Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×
News

Virus Costs Dell Millions in Ireland 149

Posted by Roblimo from the only-the-name-was-fun dept.
ruggerbugger writes "Dell's production plant in Limerick, Ireland was [temporarily] shut down due to a funlove virus causing the recall of 12,000 computers... For full story see the Irish Times."
This discussion has been archived. No new comments can be posted.

Virus Costs Dell Millions in Ireland More

Virus Costs Dell Millions in Ireland

Comments Filter:
  • You'd think that if they have a machine that does nothing but control the installation of software to the new units, they would not do much other stuff on there, so I would be really interested in how they managed to get a virus on there. Unless of course they stuff their new PCs with copies of Win2000 that they warezed off the net.
  • While some people may wish to believe the Chinese government has no plans for e-warfare, it is already happening, and has been for some time, among hackers and their targets. This includes electronic warfare between corporate organizations, and even already among governments (such as the US and Iraq).

    Virii, whether intended to be amusing or destructive, can cost companies or countries millions of dollars when they strike networks. This is an obvious form of electronic "munition", and intentional or not, virii have damaged a number of corporations economically. Most companies have recovered from these virus attacks, but it is clear that virii and other threats are still quite a problem.

    It's amusing that this story and the China story came so near each other. Maybe it's the Chinese ;-P
  • The y2K issues aren't going to be about a computers internal dates, they will be about all the wierd lamers and fanatics out there that think it's a handy date for them to do their stuff while people are recovering from their hangovers.

    Who knows how many virii there are out there that lie dormant until 1/1/00, who knows how many hackers there are, or indeed even bombs out there with detonators set for 00:01 1/1/2000

    I might be paranoid, I might not be, all I know is that humans are a strange breed in general and do some very silly things.

    Still, I don't much care, I'll be hungover :o)
  • How many times has this same sort of thing happened in the past?
    I know I've heard of it a few times in the last few years.
    But I can't remember who was effected or when.
    Anyone have a better memory then me?
  • "The FunLove virus infects both desktop computers and computer servers running Windows 95, 98 and Windows NT operating systems."
    Another one in the eye for Billy G! Excellent PR for Microsoft (not!)- this will surely make the financial pages of international media. PHB's don't really understand stuff like "inherently weak security model", they just believe the Redmond spin doctors advice. But £14 Million, now that's something that will get their attention. Hear that mindshare slowly deflating in your bosses brain...
    OTOH, it's bad news for Dell - they were doing well, last time I saw an article posted on /. about them. Maybe this will mean they push their preinstalled linux boxes a bit harder! :)

  • Security (Score:3)

    by Hermetic ( 85784 ) on Thursday November 18, 1999 @02:11AM (#1522728)
    A car thief once told me "There is no such thing as complete security. All your precautions are going to do is stop the incompetant, who aren't a danger anyway, and slow down the professionals, who won't be stopped at any rate." Or maybe it was my dad.

    Either way, no amount of virus protection will stop all virii. This should not be seen as a setback for Dell, but be a time for rejoicing. Dell actually admitted that there was a problem, has attempted to correct it, and not tried to hide any of this from the public. All at great cost to themselves.

    Many other computer companies would simply hush up a problem of this magnitude, but Dell deserves our praise for coming forward and correcting a problem publicly.
  • I agree. As with any other case of virus infection of computers, it is the user's fault. In this case, the user was a huge company buliding the things...but it still seems like this could have been easily prevented.

  • Notice my email address; it's at ireland.com . I can pretty much forget about checking that for the next few hours. Bastards.

    On a lighter note, last year I took a train from Dublin to Limerick for a job interview with Dell. The two techies told me I more or less had the job, but the HR guy equivocated. I got another train home, and never heard from them again. Not as much as a PFO (does that term enjoy currency outside Ireland?).
    Anyway: I can't condone the use of viruses (or viri, but not virii), but I did laugh. Hard.
  • Applause to Dell for handling the issue in this manner! I never bought Dell, however this story increases my trust in this company. So I will more likely become a customer in the future.

    Other companies would probably only offer a service pack several month later...

  • I wonder how long time the virus had gone undetected? They recalled 12,000 units so if anybody knows approximately how many they make per day I guess we could figure it out. My guess would be 4-6 days?

    It really leaves you wondering what they were doing. The issue does not, to me, seem to be one of current virus software. No virus software is current: there are always new, undetected viruses out there. Rather the issue seems to be that Dell had failed to isolate their production computers from the network the administrators used for surfing the web and installing unknown games (or whatever) on.

    It could be a lot worse. Somebody could have installed a backdoor program and used this to change the configuration of all new Dell PCs such that they fail to work on Jan 1, 2000.

    Oh. Maybe they have :-)

  • You obviously haven't seen *my* car alarm :o)

    At the first sign of tampering, it sends a masive electrical current through the body of the car - if anyone happens to be grounding it...

  • Can someone from the Emereld Isle tell this yankee what "automatic delivery" is? Here in the states, we have to contact a third party specializing in package delivery, like UPS or FedEx, for large boxes like computers to go anywhere ;)

    Eric

  • Installing AV software afterwards (Score:3)

    by Nodatadj ( 28279 ) on Thursday November 18, 1999 @02:27AM (#1522735) Journal
    The last line in the article. Look at all the companies that installed AV software afterwards. You would think that at least Microsoft would have decent AV stuff running.

    Antivirus procedures in most companies is a joke.

    I went round upgrading Win95/98/NT for Y2K compliance (another joke) in a very important company in N. Ireland over the summer, and everytime we did a computer we ahd to copy a Word document to the hard drive and fill it in, date, time etc. Then we copied it to a floppy. When we finally got all the disks back there were 4 different boot sector viruses on them, and numerous Macro viruses. All the computers were running virus checkers, so the PHB's all thought they were safe from viruses. The only problem was that the checkers were 4 years out of date.
  • This virus seems to be a relativly mild and easily controlled virus I was wondering about the possible threat of the recently availible Bubbleboy virus.

    Given the ease of its transmission and the number of users who will not upgrade their email it appears the potential for infection is enormouse.

    But how big? Will it be big enough to make a dent in internet bandwidth (a la the internet worm). Or will the fact that it is a virus and not a worm prevent such widespread network clogging?
  • My PC was one of those held up by this problem, and whilst it's irritating not to get my hands on my new kit I think Dell have delt with it very well. I got a very apologetic phonecall and it's only going to be a couple of days late - far better than sending out infected machines.

