It may affect users of other mail clients, in the sense that it will erase files and such, but it only spreads itself if it is run from Outlook. The fact that almost everyone is using Outlook is what allowed the worm to spread.
It isn't spread if run from Outlook; it isn't even RUN from Outlook.
It's a VBS file. It runs inside Windows Scripting Host, and uses an Automation interface to talk to MAPI. It doesn't go anywhere NEAR Outlook, other than that being the mail client that most corporations have standardized on (because all the others don't have integrated scheduling et al).
It would affects Notes users equally as it affected Outlook users. There is no difference in the way it vectors, nor in the method of execution, between the two.
This virus has nothing to do with Outlook. It'll affect any mail client, be it Eudora Pro, Pegasus Mail, Outlook Express or any other that allows you to save attachments.
It relies on user stupidity. Not on any specific problem with Windows. Not on a security hole in Outlook. Just plain vanilla user idiocy.
Does it autorun in Outlook?
NO.
Does it autorun in Outlook Express?
NO.
If someone sent a particularly stupid Linux user a bash script that did the same thing, would they fall prey to it?
Keiretsu is a business concept barrowed from Japan where a number of companies (who are not competitors) have a common interest and therefore form an association to leverage mutual business development and cross sales. These associations rarely have the formality of either a partnership or joint venture, and are often founded on bonds of family or traditional alliances from the past. Kiretsus can manifest themselves in a number of ways, including preferential rates, cross referrals, exchange of competitive and market intelligence.
I see this as the future (actually, the present if you look at their posessions and investments) of Microsoft, should it be forced to split.
Much more information on Keiretus is available at http://www.corpwatch.org/ trac/feature/planet/japan_k.html
Hey, did you know that Sun, AOL, Netscape and Tivoli (IBM), @Home and many other companies are all already part of a Keiretsu?
Just so you know... Outlook 2000 didn't run the script automatically either (I know, because I saved out a copy and dissected it when it arrived).
Also, MAPI has nothing to do with Outlook vs. Outlook Express; MAPI will use whatever transport layer is set as your default mail client. That means, that it'll use: (a) Exchange (b) Outlook (c) Outlook Express (d) Eudora Pro (e) Netscape Messenger (f) Any mail client that uses MAPI
It's a standard way of talking to mail. That's why it's called "MAPI" - "Mail Application Programming Interface".
Once and for all, Jon: if you are for freedom and privacy, let me post the text of every book you've written to the web and allow it to be viewed and downloaded.
Heck, I can do one better. I've got friends over at Slate magazine... they post opinion pieces (that's the raison d'etre for them actually)...
... so how about this: we just get all of Katz' articles, and publish them, one by one, in Slate. I could probably get my friends at The Stranger (a Seattle free newspaper) and the Seattle Times to publish them too.
We'd see exactly how long Katz' stance on copyright would hold -- based on how long it would take for him and/or Andover to sue the papers. After all, if he's being published, he should be paid - right?... otherwise it's a copyright violation.
I have TRIED to write some VB and encountered several lame aspects about it:
Inconsistent syntax
Weak typing system
Poor coherence - try looking at an arbitrary VB program and understand the flow of control or data.
Mathematical/logical statements work different than ANY other Algol style language out there (pascal, c, c++, java)
And many more...
You know, the only valid statement you made was the first one - it has inconsistent syntax.
Weak typing system? Add "Option Explicit" to the start of your files (the reason you have to put it there is for backwards compatibility).
Poor coherence? Looks like you were trying to write *basic* with it, not VB code. VB supports a whole host of control structures which make it almost C-like.
Mathematical/logic statements different? In what way? The only differences I saw were that (a) they require stricter typing (you can't just say "if it's nonzero it's true") - hey that's just like JAVA, and (b) they don't early-abort the statements the way that C or Java would (every term in a logical statement is executed - which is actually more logical behavior, if less efficient).
Sure, it's not the best language in the world. Give me C or Java any day. But you shouldn't be shooting your mouth off without knowing what you're talking about either.
