Ah, okay... I understand the problem now. Either the piracy rates are ridiculous now, or MS aren't making it obvious to all their customers why they should install patches. Did you ever see the Redhat update agent? That little annoying flashing red icon on the taskbar... It's glaringly obvious and quite distracting, and the simplest way to get it to stop flashing is to tell it to automatically download and install all patches. And these patches don't require rebooting unless you specifically select the Kernel upgrades.
Anyway, e-mail clients aside, the OS should prevent newly downloaded/saved things from being executed, until the user has taken the appropriate steps to make them executable.
Do you know if Windows has an equivalent of Unix's umask setting, where you can specify the default permissions that newly created/saved files get? If you can do that, then there must be a way to make everything non-executable by default.
Technically, if it's embedded in an e-mail and runs itselfvia some scripting feature, and speards itself to other computers, it's a worm.
Unix/Linux users are one step ahead of Windows as far as standard viruses go, but they're a long way off as far as worms go. I'm not aware of any mail clients in KDE or Gnome that support scripting, and if one did appear, I don't see why people would switch away from the current range of excellent apps like Evolution and KMail/Kontact.
If one of those did start supporting scripting, I'm betting that enough people at the development end care, and the default would be to have scripting turned off.
Yes, but with the OS enforcing the executable bit, an application developer would have to write code that specifically turns on the execute bit for a file his/her app has saved, then execute it. Most competent programmers would realise at this point that they're "getting round" one of the OS's security features and would think twice about it - if their app went on to become popular and then caused problems due to this, they'd receive a lot of bad publicity, just as MS are doing now with regard to viruses.
I was talking about executable files (notice the word "executed" in my post). You're talking about interpreted scripting languages. If you don't want such things to be run, then either disable whatever "feature" causes them to be run, or choose to use software that simply doesn't run them.
Java VMs (at least the real Sun versions) have a security policy which prevents applets writing data to anything other than the domain from which they came. i.e. if it came from the internet, it cannot read/write to any arbitrary part of the local filesystem unless you change the security policy manually.
"Plain file formats" do not contain executable code. They might contain code that can be interpreted. A perl file downloaded from the Internet for example cannot be run by typing./perlfile.pl until the execute bit is set. Running it using perl./perlfile.pl is different, since the initial program being run is the perl executable, and it's not up to the shell to decide how to run the script.
I'd agree that any point-and-click GUI that lets users run interpreted code from files like that is missing something in the security department.
The execution bit being a security feature is a fact, not a sign of being ignorant.
Then very few users will be able to run things received via e-mail. But that doesn't appear to be true, going by the rate recent viruses are spreading at.
Also, is that "Tools>Options>Security" in the e-mail client/web browser or file manager?
I wish it was an option in the file manager which mean that all files being saved would not be given execute permission, regardless of what app saved them. I've got a nasty feeling you're talking about something that's specific to a particular version of Outlook or IE though.
Looks like you've given the best argument why the Unix security model isn't necessarily better than the Microsoft one in all cases that I've ever seen. Nice one!:-)
On other systems, the OS enforces the execute permission. If it's not set, the application cannot execute. It's not up to the app to decide. Yes, Windows with NTFS has this option, but it seems that by default when you save a file with a name ending in.exe, the executable bit (or equivalent in the permissions/properties dialog) is set.
For the virus to be executed, it would have to be saved to disk and then have the execute bit set. For it to do this automatically, that would involve executing, which it doesn't yet have permission to do.
For a user to execute it, they'd have to save the attachment, switch to their file manager, change the permissions on the file, then run it. That's one more step that is require on Microsoft Windows, and following the data that's more than 2 clicks away is too far away rule, a lot of people won't bother if it takes that much effort.
Most operating systems have this feature built in. If Microsoft were competent enough to have it built into Windows, there would be no need to go chasing the CPU manufacturers.