    Somatizer

  • A Limerick! (Score:3)

    by kmcardle ( 24757 ) <ksmcardleNO@SPAMgmail.com> on Thursday November 18, 1999 @02:28AM (#1522738)
    There once was a man named Dell
    Whose computere truly were swell
    And he said,
    as the computers were recalled
    Whoever did this is gonna catch Hell!
  • Same shit, different delivery people... (dhl or something)
  • Maybe next time I am forced by my employer to buy hardware from Dell, I will try to order from Dell there.
    Here in the states several machines I ordered were delayed over three weeks.
    And everytime *I* called to see when I would be getting them I got a different anwser.
    All of which amounted to about the same thing "We couldn't care less."

    I've started to notice this is true. That out of alot of other countries I have talked to people from.
    Here in the US we seem to get the worst customer service. Do they treat the employees bettter other places, or is it something cultural?
  • My attempt:

    There once was a man from Stab City
    Who was feeling remarkably shitty
    For the swing-shifting sap
    Caught the digital clap
    So they shut down the plant, more's the pity.

    Note for tourists: if you're in Limerick, don't refer too it as stab city. You'll be stabbed.
  • Talk is Cheap!

    Insulation is cheaper.
  • Hmm, doesn't really scan, does it?

    How about:

    There once was a man named Dell
    Whose computers truly were swell
    But he said, appalled,
    as they all were recalled
    Whoever did this is gonna catch Hell!

    Hey, Open source poetry!
  • I am getting tired about hearing how Linux is immune to computer viri, it simply isn't. The main thing preventing people from writing a Linux virus is good-will towards the operating system. People's main argument about why Windoze is insecure is because a user, or user process, has access to the entire file-system. The thing is that any installation script running as root (as most require) also has access to an entire Linux box. If I were so inclined, I could probably go out tomorrow and write a very simple Linux virus (note I said "could" not "would") that could cause serious damage - for example I could create a Perl script which searched for other perl scripts on the local hard disk and discretely merged itself with them. I could then make this script run as part of a "make install" on a simple utility I could distribute. It would be easy.

    --

  • Re:A Limerick! (Score:3)

    by GaspodeTheWonderDog ( 40464 ) on Thursday November 18, 1999 @02:52AM (#1522748)
    Ah... how about

    There once were computers in Limerick
    And funlove had been making them sick
    Dell recalled them for free
    Without any glee
    So they wouldn't get sued by some prick
  • Electronic warfare? I doubt it. We're just witnessing an OS that was designed like a petri dish. It has neglegable security and poor design. Why does it organized help from governments to destroy it?

  • ROTFL (Score:1)

    by azatoth ( 3621 )
    I can't stop laughing. Will they send the bill to microsoft ?

    Any company pre-installing that looser OS deserves to be mass infected.
  • What's the P? Please?
    Yeah; please. It's a term I've heard from a whole bunch of people, none of whom knows the others, and I've never met anyone who didn't know what it was. Until now.
  • When I bought my current laptop I ordered it by credit card and had it the next day.

    I ordered an Inspiron 7500 with the new cool 1400x1050 15" LCD 11 days ago over the Internet, and it took them from that Tuesday until the following Monday to debit my credit card.

    While I was trying to use their order tracking page, it threw up Visual Basic (hmmm) exceptions, variously Out Of Memory and some other ones I forget, returned to the browser in HTML by their server. I called and waited out the queue for 6 minutes, only to be told by the customer service muppet that the problem must be at my end, ''because no-one else has reported any problems''.

    They are quoting delivery expected on 13 Decemeber, but I find it hard to have much faith. The worst thing is Dell running TV ads in the UK at the moment where the sleek, rich Michael Dell oozes on about how customer service is so important to him.

    In short, bad vibes, frustration, and poor service, and that's before they even debited my card!
  • Werrllll... Given that I've had to install machines from Dell that didn't work straight out the box, it wouldn't surprise me if they had virii on them too.

    The deal was this: we took shipment of a whole bunch of Dell PCs with their supposedly useful auto-install Win95 thingy on, so you could turn them on, agree to the license and it would install Win95 from a CD image on the hard disc. Only, because of the massive amounts of custom hardware on the mobo, it didn't work, and in quite a major way. The machines firstly died during initial installation, requiring a reboot. They then just about made it to the Win95 desktop, but didn't autodetect any hardware, so you had to restart the machines again, which crashed them. Rebooting into safe mode, shutting down, and restarting finally persuaded them to autodetect the onboard hardware, and then a final reboot bought them up in a 'useable' state.

    I repeat, these machines were *straight* out of the box, with no weird setups or anything. My feeling is that if Dell quality control is lax enough to let this kind of thing slip through, I'm not at all surprised a virus made it onto their machines...

  • It's this kind of financial and PR poke in the eye that makes a company like Dell seriously question their reliance on Microsoft. This will become even more clear the first time the headline reads "Lax Windows security Costs Dell millions".
    ---
  • I knew it wasn't perfect, but I just had to get it out of my system.

    I will apply your patches, generate a new tarball, sprinke it with holy penguin pee, and put it on freshmeat right away. 8)

    Thanks for the fix.
  • Can Linux catch a virus? Well, send a loaded email to my ISP. They happen to run Linux, use Pine for email, and under user accounts. There you have three reasons why the system files will not be corrupted.

    Now I hear people say virus can infect anything regardless of what operating system I have, no matter how secure I think I am. Well, I haven't learned how to do scripting in Pine and I can see non text funny stuff from spammers and friends like a trojan. Things between the mailers like pagers, routers, copper wire, and your modem, etc., just really are not designed to host a virus. But when you run it on a Windows system that takes security as a joke, be prepared.
  • Dear god that is just...what a fantastic statement, if their Linux installs were infected by a Trojan would you scream "Hur hur hur! Linux's security model is so weak to allow such a breach! Hur hur hur!"

  • Re:Security (Score:3)

    by davie ( 191 ) on Thursday November 18, 1999 @03:07AM (#1522758) Journal

    Either way, no amount of virus protection will stop all virii.

    From the davie is a Pedantic Weasel Department:

    Found this interesting tidbit yesterday. The plural form of virus is "viruses". viri is the nominative plural form of the Latin vir , which means man. See: http://doriath.perl.com/misc/virus.html [perl.com]

    From the referenced URL:

    The crucial problem here is that, classically speaking, there appears to be no recorded use of virus in the plural. It was a 2nd declension noun ending in -us, which is rather common, but it was also a neuter, which is rather rare. I could only come up with three such 2nd declension neuters: virus (some poison), pelagus (the sea, usually poetically), and vulgus (the crowd). None appear to admit plurals. Perhaps this is because they are mass nouns, not count nouns. [3]

    FWIW, maybe Dell should consider using Linux or BSD boxes to do their installs from now on. No guarantee against transporting infected files, but at least there's a smaller chance (near-zero?) of infection of the actual host machines.