Win98 -> Win98SE $80 IIRC (and it seemed to cause more bugs than it fixed).
That's not a bug patch. You could have downloaded the Windows 98 Service Pack which would have given you all of the fixes in Win98SE and none of the new features. FOR FREE.
Whatever. Nobody uses a CE PPC over a PalmPC unless they're on PCP. Have you seen how big the Start Button looks on those things? It's gigantic. M$: Stupid Design In the Name of Branding.
Hmm... looks like it's 16x16 pixels on my Jornada 545... and it's actually making semi-useful use of the area that's reserved for the app name on a Palm Pilot.
Even CNET advises to be prepared for some crashes. I can't think of a single time my Palm Personal has crashed, other than the times I've dropped it accidently.
Hmmm... I've had to use a paperclip to reset my Palm Pro more times than I'd care to admit. As ever, it all depends on what you're running on the device.
Frankly trying to shoehorn Windows onto a handheld is about as useful as putting Linux there.
It's not Windows; it just supports a cut-down subset of the Windows APIs. Biiiiig difference there.
BTW folks, this is the first device to be released with ClearType. Anyone got one so that they can review it? Is it truly as innovative as everyone claims?
Simon
ps. Yes, I've seen ClearType, but I used to work @ Microsoft so I wanted a 2nd opinion.
Computers are great for disseminating information, but lousy when it comes to what most people consider traditional book reading. Let's face it--you can't curl up on a couch on a rainy day with your 750MHz mini-tower and 19" monitor. And even if you could, why put the unnecessary strain on your eyes?
Microsoft's new palm PCs with ClearType support are released today. Just FYI:-)
Triple click (to select an entire line) does not work on any M$ ware.
*ahem* Actually, it selects the current paragraph. Which in a wordprocessor that does reflowing/wordwrapping, amounts to the same thing as "entire line".
First, Microsoft would be required to provide full applications support for all competitive platforms (anything with approximately 3% of the total market or more). This would include Macintosh and Linux. Microsoft offers partial support for Macintosh today, with a version of Office that lacks web development or database support. They would be required to move the missing pieces of Office as well. Additionally, they would be required to port to Linux and any OS that met those criteria, with full feature parity and simultaneous releases for all platforms. This would ensure continued support for Microsoft's competition, and give users the freedom to use any platform they wanted. It also would probably increase Microsoft's overall application sales.
Ummm...
(1) What if the target OS doesn't have enough features as part of the platform to support full feature parity? For example, Linux printing support is frankly complete crap. So do you force Microsoft to create a full GDI->Postscript engine for that platform? Or do you want a complete rewrite from scratch?
(2) As I've noted before, some platforms just ain't worth it - the Mac has a 1500% piracy rate (going off figures I heard for the software company I work for - which shall remain nameless) compared to a more benign 500% piracy rate for Windows based systems. How much piracy do you think will happen under Linux? Given that people expect to be given everything including the kitchen sink for free...
Third, allow Microsoft to embed Internet functionality in the operating system (but with the same openness requirement as above). Make Internet Explorer a separate program, though. Move it to the applications group at Microsoft. The same with Windows Media Player (which is trying today to kill off RealNetworks' Real Player and Apple's QuickTime).
Ummm... why should IE be a separate program? I mean, heck - let's just remove IEXPLORE.EXE from the system, and leave the DLLs in there. I don't know about any other engineers reading this, but I personally see great value in having a system-wide, readily available, HTML Rendering Surface as part of the OS. It saves *months* of work if you need to display complicated text.
Alternatively, everyone could just switch to using RichEdit. You'd still have to write the parser, but RichEdit 3.0 is rich enough to support maybe 60% of everything that the IE web-browser controls support. Funnily enough, no-one ever considers how damaging this is to cheap 3rd party word-processor vendors.
Come on - even the evidence in the trial states that:
(1) Netscape's QA was regarded as totally inadequate *by netscape's executives*.
