That's not "thought", it's just another one of your pointless adolescent ramblings. The same as the last time I ran into you.
The long and complicated steps you talk about are not found in fsecure's description, so I have no idea what user intervention you are talking about
Your link points to what is (I think) the original version, which arrives as an EXE, I believe. Other variants arrive as a password-protected ZIP file with an executable inside. Regardless, the EXE will not just run itself. Hopefully this will clear things up a bit for you, because you sure as heck don't know what you're talking about. I'm surprised you can even work up the nerve to shower us with your insightful prose given you don't know squat.
Kmail on any OS only hands files to clients for viewing
Last I looked (and I use Evolution really) KMail lets me save attached files just fine, regardless of what they contain. And then I can open them by double-clicking on them in Nautilus. Maybe you're mistaken twitter - this is not an automatic "the executable runs when I read the message" deal. But maybe you missed that.
The long chain of exploits are missing there
No, you just haven't found them yet.
Files are never saved with executable permission turned on.
Really? Wow, I could have sworn opening a tar file with FileRoller and extracting something inside preserves the execute bit. You must be special!
There is no system wide registry for you to hide in.
No, just a jumbled mess of little files under amazingly obscure paths that only an elite few know how to find and edit without borking their machines.
The most important thing is that my users are not conditioned to click things without reading them.
That's too damn funny. So let's see - you're going to educate all "your users". All the millions that will switch to free software to run from evil "M$". You'll educate - nay, condition them - to always read a message before clicking OK? You? Well let me know when you're done, k?
Windoze's core inability to easily share work.
"Share work"?
Now, discounting your attempt at controlling the minds of "your users" and using a mail client that doesn't let me open my attachments, you were about to tell us how your stupid-proof mail client works. Still waiting.
See where it sets itself to run as a service when Windows starts.
You don't know jack shit about how Windows works. But then again that doesn't surprise me.
Home users can't even tell if they're running XP or 95. Do you think Mandrake or SuSE will be such a noticeable difference to them.
So what you're saying is that there will be 3,000 Linux vendors in the future, each with a slightly modified version of the OS. That corporations will move away from the Intel platform. And so on. That's interesting. Stupid, but interesting. Who knows, maybe it will even happen.
wget or lynx or neither for HTTP? perl? cpp? not on a home user machine, sorry.
Make sure you send a memo to all 3,000 Linux vendors (and all the hardware ones) to remember to exclude wget and Perl from their distros. We don't want a debacle of this proportion to give open source a bad name, now do we.
I'm afraid you are very much mistaken, and simply denying the obvious for the sake of arguing
Coming from someone who lives in what appears to be an alternate reality centered around three "boxen" on a basement in Wisconsin, that must be a compliment. Try to get out more, see how the real world works. You'll be pleasantly surprised.
now I'm pissed at those morons at M$ for making it possible, AGAIN
How do you figure opening an email attachment in a badly-written email that requires a password to unpack and then actually executing it is Microsoft's (or "M$") fault again?
There have been 14 variants of this worm, and all of them require significant user intervention to infect the machine. So enlighten us. How would you have handled this in your hypothetical email client that engineers user stupidity away. I'll even let you pick the OS you'll be running it on so you don't have to be saddled by the deficiencies of "Windoze".
And it can't install itself as a service or anything like the Windows viruses
There are no viruses that run as services. Unless you care to show me one. They're all userspace processes. And it ultimately doesn't matter that the user is running under the equivalent of root on Windows - you can delete ~/ just as easily or turn the box into a spam zombie. What you can't do is render the box unusable, but that's not the problem here.
You seem to forget that using Linux means you are no longer married to Intel.
You seem to forget that if the day comes when Linux is actually a viable desktop OS that the unwashed masses can use your claim of "monoculture is teh badd" will be immediately invalidated. There is simply no chance in hell that 5 million people (to use a number) will be using a slightly different version of Mandrake or RedHat. They'll be using whatever came preinstalled with the eMachines they bought from Wal-Mart or BestBuy. There is no chance in hell 23% of them will be running a SPARC and the rest an Intel box. Or perhaps you think 5 million people will suddenly decide to just download Linux and install themselves it on their Windows partition? Or over their Solaris one? They can do that now and Linux is nowhere on the desktop, so that little theory just doesn't pan out.
Oh, and a bash script on a tar file with the execute bit set is pretty much platform independent.
Other than that, your clueless rambling is right on spot.
Still, it's all Microsoft's fault. It's also their fault that users are not running AV software (or simply disable it to open the exciting attachment) or a firewall (especially if they're on a 24/7 broadband connection.
