Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
News

Bubbleboy Virus Gets Wild 182

Neil Andriessen writes "Wired has released a story that tells of how Bubbleboy is now in the wild. It was found on an unnamed Japanese website. The Bubbleboy virus was mentioned in this discussion on Slashdot. A patch is now available from Microsoft. I wonder were it will go from here."
This discussion has been archived. No new comments can be posted.

Bubbleboy Virus Gets Wild

Comments Filter:
  • In essence, something like this would be a virus OS, rather than a conventional virus. Conventional viruses can be dealt with, but a virus OS is a much greater challange.



    Soo... You're saying you're waiting for someone to write a smaller version of Win98??

    Kintanon
  • I wrote a viruskiller on the good old Atari ST. Basically we just had the Ghost virus to deal with, but I made the viruskiller self-replicating in a better way than the virus itself could replicate so in the end I ended up with my killer "infecting" all my disks.

    I had serious problems getting rid of it!

    Today I think before I code. I hope.

  • by -brazil- ( 111867 ) on Wednesday November 17, 1999 @04:37AM (#1525805) Homepage
    However, I guess I can look at the bright side. I've been worried, for a long time, that a virus writer would exploit file dead-space. There's plenty of room at the end of most binary files to tuck a routine or two, then all you'd need is a bootstrap and some way to re-assemble the fragments in the correct order. A trivial task.

    But what about the "bootstrap"? The virus has to be started, and the code for that needs to be in a place where stuff is normally executed, and that's where virus scanners are looking. If you hide a virus too well, it never gets executed and is no virus at all.

  • Class action lawsuit, anybody? :-)

    OK, I know it was a joke, but really... There just isn't enough damage to an individual to warrant an action, class or not. On the other hand, the (Federal?) "Public Nuisance" legislation is designed explicitly to handle the case of, well, nuisances, who do a small amount of damage to a large number of people. A letter to your State Attorney, suggesting an encore for the anti-trust case, anyone? (:-) {- maybe???}
  • The concepts of protection and security are relatively new concepts in the personal computer world.
    First of all, that really depends on your definition of a personal computer. It seems clear that this means a computer used by one person, not merely a Wintel box. You yourself cite other non-Wintel PCs.

    My first personal computer was a Sun-1, followed by a Microvax. I've since moved on to various brands of Sparc and Intel chips, but those are still mine and mine alone. And I assure you that they all run free anti-viral software loosely referred to as Unix. :-)

    This was back in the early and mid-80s, and I don't ever recall there being any problem hooking one computer up to another as you mention. Certainly ethernet and ftp/telnet were easier than serial lines and uucp/uux, but it was hardly black magic.

    If you want to discuss business computers, those too had operating systems once upon a time. I never had much fun with Sperry UNIVACs, HP 3000s, or MVS boxes, but you can't say that business has always been accustomed to the negligently insecure systems foisted upon them today.

    Second of all, I'm not sure that this would be exculpatory. Just because Microsoft and Apple have inured or lulled hapless consumers into accepting an explosive situation would not appear to my mind to get them off the hook. Yes, it is a wonder that notions of security are not end. Anything else is madness.

  • Hehehe, silly sysadmin...

    You think you'll have fewer problems with Netscape? Wow. Take a look at Netscape 4.7, why dontchya'. It's the biggest steaming pile of crap that's ever been dumped on the web. And if you think it'll be easier (much less more secure) than IE, ha, think again.

    And as for Outlook...wouldn't it be much easier just to install the patch than to go install a new mailreader on a zillion machines and then educate everyone on how to use it? Besides, Outlook is by far the best mail-reader for corporate Windows-based environments.

  • Most computer users use Microsoft's products. Most virus writers will, therefor, statistically use Microsoft's products. Most virus writers will target systems with which they are familiar, which happens to be Microsoft's products. Thus, most virus/worm/trojan products target Microsoft products.
    I see what you're saying, but I still think those who argue as you doing are playing right into the hands of the Evil Empire spin machine by turning a needlessly blind eye to the root cause of this situation: that Microsoft has negligently foisted off on endless droves of consumers a system which is fundamentally unsound insofar as security is concerned, that they did this knowingly, and that they continue to ignore the underlying cause of this tragedy with a neverending series of post-facto band-aids and duplicitous finger-pointing.
  • There just isn't enough damage to an individual to warrant an action, class or not.
    Are you sure? Consider all money paid by people to buy and install anti-virus software plus all the costs associated with the damages caused by viruses. Once you prove that Microsoft knowingly negligent, then it seems that triple damages aren't far off. Even if you can't prove the knowingly part, there are still simple damages.

    It was Microsoft's fault, so they need to cover the costs others have incurred because of them. It's as if a car manufacturer would they shipped a car with an insecure gas line. They'd have to pay to fix the problem, and any damages as well. And if it could be shown that they knew they were shipping such, boy, the feeding frenzy would not be a pretty sight.

    Then again, if the menu were to feature Lord Bill's Evil Empire pummelled, diced, and stewed, this might be a pretty sight after all.

    Just something to think about. :-)

  • >Obviously you've only been using the Internet for >a few weeks (how are those 50 free hours holding >up?) so I'll do you a favor and fill you in.

    Ah, childish comments. Bravo.

    That aside, somehow posting the entire Good Times hoax, and then stating "ah yes. it's true what they say about fiction becoming reality. and we have microsoft to thank. :)" doesn't strike me as particularly 'insightful'.

    Maybe I am wrong, but, to me, that looks like a post that has a great chance of confusing those readers that are less enlightened than yourself. Why do you think the Good Times hoax has ended up in your mailbox so many times? Literally, your post says "The Good Times virus is no longer fiction, but fact, thanks to MS". That is much different from "It is no longer true that you can't get a virus by simply reading an email." Things that are obvious to you, aren't obvious or even "fairly obvious" to others. I think it is wiser to write with specificity, and not make assumptions that the readership will be able to "read between your lines".

    PS - Try to refrain from the immature little attacks in the future. Oops, gotta go, that "You've got mail" wav file just went off...
  • people who write such viruses, are normally very good programmers and have a lot of knowledge about machine code and a pc's workings. You have to admire how much they can squeeze into such a small space of code

    Unfortunately, Viruses authors are misguided, and just cause hassle for all. They would probably make good low level programmers

    However, they do provide a market place... for norton, Mcaffee and the other companies who sell virus apps... so, in a way they do provide jobs for people... however, at the end of the day, there is no justification for making misery for people.

    Instead of releasing viruses in to the wild, why not a "virus competition", that way they can show off to fellow virus writer geeks!!!!

    Viruses will become more important during war time as well... hack into the enemies network, and put a virus on their networks.. much like Misilla (spelling) virus which can render machines to useless piles of metal by trashing the bios. Of course, you can also corrupt data as well as hard discs.

    No I'm not justifying viruses.. but in a way, they can be useful... in the right conditions... and in some ways, you have to admire viruses for what they can do... viruses destructive nature is just stupid.. virus authors should grow up!