  • So Windows needs to bundle anti virus software with the operating system now in order to meet your security model?
  • Oh, I am such a chronic editor...

    Let's try it this way:

    There once were computers in Limerick
    And funlove was making them sick
    Dell recalled them for free
    Without any glee
    So they wouldn't get sued by some prick

    Now it scans. ;-)

    - Robin

  • Second note to tourists: don't rely on the taxis. There are about two of them and they never turn up when you want.

    Last time I was there I spent an hour in the univerity car park waiting for a taxi, getting very cold.

    Sorry, I'm just bitter.
  • I think it's very sad that this post was marked down as flamebait. I'm using my this messsage, with my +1 bonus to bring attention to it. Please click the parent link of this message if your threshold is 1 or higher.
    --
  • Sad, but true at many sites. As usual, human operators are to blame. The average company has no problem paying some newbie $26k/year to run around like a madman putting out forest fires.

    Then when he gets a few years and certs under his belt, they refuse to keep him because he's too expensive. Oh, and that systems management software he wants so badly to run silent updates? We don't need that! :-)

    On another note: MS actually has no AV whatsoever. Somehow, they've completely missed buying up that market... :->


  • My guess is that $delivery-company just came twice a day and picked up the boxes at the loading dock.
  • The point is that an operating system is only as secure as the software you run on them (as was demonstrated by a well publicised failure of Linux in recent security tests). Unfortunately many people choose to write and use stupidly insecure email software, if the same software was available for Linux it would probably be used just as widely, and make Linux just as susceptible to this type of attack.

    --

  • if the same software was available for Linux

    We could be doing "what if..." all day. The point is now that Linux is not designed that way.
  • That really didn't seem like flamebate to me! (Hopefully it will be vindicated in MetaModeration) It's a valid point...is linux immune to virii, or has no one written one yet?

    The Evil Perl Script described ('though I guess it is more of a trojan horse) sounds plausible to me.
    What about linux is actually supposed to stop it from being infected?

    And remember, before Melissa came along, the most famous evil nasty program was the Internet Worm, which lived squarely in *nix camp. (Although it predated Linux, does anyone know if the security flaws it exploited ever existed in the linux sources?)

    Dana
  • Actually, IIRC there was a buffer overflow in Pine which could be exploited (long since patched of course). If you download and run unknown binaries on Linux, you are vulerable to trojans, and to a lesser extent viruses. The one thing that makes Linux less vulnerable to malicious software is that a user's access to the machine is limited, as in NT. If a malicious program is run by root (either intentionally or through an insecure setuid program), there is no protection.
  • You're right. A virus can't affect a Linux system if it's operator is using it like an antique "Glass Teletype" machine.

    Here's a secret you might need to hear: Most people don't use their machines as glass teletypes anymore. Frightening as it may seem to you, most people have moved beyond the 1970's computing paradigms. As (I should really say if) Linux becomes more popular, the viruses will proliferate. Unless you can convince people to get all nostalgic and embrace the TTY non-GUI.

  • When the file is opened under the basic operating system DOS, it launches the message "Fun Loving Criminal".

    I wonder what kind of OS Windows would be? Certainly not "basic." Yi!

    bradley

  • I guess that's the luck of the irish right there. (sorry.. had to be said)

    ---
  • Frightening as it may seem to you, most people have moved beyond the 1970's computing paradigms. As (I should really say if) Linux becomes more popular, the viruses will proliferate. Unless you can convince people to get all nostalgic and embrace the TTY non-GUI.

    It's not about the GUI, it's about the security permissions. You can run any damn window manager/GUI you want, but if you routinely login as root, you're an idiot who deserves whatever happens. If you're not root, you shouldn't have permission to access any files you don't need, and then only with the minimal permissions you need. That, in fact, is pretty much the point of a multi-user system.

    Of course, it's awfully difficult to explain to a windoze luser why they can't delete the system files, and why they're not allowed to edit /etc/passwd, and why they can't run that administration tool. The multi-user aspect just doesn't make sense to the average Joe User, esp. if it's a machine on their desktop. I've encountered this before: "Multi-user? Who else is using my computer??!?"

    Any operating system is vulnerable to a virus. Period. Linux has very few viruses. There are none that I know of that can hose your system unless you're running as root (idiot). While I concede it may be possible to integrate a root security breach into a virus, so that it could do what it damn well pleased, I don't think any like this exist yet. And even so, once the security hole would be patched (quickly), that virus would no longer proliferate well.



    ---
  • It doesn't seem that Dell is at fault here. If they applied a virus pattern file update last Thursday (Nov-11) and detected the virus, it makes complete sense. The virus was added to Network Associates' (McAfee's) list [nai.com] on Nov-9. Which means that two days after the virus was identified by the anti-virus community (and probably the very next pattern file update), Dell found it in their systems. Per the page at NAI, the virus is detected by the pattern file due out today.
    This doesn't seem to be something we can blame Dell for.

  • Anyway: I can't condone the use of viruses (or viri, but not virii), but I did laugh. Hard.
    Actually, viri ("men") means more than one vir ("man"). That's the short story. There's also a long story [perl.com].
  • There once was a rich man named Dell
    Whose computers all truly were swell
    But he said, quite appalled,
    as the 'putes were recalled
    The prankster is gonna catch Hell!

    Scans even better now...

    --
    This is my cubicle. There are many like it, but this one is mine.
  • Yepp, like Microsoft...
    They would deny it and then when it is proven, call it a "feature" :-)
    We have begun to like, or atleast except, the Microsoft "features" have we not? If nothing else, they give us something to joke about...
  • Actually actually, if I remember my latin correctly, the plural of vir is vires. It's a fourth (or is it fifth?) declension noun, and it declines like rex. (vir, vir, virem, viris, viri, vire). So viri would mean 'to or for the man'.
  • > People's main argument about why
    > Windoze is insecure is because a user,
    > or user process, has access to the
    > entire file-system

    Not true for NT (despite the flamebait earlier on this thread about an 'inherently weak security model', the /model/ is actually pretty damn good (where are the Access Control Lists in Linux ?) Mind you, the actual implementation of the model has been repeatedly demonstrated to be weak. That's where the open Source 'engineering' argument kicks in.

    I agree with everything else you say :)


    --

  • I think the moderation is fair, although he makes a good argument. Flamebait means that we'd just be discussing off-topic details back and forth. It would be an argument for argument's sake, and happen everytime such a topic is raised. It's too controversial, hot, hung up in definitions and perspectives, too black and white. Remember, a 0 doesn't necessarily mean the post was _bad_..