Never mind the RPC vulnerabilities or the SQL Server exploit. Nah. This is the real shit. Millions of computers being operated by people who have no clue whatsoever.
When Leenucks actually makes it to the desktop someone will release a MyDoom equivalent that will turn thousands of boxes into spam-spewing zombies. Here Is teh info for yuo my friend!!!! teh tar file must be extract to ~/mydocuments... Except this time it will be the user's fault, not the distro's. Or open source. Or Leenucks. Remember that LimeWire worm that was supposedly the new version of MS Office for Mac? How many clueless Mac owners fell for that? And whose fault was it? Apple? Noooo, it was the stupid users. Apparently Microsoft is saddled with intelligent users who can't help but be infected, and everyone else has retarded ones who should be shot because they opened an email attachment.
It's uncanny. But what's actually fucking frightening that people pushing Linux et. al. actually think they can engineer this problem away. Holy crap.
No, you're not the only one. However, I fail to see how that relates to running the uninstaller for a SP that supposedly rendered a machine unbootable.
And why exactly would the Linux community be unable to write a replacement to ELF?
What does that have to do with the issue at hand?
And why is "Linux Business Week" playing up the SCO FUD?
So let me see - news you don't like are FUD? That's interesting. Where or how would you'd like this reported?
If ELF was to be removed and a new binary format introduced, it's not as if all Linux applications would break.
RTFA. That's not the point.
It's so rediculous to even talk about ELF being "stripped out" of applications. You would just rebuild the application and have the compiler link it into the new binary format.
Yeah, and I suggest you get started ASAP. There's a couple of billion lines of code that need recompiling, starting with the GNU toolchain.
I suggest you look around on Google for a quote from either Larry Ellison or Steve Jobs (I forget which) about the famous "hidden APIs", and why they were a non issue to them.
I tend to put a bit more trust on the people who work for Oracle or Apple than in a slashbot reciting the ever-insightful "common knowledge" that is so popular around here.
Everyone complains about "FUD" from "M$" but have no compunction whatsoever to do exactly the same to them.
So? Thousands of developers around the world have released their code under the GPL without fully understanding what they were doing to begin with. In some cases it doesn't matter, but in others it has come back to bite them.
Year after year they've been bombarded with fanatical praise for the GPL, as if it were the cure for cancer or something, but most importantly, as if it were the only valid and reasonable way to release your code to the world without getting screwed.
Serves Stallman, the FSF and all the other GPL zealots right that they're being overtaken by younger, more pragmatic developers who didn't swallow the "join us or die" cuasi-religious blather and who actually find the whole "GNU/Linux" deal and all the other weird crap slightly disturbing. These people don't care about the 12 different interpretations and capitalization modes for the word "free", and they're doing just fine. More power to them.
I agree. And not only Python (which I've personally used for cross-platform stuff) but also Perl and PHP, among many others.
It's perfectly possible to run many PHP-based products (like Textpattern) on Windows/IIS with some work. The key is almost always MySQL, and that runs fine on Windows as well. In fact it kicks the bejeesus out of MSDE for some scenarios.
Gotta love this --------- Haha, posted to Large User Groups Cause Spontaneous Greying, has been moderated Interesting (+1). It is currently scored Interesting (2).
Haha, posted to Large User Groups Cause Spontaneous Greying, has been moderated Interesting (+1). It is currently scored Interesting (3).
Haha, posted to Large User Groups Cause Spontaneous Greying, has been moderated Overrated (-1). It is currently scored Interesting (2).
Haha, posted to Large User Groups Cause Spontaneous Greying, has been moderated Insightful (+1). It is currently scored Interesting (3).
Haha, posted to Large User Groups Cause Spontaneous Greying, has been moderated Offtopic (-1). It is currently scored Interesting (2).
Haha, posted to Large User Groups Cause Spontaneous Greying, has been moderated Flamebait (-1). It is currently scored Interesting (1).
Haha, posted to Large User Groups Cause Spontaneous Greying, has been moderated Troll (-1). It is currently scored Troll (0).
How fucking funny is this. My god, it's truly hilarious.
I mean, this has been around for what, 5 years. Wow. God forbid anyone crack a quippy about anything that's remotely related to "open sores" (is that funny as well?), because then it's called an "attack on the free software community".
It's not posted because it's "funny", unless I've been somehow misunderstanding how this place works.
I guess we ran clear out of "M$" bashing stories, so this will do for the time being?