(2) Netscape lost the Intuit deals because they weren't willing and weren't able (hey, this is Netscape executives' saying this, not me) to provide a browser that could be used in the same way that IE can - as a component that provides rendering services to applications.
(3) Netscape's business plan was always to give away the browser, and sell the server. At that point, browsers had always been free. So what if Microsoft gave theirs away for free? That's what Netscape was going to do. That's what the NCSA did.
OK... this next one's not trial evidence, but is the evidence of several thousands of users across the planet:
(4) Netscape's buggy, lossy, has problems on the Mac (occasionally wipes out HFS+ partitions - and blames it on Speed Doubler or something - even though I've seen it happen on machines without that app installed, so it can't be that), has problems on Linux (occasionally takes down X; crashes during cut & paste; is slow and generally buggy), doesn't support Java 1.1 correctly (has its own resource handling mechanisms, buggy non-standard AWT support, non-standard security mechanisms), doesn't support HTML, XML, CSS 2.0 and XSL correctly, and much much more.
So... did Microsoft kill off Netscape or not? I'd say Netscape did a pretty damn good job of killing themselves off. Microsoft just sped up the process.
Simon
Re:Thoughts on possible remedies
on
Microsoft Loses
·
· Score: 1
It does seem to mention windows 98 / MSIE 5, where the browser used OS hooks to override the normal UI.. if that isn't "hidden APIs" i don't know what is.
Do you want a hand-holding step by step description of how to do it, complete with sample code as to how to build your own shell? Or do you want documentation of the APIs? Because all the documentation you need is available in the Platform SDK which you can get from MSDN. All the interfaces you need to support are documented. Write your app to these interfaces (it's just a window app, folks) and then replace explore.exe with your own app.
It's That Easy.
Nothing hidden, no hooks, no nothing. Just plain vanilla programming. Try it some day.
>I like running IE 5 - it has a tendency not to crash my system like Netscape.
If Netscape crashes your system, you should have been quicker to change systems than to change browsers. An OS that crashes due to a problem with a user-level application should be named I-N-E-X-C-U-S-A-B-L-E.
Netscape takes down X all the time - and for most home users, that amounts to exactly the same thing. Who cares if you can telnet in and fix it if you've got nothing to telnet in with?
Easy for you to say. When %90 of the consumer market has windows on their desktops, developing for windoze is the best way to make money. Again, if M$ did not have a monopoly, then developing a mac-only or linux-only game(for instance) would be commercially viable. As of now, it is not. Let's see, I can write software that %90 of the market can buy, or that only 9% of the market can buy....
Given that Mac piracy is approximately 15 times that experienced by games developers on Windows, is it suprising that it's uneconomical to produce games for the Mac?
That's bullshit. What do these so-called APIs do? Or do you just think they do it because they're doing some weird magic that you can't work out how to do by yourself?
give you a clue: the windows API is not all that difficult to use.
So what exactly is the speed of gravity? I've always wondered about that one?
The speed of light, or slightly slower; gravitational waves are governed by similar constraints to the permittivity/permissivity constraints that govern light in normal space (ie. same medium, different units).
Slashdot Mirror
It may affect users of other mail clients, in the sense that it will erase files and such, but it only spreads itself if it is run from Outlook. The fact that almost everyone is using Outlook is what allowed the worm to spread.
It isn't spread if run from Outlook; it isn't even RUN from Outlook.
It's a VBS file. It runs inside Windows Scripting Host, and uses an Automation interface to talk to MAPI. It doesn't go anywhere NEAR Outlook, other than that being the mail client that most corporations have standardized on (because all the others don't have integrated scheduling et al).
It would affects Notes users equally as it affected Outlook users. There is no difference in the way it vectors, nor in the method of execution, between the two.
If you want to point fingers, point them at MAPI.
Simon
Does It Forward to people in your Eudora address book? NO
Actually, yes it does. Eudora exposes its address book through MAPI. So it'll use your Eudora address book, plus your Exchange address book.