    Myself, I find it silly to discuss wether Linux is virusproof or not, in the manner it is usually done on public boards. Nothing is by definition. But that doesn't mean Linux isn't *MUCH* more secure than any MS Windows version regarding viruses. There are lots of obvious reasons for this, including extreme hate for Windows from potential virus-writers. Linux is also a bit more vulnerable to _effective_ viruses than Windows, due to lack of anti-virus software. But as long as no viruses are detected, noones complaining. In their post, however, some Linux-fans are indeed too confident in their favourite OS.

    About the perl script, a good idea, but not all Linux machines got perl. A meta-shell script may be better, but the real problem lie in how to spread this thing. First generation offspring would infect the very few who downloaded it from your site. That's fine, a good virus will spread anyways, possibly destroying the host after a long incubation time. But Linux lacks efficient ways for distributing the offspring viruses, without resorting to security holes. I really doubt you could make a really effective virus. The diversity of Linux and unix is just too great, and responsible users don't/shouldn't run as root very much.

    - Steeltoe
  • Yes, they are, but who cares? Educating people is far more effective:

    On most maschines, we have a more or less up to date virus checker running. When installs a virus on his PC and complains about it, by policy, we reinstall the machine from scratch and delete all infected files. The user gets the standard lecture on how to treat data from foreign sources and to read warnings on the screen with graphic analogies (Would you eat a cookie with green and black patches offered to you on a subway by a hobo? So why are you opening everything spammer send you?).

    With lot of begging and cajoling, we may save a few crucial files. Usually less than ten.

    Most user get, after the first or second time, really careful, and the number of virus infections have been rapidely decreasing around here since we started this policy.

    Terror and pain are real good teachers sometimes.
  • From the Otto is a Rat Bastard Department:

    Found this interesting tidbit yesterday. The plural form of virus is "viruses". viri is the nominative plural form of the Latin vir, which means man. See: http://doriath.perl.com/misc/virus.html

    Okay, firstly, that URL is wrong. It should be http://language.perl.com/misc/virus.html [perl.com] ...

    Secondly, while I think Tom Christensen is a genius, I must say that in this case, he's just being annoying.

    Thirdly, anyone who corrects my speech in front of me generally loses a tooth. I don't stand for that crap from grown adults. :-)

    Language is a flexible, growing, evolving entity. It's not static. It's not about "correctness". It's about communicating your thoughts from one person to another. If I say the word "virii" and the other person understands me, then to hell with the OED.

    Frankly, I find that people who care about the correctness of a certain word (I find "ain't" to be a damn useful word), *generally* don't have the intelligence to understand much of anything else anyway. Especially those bastards that try to correct your pronounciation of a word. Oooh, those guys piss me off.

    FWIW, Dell should do what everyone else does. Create a base install, virus scan the hell out of it, then ghost the sucker onto every machine needed. If they're actually installing software in the normal fashion, I'd be awfully surprised.

    ---
  • But the first post, which essentially said, "HAHAHA Bill Gates, windows sux!!!", got marked up as Insightfuk, which would suggest that it was a topic of interest worth discussing. Then, Sanity posts a well thought out counter argument and gets moderated down, presumably because he wasn't pro-Linux enough. If the moderator disagreed with him, he could have posted a useful response to his argument, rather than just knocking him down a point!

    Dana
  • Drifting off topic, but...
    Not as much as a PFO (does that term enjoy currency outside Ireland?).

    I picked up the term "PFO letter" in university (while applying to grad schools :-) in central Ontario (Canada) and have heard it used by someone from Seattle. Haven't heard it without the word "letter" attached.

    (The "P" is for "please" and the term refers to a terse rejection form letter, i.e. no attempt to say "it was a hard decision" or "many highly qualified people applied"... just "we don't want you, go away")

    To bring this back on topic, did you get any idea, while you were there, how software in preinstalled and how the machine doing the installing might get a virus?
    -
    <SIG>
    "I am not trying to prove that I am right... I am only trying to find out whether." -Bertolt Brecht

  • No, you have missed the point. The point is that this has very little todo with the operating system, and everything to do with the software running on the operating system.

    --

  • Yes, the third declension noun rex has reges as its nominative plural, but vir ("man") was a pretty run-of-the-mill 2nd declension masculine noun ending in -r, like puer and magister.

    Virus, well, wasn't.

    Some sources report it as being an irregular 2nd declension neuter, like pelagus and vulgus. Other sources report that it was a 4th declension neuter, like status, impetus, or hiatus. None report that it declined as though it were a 2nd declension masculine, like dominus and abacus.

    Check out the rest of the story [perl.com]. It contains links to the wonderful Perseus Project [tufts.edu], which is devoted to on-line access to the Classics, including word searches and definitions. I think you'll like it. Here's my favorite entry point [tufts.edu] to them.

    Every time I read the malformation *virii, my brain pronounces it as it does viri, which in English sounds pretty much just like "weary", which also describes my sentiment. :-)

  • Well done! Does anybody happen to have the exact formula for a properly scanning limerick? It would be nice to know the accepted rule rather constantly trying to match again the Man from Nantucket. :-)
  • I don't think it's a surprise that they deal better with a real emergency than normal ordering/support. Day to day stuff is always harder to raise enthusiam (and standards) for. Not an excuse for poor general service I admit, but not unexpected.
  • Actually, _both_ are correct.

    Only, viruses is more commonly used in the States while virii is more common in Europe.

    I use Virii personally. I despise using the 'es' suffix on a word that ends with s. Icky.

    ~FnkyAlien
  • Theoreticaly, you are correct, but we could be doing "what if there was software written to spread viruses on Linux" all day. I have not been plagued by the bad software problem, but I do know Windows users that have been spending an awful lot of time over these virus issues.
  • Yes, but the post that started this thread was implying that Linux was immune to viri, clearly it is not as you now conceed.

    --

  • but the post that started this thread was implying that Linux was immune to viri,

    No, unless I am reading a different post than you. He suggested Dell should push Linux boxes harder. I supose you could interpret what the first poster said might suggest that Linux was a an alternative, but he did not state any facts about Linux dealing with viruses.
  • like linux.

    Would n't that saved them a lot?
  • Don't know what you purchased or from where, but I've bought about 300 Dell machines in my life and 100% have installed the OS correctly out of the box.

    However, I wouldn't want their default config anyway as I hate all the crap they load. So I wipe them clean afterwards (after I make diskette images for the drivers which is why I allow the OS to load).
  • Hey moderators - this is the best one! Mark it up!

