This discussion has been archived.
No new comments can be posted.
Bubbleboy Virus Gets Wild
Related Links Top of the: day, week, month.
Understanding is always the understanding of a smaller problem in relation to a bigger problem. -- P.D. Ouspensky
Re:What worries me... (Score:2)
Soo... You're saying you're waiting for someone to write a smaller version of Win98??
Kintanon
Re:Dark side of the force (Re:what I'm wondering.. (Score:1)
I had serious problems getting rid of it!
Today I think before I code. I hope.
Re:What worries me... (Score:3)
But what about the "bootstrap"? The virus has to be started, and the code for that needs to be in a place where stuff is normally executed, and that's where virus scanners are looking. If you hide a virus too well, it never gets executed and is no virus at all.
Re:what I'm wondering... (Score:1)
OK, I know it was a joke, but really... There just isn't enough damage to an individual to warrant an action, class or not. On the other hand, the (Federal?) "Public Nuisance" legislation is designed explicitly to handle the case of, well, nuisances, who do a small amount of damage to a large number of people. A letter to your State Attorney, suggesting an encore for the anti-trust case, anyone? (:-) {- maybe???}
Re:Microsoft ultimately responsible for viruses (Score:2)
My first personal computer was a Sun-1, followed by a Microvax. I've since moved on to various brands of Sparc and Intel chips, but those are still mine and mine alone. And I assure you that they all run free anti-viral software loosely referred to as Unix. :-)
This was back in the early and mid-80s, and I don't ever recall there being any problem hooking one computer up to another as you mention. Certainly ethernet and ftp/telnet were easier than serial lines and uucp/uux, but it was hardly black magic.
If you want to discuss business computers, those too had operating systems once upon a time. I never had much fun with Sperry UNIVACs, HP 3000s, or MVS boxes, but you can't say that business has always been accustomed to the negligently insecure systems foisted upon them today.
Second of all, I'm not sure that this would be exculpatory. Just because Microsoft and Apple have inured or lulled hapless consumers into accepting an explosive situation would not appear to my mind to get them off the hook. Yes, it is a wonder that notions of security are not end. Anything else is madness.
Re:RSysadmins don't have unlimited time... (Score:2)
You think you'll have fewer problems with Netscape? Wow. Take a look at Netscape 4.7, why dontchya'. It's the biggest steaming pile of crap that's ever been dumped on the web. And if you think it'll be easier (much less more secure) than IE, ha, think again.
And as for Outlook...wouldn't it be much easier just to install the patch than to go install a new mailreader on a zillion machines and then educate everyone on how to use it? Besides, Outlook is by far the best mail-reader for corporate Windows-based environments.
Re:It isn't an antimicrosoft conspiracy (Score:2)
Re:what I'm wondering... (Score:2)
It was Microsoft's fault, so they need to cover the costs others have incurred because of them. It's as if a car manufacturer would they shipped a car with an insecure gas line. They'd have to pay to fix the problem, and any damages as well. And if it could be shown that they knew they were shipping such, boy, the feeding frenzy would not be a pretty sight.
Then again, if the menu were to feature Lord Bill's Evil Empire pummelled, diced, and stewed, this might be a pretty sight after all.
Just something to think about. :-)
Re:WARNING!!!!!!! INTERNET VIRUS (Score:1)
Ah, childish comments. Bravo.
That aside, somehow posting the entire Good Times hoax, and then stating "ah yes. it's true what they say about fiction becoming reality. and we have microsoft to thank.
Maybe I am wrong, but, to me, that looks like a post that has a great chance of confusing those readers that are less enlightened than yourself. Why do you think the Good Times hoax has ended up in your mailbox so many times? Literally, your post says "The Good Times virus is no longer fiction, but fact, thanks to MS". That is much different from "It is no longer true that you can't get a virus by simply reading an email." Things that are obvious to you, aren't obvious or even "fairly obvious" to others. I think it is wiser to write with specificity, and not make assumptions that the readership will be able to "read between your lines".
PS - Try to refrain from the immature little attacks in the future. Oops, gotta go, that "You've got mail" wav file just went off...
admire viruses for the right reasons... (Score:1)
Unfortunately, Viruses authors are misguided, and just cause hassle for all. They would probably make good low level programmers
However, they do provide a market place... for norton, Mcaffee and the other companies who sell virus apps... so, in a way they do provide jobs for people... however, at the end of the day, there is no justification for making misery for people.
Instead of releasing viruses in to the wild, why not a "virus competition", that way they can show off to fellow virus writer geeks!!!!
Viruses will become more important during war time as well... hack into the enemies network, and put a virus on their networks.. much like Misilla (spelling) virus which can render machines to useless piles of metal by trashing the bios. Of course, you can also corrupt data as well as hard discs.