Microsoft pays Sun a large amount of money. So really, a lot of the hard work that went into the free Office suite I use is being paid for by the sheep who bought Microsoft Office. Nice:-)
3) Virus scans through every Excel / Word /.cpp file and randomly changes one digit per file (imagine if your report to the board now says 9 Million rather than 1 Million... or if your for...next loop is waiting for an incorrect value)
Anyone in a corporate situation where documents and source code have revision/version numbers, and isn't using a source control system is asking for trouble. Any source control system would point out exactly what lines have changed in the file the next time you go to do something with it.
4) Virus wipes itself out after 6 hours (most people only update their virus checker >= 24hours. Once signs of the virus have gone it will be hard to know if you have been infected and which files have been compromised)
After identifying a problem with step 3, simply searching for any other files that have changes in the past few days would be a sensible step, since it would look like someone's been tampering with your files.
I wouldn't go bragging that I'd "never had a virus" unless I'd checked the MD5 Sums of all files to see if they are the same as they were at install time. I'dbe surprised if there's not an app that does this for you on any platform.
If the average person in front of a computer had an office suite with VB scripting turned off by default (typing up your homework in Word doesn't require it anyway), and the OS only executed files that were saved to disk and needed the execute permission turned on explicitly (I think Windows using NTFS has this option, but it's always on by default), then the "mouse clicking fools" wouldn't be doing so much harm. This is something that only the OS vendor can fix.
F-Prot antivirus is available for free for home users, and runs on Linux, Windows, BSD, DOS and Solaris. For the Unix-based systems, there is a nice GUI front end called xfprot.
Smoothwall is a "best-of-breed Internet firewall/router, designed to run on commodity hardware, and to give an easy-to-use administration interface to those using it. Built using open source and Free software, it's distributed under the GNU Public License".
Is that the fault of the person running Outlook, or is it the fault of the vendor (Microsoft) for distributing software that causes viruses/worms to be propagated?
IMIO (in my ideal opinion), the vendor shouuld be liable.
With current law (UK), it seems more like the owner of the computer responsible for propagating the virus/worm is responsible. I can see that point of view too, since people should be held responsible for what they choose to run on their computers, just like how they should be responsible for what actions they take as a person.
If I was looking for someone to blame for a virus I've recieved, I'd sue the person who sent it to me. I've not revieved one yet, so this has never happened.
If any of my friends (I know you all read Slashdot, and I trust you're not using Outlook anyway) object to this, respond now;-)
Of course their obvious. Microsoft has already addressed all these issues in new releases of their software.
L0L Yes, I realized my spelling error about three seconds after submitting it
I didn't notice a spelling error, but the grammatical error was glaringly obvious.
It just makes you sound stupid.
Yeah. If you're worried about spelling errors, consider using a browser like Konqueror 3.2 which has the option of spell checking text submitted in online forms.
Basically, I couldn't really do anything with the source
Nor could I.
Does anyone know what compiler they use? I've yet to see someone compile a C/C++ program on Windows that doesn't require to link against msvcrt*.dll. Presumably the kernel can't link against this as it requires to be loaded before anything can access the DLL file.
Most of my development experience is with Linux and Solaris though, so there may be differences here that I'm missing.
Simple answer: download and install Mozilla Firefox on the workstations, then go into Control Panel->Add/Remove Software->Windows Components, and remove Internet Explorer (I thin you have to have some service pack that was released in the last 12 months for this option to be available). Windows 2000 (the operating system, not the software that comes with it) is reasonably secure when behind a firewall (and what company doesn't have all their workstations behind a firewall?). To keep it secure, ditch the insecure userland applications. There are alternativesoutthere
This is one huge step towards having what these people want, IMO. You can even have OpenOffice with the Plastik style of KDE 3.2. A great office suite, and a great desktop environment, merged. And they've even managed to the the look and feel of the two products integrated more closely than MS has with Office XP and Windows XP;-)
If you get SFU 3.5, it lets you create symlinks. I think with SFU they're real NTFS symlinks unlike the Cygwin way of doing it. SFU gives you loads of other nice things too, most of which would probably be better if they were native Win32.