  • There once was a fellow on /.
    Whose system was stable and crasched not
    'til he made a reboot
    and logged in as root
    now his system is known as a crash-bot

  • "Virii" isn't a word: true

    "Virii" is used by script kiddies: true

    "Virii" was coined by script kiddies: false

    The usage of "virii" as the plural of virus is older than the script kiddie phenominon. It is an instance of standard hacker word play, like the usage of "boxen" as the plural of "box", unices as the plural of unix, etc...

    For more info, see the Jargon file [ccil.org].

  • ... we despise Michael Dell and his whole company. As popular as George Bush III is to a liberal.

    Around my way, the names "Compaq" and "Dell" are never spoken unless followed by the phrases: "sucks", "really sucks" and the all time favorite, "really sucks big donkey balls."

    Even though we cannot "blame" Dell for the recall (under my breath: "suckass r&d, suckass tech..."), you folks seem so surprise. Dell does not make anything. Micron makes their own memory and a couple years ago came out with their own chipset. IBM can make everything they want.

    Dell is no better than your local mom & pop computer shop. They put together parts to make computers and that is it. The only Dell labeled product is on the faceplate of the case.

    Now do we see the importance of the Dell/IBM partnership. Dell had to merge not only to succeed but just to survive.

    In defense for Dell, they do have the option of shipping their servers with RH Linux install. This is definitely something I cannot get Micron to do



    ChozSun [e-mail] [mailto]
  • Sanity was specifically talking about install scripts. He showed a solid understanding of the UNIX security model and the behaviour of UNIX/Linux users.

    I cannot read Sanity's mind and cannot tell you his intentions. However, everything he said is true and the attack he envisions possible, plausible and devastating.
    --

  • The main problem with Windoze based OSes is the fact that it is impossible to easily switch from ordinary users to priviledged ones, without logging out and relogging in

    Uhm.. ever heard of su? Yes, there's a version of su for Windows NT. It's in the resource kit.
  • Perhaps someone should buy you a dictionary. I said that he *implied* that Linux was immune to viri, not that he *stated* anything. Here was an example where some computers were hit by viri, he suggested they use Linux instead, obviously he was implying that Linux was better when it came to viri!
    This line of conversation is rapidly beginning to bore me.

    --

  • an even bigger problem is that with the Windows OSes, users are rarely even told that such a thing as 'privileges' exist. you can install NT, 98, 95, etc. and never once run across anything about security. yes, you will be prompted to log into NT, but it's never resented to the user that you can actually create new users, or what the benefits of having different users would be, etc..

    crap
  • I said that he *implied* that Linux was immune to viri, not that he *stated* anything.

    True, he may have implied such and he did not state anything, but you stated a tirade about Linux viruses, not him. You are the one bringing up the FUD and now you claim you are bored. If you have a point to make with Linux being prone to catch viruses, why don't you simply email me one?

    If you are so tired about people complaining about Linux being immune, imagine yourself complaining about something theoretical (and difficult) that is not an issue. Its interesting for a moment, but arguably offtopic and flamebait.

  • Actually, if we're comparing apples and apples, let's throw Windows 9x out the window right now and talk about Windows NT. (Win 9x was designed to have no security, and to even defeat certain NT network security features. -- MS's answer to customers who want desktop security was to run NT, which predates 95 by a couple years.)

    And while there are many "incredibly stupid" NT users that run everything as local Administrator, many shops do not, and the model is certainly no worse that Unix's.

    Implying otherwise is either
    a) ignorant or
    b) trolling or FUDing
    --

  • MS-DOS 6 had a bundled AV scanner with a Win3.1 front end. One of the few products Microsoft ever dropped, rather than building up and taking over the market.
    --
  • Unclued posts arguably deserve a negative moderation. A deceptive post with faulty logic based on non-existent facts that utterly defy reality qualifies.

    That includes the idea that Linux is just as vulnerable. It isn't; no remotely-decent truly multi-user system with permissions is.

    A clued Windows 9X user is functioning as root 100% of the time. A clued Linux user, perhaps a couple % at most, if they're still testing their hardware configuration or installing additional system-wide software. Read up on permissions, and you'll see that there's a fundamental difference.
  • Only if it can also silently remount as rw, do 'chattr -i', obfuscate itself so it cannot be read, *and* be installed by enough users before anybody happens to notice.

    Not to mention that chroot jails are an option, and that there's often little reason for using a script when the binaries can be copied separately and there's no centralized registry that must be edited in oh-so-special ways...
  • It might be reasonable at least for an OEM to do it.

    It's certainly reasonable for either MS or an OEM to include some documentation that drops the hysteria (along the lines that "Viruses are mysterious things that can destroy all your files, anytime, anywhere... so you'd better buy our AV product!") in favor of some sanity (like "Be aware of the risks when getting files from untrusted sources, but if you just do WWW browsing, no explicit sharing, and don't use a let's-try-to-do-everything-under-the-sun mail client, you're pretty safe...").
  • It's not an academic definition, but I've always based limericks on five lines of anapests (unstressessed, unstressed, stressed); three, three, two, two, three. The first foot can be iambic without causing offense (as in the now-legendary man from nantucket, who also has an unstressed syllable appended).
    So your limerick (in morse) goes
    dit dit dah dit dit dah dit dit dah
    dit dit dah dit dit dah dit dit dah
    dit dit dah dit dit dah
    dit dit dah dit dit dah
    dit dit dah dit dit dah dit dit dah

    That's something I'd never have typed in using Windows; the old highlight/middle click makes things a lot easier.
    Of course, this is a rigid definition, unstressed syllables can be added or removed more or less at will an still maintain an aesthetic aspect. IMHO.

  • Security at Dell. (Score:4)

    by The Dodger ( 10689 ) on Thursday November 18, 1999 @07:12AM (#1522836) Homepage

    According to my "sources" (what a wonderful word - it could mean that I know someone in the plant, or that I met this guy in some bar...), security at the "EMF" (European Manufacturing Facility) is quite tight (e.g. metal detectors, etc.).

    They do more than just assembly of boxes - they do a bit of research there as well - e.g. Linux clustering. Although, from what I've heard, the fact that they don't know what the fuck they're doing, not to mention their inability to organise a piss-up in a brewery, means that they're not getting anywhere very fast.

    Allegedly. ;-)

    How is Stab City these days, anyway?

    D.
    ..is for DOH!

  • FUD stands for Fear, Uncertainty, and Doubt. Its a tool used by marketing departments and paid professionals to cause confustion and mudslinging [attaway.org] between otherwise rational people.
  • Perhaps this is why smarter people often have poor handwriting (doctors for example) and often bad spelling. This could be related to a smarter persons enhanced ability to decode information, which would make following a strict form of handwriting or spelling less useful to them because they will still be able to retrieve the information either way, and its quicker to write sloppy =] I think perhaps if I ever visit my old highschool I will adress this point to my old english teachers.