No I'm not justifying viruses.. but in a way, they can be useful... in the right conditions... and in some ways, you have to admire viruses for what they can do... viruses destructive nature is just stupid.. virus authors should grow up!
Re:This doesn't belong on slashdot (Score:2)
Now that you mention it, I guess in some senses my own situation is similar. It's just that I use Linux network at work (save for firewall etc, which are BSD), but at home am fortunate enough to use BSD for everything. :-)
Re:WARNING!!!!!!! INTERNET VIRUS (Score:1)
--neil
Re:How'd it get out? (Score:1)
Steven Rostedt
Re:what I'm wondering... (Score:1)
I found the previous message SEARCHING
And it looks that nobody here is discussing how epidemics depend on population distribution.
And market share is a BIG issue for MS now.
I thought everybody (on the media as well) would have discussed ages about how this splits the net in 2 (insecure and mostly safe) communities.
Perhaps IE has become the browser of choice for
Re:Dark side of the force (Re:what I'm wondering.. (Score:1)
(Think of Tom Jones)
------------------
Re:Illegal to write a worm? (Score:1)
Re: (Score:1)
Re:what I'm wondering... (Score:1)
Re:What about Linux? (Score:1)
Re:What worries me... (Score:2)
I recall this issue having come up in Phrack, in essays on "mutating" code. A way to make viruses "mutate," it was argued, would be to keep the main virus instructions "encrypted" (obfuscated, really), and wrap encryption/decryption code around that (usually this was very small XOR "encryption", not very large code at all). The problem was that a virus scanner could check for this encryption code and thus detect the virus. The same dillema would exist with bootstrapping code.
Doctors amputate Turkish earthquake survivor's arm [This story contains video]
Re:what I'm wondering... (Score:1)
Well, half seriously thinking about it, I figure you could make a case for $50 for the software. Then with time to download patches and the occasional damage done by the vir{us/es/ii/a/i/um/doh/take your pick} you could justify another $100-$200. So whose going to go through the hassle of a court case that will drag on for years (decades?). A lawyer wouldn't bother unless there was serious money at stake, which means at least 10^5 people. Who is going to find them all? Apathy alone will probably win for M$.
On the other hand, the government could use the public nuisance statutes to sue on behalf of everyone affected, with or without their permission . Let's see, that's $100 a pop (to be very conservative) times say 20 million (ditto) over say 5 years (again) for a total of $10 billion, again with tripple damages possible. I think the feds. might just be tempted. I'm sure some states (California, hint, hint) would. Like you said, just something to think about.
BTW, you *have* been busy on this thread, haven't you.
what I'm wondering... (Score:2)
Re:Easy to patch (Score:2)
Mike
--
Mike Mangino Consultant, Analysts International
How'd it get out? (Score:2)
The other thing I noted in the story was that it's patchable if you go to the microsoft site. This places the onus on users to make sure they're not infected; Microsoft can say 'look, it's available; it's not our fault if you don't download it.' I don't want to start another anti-MS diatribe (I hate windows, not MS), but unless I'm over-inferring, this is another example of passing the buck; MS bring out the OS, it's up to the users to use it responsibly.
Microsoft (Score:1)
Would you like to feel like your walking down a dark alley where there could be an attacker from nowhere whenever you use your computer?
Not for me sir, and I'm very happy whenever a new bug that affects M$ products comes out, because I've got more to support my argument to ignorant Windows users that Windows is NOT that great. I'm suprised it works, in fact, I've got an installation, and it almost doesn't, it's always a battle to even use it as an alarm clock (the traditional ones are just not loud enough, and there are no Linux sound card drivers for my sound card
Re:Microsoft ultimately responsible for viruses (Score:1)
Please don't confuse the use of personal computer between a marketing term for a wintel system and what a consumer uses a device for. If you want to call a Sun-1 or a Microvax a personal computer and put them in the class of Wintel boxes and iMacs then I honestly think you are doing a grave injustice to both Sun and Digital ( well what's left of it here ).
Re:DON'T use the MS Patch (Score:1)
>your hair out!
Actually, the patch is irrelevant to these particular symptoms.
P.S. The point is, you don't even have to open the attachments, dumbass. I'm looking forward to lots more viruses like this that exploit the stupid "executable-as-document" thing M$ likes to promote.
Did anybody ever doubt it would be? (Score:3)
That's right - more antivirus sales. And now that Macs are popular again, there's even viruses that affect them: for years, Mac users could putter away in safety knowing that not even virus writers developed for the platform. Now Macs aren't even safe.