This "tard" reverse-engineered the low level NT kernel API from scratch. Among other things. He's one of the best systems architects in the world. Look up his name in the LKML - he's had quite a few interesting discussions with the likes of Torvalds, Cox, Reiser and Molnar. Peruse his website.
One thing that bothers me, reading the shared source license it seems to insinuate that you cannot use the source for commercial purposes or create derivative works of it, so how is that open?
That's right. Then again you can write your own implementation (which is permitted under ECMA's royalty free + RAND policy), which is what Mono is. The SSCLI is written by Microsoft and therefore carries whatever license they choose to stick on it. Miguel used a combination MIT+LGPL+BSD for Mono, I believe. The SSCLI has nothing to do with how you can use or interpret what Microsoft has released to ECMA, except that it is a very complete reference implementation of that spec. The.NET framework is yet another implementation of the spec, which has yet another license, tho that one places no restrictions on what you can do commercially with it - but you get no source.
This is not "open source" or "free software" as most of you understand it. But again, that's besides the point when comparing it to Java.
I don't use the default settings, and I doubt this would have gotten past my firewall trying to get out. Further, nothing gets "silently installed" on my machine. I have a monitor that records DLLs mapped into the IE and explorer shell process spaces and alerts me when it finds something out of the ordinary. Ditto for the shared Win32 service process. I rutinely check MD5 checksums of common DLLs in my system. I don't expect anything to get in through IE; in fact, IE is the least of my worries.
There wasn't any record of such vulnerability in IE yesterday. That doesn't mean you won't get one in Mozilla tomorrow. If someone can find a vulnerability in the Linux kernel and root Debian and GNU I doubt Mozilla is going to fare much better for any amount of time, especially as more people start to use it.
...the source code for the java class libraries comes with all Java 2 SDK's, and the source code for the JVM and Hotspot JITs is available for download from sun..
That doesn't make it "open" or "standard". Have you read the license lately? What exactly can you do with the source?
.Net on the otherhand is the one that is not open, true, parts of the C# spec have been submitted to ECMA as standards, but the cast majority of the platform is under tight microsoft control (and covered by numerous patents).
Ah, selective amnesia. Who controls Java again?
Care to give me the URL of the C# compiler and the CLR source code?
There you go. This is what people are doing with it.
The Visual Studio project is not "open source", and it never will be. That includes Microsoft's implementation of the CLI, as well as the compilers.
And yet that's still a heck of a lot more "open" and "standard" than Java could ever hope to be. Why do you think Microsoft went to ECMA with it?
Sun could sue the pants off the classpath folks and everyone else that ever thought about doing a JVM or something like it. That they don't do it is another matter, but using Java conveys no less risk than Mono does at this point.
Just how exactly do you figure this "hemorraging"? I'm not saying it's not happening (or going to happen), but if you're going to assert your claims as fact to support the rest of your post then I think you'd better give us some backing proof, mmm?
I work with literally hundreds of developers, corporate and freelance consultants in four major IT/consulting markets in the southwest, as well as Mexico, and I just do not see this happening. I'm seeing some developers that claim they know Linux or Perl or have experience with wxWidgets and so on, but all that is far from the "mass hemorraging" you claim.
Slashdot Mirror
That's not "thought", it's just another one of your pointless adolescent ramblings. The same as the last time I ran into you.
The long and complicated steps you talk about are not found in fsecure's description, so I have no idea what user intervention you are talking about
Your link points to what is (I think) the original version, which arrives as an EXE, I believe. Other variants arrive as a password-protected ZIP file with an executable inside. Regardless, the EXE will not just run itself. Hopefully this will clear things up a bit for you, because you sure as heck don't know what you're talking about. I'm surprised you can even work up the nerve to shower us with your insightful prose given you don't know squat.
Kmail on any OS only hands files to clients for viewing
Last I looked (and I use Evolution really) KMail lets me save attached files just fine, regardless of what they contain. And then I can open them by double-clicking on them in Nautilus. Maybe you're mistaken twitter - this is not an automatic "the executable runs when I read the message" deal. But maybe you missed that.
The long chain of exploits are missing there
No, you just haven't found them yet.
Files are never saved with executable permission turned on.
Really? Wow, I could have sworn opening a tar file with FileRoller and extracting something inside preserves the execute bit. You must be special!
There is no system wide registry for you to hide in.
No, just a jumbled mess of little files under amazingly obscure paths that only an elite few know how to find and edit without borking their machines.
The most important thing is that my users are not conditioned to click things without reading them.
That's too damn funny. So let's see - you're going to educate all "your users". All the millions that will switch to free software to run from evil "M$". You'll educate - nay, condition them - to always read a message before clicking OK? You? Well let me know when you're done, k?
