Linux-Advocacy Digest #397, Volume #26 Sun, 7 May 00 15:13:08 EDT
Contents:
Re: Built in Virus Scanners! ("Mike")
Re: Built in Virus Scanners! (Charlie Ebert)
Re: computer viruses on LINUX (Charlie Ebert)
Re: Built in Virus Scanners! ("Mike")
Re: This is Bullsh&^%T!!! ("Rich C")
Let's POLL! (Charlie Ebert)
Re: This is Bullsh&^%T!!! ("Christopher Smith")
Re: This is Bullsh&^%T!!! (mlw)
Re: This is Bullsh&^%T!!! (Matthias Warkus)
Re: This is Bullsh&^%T!!! (Bart Oldeman)
Re: computer viruses on LINUX (John McKown)
----------------------------------------------------------------------------
From: "Mike" <[EMAIL PROTECTED]>
Crossposted-To: comp.os.ms-windows.nt.advocacy
Subject: Re: Built in Virus Scanners!
Date: Sun, 07 May 2000 16:52:21 GMT
"abraxas" <[EMAIL PROTECTED]> wrote in message
news:8f44sk$1qd2$[EMAIL PROTECTED]...
> In comp.os.linux.advocacy Mike <[EMAIL PROTECTED]> wrote:
>
> > "Charlie Ebert" <[EMAIL PROTECTED]> wrote in message
> > news:[EMAIL PROTECTED]...
>
> > [... long incoherent screed unceremoniously snipped ...]
>
> >> Do so without fear of viruses as the basic
> >> structure of Linux doesn't allow installation nor execution of
> >> programs without the prior approval of root on my system. Root has to
> >> be involved before a program is installed or declared runnable in my
> >> user account.
>
> > Get real, Charlie. I'm supposed to call a sysadmin before I can run a
simple
> > script?
>
> If you're a windows user, absolutely. As has been proven repeatedly by
the
> virus infestation of your brood, you cannot be trusted with computers.
You
> should have to get permission from your administrator before you tie your
> shoes in the morning.
You noticed, of course, that Charlie is advising this as SOP for _Unix_
systems? And that this is what makes Unix better than NT?
-- Mike --
------------------------------
From: Charlie Ebert <[EMAIL PROTECTED]>
Subject: Re: Built in Virus Scanners!
Crossposted-To: comp.os.ms-windows.nt.advocacy
Date: Sun, 07 May 2000 16:54:38 GMT
>>>>>>>>>>>>>>>>>> Original Message <<<<<<<<<<<<<<<<<<
On 5/7/00, 10:52:21 AM, "Mike" <[EMAIL PROTECTED]> wrote regarding Re:=20
Built in Virus Scanners!:
> "abraxas" <[EMAIL PROTECTED]> wrote in message
> news:8f44sk$1qd2$[EMAIL PROTECTED]...
> > In comp.os.linux.advocacy Mike <[EMAIL PROTECTED]> wrote:
> >
> > > "Charlie Ebert" <[EMAIL PROTECTED]> wrote in message
> > > news:[EMAIL PROTECTED]...
> >
> > > [... long incoherent screed unceremoniously snipped ...]
> >
> > >> Do so without fear of viruses as the basic
> > >> structure of Linux doesn't allow installation nor execution of
> > >> programs without the prior approval of root on my system. Root h=
as=20
to
> > >> be involved before a program is installed or declared runnable in=
my
> > >> user account.
> >
> > > Get real, Charlie. I'm supposed to call a sysadmin before I can ru=
n a
> simple
> > > script?
> >
> > If you're a windows user, absolutely. As has been proven repeatedly=
=20
by
> the
> > virus infestation of your brood, you cannot be trusted with computer=
s.
> You
> > should have to get permission from your administrator before you tie=
=20
your
> > shoes in the morning.
> You noticed, of course, that Charlie is advising this as SOP for=20
_Unix_
> systems? And that this is what makes Unix better than NT?
> -- Mike \
No yttrx said this, I didn't Mike. Your getting confused.
I only type what has MY e-mail address on it.
Charlie
------------------------------
From: Charlie Ebert <[EMAIL PROTECTED]>
Subject: Re: computer viruses on LINUX
Date: Sun, 07 May 2000 16:56:49 GMT
>>>>>>>>>>>>>>>>>> Original Message <<<<<<<<<<<<<<<<<<
On 5/7/00, 10:43:48 AM, [EMAIL PROTECTED] (MerefBast) wrote regarding=20
computer viruses on LINUX:
> Hi. I am looking for information to compare the susceptibility of=20
various
> operating systems to computer viruses.