I'm sorry, viruses are just not a sufficient reason (yet) to switch my whole company over to Linux.
I guess I'm just a hardened cynic. Oh well, time to go make sure I remembered to set the filter on Groupshield...
- -Josh Turiel
Déjà vu... (Score:1)
And, yes, the moment the virus was reported on Slashdot, it was already in the wild because of that Japanese website, and that story could be found on every major news website a week ago. Wired is just incredibly late.
Additionally: the patch was actually available before the virus broke out. It's a patch for another vulnerability, and BubbleBoy is actually a late-comer in exploiting that fault. It's the manner in which it does that's interesting.
That being said, the threat level of this virus is minimal, and it's just another public scare. It's a mail bomb-type virus a la Melissa, and it's the proof-of-concept that's scary, not the outbreak of a proto-virus.
"The wages of sin is death but so is the salary of virtue, and at least the evil get to go home early on Fridays."
Re:Microsoft (Score:2)
I just wish Microsoft would think before releasing new gizmos. Why can't they just explore the possibilities of, say, HTML mail before releasing the damn product. Sure, it's the user's fault for not patching, but Microsoft could do a lot to make it not so bloody easy to write these things.
MacOS is now doing this too (Score:2)
That's where I get off, frankly: I _will_ _not_ go along with that. If that means I run system 8 until it can't be usefully used and then go with Linux, so be it: it's absolutely true that it's an exploitable feature, but what you are not acknowledging is how unhealthy it can be even WITHOUT virii being installed. Supposing all the Lotus Notes users had NT autoupdate the NT fixpack that 'happened to' kill Lotus Notes? This whole scenario _might_ be permissible if all commercial developers were responsible and did extensive compatibility testing (HA!), but as things are, it's a recipe for rapidly losing control of your machine, not knowing why it's increasingly broken, and not having the power to even fix it, even if you know all kinds of things about the machine and can debug the installation and troubleshoot it infallibly. We're talking sort of plug and play hassle at the software level- instead of cards fighting you every step of the way, it's the potential for software itself to get into fights with other software, and every time you turn around something downloaded an update which turns out to break something else.
That's an absolute nightmare waiting to happen, and as I said, I could easily see it driving me to Linux fulltime in the long run if people don't STOP trying to do this insane behavior. Auto update assumes that the newer a version or update is, the better. Almost any computer user can identify cases where the opposite is true. I was forced to stop using iCab and return to Netscape _because_ newer versions became hopeless crashfests- and I'm not using a newer version of Netscape, either, I'm using a particular version that seemed to like my machine more than usual. And it only takes _one_ autoupdate to a broken or conflicting application to hose you- in the case of system software or always-resident software, it can cripple you entirely.
Easy to patch (Score:2)
with win98 you have a nice feature called "windows update" which brings you to a page listing all the critical patches, and other dowloads (such as new themes and new versions of media player and whatnot). All you have to do is check a box and click a button. This patch was on windows update as a "critical update" a month ago. It wasn't that hard to download.
-------------
The following sentence is true.
Better Name - Good Times (Score:1)
-RossB
Buffer Overrun (Score:1)
Re:This doesn't belong on slashdot (Score:2)
Most? I'd bet the majority of
"It really isn't interesting, so why post about it?"
Depends on what you do. If you wear sandals, have a beard, and are horrendously condescending, then you probably run SCO or Solaris and are not interested in the machinations of MS and "the MS world", apart from some smug sort of justification of your OS. Face it, someone you know must run MS. Would you rather know about this, so you can help other people who might not be so IT savvy, or assume your granny who runs W98 (so she can play Unreal
"neither news for nerds?"
You've obviously never read up on viruses. Get a book, read up. Plenty of nerd material there; self modifying programs, mutating code, understanding & exploiting OS features & holes.
Just because you think you've got a handle on your security, doesn't mean everybody else does. Slashdot is read by all people from all walks of life; grow up a bit and start accepting not all people on Slashdot are IT gurus, and realise that
Re:It isn't an antimicrosoft conspiracy (Score:1)
Plus! If you're capable enough to write stuff like that, and you use linux, you have far more interesting options, like help develop te OS :) You don't need to stop these people you just gotta direct their energy to something useful.
Moderate the above up (Score:2)
Personally I wouldn't hate M$ so much if they just fixed the programs they have instead of releasing new versions with more (buggy) features, but that's what you can do when you're a monopoly and quality doesn't count only the need to be percieved as innovative, and to get a "new" product on the shelves.
BTW, NT is impervious to this attack, so keep that in mind while M$ bashing.
Re:How'd it get out? (Score:1)
Perl God (Score:1)
heh cool.