  • Unix Viruses and Culture Clashes (Score:5)

    by Tom Christiansen ( 54829 ) <tchrist@perl.com> on Thursday November 18, 1999 @07:35AM (#1522840) Homepage
    I am getting tired about hearing how Linux is immune to computer viri [sic; you mean viruses [perl.com]], it simply isn't. The main thing preventing people from writing a Linux virus is good-will towards the operating system.
    No, it's really far more complex than that.

    You are correct that it is no mean trick to write a program that can damage the system it runs on, largely irrespective of what kind of system we're talking about. And so long as you can hoodwink some unwitting user into executing that program on their system, that program can, of course, cause damages commensurate with the privileges and capabilities of that user.

    What you've failed to consider is how the dramatic cultural differences between Unix and the much-maligned consumerist toys serve to affect the issue to our benefit and their detriment.

    Probably the most important of these cultural differences is that Unix has historically been a source-only world. Programs are distributed in the form of source code, code which shall be configured, built, and ultimately installed on the target machine. Programs solely accessible in machine language form fall immediately under a taint of mistrust.

    Think back to the last time you read a notice from someone whom you've never heard of before that was asking you to go fetch some random binary program from some random place on the net and then to run that program under full sysadmin privileges? I can already see the incredulous Unix sysadmin reading that and bursting out in uncontrollable guffaws. Because the de facto standard for program interchange in Unix is as source code, a Unix programmer will be far less likely to fall for your ploy than would your average Prisoner of Bill, who has been lulled into gullibility by a binary-only culture.

    But for the sake of the argument, let's say that you've found a way to effect this trick. Suppose you're an employee of some reasonably respected company that happens to produce a binary-only distribution of their commercial software, and you decide to sneak something wicked into the binary image. You manage to replace the standard, clean copy on your company's ftp or http server, or even floppies or CDs, with your own naughty version. People are accustomed to downloading from your company, or using your company's floppies, so they do as they've always done, run the installation as the superuser, and you thereby have your way with their system.

    If this scenario were to play out, just how dangerous--how destructive--could it really prove? Whom could you harm, and who would be immune to your ploy? The answer is that you could only hurt those folks running the exact platform for which your binary had been compiled, and everybody is unassailable. By platform, I mean the whole feature vector that includes processor chip (eg Sparc vs Intel), operating system (e.g. SGI vs BSD), shared libraries (e.g. libc vs glibc), and site-specific configuration (e.g. shadowed vs non-shadowed password files.

    Let's not get too full of ourselves and pretend that the Unix culture's predilection for source-only program distribution derives only, or even mainly, from altruism. We have no choice in this matter. Consumer-targetted systems from Microsoft or Apple are two instances are a static monoculture, as vulnerable to mayhap as a field of cloned sweet corn. It only takes one genetically engineered virus to bring down the whole field. Unix is different.

    In his acclaimed essay, In The Beginning [cryptonomicon.com] , Neal Stephenson writes:

    It is this sort of acculturation that gives Unix hackers their confidence in the system, and the attitude of calm, unshakable, annoying superiority captured in the
    Dilbert cartoon. Windows 95 and MacOS are products, contrived by engineers in the service of specific companies. Unix, by contrast, is not so much a product as it is a painstakingly compiled oral history of the hacker subculture. It is our Gilgamesh epic.

    What made old epics like Gilgamesh so powerful and so long-lived was that they were living bodies of narrative that many people knew by heart, and told over and over again--making their own personal embellishments whenever it struck their fancy. The bad embellishments were shouted down, the good ones picked up by others, polished, improved, and, over time, incorporated into the story. Likewise, Unix is known, loved, and understood by so many hackers that it can be re-created from scratch whenever someone needs it. This is very difficult to understand for people who are accustomed to thinking of OSes as things that absolutely have to be bought.

    There is no one thing called Unix. Instead, Unix comprises a diverse set of subtly (and often not so subtly) variant platforms. A nefarious binary laced with exquisitely designed evil bullets hidden inside it can hurt only a few of us. When Apple and Microsoft laugh at our diversity, be sure to remind them that is it their lack of the same that contributes to their incredible vulnerability--and to our strength. Hybrid vigor ultimately wins out over a monoculture, for the latter is too in-bred and fragile to prove long viable.

    Let me now return to your particular suggestion, that of a malignant Perl program activated by a Makefile rule at installation time. Because you're talking source code, and because Perl tries rather hard to attain a high level cross-platform intercompatibility, this form of subterfuge would appear exempt from the inherent protections stemming from diversity in variant Unix platforms. So, could your trick be done? How much of a problem could this really be? What might happen?

    The answer is that of course, it could be done. And in point of fact, a demonstration model is already available [deja.com], courtesy of Abigail. Guess what? There's no reason to run around like a chicken with its head cut off: the sky isn't falling. This sort of approach stands little chance of making a big splash, because you aren't going to insinuate it into a place that can affect a lot of people. Sure, you might catch a few folks, but just how long to you think this kind of thing will go unnoticed? Remember, it's in source code. That means anybody who wonders what happened can just look at it. There's a very low barrier to entry. And even if the naughtiness removes itself from your copy once its dirty deeds are done, that naughtiness is still sitting there in plain view for easy inspection back wherever you got your copy from.

    Is there a way around this? Well, yes, if you're as clever as Ken Thompson. Fortunately, you aren't, and neither are the crackers. If they were, they'd doubtless receive more Turing Awards for their vaunted efforts. :-)

    The only way you're going to get good propagation is if your nastiness into a copy that a lot of people will download and install. There's a very fine reason why so many archives contain a checksum of the image. It's to help with this problem. Security of course depends on several matters, including the strength of the algorithm and the integrity of the authenticating agent. But better that than nothing.

    Let's talk about propagation some more. I assume that the goal is to have a notable impact, which means you need to spread your bad code as widely as possible. A hacked up install script, even if all goes to your liking, just doesn't have a very high rate of reproduction. First of all, how often do how many people install this software? Secondly, how do you plan to trick them into doing so? It's not really much of a challenge to get one person to this, especially if they trust. If that's your goal, maybe you'll succeed. But the risk of being traced and apprehended is high.

    So how come this stuff can spread like wildfire amongst the OS-challenged? Can't whatever mechanism that's used there be used to get at the rest of us, too?