  • I'd bet the majority of /. readers use MS at work and a Linux box at home.
    Only the miserable ones stuck in a shitty job under inhuman conditions. Are you really telling me that you believe most people are so afflicted? God help them if they are so desperate as to put up with that kind of bullshit. If they're talented, they walk away from that kind of abuse. If they're not, oh well.

    Now that you mention it, I guess in some senses my own situation is similar. It's just that I use Linux network at work (save for firewall etc, which are BSD), but at home am fortunate enough to use BSD for everything. :-)

  • I don't think any intelligent reader, cogniscent of what the article was about, would misinterpret my post. I'm not going to worry about the idiot fringe who might misunderstand, and I'm not responsible for anything they might do because of misunderstanding (especially since reading the comments carries an implicit prerequisite of understanding the article). Bottom line, I'm not going to water my posts down so that they're `safe' for the lowest common denominator. As a side note: if you run valiantly to the defense of the lowest common denominator, don't be surprised when you're mistaken for one of them.

    --neil

  • Ok, I understand your point. But it is more likely that the author was showing off the code and someone else published it. Instead of just going off and sending it to other people. s?he did the right thing to give it to the security agency first, so that if it gets out, then there will be a defense against it. The person is still a [h(cr)]acker, but with a conscience.
    Steven Rostedt
  • Good point.
    I found the previous message SEARCHING /. if somebody actually noted this.
    And it looks that nobody here is discussing how epidemics depend on population distribution.
    And market share is a BIG issue for MS now.

    I thought everybody (on the media as well) would have discussed ages about how this splits the net in 2 (insecure and mostly safe) communities.

    Perhaps IE has become the browser of choice for /.ers waiting for mozilla?
  • "Fighting fire with fire - burning down the house."

    (Think of Tom Jones)

    ------------------
  • Well, if its a worm, it spreads, and that spreading consumes resources - oten a lot of resources. This resource usage alone can be declared a crime. Still, if you spread a non-malicious virus and get caught, you'll usually be let off with a much lighter punishment.
  • Comment removed based on user account deletion
  • Oh I know the old virii were complicated and clever, but todays macro virii etc, aren't, and shouldn't be "respected", and I doubt if the people writing them are half as clever as the old DOS/Amiga/ST virii writers.

  • Well Most of linux software is open source.. I know I dont get any closed source apps , and I know alot of people dont , so it would be harder to make a virii for linux.
  • Any recursively enumerable set of hunks of code can be checked for by a virus scanner, regardless of the size of those hunks of code. The code you describe is not too small for a virus scanner to search for, and is probably (these things can never be exact) unique enough not to conflict with existing code.

    I recall this issue having come up in Phrack, in essays on "mutating" code. A way to make viruses "mutate," it was argued, would be to keep the main virus instructions "encrypted" (obfuscated, really), and wrap encryption/decryption code around that (usually this was very small XOR "encryption", not very large code at all). The problem was that a virus scanner could check for this encryption code and thus detect the virus. The same dillema would exist with bootstrapping code.


    Doctors amputate Turkish earthquake survivor's arm [This story contains video]

  • Just something to think about. :-)

    Well, half seriously thinking about it, I figure you could make a case for $50 for the software. Then with time to download patches and the occasional damage done by the vir{us/es/ii/a/i/um/doh/take your pick} you could justify another $100-$200. So whose going to go through the hassle of a court case that will drag on for years (decades?). A lawyer wouldn't bother unless there was serious money at stake, which means at least 10^5 people. Who is going to find them all? Apathy alone will probably win for M$.

    On the other hand, the government could use the public nuisance statutes to sue on behalf of everyone affected, with or without their permission . Let's see, that's $100 a pop (to be very conservative) times say 20 million (ditto) over say 5 years (again) for a total of $10 billion, again with tripple damages possible. I think the feds. might just be tempted. I'm sure some states (California, hint, hint) would. Like you said, just something to think about.

    BTW, you *have* been busy on this thread, haven't you. :-)

  • All these viruses that take advantage of holes in MS products, are they being written just for the sake of writing a virus (a stupid occupation if ever I heard one) or are they specifically targetting MS products in order to speed up their downfall? It can't be doing the MS PR engine a lot of good to have to continously fix these "little glitches"...
  • I worry about this win98 auto update feature. This looks to me like an extremely exploitable feature! Has anyone tried to DNS poison a domain and get the auto update program to install a virus that way? This scares me!
    Mike

    --
    Mike Mangino Consultant, Analysts International
  • If the author sent it directly to the security boys 'n' girls, how did it get into the wild? Either the author isn't on the side of the angels after all or there's a trojan horse in the anti-virus world. Which would be ironic.

    The other thing I noted in the story was that it's patchable if you go to the microsoft site. This places the onus on users to make sure they're not infected; Microsoft can say 'look, it's available; it's not our fault if you don't download it.' I don't want to start another anti-MS diatribe (I hate windows, not MS), but unless I'm over-inferring, this is another example of passing the buck; MS bring out the OS, it's up to the users to use it responsibly.
  • I really believe this is the fault of Microsoft. As much as I love computers (and dis-like windows), I don't like spending my time downloading patches and being worried.

    Would you like to feel like your walking down a dark alley where there could be an attacker from nowhere whenever you use your computer?

    Not for me sir, and I'm very happy whenever a new bug that affects M$ products comes out, because I've got more to support my argument to ignorant Windows users that Windows is NOT that great. I'm suprised it works, in fact, I've got an installation, and it almost doesn't, it's always a battle to even use it as an alarm clock (the traditional ones are just not loud enough, and there are no Linux sound card drivers for my sound card :(, my next computer purchase will be a linux-compatable sound card.
  • Wow, one of the Perl gods whose name graces several of my books shelves and I am here to split hairs.

    Please don't confuse the use of personal computer between a marketing term for a wintel system and what a consumer uses a device for. If you want to call a Sun-1 or a Microvax a personal computer and put them in the class of Wintel boxes and iMacs then I honestly think you are doing a grave injustice to both Sun and Digital ( well what's left of it here ).
  • >Installing the MS patch will start a string of error messages and BSODs that will make you pull
    >your hair out!

    Actually, the patch is irrelevant to these particular symptoms.

    P.S. The point is, you don't even have to open the attachments, dumbass. I'm looking forward to lots more viruses like this that exploit the stupid "executable-as-document" thing M$ likes to promote.

  • by jht ( 5006 ) on Wednesday November 17, 1999 @04:02AM (#1525837) Homepage Journal
    I, for one, never had a moment's doubt that Bubbleboy would make it out into the open. If nothing else, the arms race between virus writers and anti-virus companies guarantees that viruses will show up in public. I wouln't even blink if you told me that it was spread by one of the antvirus companies (even by accident), because what will happen as a result?

    That's right - more antivirus sales. And now that Macs are popular again, there's even viruses that affect them: for years, Mac users could putter away in safety knowing that not even virus writers developed for the platform. Now Macs aren't even safe.