Does it rely on Outlook/Exchange to propergate? YES If Outlook wasnt on any computers, would this effect more then 50 people? NO
This virus specifically? Probably not. Would someone come up with exactly the same thing for whatever other mail system there was out there? Yes.
If a linux users nuked all the files he could, would the system need re-installing? NO
Not really all that relevant, doofus.
Especially if your users use NT Workstation instead of 98.
Is it easier to backup 500 MB of users documents etc. then 20GB of hard drive? YES
Yes. Again, irrelevant.
Simon
This virus has nothing to do with Outlook . It'll affect any mail client, be it Eudora Pro, Pegasus Mail, Outlook Express or any other that allows you to save attachments.
It relies on user stupidity. Not on any specific problem with Windows. Not on a security hole in Outlook. Just plain vanilla user idiocy.
Does it autorun in Outlook?
NO.
Does it autorun in Outlook Express?
NO.
If someone sent a particularly stupid Linux user a bash script that did the same thing, would they fall prey to it?
YES.
Simon
Keiretsu is a business concept barrowed from Japan where a number of companies (who are not competitors) have a common interest and therefore form an association to leverage mutual business development and cross sales. These associations rarely have the formality of either a partnership or joint venture, and are often founded on bonds of family or traditional alliances from the past. Kiretsus can manifest themselves in a number of ways, including preferential rates, cross referrals, exchange of competitive and market intelligence.
I see this as the future (actually, the present if you look at their posessions and investments) of Microsoft, should it be forced to split.
Much more information on Keiretus is available at http://www.corpwatch.org/ trac/feature/planet/japan_k.html
Hey, did you know that Sun, AOL, Netscape and Tivoli (IBM), @Home and many other companies are all already part of a Keiretsu?
http://www.kpcb.com/keiretsu
Of course, they added a disclaimer when someone pointed out that in the US this behavior might strike someone was being that of a cartel.
Simon
Just so you know... Outlook 2000 didn't run the script automatically either (I know, because I saved out a copy and dissected it when it arrived).
Also, MAPI has nothing to do with Outlook vs. Outlook Express; MAPI will use whatever transport layer is set as your default mail client. That means, that it'll use:
(a) Exchange
(b) Outlook
(c) Outlook Express
(d) Eudora Pro
(e) Netscape Messenger
(f) Any mail client that uses MAPI
It's a standard way of talking to mail. That's why it's called "MAPI" - "Mail Application Programming Interface".
Simon
That's the thing though... why should I credit his work? I'm breaking copyright anyway; why should I go as far as putting his name to it?
Simon
Once and for all, Jon: if you are for freedom and privacy, let me post the text of every book you've written to the web and allow it to be viewed and downloaded.
Heck, I can do one better. I've got friends over at Slate magazine... they post opinion pieces (that's the raison d'etre for them actually)...
... so how about this: we just get all of Katz' articles, and publish them, one by one, in Slate. I could probably get my friends at The Stranger (a Seattle free newspaper) and the Seattle Times to publish them too.
We'd see exactly how long Katz' stance on copyright would hold -- based on how long it would take for him and/or Andover to sue the papers. After all, if he's being published, he should be paid - right?... otherwise it's a copyright violation.
Simon
You know, the only valid statement you made was the first one - it has inconsistent syntax.
Weak typing system? Add "Option Explicit" to the start of your files (the reason you have to put it there is for backwards compatibility).
Poor coherence? Looks like you were trying to write *basic* with it, not VB code. VB supports a whole host of control structures which make it almost C-like.
Mathematical/logic statements different? In what way? The only differences I saw were that (a) they require stricter typing (you can't just say "if it's nonzero it's true") - hey that's just like JAVA, and (b) they don't early-abort the statements the way that C or Java would (every term in a logical statement is executed - which is actually more logical behavior, if less efficient).
Sure, it's not the best language in the world. Give me C or Java any day. But you shouldn't be shooting your mouth off without knowing what you're talking about either.
Simon
Win98 -> Win98SE $80 IIRC (and it seemed to cause more bugs than it fixed).
