on their site, Not once have I got anything resembling a web page, the latest is 'this page contains no data'.
lol
I have seen quite a few ways of dealing with this, none of which has really worked. And most of which are expensive and time consuming - to deal with a problem that MS created! /mnt/c/windows.
Our approach goes something like this.
PCs - general on Ghost or BootP so they are instant cleaned.
Email - using twig - and planning to write simple virus blocking software to it - so we can ban known virus before they get in.
Web Proxy with known virus files blocked.
User education - it helps but dont rely on it!
Moving away from MS - this is an aim, but not a reality yet, when all the core apps are ready on Linux, we will have a very strong case - eg. graphics, 3d, midi(compose). We are close but not quite ready to say rm
Just having read Andrew Tridgell's discussion on emulating the netbench test, It seems that a modified kernel & samba can thrash NT at all client loads, (albiet at the cost of making risky changes), Im sure even with these changes, It would still be more stable than NT (Which crashed within 24 hours of delivery here!).
take a look at the figures, and an interesting document.
netbetch emulation README
Apart from the client issues of NT/95/98, the other major concern for this test seems to be the choice of hardware. Mindcruft would be in a very difficult position if they turned down the offer by VA Research (or another vendor) to provide a machine of roughly equivilant value and similar spec that was known to have existing optimized drivers available.
This would be equivilant to the first machine being hand picked for NT.
The other serious concern is the stability - Rumors I have heard from a production enviroment indicate that NT will Never stay up longer than 49 days - due to bugs that still remain unfixed. Unfortunatly 49 days is a long time to wait for a reliability test, but with a sustained load, or repeated tests, I would be interested in seeing if NT could survive.
While I agree with alot of the comments concerning the question over real criminality and how microsoft definatitly has a certian amount of due negligence. This post is probably the most interesting.
The only reason that this has not happened to the same extent with Linux, and Unix in general is not so much that it is not possible, but mostly due to the fact that the user base is slightly more technically knowledgable, and less likely to be caught by a similar trick. - eg. distributing a 'cool perl app...'
The fundimental question is really what sort of ietf standard could be applied to prevent this from happening again?
The forced re-entry of password check when sending out Userid (eg. non root) messages with over 5 to 10 recepients?
One of the major problems is that this type of mail type virus has not been considered by any of the rfc and ietf drafters.. It is a new 'concept', pardon the pun.
The outcome of various ideas to eliminate this type of attack mean that every major mail distribution system must be reconfigured. All clients would have to make allowances for the change in standards as well. - While this is not a big issue for open source, the effects of a major revamp of closed source applications is huge.
This little virus may be the turning point where the justifiablity of proprietry solutions in mail and information transmition goes out the window.
The NSS modules have been 'rpm'ed and the system designed around PAM. - although I'm not sure the neccesity of this for basic authentication - It think it's to do with password modification.
There has been a little discussion on the openldap and rage.net lists.
I hope to have a go testing some of this soon....(albiet on a v.small scale!).
There is an RFC specifically on dealing with Password (among many other things) in LDAP. and utils to convert passwd files to LDAP.
- And this is what I do for fun??
I have compiled vic under debian with the bttv drivers, The results and hints are on my web site, Alan's Linux Info Ctr, The link previously will get a version for windows - that is a precompiled binary. The Linux one needs to be compiled. (This needs an older version of tcl/tk, so there is a modified one on the debian site (instructions on my page).
I have had mixed success with it so far, On a ethernet internal network it works great, however over the internet, It totally failed. Still looking for ideas, - looks like investigating a reflector might be a good idea.