> I am particularly interested in references for factual information =
about the
> kinds, nature, and number of security holes, as well as the number of =
actual
> viruses, worms, and Trojan Horses for each operating system.
> A copy of the information to <[EMAIL PROTECTED]> would be=20
appreciated.
> Thanks....
Okay, here's some information for you.
If you use Linux, you'll probably NEVER suffer from a virus as that OS=20
was designed
by some fairly intelligent people.
If you use Microsoft for your operating system what happens to you is=20
similar to using
your butt for a gun holster! You end up shooting your butt off.
Thanks for writing.
Charlie
------------------------------
From: "Mike" <[EMAIL PROTECTED]>
Crossposted-To: comp.os.ms-windows.nt.advocacy
Subject: Re: Built in Virus Scanners!
Date: Sun, 07 May 2000 17:08:54 GMT
"Charlie Ebert" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
>>>>>>>>>>>>>>>>>> Original Message <<<<<<<<<<<<<<<<<<
On 5/7/00, 9:41:08 AM, "Mike" <[EMAIL PROTECTED]> wrote regarding Re:
Built in Virus Scanners!:
> "Charlie Ebert" <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]...
> [... long incoherent screed unceremoniously snipped ...]
> > Do so without fear of viruses as the basic
> > structure of Linux doesn't allow installation nor execution of
> > programs without the prior approval of root on my system. Root has to
> > be involved before a program is installed or declared runnable in my
> > user account.
> > Get real, Charlie. I'm supposed to call a sysadmin before I can run a
simple
> > script? And what is she going to do? Inspect it first, to make sure
it's
> > okay? And, God help us, what if I actually _write_a_program_? You
know, one
> > that needs to be compiled? I can compile it, but then I have to call
the
> > sysadmin every time I want to test it?
> > Wouldn't it be a whole lot more productive if you just left the power
switch
> > in the 'off' position?
> Spoken like a true 3 year old.
> During this last virus attack, many employee's of many companies were
> reminded of
> THEIR companies policy to NOT open e-mail's attachments! That is they
> are supposed to NOT!
> When you open your E-mail attachment on Linux you will just be able to
> READ it.
> It won't EXECUTE and blow xxx xxxx xxx xx everything.
> I thought I would clarify that for you.
Oh boy, a 3 year old. And you can swear too.
What you said, Charlie, had nothing to do with email. You said, "... the
basic
structure of Linux doesn't allow installation nor execution of
programs without the prior approval of root on my system. Root has to
be involved before a program is installed or declared runnable in my
user account."
Just thought I'd clarify that for you.
-- Mike --
------------------------------
From: "Rich C" <[EMAIL PROTECTED]>
Crossposted-To: comp.os.ms-windows.nt.advocacy
Subject: Re: This is Bullsh&^%T!!!
Date: Sun, 7 May 2000 13:18:20 -0400
"Christopher Smith" <[EMAIL PROTECTED]> wrote in message
news:8f3934$o11$[EMAIL PROTECTED]...
>
> "Rich C" <[EMAIL PROTECTED]> wrote in message
> news:3914bcf9@news...
> > "Christopher Smith" <[EMAIL PROTECTED]> wrote in message
> > news:8f27j9$u7b$[EMAIL PROTECTED]...
> > >
> > > "Rich C" <[EMAIL PROTECTED]> wrote in message
> > > news:3914941c@news...
> > > > "Ned Nondo" <[EMAIL PROTECTED]> wrote in message
> > > > It never did autoexecute. The file was named ILOVEYOU.TXT.vbs or
> > something
> > > > like that, which hoodwinked unsuspecting users into thinking it was
a
> > text
> > > > file. The fact that it was a program was the furthest thing from
their
> > > > minds, since most probably had no clue as to what the .vbs extension
> > > meant.
> > > > They simply double-clicked it from the attachment window, and bang.
> > > >
> > > > But this DOES bring out an inherent flaw in OE, as it doesn't
> > distinguish
> > > > between "opening" a document file, such as text or a jpeg, and
> "opening"
> > a
> > > > program, ie., running it.