Windoze's core inability to easily share work.
"Share work"?
Now, discounting your attempt at controlling the minds of "your users" and using a mail client that doesn't let me open my attachments, you were about to tell us how your stupid-proof mail client works. Still waiting.
Grow the fuck up, kthx.
You don't know jack shit about how Windows works. But then again that doesn't surprise me.
Home users can't even tell if they're running XP or 95. Do you think Mandrake or SuSE will be such a noticeable difference to them.
So what you're saying is that there will be 3,000 Linux vendors in the future, each with a slightly modified version of the OS. That corporations will move away from the Intel platform. And so on. That's interesting. Stupid, but interesting. Who knows, maybe it will even happen.
wget or lynx or neither for HTTP? perl? cpp? not on a home user machine, sorry.
Make sure you send a memo to all 3,000 Linux vendors (and all the hardware ones) to remember to exclude wget and Perl from their distros. We don't want a debacle of this proportion to give open source a bad name, now do we.
I'm afraid you are very much mistaken, and simply denying the obvious for the sake of arguing
Coming from someone who lives in what appears to be an alternate reality centered around three "boxen" on a basement in Wisconsin, that must be a compliment. Try to get out more, see how the real world works. You'll be pleasantly surprised.
How do you figure opening an email attachment in a badly-written email that requires a password to unpack and then actually executing it is Microsoft's (or "M$") fault again?
There have been 14 variants of this worm, and all of them require significant user intervention to infect the machine. So enlighten us. How would you have handled this in your hypothetical email client that engineers user stupidity away. I'll even let you pick the OS you'll be running it on so you don't have to be saddled by the deficiencies of "Windoze".
There are no viruses that run as services. Unless you care to show me one. They're all userspace processes. And it ultimately doesn't matter that the user is running under the equivalent of root on Windows - you can delete ~/ just as easily or turn the box into a spam zombie. What you can't do is render the box unusable, but that's not the problem here.
You seem to forget that using Linux means you are no longer married to Intel.
You seem to forget that if the day comes when Linux is actually a viable desktop OS that the unwashed masses can use your claim of "monoculture is teh badd" will be immediately invalidated. There is simply no chance in hell that 5 million people (to use a number) will be using a slightly different version of Mandrake or RedHat. They'll be using whatever came preinstalled with the eMachines they bought from Wal-Mart or BestBuy. There is no chance in hell 23% of them will be running a SPARC and the rest an Intel box. Or perhaps you think 5 million people will suddenly decide to just download Linux and install themselves it on their Windows partition? Or over their Solaris one? They can do that now and Linux is nowhere on the desktop, so that little theory just doesn't pan out.
Oh, and a bash script on a tar file with the execute bit set is pretty much platform independent.
Other than that, your clueless rambling is right on spot.
Never mind the RPC vulnerabilities or the SQL Server exploit. Nah. This is the real shit. Millions of computers being operated by people who have no clue whatsoever.
When Leenucks actually makes it to the desktop someone will release a MyDoom equivalent that will turn thousands of boxes into spam-spewing zombies. Here Is teh info for yuo my friend!!!! teh tar file must be extract to ~/mydocuments ... Except this time it will be the user's fault, not the distro's. Or open source. Or Leenucks. Remember that LimeWire worm that was supposedly the new version of MS Office for Mac? How many clueless Mac owners fell for that? And whose fault was it? Apple? Noooo, it was the stupid users. Apparently Microsoft is saddled with intelligent users who can't help but be infected, and everyone else has retarded ones who should be shot because they opened an email attachment.
It's uncanny. But what's actually fucking frightening that people pushing Linux et. al. actually think they can engineer this problem away. Holy crap.
No, you're not the only one. However, I fail to see how that relates to running the uninstaller for a SP that supposedly rendered a machine unbootable.
Every time I think I can't be amazed any more by the adolescent smegma I read around here someone like you comes along and surprises me.
Thanks.
What does that have to do with the issue at hand?
And why is "Linux Business Week" playing up the SCO FUD?
So let me see - news you don't like are FUD? That's interesting. Where or how would you'd like this reported?
If ELF was to be removed and a new binary format introduced, it's not as if all Linux applications would break.
RTFA. That's not the point.
It's so rediculous to even talk about ELF being "stripped out" of applications. You would just rebuild the application and have the compiler link it into the new binary format.
Yeah, and I suggest you get started ASAP. There's a couple of billion lines of code that need recompiling, starting with the GNU toolchain.
Jeez.