Nice work
---CONFLICT!!---
Re:Microsoft ultimately responsible for viruses (Score:1)
Ignoring for the moment opinions on the quality of MS software, this touches on a question I've often had about Open Source. If there's a gaping hole in, for example, Outlook, and a company loses all its email for the year, they have someone to blame, and potentially hold legally liable. (Assuming that they company wasn't negligent in applying patches, etc). If, however, the same company were to use, oh, for example, Linux, and have the same thing happen, then what? If they downloaded the source from RH's servers and installed it... er... where would they look for legal redress? The multitude of unidentifiable coders who generously gave their time and expertise to write what is, on the whole, an amazing product? Do they *have* anyone to turn to? If, on the otherhand, they bought a copy of the RH distro, and used that, *then* can they sue RH? How about the OEM who sold them the server with Linux pre-loaded? I guess it just seems to me that, along with the product, when you buy an MS product (or most other pieces of software) you're also purchasing the right to blame...
I know I've drifted some from the original topic, but this is one of the aspects of group developed open-source projects which I don't really understand....
-User
Re:What about Linux? (Score:1)
How would having source to your apps and OS protect you from this sort of email virus? Assuming that there is a Linux email reader which can auto-execute embedded code, you'd still be vulnerable if you had that feature turned on - regardless of any code auditing.
I believe in a previous /. article someone described such a mail reader - I'm thinking emacs but I'm not sure. Anyone know?
Re:Did anybody ever doubt it would be? (Score:1)
This from Finland, where the principle owner of Data Fellows suddenly became nation's second richest person after an IPO just days ago. Suspicious minds again wonder about various meanings of shareholder value.
Re:Language lives: its Virii (Score:1)
If this isn't the U.K. then where exactly is here??? Hint: It's not the U.S. dogbreath.
Bad Command Or File Name
Re:Microsoft ultimately responsible for viruses (Score:2)
I'm not quite sure why you assume that Unix is immune to viruses. If I send you a script: /
#!/bin/sh rm -rf
and you run it as root, there's no antivirus software to intercept the unlinks and ask you if you're really sure you'd like to go ahead with it. Almost every aspect of a Unix system assumes that the human is fully aware of all security problems--even today, many Linux distros run finger, portmap, telnet, and the like by default. Unix's "immunity" to viruses is based on the awareness of security issues among Unix software developers and Unix users.
I'd venture that in a few years when enough nontechnical users are running as root on their home systems, Unix viruses will become more prevailant.
Re:what I'm wondering... (Score:1)
Did you miss the Microsoft trial, or what?
Re:what I'm wondering... (Score:1)
This DOES belong on slashdot (Score:1)
AFAIK, slashdot is not the "linux-only news for nerds" site, and I hope it stays that way.
Re:what I'm wondering... (Score:2)
Good Times (Score:1)
Re:What worries me... (Score:1)
Sorry, I've never used VMS, so I don't know what viruses were made for it or how they might have worked. You seem to be suggesting (absurdly) that VMS had ActiveX controls and supported JavaScript in HTML-formatted email messages. If this is not what you mean, would you please elaborate?
You'd still need to be able to get control to flow to that bootstrap routine, though. A virus scanner might think it strange if a program's start address was beyond the end of its image, or if the program began with a jump to such an address. That would be a dead giveaway that something fishy was going on.
Re:Ah, for the days of VCL (Score:1)
Basically, rather than needing to have an intimate knowledge of the operating system to write a virus, now that there are sufficient API's in higher level (middleware as Judge Jackson and others have called them) you can fully write viruses in these middleware "languages". This requires intimate knowledge of the middleware, but not of the underlying OS really. Its interesting as the heralded promise of cross-platform programs to increase productivity, is also potentially bringing about the spectre of cross-platform virii...a concept that was just mind-boggling less than 3 years ago.
I think a lot of the posts casting aspersions on Microsoft, have some significant points (I don't *totally* agree, but I do think they bring about some good points). The "security" of these middleware applications have been largely overlooked (primarly by Microsoft...some of the other middleware APIs...java, javascript, etc...at least have given some thought to security). Personally, this is one of the main reasons at this point that I don't want to hassle with MicroSoft software. Originally I didn't want to support the company as an ethical stand, and I thought the software just sucked. Now, the potential hassle of running the software and dealing with the security whole of the day introduced by the latest 'feature' of the day is just more than I want to deal with.
Jeff
Someone to sue...not really (Score:2)
There have been some questions raised about the legality of such "shrink-wrap" licences, but I don't know of any case in which they have been overturned. In any case the UCITA, which will soon by passed by the states, barring divine intervention, will put these licences on unassailable footing.