> > >
> > > That's because one of the main functionality targets of a GUI like
> Windows
> > > (or Mac, BeOS, OS/2, KDE etc) is *not* to distinguish between such
> things.
> > >
> >
> > Yes but there IS a difference, and the OS knows it. It knows enough to
> fetch
> > and execute the registered program for a graphic file or a doc file, why
>
> No, it probably doesn't. Even in this particular case, all the OS is
doing
> is fetching and executing another application - the scripting host - to
> execute a script. The script *is* a document.
Right. And as I've said in other parts of this thread, and "document" file
should be passed to the registered application, and it should be up to the
application to provide security. Which simply proves how irresponsible the
VB scripting host is. Java doesn't do this type of thing.
>
> > can't it do a virus scan at the very least, if the user has one
installed?
>
> A virus scan that didn't know about it wouldn't detect it, because it
isn't
> a virus and doesn't do anything a perfectly legitimate user-created script
> might do.
>
> > Or warn me to save and scan the file first, with a DIFFERENT warning
> dialog?
>
> Why ? As far as the OS knows it's just another document file.
Which was registered by the VB scripting host. See my comment above.
>
> > And why does outlook have to warn me about a registered file type
anyway?
>
> EXE files are a registered file type. If they aren't they don't run.
>
> Does that answer your question ?
Yes, thank you. It tells me that via the registry, MS knows EVERYTHING about
the system, and still does virtually NOTHING about security.
>
> > The worst that could happen is the associated program won't recognize
the
> > file format if there is something wrong with it. Why does it have to
warn
> me
> > about gif and jpeg files, when it's already opened them and shown them
to
> me
> > in the preview window? It just blurs the line between ordinary
attachments
> > and dangerous ones.
>
> Because detecting a "dangerous" attachment is nigh on impossible. Best to
> be suspicious of *everything*.
...everything that can be executed, anyway.
>
> Trust no one and nothing. Isn't that one of the mantras of the
> security-concious crowd ?
>
> > Not very well thought out, if you ask me.
>
> If people read and took heed of warnings, this wouldn't have happened.
> Indeed, if this had happened on Unix systems with an attached script file
> and a bunch of instruction telling the users to save it, set it executable
> and run it, the exact same dumb users would have done it.
Yes, but it would not have done nearly the damage, because such a script
would not (unless the user were running as root) have been able to set
itself up to automatically start on bootup, or access any central "registry"
('cause there is none) or diddle with any system files.
-- Rich C.
"Great minds discuss ideas.
Average minds discuss events.
Small minds discuss people."
------------------------------
From: Charlie Ebert <[EMAIL PROTECTED]>
Subject: Let's POLL!
Crossposted-To: comp.os.ms-windows.nt.advocacy
Date: Sun, 07 May 2000 17:24:10 GMT
Let me just say that,
Just because some 12 year old kid launches a VB script virus,
and YOUR company ingests this virus, should the employee's
who have double clicked our the attachment using YOUR companies=20
OUTLOOK EXPRESS be disciplined?
{ANSWER HERE}
Why do you figure that corporations establish policies=20
such as these? Don't they realize that someday, someone,
will indeed take this to court and challenge this.
Do corporate institutions think they can WIN in a situation
where THEY gave the employee in question the power to
EXECUTE a virus from the software the corporation provided to
ALL their employee's, trained or NOT.,
{ANSWER HERE}
Is it intelligent for a company to have a policy, where by,
it is forbidden to click on any E-mail attachments?
{ANSWER HERE}
Is it intelligent for a company to DRILL your systems administrator=20
for allowing the virus to come into your company, even though there is=20
NOTHING he can really do about it!
{ANSWER HERE}
Does it make any sense to continue to blame the 12 year old
who wrote the script and sent it out via an E-mail to drop
=BD the Microsoft equipped corporations around the world?
Shouldn't we make it a policy within the United States to
EXPECT terrorist actions from within and abroad based on
past actions, example, OKC? Does it make sense to you
that corporations such as defense contractors will put
up huge concrete barricades, and hire guards equipped with
bomb sniffing dogs yet continue to allow Microsoft in their
offices as the mainstay of their E-mail handling clients?
{ANSWER HERE}
Have you heard someone within your organization BLAME the
problem we've just experienced with the ILOVEYOU virus on=20
the fact that the operating system was connected to the
internet in the first place? Does this kind of explanation
logic seem flawed to you in any way?