    I'm sorry, viruses are just not a sufficient reason (yet) to switch my whole company over to Linux.

    I guess I'm just a hardened cynic. Oh well, time to go make sure I remembered to set the filter on Groupshield...

    - -Josh Turiel
  • Feel free to moderate me down if this is irrevelant, but I'm not sure what kind of news that is. The person who submitted this post linked to the original Slashdot article, which included all of the information it now pretends to report.

    And, yes, the moment the virus was reported on Slashdot, it was already in the wild because of that Japanese website, and that story could be found on every major news website a week ago. Wired is just incredibly late.

    Additionally: the patch was actually available before the virus broke out. It's a patch for another vulnerability, and BubbleBoy is actually a late-comer in exploiting that fault. It's the manner in which it does that's interesting.

    That being said, the threat level of this virus is minimal, and it's just another public scare. It's a mail bomb-type virus a la Melissa, and it's the proof-of-concept that's scary, not the outbreak of a proto-virus.

    "The wages of sin is death but so is the salary of virtue, and at least the evil get to go home early on Fridays."

  • I really believe this is the fault of Microsoft. As much as I love computers (and dis-like windows), I don't like spending my time downloading patches and being worried.

    I just wish Microsoft would think before releasing new gizmos. Why can't they just explore the possibilities of, say, HTML mail before releasing the damn product. Sure, it's the user's fault for not patching, but Microsoft could do a lot to make it not so bloody easy to write these things.
  • Not mine: I run system 8.1. However, the new version of Sherlock (impressive search tool) does network activity without asking and tries to update its plugins, MS apps try to autoupdate and there are other system software components that try to autoupdate.
    That's where I get off, frankly: I _will_ _not_ go along with that. If that means I run system 8 until it can't be usefully used and then go with Linux, so be it: it's absolutely true that it's an exploitable feature, but what you are not acknowledging is how unhealthy it can be even WITHOUT virii being installed. Supposing all the Lotus Notes users had NT autoupdate the NT fixpack that 'happened to' kill Lotus Notes? This whole scenario _might_ be permissible if all commercial developers were responsible and did extensive compatibility testing (HA!), but as things are, it's a recipe for rapidly losing control of your machine, not knowing why it's increasingly broken, and not having the power to even fix it, even if you know all kinds of things about the machine and can debug the installation and troubleshoot it infallibly. We're talking sort of plug and play hassle at the software level- instead of cards fighting you every step of the way, it's the potential for software itself to get into fights with other software, and every time you turn around something downloaded an update which turns out to break something else.
    That's an absolute nightmare waiting to happen, and as I said, I could easily see it driving me to Linux fulltime in the long run if people don't STOP trying to do this insane behavior. Auto update assumes that the newer a version or update is, the better. Almost any computer user can identify cases where the opposite is true. I was forced to stop using iCab and return to Netscape _because_ newer versions became hopeless crashfests- and I'm not using a newer version of Netscape, either, I'm using a particular version that seemed to like my machine more than usual. And it only takes _one_ autoupdate to a broken or conflicting application to hose you- in the case of system software or always-resident software, it can cripple you entirely.
  • The other thing I noted in the story was that it's patchable if you go to the microsoft site. This places the onus on users to make sure they're not infected; Microsoft can say 'look, it's available; it's not our fault if you don't download it.'

    with win98 you have a nice feature called "windows update" which brings you to a page listing all the critical patches, and other dowloads (such as new themes and new versions of media player and whatnot). All you have to do is check a box and click a button. This patch was on windows update as a "critical update" a month ago. It wasn't that hard to download.

    -------------
    The following sentence is true.
  • Why didn't she call the virus "Good Times"? It would have been a lot funnier. And she could have attached to the "Good Times" spam (which isn't quite spam now is it?) that goes around every few years?

    -RossB



  • A buffer overrun works because nothing is checking to see if the buffer is full. In that case, data written past the end of buffer will be in some other segment of memory, and *possibly* executable. However, if you write your code to keep an eye on the buffer, you can handle the overflow safely. (Increase the buffer size, stop accepting more data, etc...)
  • "Most of us just sit and watch in amusement as the MS world infects itself."
    Most? I'd bet the majority of /. readers use MS at work and a Linux box at home. So quit the "I'm alright, Jack" mentality, OK? Just because you don't get affected, don't assume everybody else won't - I don't mean you getting directly infected, but having to clean up after John Luser got sent something. You've obviously never been infected by any quickly replicating virus; when that happens, you say goodbye to your next 48 hours. Fine if it's your PC, not so good if it's your office's network.
    "It really isn't interesting, so why post about it?"
    Depends on what you do. If you wear sandals, have a beard, and are horrendously condescending, then you probably run SCO or Solaris and are not interested in the machinations of MS and "the MS world", apart from some smug sort of justification of your OS. Face it, someone you know must run MS. Would you rather know about this, so you can help other people who might not be so IT savvy, or assume your granny who runs W98 (so she can play Unreal :) knows there's a threat to her PC?

    "neither news for nerds?"
    You've obviously never read up on viruses. Get a book, read up. Plenty of nerd material there; self modifying programs, mutating code, understanding & exploiting OS features & holes.
    Just because you think you've got a handle on your security, doesn't mean everybody else does. Slashdot is read by all people from all walks of life; grow up a bit and start accepting not all people on Slashdot are IT gurus, and realise that /. is a far more interesting place for it.
  • Plus! If you're capable enough to write stuff like that, and you use linux, you have far more interesting options, like help develop te OS :) You don't need to stop these people you just gotta direct their energy to something useful.

  • Windows Update takes care of all of this. Unfortunately, in my experience, this feature is like the vast majority of windows features..it looks great on paper, on the side of the box, and everywhere else, until it crashes unexplainedly when you try to use it.

    Personally I wouldn't hate M$ so much if they just fixed the programs they have instead of releasing new versions with more (buggy) features, but that's what you can do when you're a monopoly and quality doesn't count only the need to be percieved as innovative, and to get a "new" product on the shelves.

    BTW, NT is impervious to this attack, so keep that in mind while M$ bashing.
  • I wonder if the author sent slightly different variants to the different antivirus companies..
  • Looks over at copy of Perl Cookbook

    heh cool.

    Nice work
    ---CONFLICT!!---
  • You seem to have misunderstood a crucial element: Microsoft is ultimately responsible for these so-called viruses because of their negligence in systems design.

    Ignoring for the moment opinions on the quality of MS software, this touches on a question I've often had about Open Source. If there's a gaping hole in, for example, Outlook, and a company loses all its email for the year, they have someone to blame, and potentially hold legally liable. (Assuming that they company wasn't negligent in applying patches, etc). If, however, the same company were to use, oh, for example, Linux, and have the same thing happen, then what? If they downloaded the source from RH's servers and installed it... er... where would they look for legal redress? The multitude of unidentifiable coders who generously gave their time and expertise to write what is, on the whole, an amazing product? Do they *have* anyone to turn to? If, on the otherhand, they bought a copy of the RH distro, and used that, *then* can they sue RH? How about the OEM who sold them the server with Linux pre-loaded? I guess it just seems to me that, along with the product, when you buy an MS product (or most other pieces of software) you're also purchasing the right to blame...