The way big companies protect their truly expensive hardware and software is with on-site support contracts with guaranteed uptime. These contracts tend to limit liability as well, and are available for open source as well as proprietary offerings (including Microsoft).
In short, if you want assurance about a software product, you need to spend a lot of money on a support contract or trust your staff to build reliable systems and support them well, no matter who made the software.
--
Re:what I'm wondering... (Score:1)
Bad Command Or File Name
freedom is slavery (Score:2)
--
Re:How'd it get out? (Score:1)
It is.
A fool is one who thinks he knows but does not.
Bad Command Or File Name
Re:DON'T use the MS Patch (Score:1)
Re:Microsoft ultimately responsible for viruses (Score:2)
To do out of ignorance those things is to be idiotic. Microsoft and the mindless morons who produce software for that crapware non-O/S platform encourage people to do both. This passes beyond the idiotic into a realm that is negligent at the best, and criminal at the worst.
Re:what I'm wondering... (Score:2)
Even if we were the idiots in Unix the way they are in slobbering consumerist MicroAppleSoft-land--and as some predict will inevitably occur if we `win'-- our hybrid vigor makes us strong. Their monoculture is an accident waiting to happen. And happen. And happen.
Apple figured this out, and are moving to a BSD platform. I've played with it, and it's nifty.
Oh but it does... (Score:2)
A lot of people on
Finally, this is news. This is the first (reported) email/web virus that doesn't require the user to actually run something. (Yes, viruses that didn't require execution existed before, but this one is the first (reported) web-virus.)
Re:This one is too late (Score:1)
1. Going to Windows Update isn't always a really safe idea, I've seen a perfectly fine computer (or at least it seemed fine) go to Windows Update and come back a corrupted mess
2. This hole should never have happened in the first place. Okay, Java/VbScript enabled HTML mail should never have happened in the first place either.
All I'm saying is that MS should do a bit more thinking/research before they release potentially dangerous features into their software. This is not even close to the first time nor will it be the last time.
Re:What worries me... (Score:3)
That's too small a piece of code for a virus scanner to recognise. There's nothing that's unique, to identify.
-NOW-, many virus scanners also detect changes to files. -This- could successfully recognise the bootstrap, no matter how small or how carefully disguised it was. As you say, it has to be executable. But this assumes you have a record of what the file -should- look like. If you've got a disk or a file that's infected, you won't know until it starts infecting other files.
Re:What worries me... (Score:2)
As Dec Mail would (by default) display the subject line of the message, when you received an e-mail, this means that you didn't even need to open the message to be infected. Receiving it was enough.
Whilst not quite as powerful as ActiveX or Javascript, the Dec shell scripting language was, nonetheless, very powerful. Easily enough to do everything BubbleBoy can do.
Re:This doesn't belong on slashdot (Score:3)
I couldn't disagree more. Now, there are lots of reasons why I think this is interesting and worth talking about, but disregarding all of those, the simple fact is that
Beyond that, Bubbleboy isn't just any old virus; it's the first self-executing email virus, and probably the closest any virus has come to the 'ideal' of infecting a machine despite the user not doing anything wrong (no, running Windows doesn't count). Indeed, your assertion that "Slashdot readers are extremely likely to know about the dangers of viruses, and what measures to take to prevent catching them," is precisely why this story needs to be run--because Bubbleboy turns the conventional wisdom on viruses on its head a little bit. (Of course, one could argue that that's because most viruses don't actually target OS bugs, but rather legitimate functions; in some sense, Bubbleboy is more of an exploit than a virus.)
In the end, I think (and not that I haven't felt like posting "does this really belong on
The thing is, it doesn't hurt you one bit for this article to be here. If the subject doesn't interest you, then fine: move along. But don't automatically presume that everyone agrees with you. Just because (wow--just clicked on your user info) you were around when
I suppose what I'm trying to say is, let the people in charge of
AMEN- Moderators UP the rating on this one! (Score:1)
While I'm a Linux coder/admin, the place I work for has standardized on Outlook/Exchange for their e-mail; this is a frigging nightmare for us to have to endure (Thank the Lord I've got daily backed up CVS repositories for our code- it's the only thing that saved places like Dell when they got ravaged by Melissa (MS lost months of work in some cases- Dell lost only a day's worth of work.)). All of you might think a catastrophe or even a scare caused by something like this would wise them up- you're dead wrong. The management types (the clueful and the PHB variety) don't usually think the same way you do and they won't automatically make the connection to blame the true cause, MS- so don't cop the attitude that you're ok and everyone else can just go to Hell in a handbasket because they basically did it to themselves (Yes, I know that it is these people's fault- but the best solution is to prevent the catastrophe and show them via this problem the error of their ways!).