That's not a bug patch. You could have downloaded the Windows 98 Service Pack which would have given you all of the fixes in Win98SE and none of the new features. FOR FREE.
Simon
Buy a Microsoft-blessed P/PC running Windows CE, Install ActiveSync under Windows 2000, and then see how "stable" Windows 2000 is. :(
Ok... I did that... now what? What do I have to do to get it to break? I'm not seeing *any* problems.
Simon
Whatever. Nobody uses a CE PPC over a PalmPC unless they're on PCP. Have you seen how big the Start Button looks on those things? It's gigantic. M$: Stupid Design In the Name of Branding.
Hmm... looks like it's 16x16 pixels on my Jornada 545... and it's actually making semi-useful use of the area that's reserved for the app name on a Palm Pilot.
Simon
Even CNET advises to be prepared for some crashes. I can't think of a single time my Palm Personal has crashed, other than the times I've dropped it accidently.
Hmmm... I've had to use a paperclip to reset my Palm Pro more times than I'd care to admit. As ever, it all depends on what you're running on the device.
Frankly trying to shoehorn Windows onto a handheld is about as useful as putting Linux there.
It's not Windows; it just supports a cut-down subset of the Windows APIs. Biiiiig difference there.
Simon
BTW folks, this is the first device to be released with ClearType. Anyone got one so that they can review it? Is it truly as innovative as everyone claims?
Simon
ps. Yes, I've seen ClearType, but I used to work @ Microsoft so I wanted a 2nd opinion.
Computers are great for disseminating information, but lousy when it comes to what most people consider traditional book reading. Let's face it--you can't curl up on a couch on a rainy day with your 750MHz mini-tower and 19" monitor. And even if you could, why put the unnecessary strain on your eyes?
:-)
Microsoft's new palm PCs with ClearType support are released today. Just FYI
Si
Uh... everyone's been talking about books on which the copyright has already *lapsed*. Not about currently actively copyrighted works.
Simon
Not to point out the obvious, but....
Sir Isaac Newton, whos chair is still vacant at cambrage was an englishman.
Heard of newtonian physics?
Stephen Hawking holds Newton's Chair at Cambridge.
Simon
Guidelines are exactly what they claim to be - guidelines. Not rules. Not hard, set-in-stone requirements. Just guidelines.
As with the English language, if you know the rules, you can break them. You'd better damn well know what you're doing before you do it though.
Simon
Triple click (to select an entire line) does not work on any M$ ware.
*ahem* Actually, it selects the current paragraph. Which in a wordprocessor that does reflowing/wordwrapping, amounts to the same thing as "entire line".
Simon
First, Microsoft would be required to provide full applications support for all competitive platforms (anything with approximately 3% of the total market or more). This would include Macintosh and Linux. Microsoft offers partial support for Macintosh today, with a version of Office that lacks web development or database support. They would be required to move the missing pieces of Office as well. Additionally, they would be required to port to Linux and any OS that met those criteria, with full feature parity and simultaneous releases for all platforms. This would ensure continued support for Microsoft's competition, and give users the freedom to use any platform they wanted. It also would probably increase Microsoft's overall application sales.
Ummm...
(1) What if the target OS doesn't have enough features as part of the platform to support full feature parity? For example, Linux printing support is frankly complete crap. So do you force Microsoft to create a full GDI->Postscript engine for that platform? Or do you want a complete rewrite from scratch?
(2) As I've noted before, some platforms just ain't worth it - the Mac has a 1500% piracy rate (going off figures I heard for the software company I work for - which shall remain nameless) compared to a more benign 500% piracy rate for Windows based systems. How much piracy do you think will happen under Linux? Given that people expect to be given everything including the kitchen sink for free...
Third, allow Microsoft to embed Internet functionality in the operating system (but with the same openness requirement as above). Make Internet Explorer a separate program, though. Move it to the applications group at Microsoft. The same with Windows Media Player (which is trying today to kill off RealNetworks' Real Player and Apple's QuickTime).