    Over the last few years, a frighteningly frequent conduit of contagion for viral infection on toy systems has been the implicit, automatic execution of code with little or not manual intervention on the part of the box's owner. DOWN THIS PATH LIES MADNESS!. That this can ever, ever happen is as a plain a symptom of complete and total cretinization in the toybox world as you are ever going to see. It's stupid, it's crazy, and it's dangerous. Any programmer who even suggests it needs to go back to flipping hamburgers. Any user who asks for this feature needs to be quietly taken into the back room by the doleful men in long trenchcoats, where he will be told in no uncertain terms that his request is not only in the best interest of no one but criminals, but that he also now has a permanent record even for asking about it.

    No, I don't care that a customer asked for it. Customers are idiots, just like any other user. So what if they pay you? They're still idiots, and it's your professional responsibility to act responsibly, to refuse to go along with their madnesses. The customer is not always right. In fact, they're very often wrong. A physician or a lawyer doesn't do whatever the customer requests, and neither do you. They, meaning the customers or users, simply don't have the background and training; they don't have the experience of seeing why automatic execution from untrustable source is the work of the Devil.

    It's not as though we in Unix have never seen this issue before. In fact, we've seen it time and time again. And guess what? We recognized the problem and we addressed it. And we don't cater to that kind of lunacy anymore.

    Here are a few concrete examples.

    Remember when vi would--or at least, could--automatically execute macro commands embedded in a file in a specific way? That was a dubious feature called modelines. On my OpenBSD systems, if I type :set modeline, the program comes back and says set: the modeline option may never be turned on.

    Another example of learning from our mistakes is the issue of shell archives. Instead of automatically running the sharfile through /bin/sh, there are specially made unshar programs that will do the common things, safely, and nothing else.

    When CGI was first getting big, owners of toy systems would blindly install compilers and interpreters in such a way that these would easily execute arbitrary content coming in off the wire. Despite my pleas, both Netscape and Microsoft were actually advocating this! After a year of warning admins not to do this, and sending mail to the companies who were saying to just go ahead, nothing changed. So I released latro [perl.com]. Then and only then did various companies retract their suggestions, even though they'd been aware of the nature of the problem for a long, long time. Sure, you could be equally stupid on Unix, but for some reason, we weren't. History counts.

    Implicit execution of untrusted material is simply stupid beyond words. And for some reason, the toybox people keep falling for the same chump moves, from MIME attachments to word processor and spreadsheet macros to embedded active scripting controls. I don't know quite why they just keep doing this crap. My hunch, and it's only a hunch, is that this is happening because Microsoft and their moronic minions simply cannot for the all the tea in China ever manage to think outside of their quaint but completely fictional little single-user universe. Maybe they don't hire people who come from a background in multiuser and/or networked computing systems. Maybe they don't hire people with real experience at all, just script-kiddies trying to make a buck legitimately but with no true understanding. Maybe the software makers simply can't say no to a customer request, no matter how suicidal they know that request to be. I don't know.

    Whatever the cause, decades of history are completely and repeatedly ignored. They keep making the same mistakes, and they don't fix the underlying causes. Sure, there are things that are hard. Denial of service attacks are hard. People who know exactly all the ramifications of IP who go sending maliciously hand-crafted packets aren't much fun either.

    But these highly technical ploys aren't why most folks on their toyboxes are being screwed up, down, left, right, and sideways. They're being screwed because of very simple matters. They don't have the notion of a protected execution mode. They don't have file permissions or memory protections. They automatically execute content willy-nilly, often with complete access to the whole machine. They expect a program to show up in binary not source form. They don't compare robust checksums from a strongly authenticated sources. They live in an infinitely vulnerable monoculture. They expect things to just magically happen for them without a thought or a care, and guess what? Their wishes are duly granted, much to their eventual dismay.

    It is possible that mass-market factors may someday end up plaguing Unix systems in ways not so far removed from the stupidities that the toy boxes are riddled with. We just have to tell them no, and to condemn in the strongest and loudest possible terms any backsliding into insecurities that if we ever had, long ago banished. Looking at the Winix phenomenon, in which a dozen different vendors put together and ship their own Linux operating systems, all specifically constructed to be user-obsequious and Unix-hostile all in order to appease the lowered expectations of a hundred million Windows idiots, who, despite their numbers, really can still be wrong. The stupidity of the masses must never be underestimated.

    PS: Congratulations for reading this far. :-)

  • Too many companies opt for the "Nothing can go wrong ... go wrong ... go" model of how to handle a problem.

    Dell does an up-front attack on the problem first, PR later. This way, the world see's that they *HAD* a problem, but it's fixed now.

    I find a "fix first, spin later" approach to increase my faith in a computer company.
  • The usage of "virii" as the plural of virus is older than the script kiddie phenominon. It is an instance of standard hacker word play, like the usage of "boxen" as the plural of "box", unices as the plural of unix, etc...
    I understand what you're saying. In fact, you are probably even right. :-)

    But it still begs the question of what a "virius" is, eh? :-(

  • You might want to consider investing in a full size dictionary. Pocket editions really are not meant to be complete.
    That's a good idea. Perhaps you might offer a suggestion? Preferably one that has your alleged word in it. :-)
  • viruses is more commonly used in the States while virii is more common in Europe
    My own experience is that Europeans are more likely to have had a classical education than are Americans, and consequently less likely to reach for a misdeclension.

    It's not like it's all the same, though. In English (assuming you deem England to be part of Europe :-), you have viruses, but in German, you have viren. Most curious of all, you in the Romance tongues have an invariant virus even in the plural, as in French les virus or Italian i virus. Given the historical provenance of the Romance tongues, I'd say that this invariance lends credibility to those scholars who opt for a 4th declension [perl.com] explanation of events.

  • THATS WHY YOU USE THE LINUX OS!! MUCH MUCH MORE RELIABLE THAN CRAPY BUGGY WINDOWS.
  • Maybe it'd be a better idea to have a virus that goes off on 1.1.2000 and 1.1.1900 Just in case.
  • I hate following up to my own postings, but a couple of errata are in order.

    The first erratum is that when I said " everybody is unassailable", I of course meant that "everybody else is unassailable".

    The other is that immediately prior to the sentence beginning "Consumer-targetted systems", you should insert this:

    If on Unix, you don't have the source, then you can't the program on all your diverse systems. And if Unix programmers do not provide source, they cannot hope to have their program as widely used as it would otherwise be.
    Somehow this slipped by in the posted copy, and it's an important point.

    Finally, I fixed the latro [perl.com] links at the bottom, so you'll be able to see the real program. And yes, it works. Like nmap and other, um, security tools, this should of course only be used to verify the security of those systems that you yourself directly administer and have responsibility for. Not that it's apt to be sufficiently well logged to know what's really going on. It seems that POSTs never get their content logged. Play nice, and don't pick on the WinVictims. :-)

  • Sanity's post did not deserve to be moderated down. Inaccuracies deserve responses, not negative moderation. What his post deserved was Tom Christiansen's response. Moderate that up.