Almost everything that has shown on this site belonged here. Not everyone here is a Linuxhead- it's wrong to assume that this is the case. If someone wants primarily Linux-only news, might I suggest LWN or Linux Today instead of
Re:Side notes (Score:1)
Sort of. The Preview pane isn't really required; opening the message will do just as well. The Preview pane just makes it happen a little more automatically.
I'm not sure what you mean by "somewhat". In order to display the message at all, whether in the Preview pane or a message window, the mail client has to process the HTML and execute any embedded scripts. This is how the virus is activated.
More than one virus (Score:2)
Microsoft ultimately responsible for viruses (Score:2)
The primary reason we don't have viruses for Unix operating systems is because of our security model. The primary reason you do have viruses for Microsoft's soi-disant operating systems is their lack of a sound security model. There are others reasons, but this is the crux upon which hang untold zillions of dollars of needless costs.
Re:what I'm wondering... (Score:1)
I used the original Revenge of Mozilla and ran Win98 with I.E. 3.02 instead of 4.
Re:WARNING!!!!!!! INTERNET VIRUS (Score:1)
Digital Evolution? (Score:1)
Re:what I'm wondering... (Score:2)
But lest you think these people peculiar in this, notice please how virtually every definable sub-group delights in forming their own invented jargon, and that these sociopaths (crackers) are no different in this regard. Why? Because an "in-speak" serves to separate the "them" from the "us". Anybody who thinks about it for half a second can come up with numerous examples in each of the discrete groups that they belong to. It's just something that we humans do. We like to know who's who, and who's not. It's part of defining the sub-group. The use of the k3w1t0k (yes, that word is an autolog :-) *virii is one such marker.
Bingo! That's exactly right. Microsoft is guilty of selling a system that they know is designed to be easy for anybody to blow up. It is missing the customary and expected safety mechanisms that have been common knowledge for several decades now. I'd like to see Ford Motors get away with this sort of complete negligence. I wish as many people were as upset with the utterly unreliable crapware (speaking of subgroup-specific neologismsClass action lawsuit, anybody? :-)
Re:What worries me... (Score:1)
This has been done. As a matter of fact, one of these came across as a /. story about a half year ago. The virus took advantage of internal fragmentation on FAT fs's. I'll look for the url...here it is. [slashdot.org] The informational link from there doesn't appear to be valid anymore, but that virus hid itself in files without changing their size through the method you mention.
Re:Microsoft ultimately responsible for viruses (Score:2)
s/I/a user who doesn't understand their computer/ :)
s/Florida/Florida/ (perhaps you originally meant Colorado?
While I think your attack of Microsoft is just a wee bit of a stretch, I agree that MS OSs have negligible security. They were built for non-networked computers, where physical security is the most important type of security. (Not that fdisk /MBR c: was much fun. :)
Re:Microsoft ultimately responsible for viruses (Score:2)
Re:what I'm wondering... (Score:2)
Ah, and precisely which assembly language would that be?
There is truth in that. No matter what, the virus would fail on some percentage of the machines attacked due to being for the wrong archetecture/instruction set. That would make things much harder for them. So far, only 'THE WORM' has gotten around that problem to my knowledge.
Re:How'd it get out? (Score:1)
I figure that if one person could figure out the hole, someone else could as well. Especially considering that there were enough "hints" in the various and sundry articles notifying the world of the existence of the hole in the first place. Conspiracies aren't necessarily everywhere.
-t
DON'T use the MS Patch (Score:1)
Believe me if I could get away from using Win/Lose 95 and 98 at work I would! I am stuck however with this loser device that breaks on a regular basis anyway. I should have learned my lesson the last time that a MS patch broke the damn thing.
Rule number one, "If it ain't broke, don't fix it." I have never had a problem w/ viruses using windows because I don't open the attachments.
Later
Y2k Flunky
Re:Bad fixes. (Score:2)
You have to treat the cause, not the symptoms. The viruses are the symptom. Microsoft's inability to design a robust, security-minded operating system is the cause. And installing one of the innumerable Linuces, a BSD, or various commerical Unixen (yes, those are bogoplurals :-) is the most cost-effective cure. It's difficult to imagine Microsoft ever escaping from the single-user ghetto mentality in which they have sequestered themselves for all these years.
Re:WARNING!!!!!!! INTERNET VIRUS (Score:1)
Although it's fairly obvious from actually reading the comment anyway, the Good Times virus warning has been around for who knows how long. I first got it about 6 years ago, I think (and have gotten it 5 or 6 times since). Practically everyone who has an e-mail address has gotten it. Yes, it's a hoax. It's obviously a hoax. It's the oldest hoax in the virus hoax book, and countless debunkings have been written, centering around the very important point:
"You can't get a virus just from reading an e-mail message."