I tend to put a bit more trust on the people who work for Oracle or Apple than in a slashbot reciting the ever-insightful "common knowledge" that is so popular around here.
Everyone complains about "FUD" from "M$" but have no compunction whatsoever to do exactly the same to them.
Year after year they've been bombarded with fanatical praise for the GPL, as if it were the cure for cancer or something, but most importantly, as if it were the only valid and reasonable way to release your code to the world without getting screwed.
Serves Stallman, the FSF and all the other GPL zealots right that they're being overtaken by younger, more pragmatic developers who didn't swallow the "join us or die" cuasi-religious blather and who actually find the whole "GNU/Linux" deal and all the other weird crap slightly disturbing. These people don't care about the 12 different interpretations and capitalization modes for the word "free", and they're doing just fine. More power to them.
It's perfectly possible to run many PHP-based products (like Textpattern) on Windows/IIS with some work. The key is almost always MySQL, and that runs fine on Windows as well. In fact it kicks the bejeesus out of MSDE for some scenarios.
Gotta love this
---------
Haha, posted to Large User Groups Cause Spontaneous Greying, has been moderated Interesting (+1).
It is currently scored Interesting (2).
Haha, posted to Large User Groups Cause Spontaneous Greying, has been moderated Interesting (+1).
It is currently scored Interesting (3).
Haha, posted to Large User Groups Cause Spontaneous Greying, has been moderated Overrated (-1).
It is currently scored Interesting (2).
Haha, posted to Large User Groups Cause Spontaneous Greying, has been moderated Insightful (+1).
It is currently scored Interesting (3).
Haha, posted to Large User Groups Cause Spontaneous Greying, has been moderated Offtopic (-1).
It is currently scored Interesting (2).
Haha, posted to Large User Groups Cause Spontaneous Greying, has been moderated Flamebait (-1).
It is currently scored Interesting (1).
Haha, posted to Large User Groups Cause Spontaneous Greying, has been moderated Troll (-1).
It is currently scored Troll (0).
I mean, this has been around for what, 5 years. Wow. God forbid anyone crack a quippy about anything that's remotely related to "open sores" (is that funny as well?), because then it's called an "attack on the free software community".
It's not posted because it's "funny", unless I've been somehow misunderstanding how this place works.
I guess we ran clear out of "M$" bashing stories, so this will do for the time being?
Mod the fuck away. But this is utterly pathetic.
You can't even fucking spell.
That Google didn't double-check what he was doing is also hard to believe.
That's right. Then again you can write your own implementation (which is permitted under ECMA's royalty free + RAND policy), which is what Mono is. The SSCLI is written by Microsoft and therefore carries whatever license they choose to stick on it. Miguel used a combination MIT+LGPL+BSD for Mono, I believe. The SSCLI has nothing to do with how you can use or interpret what Microsoft has released to ECMA, except that it is a very complete reference implementation of that spec. The .NET framework is yet another implementation of the spec, which has yet another license, tho that one places no restrictions on what you can do commercially with it - but you get no source.
This is not "open source" or "free software" as most of you understand it. But again, that's besides the point when comparing it to Java.
Oh, jeez. Bite me, mmkay?
There wasn't any record of such vulnerability in IE yesterday. That doesn't mean you won't get one in Mozilla tomorrow. If someone can find a vulnerability in the Linux kernel and root Debian and GNU I doubt Mozilla is going to fare much better for any amount of time, especially as more people start to use it.
That doesn't make it "open" or "standard". Have you read the license lately? What exactly can you do with the source?
Ah, selective amnesia. Who controls Java again?
Care to give me the URL of the C# compiler and the CLR source code?
There you go. This is what people are doing with it.
The Visual Studio project is not "open source", and it never will be. That includes Microsoft's implementation of the CLI, as well as the compilers.
And yet that's still a heck of a lot more "open" and "standard" than Java could ever hope to be. Why do you think Microsoft went to ECMA with it?
Sun could sue the pants off the classpath folks and everyone else that ever thought about doing a JVM or something like it. That they don't do it is another matter, but using Java conveys no less risk than Mono does at this point.
"To protect customers, the defautl whitelist is hosted on Microsoft.com"
I mean, the irony is just fantastic.
Ah, so it's just like Windows. Got it.
I work with literally hundreds of developers, corporate and freelance consultants in four major IT/consulting markets in the southwest, as well as Mexico, and I just do not see this happening. I'm seeing some developers that claim they know Linux or Perl or have experience with wxWidgets and so on, but all that is far from the "mass hemorraging" you claim.
The only portable application lives in a server and gets hit by a browser. Anything else is a pipe dream.