    I know I've drifted some from the original topic, but this is one of the aspects of group developed open-source projects which I don't really understand....

    -User

  • How would having source to your apps and OS protect you from this sort of email virus? Assuming that there is a Linux email reader which can auto-execute embedded code, you'd still be vulnerable if you had that feature turned on - regardless of any code auditing.

    I believe in a previous /. article someone described such a mail reader - I'm thinking emacs but I'm not sure. Anyone know?

  • Right.. the companies have share holders to cater to. The more viruses, the higher the share price.

    This from Finland, where the principle owner of Data Fellows suddenly became nation's second richest person after an IPO just days ago. Suspicious minds again wonder about various meanings of shareholder value.
  • 2) It IS color, not colour. I'm afraid this isn't the U.K.

    If this isn't the U.K. then where exactly is here??? Hint: It's not the U.S. dogbreath.

    Bad Command Or File Name
  • And I assure you that they all run free anti-viral software loosely referred to as Unix. :-)

    I'm not quite sure why you assume that Unix is immune to viruses. If I send you a script:
    #!/bin/sh rm -rf /
    and you run it as root, there's no antivirus software to intercept the unlinks and ask you if you're really sure you'd like to go ahead with it. Almost every aspect of a Unix system assumes that the human is fully aware of all security problems--even today, many Linux distros run finger, portmap, telnet, and the like by default. Unix's "immunity" to viruses is based on the awareness of security issues among Unix software developers and Unix users.

    I'd venture that in a few years when enough nontechnical users are running as root on their home systems, Unix viruses will become more prevailant.

  • You can't uninstall IE on Windows '98. Its security holes are seamlessly integrated with the operating system.

    Did you miss the Microsoft trial, or what?

  • About eight months ago, uninstalled just fine and ran Win98 with I.E. 3.02.
  • Since it's entirely possible that some of the 'nerds' out there have to support MS-based enterprises (or friends that treat them like a personal help desk :0( ), it's good to know about this kind of information. As a Domino/Notes admin who has to work with Win32 all the time (no Linux client, as has been discussed ad nauseum), I don't have to worry about infection, but see how it can be relevant to many readers of this site.

    AFAIK, slashdot is not the "linux-only news for nerds" site, and I hope it stays that way.
  • And i'm just wondering when the last time you actually tried to uninstall IE4/5 from Windows 98 was.
    You need Revenge of Mozilla [silverlink.net]. It completely removes IE from Win98, although you will need three files from later versions of Win95. Personally, I removed IE4 and then installed IE3. You get a good web browser, a fast and stable desktop without all the cheesy web integration, and IE3 provides the libraries needed to run Office 97. Win98 with Revenge of Mozilla is faster than Win95; without ROM it's much slower.
  • Uh oh. Now you have a virus.
  • This is considered a "new kind of virus"... People never learn from history, it would seem. This type of virus has existed with DEC VMS 5.5, and probably both earlier and later versions. Don't learn from history, and you'll sooner or later repeat it.

    Sorry, I've never used VMS, so I don't know what viruses were made for it or how they might have worked. You seem to be suggesting (absurdly) that VMS had ActiveX controls and supported JavaScript in HTML-formatted email messages. If this is not what you mean, would you please elaborate?

    However, I guess I can look at the bright side. I've been worried, for a long time, that a virus writer would exploit file dead-space. There's plenty of room at the end of most binary files to tuck a routine or two, then all you'd need is a bootstrap and some way to re-assemble the fragments in the correct order. A trivial task.

    You'd still need to be able to get control to flow to that bootstrap routine, though. A virus scanner might think it strange if a program's start address was beyond the end of its image, or if the program began with a jump to such an address. That would be a dead giveaway that something fishy was going on.

  • I think this is an interesting point here...veiled, but its there nonetheless.

    Basically, rather than needing to have an intimate knowledge of the operating system to write a virus, now that there are sufficient API's in higher level (middleware as Judge Jackson and others have called them) you can fully write viruses in these middleware "languages". This requires intimate knowledge of the middleware, but not of the underlying OS really. Its interesting as the heralded promise of cross-platform programs to increase productivity, is also potentially bringing about the spectre of cross-platform virii...a concept that was just mind-boggling less than 3 years ago.

    I think a lot of the posts casting aspersions on Microsoft, have some significant points (I don't *totally* agree, but I do think they bring about some good points). The "security" of these middleware applications have been largely overlooked (primarly by Microsoft...some of the other middleware APIs...java, javascript, etc...at least have given some thought to security). Personally, this is one of the main reasons at this point that I don't want to hassle with MicroSoft software. Originally I didn't want to support the company as an ethical stand, and I thought the software just sucked. Now, the potential hassle of running the software and dealing with the security whole of the day introduced by the latest 'feature' of the day is just more than I want to deal with.

    Jeff
  • It is a common idea that buying a commercial product should give you "someone to sue" if something goes wrong. Indeed this is true for most classes of products, especially if there was provable negligence. It is not true for any software that I am aware of, and certainly not for Windows. If you read the Windows EULA (or GPL for that matter) you'll see that they deny any liability or warranty. So there is, in fact, no one to sue in either case.

    There have been some questions raised about the legality of such "shrink-wrap" licences, but I don't know of any case in which they have been overturned. In any case the UCITA, which will soon by passed by the states, barring divine intervention, will put these licences on unassailable footing.

    The way big companies protect their truly expensive hardware and software is with on-site support contracts with guaranteed uptime. These contracts tend to limit liability as well, and are available for open source as well as proprietary offerings (including Microsoft).

    In short, if you want assurance about a software product, you need to spend a lot of money on a support contract or trust your staff to build reliable systems and support them well, no matter who made the software.


    --
  • Could it be because the so called technology press (especially at ZDNet) were among the first to fall to MSFT. They probably believe that it isn't possible to read email, view pictures or breathe without MSFT software.

    Bad Command Or File Name
  • I suppose that my children aren't free because they are not free to sell their children into slavery?
    --
  • Linux is more secure.

    It is.

    A fool is one who thinks he knows but does not.


    Bad Command Or File Name
  • The problem here is that the virus is NOT an attachment so the old adage "Don't open attachments and you'll be OK" doesn't apply to this type of virus mearly selecting the message and previewing it can infect your machine without opening any attachments. You need to do one of the following, download the patch, set the email reader to high security settings (so active scripting etc. is not excecuted), or change to read mail in plain text rather than HTML format. Which solutions work depend on which version of Outlook is being used.
  • If you think I automatically run any program upon its mere receipt, let alone doing so as the superuser, then perhaps you'd be interested in some beachfront property in Florida.