Oops. Microsoft certainly is redefining the way we think about computing...
--neil
Re:what I'm wondering... (Score:1)
M/S (Score:1)
Re:what I'm wondering... (Score:2)
MS attracts the most virus writers because it's an easy target. All you have to do to wipe out the system is get your code executed (and there are MANY ways to do that). In Unix, (where there is real memory protection, and the GUI isn't running in the same ring as the OS) you have to get your code run as root to do much damage.
By no means do I claim that Unix is virus proof (it certainly isn't!) but it's a harder target to hit. If the virus writer wants to attack Unix, assembler and a knowledge of the OS is a must. Macro and VB writers need not apply.
I suppose the real difference is that the Unix world designs to minimise the risk of such things, and MS designs for whiz-bang features and then band-aids over the holes.
Re:what I'm wondering... (Score:1)
i found this rather funny too, thanks for the pick me up:
"You can't uninstall IE on Windows '98. Its security holes are seamlessly integrated with the operating system.
Did you miss the Microsoft trial, or what?"
Re:How'd it get out? (Score:3)
Uhm, isn't that exactly what all the Linux distributions do when a security issue is found? I remember one of those "hack this box" PR things where everyone complained that they hadn't gone to the Red Hat site and installed the security-related updates.
What worries me... (Score:5)
However, I guess I can look at the bright side. I've been worried, for a long time, that a virus writer would exploit file dead-space. There's plenty of room at the end of most binary files to tuck a routine or two, then all you'd need is a bootstrap and some way to re-assemble the fragments in the correct order. A trivial task.
This would give you an almost undetectable virus, as many virus scanners check files, not sectors, and the files themselves would be unaffected.
Even if you -did- write something that could detect a fragment, all you do is clear that fragment. It'd be child's play for anyone to re-write a single routine. The bootstrap/saver routine could probably do that.
In essence, something like this would be a virus OS, rather than a conventional virus. Conventional viruses can be dealt with, but a virus OS is a much greater challange.
Re:This doesn't belong on slashdot (Score:2)
Re:DON'T use the MS Patch (Score:3)
Re:More than one virus (Score:2)
I looked through the vira entries that your cite referenced as well, but of those that one could pull up via a link, none actually used that form. I don't have the non-linked source at hand. How do you explain Ammian [perl.com]?
I'm still looking for more sources, and will happily update my document if and when new research turns up, as it did recently.
And I'll still use viruses when writing English. :-)
Re:Illegal to write a worm? (Score:2)
Microsoft released this patch in August, people! (Score:4)
But anywhow, I just wanted to point out that Microsoft released the patch for this vulnerability in August. That was a few months ago; way before any viruses had actually made use of the hole. In fact, I also remember a Slashdot post being made about the patch, and it got quite a lot of media coverage. Yes, Microsoft was alerted of a vulnerability, and they fixed it, months before anything actually exploited that vulnerability.
And yes, if you use a vulnerable flavor of Windows and were too stupid to upgrade, you deserve to have your computer's Owner name and Company info reset. Heh, geez people, it's not like BubbleBoy is malicious or anything... ;)
Re:It isn't an antimicrosoft conspiracy (Score:2)
Based on their behaviour, I'm inclined to believe that MS really doesn't care about security. One of yesterday's articles [cegadgets.com] showed that WinCE XORs your NT password against a FIXED KEY in it's registry. That's about as secure as rot-13 in usenet. If they had the slightest bit of concern for security, they wouldn't do that. I would have thought they had learned in the 80's when they used roughly the same sort of scheme to password protect word documents and a cracker program came out that could retrieve the password in under a second.
Re:Microsoft and patching (Score:3)
Sure, it's the user's fault for not patching...
I have to disagree with that. If the user is informed, yet choses not to follow up, then it is their fault. However, a lot of us here tend to forget that:
1. Not everyone is a computer expert, and a lot of people don't know what a patch is, let alone where to get one or what to do with it.
2. There's nothing wrong with that.
My sister bought a new computer last year and is happily browsing and ICQ'ing away. She doesn't know Jack about security, nor do I believe she should be expected to. I mean, should every newbie make support.microsoft.com their home page, and check it for new misfeatures every time they go online? That's not reasonable. The vast majority of users simply want to get on the 'net and run around without having to bother with all of this, in much the same way that they want to use the phone without knowing the difference between packet-switched and circuit-switched networks.
Yes, I think that people should learn more about their new computers than most people usually do. However, I think that patching goes beyond the skills and abilities that the average user should be expected to know.