Slashdot Mirror
Ah, okay... I understand the problem now. Either the piracy rates are ridiculous now, or MS aren't making it obvious to all their customers why they should install patches. Did you ever see the Redhat update agent? That little annoying flashing red icon on the taskbar... It's glaringly obvious and quite distracting, and the simplest way to get it to stop flashing is to tell it to automatically download and install all patches. And these patches don't require rebooting unless you specifically select the Kernel upgrades.
Anyway, e-mail clients aside, the OS should prevent newly downloaded/saved things from being executed, until the user has taken the appropriate steps to make them executable.
Do you know if Windows has an equivalent of Unix's umask setting, where you can specify the default permissions that newly created/saved files get? If you can do that, then there must be a way to make everything non-executable by default.
Technically, if it's embedded in an e-mail and runs itselfvia some scripting feature, and speards itself to other computers, it's a worm.
Unix/Linux users are one step ahead of Windows as far as standard viruses go, but they're a long way off as far as worms go. I'm not aware of any mail clients in KDE or Gnome that support scripting, and if one did appear, I don't see why people would switch away from the current range of excellent apps like Evolution and KMail/Kontact.
If one of those did start supporting scripting, I'm betting that enough people at the development end care, and the default would be to have scripting turned off.
Yes, but with the OS enforcing the executable bit, an application developer would have to write code that specifically turns on the execute bit for a file his/her app has saved, then execute it. Most competent programmers would realise at this point that they're "getting round" one of the OS's security features and would think twice about it - if their app went on to become popular and then caused problems due to this, they'd receive a lot of bad publicity, just as MS are doing now with regard to viruses.
I was talking about executable files (notice the word "executed" in my post). You're talking about interpreted scripting languages. If you don't want such things to be run, then either disable whatever "feature" causes them to be run, or choose to use software that simply doesn't run them.
./perlfile.pl until the execute bit is set. Running it using perl ./perlfile.pl is different, since the initial program being run is the perl executable, and it's not up to the shell to decide how to run the script.
Java VMs (at least the real Sun versions) have a security policy which prevents applets writing data to anything other than the domain from which they came. i.e. if it came from the internet, it cannot read/write to any arbitrary part of the local filesystem unless you change the security policy manually.
"Plain file formats" do not contain executable code. They might contain code that can be interpreted. A perl file downloaded from the Internet for example cannot be run by typing
I'd agree that any point-and-click GUI that lets users run interpreted code from files like that is missing something in the security department.
The execution bit being a security feature is a fact, not a sign of being ignorant.
Then very few users will be able to run things received via e-mail. But that doesn't appear to be true, going by the rate recent viruses are spreading at.
Also, is that "Tools>Options>Security" in the e-mail client/web browser or file manager?
I wish it was an option in the file manager which mean that all files being saved would not be given execute permission, regardless of what app saved them. I've got a nasty feeling you're talking about something that's specific to a particular version of Outlook or IE though.
Care to elaborate?
Looks like you've given the best argument why the Unix security model isn't necessarily better than the Microsoft one in all cases that I've ever seen. Nice one! :-)
On other systems, the OS enforces the execute permission. If it's not set, the application cannot execute. It's not up to the app to decide. Yes, Windows with NTFS has this option, but it seems that by default when you save a file with a name ending in .exe, the executable bit (or equivalent in the permissions/properties dialog) is set.
On OSX/Linux/BSD/Solaris...
For the virus to be executed, it would have to be saved to disk and then have the execute bit set. For it to do this automatically, that would involve executing, which it doesn't yet have permission to do.
For a user to execute it, they'd have to save the attachment, switch to their file manager, change the permissions on the file, then run it. That's one more step that is require on Microsoft Windows, and following the data that's more than 2 clicks away is too far away rule, a lot of people won't bother if it takes that much effort.
Most operating systems have this feature built in. If Microsoft were competent enough to have it built into Windows, there would be no need to go chasing the CPU manufacturers.
I didn't see anything about them shutting down on their website. Where did you get that info from?
Microsoft pays Sun a large amount of money. So really, a lot of the hard work that went into the free Office suite I use is being paid for by the sheep who bought Microsoft Office. Nice :-)
man apropos
It has a "kind of search facility". I can type stuff like:
apropos disk space
and it will bring back commands and files that are related to my query.