    To do out of ignorance those things is to be idiotic. Microsoft and the mindless morons who produce software for that crapware non-O/S platform encourage people to do both. This passes beyond the idiotic into a realm that is negligent at the best, and criminal at the worst.

  • If the virus writer wants to attack Unix, assembler and a knowledge of the OS is a must.
    Ah, and precisely which assembly language would that be? I'd dearly love to see the machine language virus that someone is going to use to attack my Sparc/OpenBSD system, my PowerPC/MkLinux(Mach) system, and my Intel/Redhat system all at once. Even if they get over the extreme and proven hurdles that I, a mundane user, am not privileged enough to take pot shots at random bits of memory or disk, they still have dramatically different kernels and instruction sets to contend with. It's not just inherent security keeping the script kiddies out of our recta.

    Even if we were the idiots in Unix the way they are in slobbering consumerist MicroAppleSoft-land--and as some predict will inevitably occur if we `win'-- our hybrid vigor makes us strong. Their monoculture is an accident waiting to happen. And happen. And happen.

    Apple figured this out, and are moving to a BSD platform. I've played with it, and it's nifty.

  • I work with MS Windows (as a developer), and I am forced to use Outlook 2000 (by the company I'm at). If it hadn't seen this newsstory, I wouldn't have innoculated myself until the IT folks sent out a technical builiten... and that could be weeks. Thus for people in my situation, this is very helpful. Incase you didn't notice there are Linux, BSD, Mac, Amiga, Palm AND Windows folks here. That's what tolerating differences is all about.

    A lot of people on /. are also system administrators who need to make stuff like this known to their (l)users, and be able to answer questions about the latest and greatest virus scare.

    Finally, this is news. This is the first (reported) email/web virus that doesn't require the user to actually run something. (Yes, viruses that didn't require execution existed before, but this one is the first (reported) web-virus.)
  • I agree it's good they got the patch out and all that. But I have two problems with what you're saying.

    1. Going to Windows Update isn't always a really safe idea, I've seen a perfectly fine computer (or at least it seemed fine) go to Windows Update and come back a corrupted mess

    2. This hole should never have happened in the first place. Okay, Java/VbScript enabled HTML mail should never have happened in the first place either.

    All I'm saying is that MS should do a bit more thinking/research before they release potentially dangerous features into their software. This is not even close to the first time nor will it be the last time.

  • by jd ( 1658 ) <imipak AT yahoo DOT com> on Wednesday November 17, 1999 @05:15AM (#1525885) Homepage Journal
    That's true, but virus scanners look for unique pieces of code. The bootstrap can afford to be extremely small - it only needs to check if the end of a sector contains a virus routine, then copy that into a block of reserved memory, based on routine number * size of routines.

    That's too small a piece of code for a virus scanner to recognise. There's nothing that's unique, to identify.

    -NOW-, many virus scanners also detect changes to files. -This- could successfully recognise the bootstrap, no matter how small or how carefully disguised it was. As you say, it has to be executable. But this assumes you have a record of what the file -should- look like. If you've got a disk or a file that's infected, you won't know until it starts infecting other files.

  • VMS had the curious property that you could put shell scripts inside regular e-mails (such as the subject line, or the main message). These would get executed when viewed.

    As Dec Mail would (by default) display the subject line of the message, when you received an e-mail, this means that you didn't even need to open the message to be infected. Receiving it was enough.

    Whilst not quite as powerful as ActiveX or Javascript, the Dec shell scripting language was, nonetheless, very powerful. Easily enough to do everything BubbleBoy can do.

  • by ToLu the Happy Furby ( 63586 ) on Wednesday November 17, 1999 @05:21AM (#1525887)
    Someone please tell Roblimo to stop posting about Windows viruses. They're neither news for nerds, nor stuff that matters. Slashdot readers are extremely likely to know about the dangers of viruses, and what measures to take to prevent catching them. Most of us just sit and watch in amusement as the MS world infects itself. It really isn't interesting, so why post about it?

    I couldn't disagree more. Now, there are lots of reasons why I think this is interesting and worth talking about, but disregarding all of those, the simple fact is that /. is not a Linux site, or even a non-MS site. Even if most /.ers hate their guts, a very large portion of them works with Windows networks as part of their job, and even more are employed at places where most of their coworkers use Windows. Important viruses like Bubbleboy are vital news for a large contingent of /. readers.

    Beyond that, Bubbleboy isn't just any old virus; it's the first self-executing email virus, and probably the closest any virus has come to the 'ideal' of infecting a machine despite the user not doing anything wrong (no, running Windows doesn't count). Indeed, your assertion that "Slashdot readers are extremely likely to know about the dangers of viruses, and what measures to take to prevent catching them," is precisely why this story needs to be run--because Bubbleboy turns the conventional wisdom on viruses on its head a little bit. (Of course, one could argue that that's because most viruses don't actually target OS bugs, but rather legitimate functions; in some sense, Bubbleboy is more of an exploit than a virus.)

    In the end, I think (and not that I haven't felt like posting "does this really belong on /." posts every once in a while) that, with the possible exception of the decision to interview John Vranesevich, it's usually not too appropriate to second guess the /. staff for posting an article. If you don't find it interesting, don't read it, and post on it. If lots of people don't find it interesting, then there won't be many posts on that subject, and eventually Rob and Roblimo and Hemos will figure it out. Furthermore, if the discourse of whatever posts there are is no good, they'll eventually catch on to that, too. And they'll be less likely to post on that subject on the future.

    The thing is, it doesn't hurt you one bit for this article to be here. If the subject doesn't interest you, then fine: move along. But don't automatically presume that everyone agrees with you. Just because (wow--just clicked on your user info) you were around when /. was just a couple thousand strong doesn't mean that you automatically speak for the entire /. community now. Just because this may not have been "the sort of thing that got posted in the olden days" doesn't mean it's not what should get posted now. Besides, I may not have been around as long as you, but I've frequented /. for a decent amount of time, and certainly wouldn't have been at all surprised to see this story, or even a similar but less important one posted, say, a year ago.

    I suppose what I'm trying to say is, let the people in charge of /. do their job. I think we'll both agree they make the right decisions most of the time, and when they don't, they're good enough to figure it out on their own.
  • I've been about since it was born- before that I was a frequenter of Chips and Dips (it's predecessor!) and this joker doesn't speak for me.

    While I'm a Linux coder/admin, the place I work for has standardized on Outlook/Exchange for their e-mail; this is a frigging nightmare for us to have to endure (Thank the Lord I've got daily backed up CVS repositories for our code- it's the only thing that saved places like Dell when they got ravaged by Melissa (MS lost months of work in some cases- Dell lost only a day's worth of work.)). All of you might think a catastrophe or even a scare caused by something like this would wise them up- you're dead wrong. The management types (the clueful and the PHB variety) don't usually think the same way you do and they won't automatically make the connection to blame the true cause, MS- so don't cop the attitude that you're ok and everyone else can just go to Hell in a handbasket because they basically did it to themselves (Yes, I know that it is these people's fault- but the best solution is to prevent the catastrophe and show them via this problem the error of their ways!).