    "Flamebait" is the deliberate provocation of a flamewar. Sanity's did not seem to me to be that, and if I get the chance the metamoderate, I'll make the "unfair" call. It raised a point that was worth raising, if for nothing else, because of the response it engendered.

    Unfortunately, some seem to take the moderation system as a way to dock people for unpopular opinions. This is not the first time I've seen a post moderated down because it said something negative about Linux or postive about Microsoft. That is not good, and only serves to inspire the kind of group think that would make a site such as this worthless. There is a reason that are no "wrong" or "stupid" or "bothers me" moderation options. We should only be preventing abuses. Abuses like offtopic posts or intentional flamebait.

    Believe me, if a post rated '1' is followed up by a contradicting post rated '5', the message is there. Docking people who have good intent is just spiteful.

    (I also find it very sad that someone felt compelled to moderate down Mawbid's objection to the moderation. I suppose I'll be next...)
  • Tom Christiansen's mood was quite fiery,
    As he sat down to write in his diary.
    He had happened to read
    That unsavory screed:
    "The Plural of Virus is Virii."
    --
  • You've made a point _nobody_ seems to make, and it's the most important one: the fact of Unix heterogenity (sp?). This is so often treated as a criticism, when the reality is that it's a powerful safety feature in a world where computer systems are vulnerable to infections and 'sickness'.
    I dualboot LinuxPPC (not terribly often, but I insist on being able to do it). This means that there are some Linux software packages that I can't, actually run, because anything that's binary-only or depends on PC hardware is something I can't run. For instance, anything that expects a parallel port is likewise something I can't use.
    Contrariwise, if someone makes a Linux binary that is a x86 virus, I can't run it either (nor would I want to). There's a level of inconvenience that is also protection. Add to this the fact that I like to not run a desktop such as KDE or Gnome, and mostly hack around with console apps and play with Window Maker when I _do_ boot into Linux, and it becomes extremely awkward for someone to make a generic Linux virus that can function under those conditions. I end up making a relentlessly nonstandard environment for myself, simply because Linux does _not_ deliver a very well realised and completed user environment, and because it encourages my active involvement in the building of this user environment.
    This diversity is a strength, not a weakness: it makes it appallingly difficult for a commercial vendor to target the average Linux system (they will have to pick RH or something and support only that), but it also makes it appallingly difficult for a virus writer to target the average Linux system (again, they will have to pick the RH or something and 'support' only that...)
    The most significant effects of this are as follows:
    • Commercial 'Winux' offerings will overwhelmingly focus their efforts into a single dist, probably Red Hat, possibly Caldera or Corel or something. Divergent dists and installations will not be supported- with varying degrees of haughtiness.
    • Because Linux is in fact poorly suited to being turned into a Windows clone (much of the advantages are wasted), a very _large_ percentage of the userbase will refuse to be homogenized, _much_ larger than the comparable percentage of Windows or Mac users running substantially unusual configurations. This will continue, emphasised by the ability to distribute and publicise novel experiments in interface and user environment.
    • Because of this, Linux will continue to seemingly be penalized in comparison with, for instance, Windows, as a developer's platform and commercial target platform- the commercial Linux distributions will infight and intentionally foster conflicts with each other, and too many users will drastically alter their user environments to make distribution of generic Linux software easy. Some vendors will define really limited targets, others will attempt to issue zillions of patches and diffs to cover the widest area possible. These approaches will coexist.
      When Linux virii _do_ become a significant force, the commercial Linux distributions will be the ones taking the hit, and such attacks will be specific to individual releases of commercial distributions.
    • At this time, at least _some_ people will have the presence of mind to suggest the obvious: there is choice, change to a different sort of Linux that is not vulnerable. No single Linux distributor will have the leverage to be able to significantly eliminate other dists (though certain ones may be able to get very large percentages of marketshare simply through commercial distribution networks and the ability to make the Linux versions of 'AOL disks' and proliferate them)
    So, the 'Linux virus' _will_ exist, but it's important to understand the context they will exist in. They will be targeting the passive consumers and the largest commercial vendors- anytime you have a single voice outshouting the chorus, you'll have the Linux virus targetted to that particular distribution, perhaps motivated by anger at some business decisions the company makes that violate unwritten or written rules, perhaps simply taking advantage of sloppiness.
  • Just a side note: This has nothing to do with OpenBSD, this "modeline" thing.

    It's nvi. Blame (or thank) Keith Bostic.

    BSD/OS says "The modeline(s) option may never be set.". NetBSD says "set: the modeline option may never be turned on". (If you're curious, NetBSD is using nvi 1.66, BSD/OS is using 1.43.)

    The comment in the code is particularly beautiful. Reproduced without permission; please don't kill me, Keith:

    /*
    * f_modeline --
    * This has been documented in historical systems as both "modeline"
    * and as "modelines". Regardless of the name, this option represents
    * a security problem of mammoth proportions, not to mention a stunning
    * example of what your intro CS professor referred to as the perils of
    * mixing code and data. Don't add it, or I will kill you.
    */

    You go, Keith.
  • Stupid arguments require stupid answers.
    Perhaps a more apropos riposte would have followed along the lines of:
    • Ne illegitimi carbunculi tibi in facie sint.
    • Si hoc legere scis nimium eruditiones habes.
    • Quid quid latine dictum sit, altum viditur.
    • Si hoc signum legere potes, operis boni in rebus Latinus alacribus et fructuosis potiri potes!
    • Vah! Denuone Latine loquebar? Me ineptum. Interdum modo elabitur.
  • Hey, calm down, tigers!
    I wasn't actually trying to imply anything about Linux's security, viral susceptability or anything along those lines!
    I was just trying to look at the situation from a business rather than holy war perspective. It's all about perception at the PHB level, not truth. Linux doesn't really have too much budget for marketing, by comparison to some (geez, I even saw a TV ad for Cisco last night!). All I was trying to do was show that here's a chance to capitalise on this, much the same as MS, Apple, Sun, Oracle etc would. Because like it or not, Linux must make more inroads into business to become really good. And I'm not thinking of a commercial hijack, just that the more people use Linux, then that's more coders, testers and documentors who can contribute. And that will translate into more freedom of choice. And isn't that what it's all about?
    BTW, this virus at Dell made the front page of the London Financial Times this morning. Oh yes.

Slashdot Top Deals

Pause for storage relocation.

Close