3) Virus scans through every Excel / Word / .cpp file and randomly changes one digit per file (imagine if your report to the board now says 9 Million rather than 1 Million... or if your for...next loop is waiting for an incorrect value)
Anyone in a corporate situation where documents and source code have revision/version numbers, and isn't using a source control system is asking for trouble. Any source control system would point out exactly what lines have changed in the file the next time you go to do something with it.
4) Virus wipes itself out after 6 hours (most people only update their virus checker >= 24hours. Once signs of the virus have gone it will be hard to know if you have been infected and which files have been compromised)
After identifying a problem with step 3, simply searching for any other files that have changes in the past few days would be a sensible step, since it would look like someone's been tampering with your files.
I wouldn't go bragging that I'd "never had a virus" unless I'd checked the MD5 Sums of all files to see if they are the same as they were at install time. I'dbe surprised if there's not an app that does this for you on any platform.
If the average person in front of a computer had an office suite with VB scripting turned off by default (typing up your homework in Word doesn't require it anyway), and the OS only executed files that were saved to disk and needed the execute permission turned on explicitly (I think Windows using NTFS has this option, but it's always on by default), then the "mouse clicking fools" wouldn't be doing so much harm. This is something that only the OS vendor can fix.
F-Prot antivirus is available for free for home users, and runs on Linux, Windows, BSD, DOS and Solaris. For the Unix-based systems, there is a nice GUI front end called xfprot.
Smoothwall is a "best-of-breed Internet firewall/router, designed to run on commodity hardware, and to give an easy-to-use administration interface to those using it. Built using open source and Free software, it's distributed under the GNU Public License".
Interesting sig. What source code is it from (or is it just made up)?
Your mom's car isn't a Ford, is it? :-)
Is that the fault of the person running Outlook, or is it the fault of the vendor (Microsoft) for distributing software that causes viruses/worms to be propagated?
;-)
IMIO (in my ideal opinion), the vendor shouuld be liable.
With current law (UK), it seems more like the owner of the computer responsible for propagating the virus/worm is responsible. I can see that point of view too, since people should be held responsible for what they choose to run on their computers, just like how they should be responsible for what actions they take as a person.
If I was looking for someone to blame for a virus I've recieved, I'd sue the person who sent it to me. I've not revieved one yet, so this has never happened.
If any of my friends (I know you all read Slashdot, and I trust you're not using Outlook anyway) object to this, respond now
Yeah. If you're worried about spelling errors, consider using a browser like Konqueror 3.2 which has the option of spell checking text submitted in online forms.
Basically, I couldn't really do anything with the source
Nor could I.
Does anyone know what compiler they use? I've yet to see someone compile a C/C++ program on Windows that doesn't require to link against msvcrt*.dll. Presumably the kernel can't link against this as it requires to be loaded before anything can access the DLL file.
Most of my development experience is with Linux and Solaris though, so there may be differences here that I'm missing.
You mean you've got 2.6 compiling with Intel ICC? I assume that's when the next logical break would be. ;-)
Simple answer: download and install Mozilla Firefox on the workstations, then go into Control Panel->Add/Remove Software->Windows Components, and remove Internet Explorer (I thin you have to have some service pack that was released in the last 12 months for this option to be available). Windows 2000 (the operating system, not the software that comes with it) is reasonably secure when behind a firewall (and what company doesn't have all their workstations behind a firewall?). To keep it secure, ditch the insecure userland applications. There are alternatives out there
IIRC, adult human brain cells don't reproduce. If you loose them, it's permanent.
This is one huge step towards having what these people want, IMO. You can even have OpenOffice with the Plastik style of KDE 3.2. A great office suite, and a great desktop environment, merged. And they've even managed to the the look and feel of the two products integrated more closely than MS has with Office XP and Windows XP ;-)
If you get SFU 3.5, it lets you create symlinks. I think with SFU they're real NTFS symlinks unlike the Cygwin way of doing it. SFU gives you loads of other nice things too, most of which would probably be better if they were native Win32.