    Almost everything that has shown on this site belonged here. Not everyone here is a Linuxhead- it's wrong to assume that this is the case. If someone wants primarily Linux-only news, might I suggest LWN or Linux Today instead of /. You'll be a hell of a lot happer, believe me.
  • Second, the method seems to be taking advantage of the fact that a preview pane has to open code somewhat.

    Sort of. The Preview pane isn't really required; opening the message will do just as well. The Preview pane just makes it happen a little more automatically.

    I'm not sure what you mean by "somewhat". In order to display the message at all, whether in the Preview pane or a message window, the mail client has to process the HTML and execute any embedded scripts. This is how the virus is activated.

  • Virii (Viruses?) that do this ...
    The answer to your parenthetical English uses viruses. If you were curious what the Romans appear to have used, the short answer is that they didn't. :-) A longer answer [perl.com] is also available.
  • Use your brain, man. Of course MS is going to represent the lion's share of virus targets. It is by FAR the most widely available OS out there, making it the most visible target.
    You seem to have misunderstood a crucial element: Microsoft is ultimately responsible for these so-called viruses because of their negligence in systems design. An operating system is supposed to provide a protected interface to the hardware. MS-DOS does not do that. This notion of carefully controlled, mediated access to the computer's underlying raw resources is hardly a new concept today, nor was it back when Multics was doing rings of protection -- which, you will note, antedates Unix significantly.

    The primary reason we don't have viruses for Unix operating systems is because of our security model. The primary reason you do have viruses for Microsoft's soi-disant operating systems is their lack of a sound security model. There are others reasons, but this is the crux upon which hang untold zillions of dollars of needless costs.

  • Wrong, contrary to what Microsoft tells you (or told the judge at the trial for that matter), it is quite trivial to completely remove I.E. from Win98. See the above post by Ed Davis to find the software to do it.

    I used the original Revenge of Mozilla and ran Win98 with I.E. 3.02 instead of 4.
  • Why is this moderated up as 'insightful'? This is a HOAX. The FCC does NOT release statements regarding virus threats. "Warn your friends and local system users of this newest threat to the Internet! It could save them a lot of time and money." The aboive is a sure fire tip off to a hoax. Now break out your moderation points and blast that sucker down to -1, where it belongs.
  • It's interesting that viruses are now described as "going wild" or "escaping". Could this be indicative of a trend? Consider the following. As new network connections are laid down each host on the internet has the potential to connect to and accept connections from a rapidly growing number of other hosts. Network services are being automated more and more often. We are seeing a proliferations of tools which aid in cross platform execution different tasks. This is the perfect breeding ground for an organism. Good ecological diversity, lots of cover/protection from predators, lots of resources, and it's condusive to easy transportation. It shouldn't be to hard to create a virus (or worm) which would reproduce sexually rather than asexually. We did something similar in simulated environments and we got some amazing results. Agents (the individual organisms) would even evolve to work with other agents and display group behavior. Sometimes we would get dominant populations using algorithms that we hadn't even predicted. I think the biology analogy for viruses is going to get alot clearer in the next few years.
  • I don't agree. I think its not the attention that brings these particular brands of viruses (virii?).
    You were right the first time. The answer to your question is that in English, it's viruses [perl.com]. Pretentious pseudo-intellectual script kiddies cursed with "3133t"-speak are prone to using whimsically invented forms, either out of out of ignorance or playful "k3w1ness".

    But lest you think these people peculiar in this, notice please how virtually every definable sub-group delights in forming their own invented jargon, and that these sociopaths (crackers) are no different in this regard. Why? Because an "in-speak" serves to separate the "them" from the "us". Anybody who thinks about it for half a second can come up with numerous examples in each of the discrete groups that they belong to. It's just something that we humans do. We like to know who's who, and who's not. It's part of defining the sub-group. The use of the k3w1t0k (yes, that word is an autolog :-) *virii is one such marker.

    the fact that MS left the door wide open that keeps these 'viruses' circulating
    Bingo! That's exactly right. Microsoft is guilty of selling a system that they know is designed to be easy for anybody to blow up. It is missing the customary and expected safety mechanisms that have been common knowledge for several decades now. I'd like to see Ford Motors get away with this sort of complete negligence. I wish as many people were as upset with the utterly unreliable crapware (speaking of subgroup-specific neologisms :-) that Microsoft keeps foisting off on the public as so many of us are with the monopoly problem.

    Class action lawsuit, anybody? :-)

  • I've been worried, for a long time, that a virus writer would exploit file dead-space.

    This has been done. As a matter of fact, one of these came across as a /. story about a half year ago. The virus took advantage of internal fragmentation on FAT fs's. I'll look for the url...here it is. [slashdot.org] The informational link from there doesn't appear to be valid anymore, but that virus hid itself in files without changing their size through the method you mention.

  • If you think I automatically run any program upon its mere receipt, let alone doing so as the superuser, then perhaps you'd be interested in some beachfront property in Florida.

    s/I/a user who doesn't understand their computer/
    s/Florida/Florida/ (perhaps you originally meant Colorado? :)

    While I think your attack of Microsoft is just a wee bit of a stretch, I agree that MS OSs have negligible security. They were built for non-networked computers, where physical security is the most important type of security. (Not that fdisk /MBR c: was much fun. :)

  • MS OSs have negligible security. They were built for non-networked computers, where physical security is the most important type of security.
    Unix was originally built for non-networked computers. Your point? MS has stuck most of the unsuspecting world with a form of technology that was already out of date before they came on the scene. And they've developed an entire culture in which people now expect this sort of shoddy craftsmanship. And then they wonder why they get burnt. There comes a time to throw out the old crap and do it right. That time is long, long, long past.
  • Ah, and precisely which assembly language would that be?

    There is truth in that. No matter what, the virus would fail on some percentage of the machines attacked due to being for the wrong archetecture/instruction set. That would make things much harder for them. So far, only 'THE WORM' has gotten around that problem to my knowledge.

  • if the author sent it directly to the security boys 'n' girls, how did it get into the wild? Either the author isn't on the side of the angels after all or there's a trojan horse in the anti-virus world. Which would be ironic.


    I figure that if one person could figure out the hole, someone else could as well. Especially considering that there were enough "hints" in the various and sundry articles notifying the world of the existence of the hole in the first place. Conspiracies aren't necessarily everywhere.


    -t

  • Installing the MS patch will start a string of error messages and BSODs that will make you pull your hair out! I had to uninstall IE 5 and my antivirus prog to exsize the evil patch, then reload both to get back to normal.
    Believe me if I could get away from using Win/Lose 95 and 98 at work I would! I am stuck however with this loser device that breaks on a regular basis anyway. I should have learned my lesson the last time that a MS patch broke the damn thing.
    Rule number one, "If it ain't broke, don't fix it." I have never had a problem w/ viruses using windows because I don't open the attachments.