Ummm... why should IE be a separate program? I mean, heck - let's just remove IEXPLORE.EXE from the system, and leave the DLLs in there. I don't know about any other engineers reading this, but I personally see great value in having a system-wide, readily available, HTML Rendering Surface as part of the OS. It saves *months* of work if you need to display complicated text.
Alternatively, everyone could just switch to using RichEdit. You'd still have to write the parser, but RichEdit 3.0 is rich enough to support maybe 60% of everything that the IE web-browser controls support. Funnily enough, no-one ever considers how damaging this is to cheap 3rd party word-processor vendors.
Come on - even the evidence in the trial states that:
(1) Netscape's QA was regarded as totally inadequate *by netscape's executives*.
(2) Netscape lost the Intuit deals because they weren't willing and weren't able (hey, this is Netscape executives' saying this, not me) to provide a browser that could be used in the same way that IE can - as a component that provides rendering services to applications.
(3) Netscape's business plan was always to give away the browser, and sell the server. At that point, browsers had always been free. So what if Microsoft gave theirs away for free? That's what Netscape was going to do. That's what the NCSA did.
OK... this next one's not trial evidence, but is the evidence of several thousands of users across the planet:
(4) Netscape's buggy, lossy, has problems on the Mac (occasionally wipes out HFS+ partitions - and blames it on Speed Doubler or something - even though I've seen it happen on machines without that app installed, so it can't be that), has problems on Linux (occasionally takes down X; crashes during cut & paste; is slow and generally buggy), doesn't support Java 1.1 correctly (has its own resource handling mechanisms, buggy non-standard AWT support, non-standard security mechanisms), doesn't support HTML, XML, CSS 2.0 and XSL correctly, and much much more.
So... did Microsoft kill off Netscape or not? I'd say Netscape did a pretty damn good job of killing themselves off. Microsoft just sped up the process.
Simon
It does seem to mention windows 98 / MSIE 5, where the browser used OS hooks to override the normal UI.. if that isn't "hidden APIs" i don't know what is.
Do you want a hand-holding step by step description of how to do it, complete with sample code as to how to build your own shell? Or do you want documentation of the APIs? Because all the documentation you need is available in the Platform SDK which you can get from MSDN. All the interfaces you need to support are documented. Write your app to these interfaces (it's just a window app, folks) and then replace explore.exe with your own app.
It's That Easy.
Nothing hidden, no hooks, no nothing. Just plain vanilla programming. Try it some day.
Simon
>I like running IE 5 - it has a tendency not to crash my system like Netscape.
If Netscape crashes your system, you should have been quicker to change systems than to change browsers. An OS that crashes due to a problem with a user-level application should be named I-N-E-X-C-U-S-A-B-L-E.
Netscape takes down X all the time - and for most home users, that amounts to exactly the same thing. Who cares if you can telnet in and fix it if you've got nothing to telnet in with?
Simon
Easy for you to say. When %90 of the consumer market has windows on their desktops, developing for windoze is the best way to make money. Again, if M$ did not have a monopoly, then developing a mac-only or linux-only game(for instance) would be commercially viable. As of now, it is not. Let's see, I can write software that %90 of the market can buy, or that only 9% of the market can buy....
Given that Mac piracy is approximately 15 times that experienced by games developers on Windows, is it suprising that it's uneconomical to produce games for the Mac?
Simon
Methinks NeoMage is either 1) In the employ of Microsoft, 2) Is a fictitious character invented by a Microsoft marketing team, or 3) Is an idiot.
And I bet you work for the DOJ, Mr. Anony Mous.
simon
That's bullshit. What do these so-called APIs do? Or do you just think they do it because they're doing some weird magic that you can't work out how to do by yourself?
give you a clue: the windows API is not all that difficult to use.
Simon
So what exactly is the speed of gravity? I've always wondered about that one?
The speed of light, or slightly slower; gravitational waves are governed by similar constraints to the permittivity/permissivity constraints that govern light in normal space (ie. same medium, different units).
Simon