{ANSWER HERE}
Wouldn't it be MORE intelligent to run an OS such as LINUX
,where by, employee's could click on A script or .exe and
have nothing happen as it WON'T run it! They can look at it
but it won't trash out their corporate world then E-mail
the rest of the world with a copy of itself?
{ANSWER HERE}
How many people have you met who still don't seem to understand that=20
Microsoft operating systems are based on a
nearly 20 year old tradition of a stand alone P.C. Concept?
That security was never an issue for Microsoft? Do you now
understand why Microsoft says security isn't an issue with
Windows?
{ANSWER HERE}
I'm going to be very curious to read the answers if anybody
responds on this newsgroup. I would love to read the answers. What=20
are YOUR answers to these questions.
Charlie
------------------------------
From: "Christopher Smith" <[EMAIL PROTECTED]>
Crossposted-To: comp.os.ms-windows.nt.advocacy
Subject: Re: This is Bullsh&^%T!!!
Date: Mon, 8 May 2000 03:34:29 +1000
"Rich C" <[EMAIL PROTECTED]> wrote in message
news:39159eaa@news...
> "Christopher Smith" <[EMAIL PROTECTED]> wrote in message
> news:8f39fj$3r$[EMAIL PROTECTED]...
> > Please detail to us how you're going to detect the difference between
> > "dangerous" and "safe" attachments.
>
> OK, class, pay attention:
>
> A DANGEROUS attachment is ANY executable program or script.
>
> A SAFE attachment is ANY data file for which there is a registered
> application in the system. These files are .txt, .jpg, .htm(l), .gif,
.bmp,
> etc. which are simply passed to the registered application and not
executed
> directly. This includes file types which the email program can open or
> preview directly. If there is a virus embedded in such a file (such as a
> word macro virus in a .doc file) it is up to the application to take
> appropriate security measures.
>
> There is no reason for Outlook [express] or any email program that can
open
> or execute attachments to warn us about file types that have registered
> applications and are not programs, and have no chance of being executed.
So what abouts scripts written by the user for their own purposes ?
> > > That is really stupid of OE.
> >
> > As to his last two examples, it sounds to me as if someone has set the
> > "don't ask this again" option once when opening an .avi or .doc file.
>
> Or perhaps it's because MS "owns" these [proprietary] file formats?
Nope. I just sent myself a .doc file and it doesn't open by default.
> > The same dialog is used, I would imagine, for a reason of programming
> > efficiency. The more special cases you have to add, the more of a pain
it
> > becomes to write and the more of a pain it becomes to mantain.
>
> But for a registered file type, where the file is simply passed as an
> argument to the application, no warning should be necessary.
One might note that is precisely what has happened in the case of this worm.
Windows Scripting Host is passed the script file, which it executes.
[chomp]
------------------------------
From: mlw <[EMAIL PROTECTED]>
Crossposted-To: comp.os.ms-windows.nt.advocacy
Subject: Re: This is Bullsh&^%T!!!
Date: Sun, 07 May 2000 13:34:04 -0400
Christopher Smith wrote:
>
> "mlw" <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]...
> > Christopher Smith wrote:
> > >
> > > Please detail to us how you're going to detect the difference between
> > > "dangerous" and "safe" attachments.
> >
> > Any vb script that makes system calls, fetches data from a URL, modifies
> > the registry, looks at the e-mail address book. These would be good
> > starters. Any binary executable too.
>
> So a script I run monthly to delete a whole bunch of files off my drive is
> going to get stopped as a virus ?
>
> A script I have that sends out a monthly letter to a mailing list ?
>
> A script to regularly download a web page for me ?
>
> A sysadmin-supplied script to update the registry ?
>From an e-mail? Absolutely.
>
> > The whole idea of running a program without an authoritative origin is
> > problematic. There is some debate about this happening in Linux, while
> > it "could" happen in Linux I doubt, very much, that it "would" happen in
> > Linux because security is an important concern amongst its developers.
>
> The _only_ reason it "wouldn't happen" in Linux is because, by and large,
> the users are somewhat more educated in the realm of computers and how they
> can screw up. When/If Linux becomes more mainstream, THIS WILL CHANGE.
> Don't try and kid yourself otherwise.
>
> > One last note, if malissa happened on a Linux e-mail client, you can be
> > sure "ILOVEYOU" would not have had a chance, because the author of an
> > e-mail program that allowed such a virus, would have fixed it. Unlike MS
> > who has proven that, as a monopoly, it does not need to care.