    Later
    Y2k Flunky
  • No, you aren't wrong. In fact, you're exactly right.

    You have to treat the cause, not the symptoms. The viruses are the symptom. Microsoft's inability to design a robust, security-minded operating system is the cause. And installing one of the innumerable Linuces, a BSD, or various commerical Unixen (yes, those are bogoplurals :-) is the most cost-effective cure. It's difficult to imagine Microsoft ever escaping from the single-user ghetto mentality in which they have sequestered themselves for all these years.

  • Obviously you've only been using the Internet for a few weeks (how are those 50 free hours holding up?) so I'll do you a favor and fill you in.

    Although it's fairly obvious from actually reading the comment anyway, the Good Times virus warning has been around for who knows how long. I first got it about 6 years ago, I think (and have gotten it 5 or 6 times since). Practically everyone who has an e-mail address has gotten it. Yes, it's a hoax. It's obviously a hoax. It's the oldest hoax in the virus hoax book, and countless debunkings have been written, centering around the very important point:

    "You can't get a virus just from reading an e-mail message."

    Oops. Microsoft certainly is redefining the way we think about computing...

    --neil

  • Doesn't mean you have to USE it. The problem isn't whether IE is installed or not, but what Email software you are using. If you use Netscape's email, or Eudora, or something besides Outlook, Outlook Express, or Exchange (and Notes I think) then you won't have this problem. If IE is integrated, so what? Don't use MS Email apps. They are the problem.

  • Lets face facts Microsoft Windows is a Virus . What else can cause a computer to crash on a semi -regular basis.I would complain to Micro$oft but lets be real.It's not in their best intrest to fix their own piss-poor programming .Talk about planned obsolesence.
  • MS attracts the most virus writers because it's an easy target. All you have to do to wipe out the system is get your code executed (and there are MANY ways to do that). In Unix, (where there is real memory protection, and the GUI isn't running in the same ring as the OS) you have to get your code run as root to do much damage.

    By no means do I claim that Unix is virus proof (it certainly isn't!) but it's a harder target to hit. If the virus writer wants to attack Unix, assembler and a knowledge of the OS is a must. Macro and VB writers need not apply.

    I suppose the real difference is that the Unix world designs to minimise the risk of such things, and MS designs for whiz-bang features and then band-aids over the holes.

  • when you are running win98- IE is also running, whether you want it or not. it shits itself into memory when you boot up, thats why win98 with ie has a much larger memory footprint than win95 or win98 without ie, and is also why everyone claims that ie loads up faster than netscape, because it is already loaded up.

    i found this rather funny too, thanks for the pick me up:
    "You can't uninstall IE on Windows '98. Its security holes are seamlessly integrated with the operating system.
    Did you miss the Microsoft trial, or what?"
  • by crow ( 16139 ) on Wednesday November 17, 1999 @04:11AM (#1525935) Homepage Journal
    The other thing I noted in the story was that it's patchable if you go to the microsoft site. This places the onus on users to make sure they're not infected; Microsoft can say 'look, it's available; it's not our fault if you don't download it.

    Uhm, isn't that exactly what all the Linux distributions do when a security issue is found? I remember one of those "hack this box" PR things where everyone complained that they hadn't gone to the Red Hat site and installed the security-related updates.
  • by jd ( 1658 ) <imipak AT yahoo DOT com> on Wednesday November 17, 1999 @04:12AM (#1525937) Homepage Journal
    This is considered a "new kind of virus"... People never learn from history, it would seem. This type of virus has existed with DEC VMS 5.5, and probably both earlier and later versions. Don't learn from history, and you'll sooner or later repeat it.

    However, I guess I can look at the bright side. I've been worried, for a long time, that a virus writer would exploit file dead-space. There's plenty of room at the end of most binary files to tuck a routine or two, then all you'd need is a bootstrap and some way to re-assemble the fragments in the correct order. A trivial task.

    This would give you an almost undetectable virus, as many virus scanners check files, not sectors, and the files themselves would be unaffected.

    Even if you -did- write something that could detect a fragment, all you do is clear that fragment. It'd be child's play for anyone to re-write a single routine. The bootstrap/saver routine could probably do that.

    In essence, something like this would be a virus OS, rather than a conventional virus. Conventional viruses can be dealt with, but a virus OS is a much greater challange.

  • Interesting to see the number of replies that assume I'm running Linux, and was complaining because it's not a Linux related story. As it happens, I run many OSes (of which, yes, Linux is one). My point was meant to be that /. isn't a virus alert forum. There are plenty of other places that are meant for that sort of thing. Yes, the first mention of this particular virus was vaguely interesting because it uses a new method of transmission. However, I stand by my view that the fact it's out in the wild is neither news for nerds nor stuff that matters.
  • by Wonko42 ( 29194 ) <(ryan+slashdot) (at) (wonko.com)> on Wednesday November 17, 1999 @05:46AM (#1525940) Homepage
    Uh, you're insane. I manage my school's network, and I installed the patch on all their Win98 machines with no problems. Also on my home and work machines, still no problems. You must've done something weird.
  • That's very interesting. The last time I looked this up in Perseus, they considered it an indeclinable form. In fact, they still do [tufts.edu]. Curious.

    I looked through the vira entries that your cite referenced as well, but of those that one could pull up via a link, none actually used that form. I don't have the non-linked source at hand. How do you explain Ammian [perl.com]?

    I'm still looking for more sources, and will happily update my document if and when new research turns up, as it did recently.

    And I'll still use viruses when writing English. :-)

  • Bubbleboy is non-malicious, takes up very little space (and therefore does not use a lot of resources), and makes everyone's day just a little bit more exciting. Not to mention that McAfee is having a blast with all the software purchases they're getting off this. ;)
  • It seems that a lot of you are jumping to some pretty dumb conclusions, bashing Microsoft when you really shouldn't be. As usual...

    But anywhow, I just wanted to point out that Microsoft released the patch for this vulnerability in August. That was a few months ago; way before any viruses had actually made use of the hole. In fact, I also remember a Slashdot post being made about the patch, and it got quite a lot of media coverage. Yes, Microsoft was alerted of a vulnerability, and they fixed it, months before anything actually exploited that vulnerability.

    And yes, if you use a vulnerable flavor of Windows and were too stupid to upgrade, you deserve to have your computer's Owner name and Company info reset. Heh, geez people, it's not like BubbleBoy is malicious or anything... ;)

  • Based on their behaviour, I'm inclined to believe that MS really doesn't care about security. One of yesterday's articles [cegadgets.com] showed that WinCE XORs your NT password against a FIXED KEY in it's registry. That's about as secure as rot-13 in usenet. If they had the slightest bit of concern for security, they wouldn't do that. I would have thought they had learned in the 80's when they used roughly the same sort of scheme to password protect word documents and a cracker program came out that could retrieve the password in under a second.