To make an analogy, have you checked to see if there's a recall on your car? No? Why not? Consumer Reports lists current recalls in the back of their magazine, so it's publicly accessible information, but I'd dare to state that not many people bother to check. So, if someone's defective car causes an accident, was it their fault for not taking it in for a "patch"? I guess, technically, it may be. In reality, though, I don't think that's a reasonable expectation.
It isn't an antimicrosoft conspiracy (Score:4)
Most virus writers will, therefor, statistically use Microsoft's products.
Most virus writers will target systems with which they are familiar, which happens to be Microsoft's products.
Thus, most virus/worm/trojan products target Microsoft products.
The fact that such an overwhelming number of these attacks are successful, indeed devistating, is a testiment and real world demonstration of just how severely flawed Microsofts entire security paradigm continues to be. That the so-called "service" packs and security fixes generally break more than they fix (whether maliciously or through negligence) is a strong indication of how flawed Microsoft's development process and QA/QC procedures are.
Re:Microsoft and patching (Score:2)
Re:Illegal to write a worm? (Score:2)
I'm sure it's been written up, and IIRC there were some charges that actually stuck...
Re:what I'm wondering... (Score:2)
Re:Microsoft ultimately responsible for viruses (Score:2)
The concepts of protection and security are relatively new concepts in the personal computer world. Microsoft has never really embraced these concepts either, it would seem, and I imagine it's because most of their customers don't care. (Or, at least didn't care.) Rather, they seem to be more interested in the opposite -- integrating everything with everything else and separating nobody from anything.
Part of the reason for this, I imagine, is that the original user base for PCs and related equipment really didn't want anything in the way between themselves and the machine. The OS was a glorified boot loader that additionally provided some useful routines. Look at the Apple ][, Commodore 64, IBM PC, etc. at their inception. The only machine that truly insulated you from the hardware (TI-99/4 and TI-99/4A) died earliest.
I remember someone musing around this time (early/mid 80s) that the hardest thing you could try with your computer was to hook it up to another computer. This remained largely truly until the last decade, and for the bulk of non-business computers, the last few years. Is it any wonder that the notions of security and paranoia just aren't built in?
--Joe--
Dark side of the force (Re:what I'm wondering...) (Score:3)
It didn't do any harm, it didn't "infect" EXE files and I did it just to find out if it was possible and what writing a virus is like.
Scary thing though that this simple program (just a few lines of code), despite being harmless and doing its task clearly seen in the open light (is that an English phrase, anyway) followed all the requirements to be called a virus. Today's macro viruses actually do exactly the same thing.
While I never spread "my virus", it was an interesting experience. From a pathetic viewpoint, those virus writers could be called seduced by the dark side of the force; being among crackers, script kiddies and other menaces to IT society must be like being in a street gang. They have their own set of values of what is "cool" and what gives you "respect" among the peers.
It sure would be nicer if those talented hackers (which they often are) would use their talent for something useful and write "good" software to gain a kind of respect that's actually worth gaining...
To answer your other question, I doubt that MS itself is the target. A virus must find a common platform as a host to spread itself, and Microsoft software, both Dos/Windows operating systems and Office/Outlook application software, are commonplace. This makes an obvious target.
------------------
WARNING!!!!!!! INTERNET VIRUS (Score:3)
mentality.
What makes this virus so terrifying, said the FCC, is the fact that no program needs to be exchanged for a new computer to be infected. It can be spread through the existing e-mail systems of the Internet. Once a computer is infected, one of several things can happen. If the computer contains a hard drive, that will most likely be destroyed. If the program is not stopped, the computer's processor will be placed in
an nth-complexity infinite binary loop -which can severely damage the processor if left running that way too long.
Unfortunately, most novice computer users will not realize what is happening until it is far too late. Luckily, there is one sure means of detecting what is now known as the "Good Times" virus. It always travels to new computers the same way in a text email message with the subject line reading "Good Times". Avoiding infection is easy once the file has been received- not reading it! The act of loading the file into the mail server's ASCII buffer causes the "Good Times" mainline program to initialize and execute.
The program is highly intelligent- it will send copies of itself to everyone whose e-mail address is contained in a receive-mail file or a sent-mail file, if it can find one. It will then proceed to trash the computer it is running on. The bottom line here is - if you receive a file with the subject line "Good Times", delete it immediately! Do not read it" Rest assured that whoever's name was on the "From" line was surely struck by the virus. Warn your friends and local system users of this newest threat to the Internet! It could save them a lot of time and money.
--- cut here ---
ah yes. it's true what they say about fiction becoming reality. and we have microsoft to thank.
--neil
Re: (Score:2)