On Wed, Oct 01, 2003 at 07:56:07PM -0500, Michael D Schleif wrote: > "Karsten M. Self" <[EMAIL PROTECTED]> [2003:10:02:00:37:35+0100] scribed: > > > > Please share this knowledge. What executables are you awaree of > > affecting non-Microsoft systems which are in general circulation and > > which auto-execute on receipt by arbitrary systems in stock > > configuration? > > Seriously, I do understand and empathize with what you are saying. > > What I am saying is -- IMHO -- especially in light of the problems that > I have experienced with Swen, auto-executing virus/worms are only *part* > of the problem. Social engineering is often scoffed at as a real > threat; but, what we see with Swen is so real looking that people I know > have actually __manually__ clicked on those attachments!
Of course, there's also the fact that since they run Windows, they are
of necessity logged in with admin privileges *all* the time, so it only
takes one click to install an executable that then has full access to
the system, including network devices...
> That kind of executable -- one that entices a user to click on it -- is
> just as real a threat to non-Microsoft userland, that I insist that your
> point is not all inclusive of the threats at hand. Simply because there
> is not yet a major, far reaching virus/worm propagating primarily from
> Linux boxen, does not rule out the existence of a threat . . .
Most non-MS users are not likely to be logged in as root when they
check the mail, so whether some virus auto-executes or entices them to
click on it, the damage is generally going to be pretty well contained.
It's going to take a _hell_ of a lot of social engineering to convince
me to su, provide my root password, install and run some program that
showed up in my inbox. No matter how pretty a message it's packaged
in. Even assuming that the user getting the infected mail _has_ the
root password.
Besides, everything about MS seems designed to actively encourage
clueless behaviour. The whole system is designed to placate the user,
to deliver a message of "accept, don't try to understand." Given that
starting point, social-engineering the user into blindly running one
_more_ piece of completely mysterious code isn't gonna be too hard.
Finally, given the long, rich history of dangerous code propagating on
Windows boxes, the absence of _any_ example of a widespread,
communicable nasty on _any_ other platform does seem to indicate
something about the success of the different security models.
Does it prove that there can never be a nasty virus for Linux? No. Of
course not. But it definitely indicates a huge discrepancy in the
_degree_ of exploitability of different systems.
At least, that's how it looks from where I sit.
Cheers!
--
,-------------------------------------------------------------------------.
> -ScruLoose- | If we do not believe in freedom of speech <
> Please do not | for those we despise <
> reply off-list. | we do not believe in it at all. <
> | - Noam Chomsky <
`-------------------------------------------------------------------------'
pgp00000.pgp
Description: PGP signature