  • Sure, it's the user's fault for not patching...

    I have to disagree with that. If the user is informed, yet choses not to follow up, then it is their fault. However, a lot of us here tend to forget that:
    1. Not everyone is a computer expert, and a lot of people don't know what a patch is, let alone where to get one or what to do with it.
    2. There's nothing wrong with that.

    My sister bought a new computer last year and is happily browsing and ICQ'ing away. She doesn't know Jack about security, nor do I believe she should be expected to. I mean, should every newbie make support.microsoft.com their home page, and check it for new misfeatures every time they go online? That's not reasonable. The vast majority of users simply want to get on the 'net and run around without having to bother with all of this, in much the same way that they want to use the phone without knowing the difference between packet-switched and circuit-switched networks.

    Yes, I think that people should learn more about their new computers than most people usually do. However, I think that patching goes beyond the skills and abilities that the average user should be expected to know.

    To make an analogy, have you checked to see if there's a recall on your car? No? Why not? Consumer Reports lists current recalls in the back of their magazine, so it's publicly accessible information, but I'd dare to state that not many people bother to check. So, if someone's defective car causes an accident, was it their fault for not taking it in for a "patch"? I guess, technically, it may be. In reality, though, I don't think that's a reasonable expectation.

  • by FreeUser ( 11483 ) on Wednesday November 17, 1999 @04:20AM (#1525966)
    Most computer users use Microsoft's products.

    Most virus writers will, therefor, statistically use Microsoft's products.

    Most virus writers will target systems with which they are familiar, which happens to be Microsoft's products.

    Thus, most virus/worm/trojan products target Microsoft products.

    The fact that such an overwhelming number of these attacks are successful, indeed devistating, is a testiment and real world demonstration of just how severely flawed Microsofts entire security paradigm continues to be. That the so-called "service" packs and security fixes generally break more than they fix (whether maliciously or through negligence) is a strong indication of how flawed Microsoft's development process and QA/QC procedures are.
  • It does; search for an 'autoRPM' daemon. It's not exactly an MS creation (although it MIGHT be to promote e-mail clients that execute everything in sight with minimal concept of permissions...)
  • Like the infamous RTM worm?

    I'm sure it's been written up, and IIRC there were some charges that actually stuck...
  • IIRC, Eudora was affected by some java problems or viruses, recently. Weren't Outlook, Eudora, and Netscape Mail the three programmes that have had problems with bad email?
  • An operating system is supposed to provide a protected interface to the hardware. MS-DOS does not do that. This notion of carefully controlled, mediated access to the computer's underlying raw resources is hardly a new concept today, nor was it back when Multics was doing rings of protection -- which, you will note, antedates Unix significantly.

    The concepts of protection and security are relatively new concepts in the personal computer world. Microsoft has never really embraced these concepts either, it would seem, and I imagine it's because most of their customers don't care. (Or, at least didn't care.) Rather, they seem to be more interested in the opposite -- integrating everything with everything else and separating nobody from anything.

    Part of the reason for this, I imagine, is that the original user base for PCs and related equipment really didn't want anything in the way between themselves and the machine. The OS was a glorified boot loader that additionally provided some useful routines. Look at the Apple ][, Commodore 64, IBM PC, etc. at their inception. The only machine that truly insulated you from the hardware (TI-99/4 and TI-99/4A) died earliest.

    I remember someone musing around this time (early/mid 80s) that the hardest thing you could try with your computer was to hook it up to another computer. This remained largely truly until the last decade, and for the bulk of non-business computers, the last few years. Is it any wonder that the notions of security and paranoia just aren't built in?

    --Joe
    --
  • by Hanno ( 11981 ) on Wednesday November 17, 1999 @04:22AM (#1525978) Homepage
    Years ago back in high school, I wrote a "virus" that basically just copied a short segment of source code to GW-Basic programs it found on the hard disk - yes, GW-Basic, that old thing for DOS 2.11 that existed before Visual Basic and Turbo Basic were known.

    It didn't do any harm, it didn't "infect" EXE files and I did it just to find out if it was possible and what writing a virus is like.

    Scary thing though that this simple program (just a few lines of code), despite being harmless and doing its task clearly seen in the open light (is that an English phrase, anyway) followed all the requirements to be called a virus. Today's macro viruses actually do exactly the same thing.

    While I never spread "my virus", it was an interesting experience. From a pathetic viewpoint, those virus writers could be called seduced by the dark side of the force; being among crackers, script kiddies and other menaces to IT society must be like being in a street gang. They have their own set of values of what is "cool" and what gives you "respect" among the peers.

    It sure would be nicer if those talented hackers (which they often are) would use their talent for something useful and write "good" software to gain a kind of respect that's actually worth gaining...


    To answer your other question, I doubt that MS itself is the target. A virus must find a common platform as a host to spread itself, and Microsoft software, both Dos/Windows operating systems and Office/Outlook application software, are commonplace. This makes an obvious target.

    ------------------
  • by rebrane ( 17961 ) on Wednesday November 17, 1999 @04:22AM (#1525979)
    The FCC released a warning last Wednesday concerning a matter of major importance to any regular user of the Internet. Apparently a new computer virus has been engineered by a user of AMERICA ONLINE that is unparalleled in its destructive capability. Other more well-known viruses such as "Stoned", "Airwolf" and "Michaelangelo" pale in comparison to the prospects of this newest creation by a warped
    mentality.

    What makes this virus so terrifying, said the FCC, is the fact that no program needs to be exchanged for a new computer to be infected. It can be spread through the existing e-mail systems of the Internet. Once a computer is infected, one of several things can happen. If the computer contains a hard drive, that will most likely be destroyed. If the program is not stopped, the computer's processor will be placed in
    an nth-complexity infinite binary loop -which can severely damage the processor if left running that way too long.

    Unfortunately, most novice computer users will not realize what is happening until it is far too late. Luckily, there is one sure means of detecting what is now known as the "Good Times" virus. It always travels to new computers the same way in a text email message with the subject line reading "Good Times". Avoiding infection is easy once the file has been received- not reading it! The act of loading the file into the mail server's ASCII buffer causes the "Good Times" mainline program to initialize and execute.

    The program is highly intelligent- it will send copies of itself to everyone whose e-mail address is contained in a receive-mail file or a sent-mail file, if it can find one. It will then proceed to trash the computer it is running on. The bottom line here is - if you receive a file with the subject line "Good Times", delete it immediately! Do not read it" Rest assured that whoever's name was on the "From" line was surely struck by the virus. Warn your friends and local system users of this newest threat to the Internet! It could save them a lot of time and money.

    --- cut here ---

    ah yes. it's true what they say about fiction becoming reality. and we have microsoft to thank. :)

    --neil
  • Comment removed based on user account deletion

Reality must take precedence over public relations, for Mother Nature cannot be fooled. -- R.P. Feynman

Working...