>
> It's nothing that can be "fixed" because it's a) not an exploit and b) not a
> bug. The program is acting precisely as designed, opening a *user approved*
> attachment.
--
Mohawk Software
Windows 9x, Windows NT, UNIX, Linux. Applications, drivers, support.
Visit http://www.mohawksoft.com
"We've got a blind date with destiny, and it looks like she ordered the
lobster"
------------------------------
From: [EMAIL PROTECTED] (Matthias Warkus)
Crossposted-To: comp.os.ms-windows.nt.advocacy
Subject: Re: This is Bullsh&^%T!!!
Date: Sun, 7 May 2000 19:24:18 +0200
Reply-To: [EMAIL PROTECTED]
It was the 7 May 2000 16:10:09 GMT...
...and abraxas <[EMAIL PROTECTED]> wrote:
> Sure, it could happen in linux and probably eventually WILL happen in
> linux---as long as common unix concepts like WHEEL are not supported
> (apparantly because it gives the administrator fascist control over its
> users--heh), linux will have some notable security weaknesses.
This is not a Linux problem. No one forces you to use GNU su on Linux.
mawa
--
THINGS THE WORLD NEEDS MORE OF #1:
After Eight mints.
------------------------------
Crossposted-To: comp.os.ms-windows.nt.advocacy
From: Bart Oldeman <[EMAIL PROTECTED]>
Subject: Re: This is Bullsh&^%T!!!
Reply-To: [EMAIL PROTECTED]
Date: Sun, 7 May 2000 18:17:57 GMT
On Mon, 8 May 2000, Christopher Smith wrote:
> > > Please detail to us how you're going to detect the difference between
> > > "dangerous" and "safe" attachments.
> >
> > Every binary and vb-script is potentially dangerous. A jpeg, text file,
> > java file executed in a sandbox is not. It's easy enough.
>
> Great, so how are you going to allow users to execute their safe, approved
> scripts ?
Save to disk, check, then execute. And/or use a public key encryption
scheme. The scanner can determine it safe or approved and hence there is
no warning.
> > Firstly, it shouldn't display a warning when opening a .avi file or a .doc
> > file without embedded executable content.
>
> So you also want the mail program to know enough about filetypes (like
> .docs) to go scanning through them for dangerous content. Fantastic.
The mail program itself or a (virus) scanner can do that. Which program
does it doesn't matter. It only matters that it is done.
> > Secondly, the "don't ask
> > again" option shouldn't be present. You should only be able to turn it off
> > by tweaking the registry.
>
> I strongly diagree. I don't want to have to go screwing around in the
> registry just so I can have mpegs or avis automatically play when I double
> click them. Or for opening .txt and .c files.
These are safe, so the warning shouldn't pop up in the first place.
> > > The same dialog is used, I would imagine, for a reason of programming
> > > efficiency. The more special cases you have to add, the more of a pain
> it
> > > becomes to write and the more of a pain it becomes to mantain.
> >
> > LOL. Now this is bullocks. A simple table (or extension of an existing
> > one) is enough for a start.
> > extension potentially dangerous
> > .jpg no
> > .vbs yes
> > .exe yes
>
> Which then has to be maintained, separately to the existing list of
> extensions.
Yes. Not very difficult.
> Plus you have to add another check in the program itself.
Yes. Not a big deal to program.
> Plus you need another dialog, which also has to be maintained.
Yes. But it is not a pain to maintain. You only need to write it once. It
is the scanner program that needs to be maintained. That's nothing new.
> > A scanner could determine whether a potentially dangerous attachment
> > (a) contains a known virus, (b) is safe or (c) it cannot determine whether
> > it's safe or not, in which case the user has to use considerable effort
> > (e.g. first save to disk and then execute it or type in a sentence) to
> > execute it.
Bart
------------------------------
From: [EMAIL PROTECTED] (John McKown)
Subject: Re: computer viruses on LINUX
Date: Sun, 7 May 2000 13:57:06 -0500
On Sun, 07 May 2000 16:56:49 GMT, Charlie Ebert <[EMAIL PROTECTED]> wrote:
[snip]
]>If you use Linux, you'll probably NEVER suffer from a virus as that OS
]>was designed
]>by some fairly intelligent people.
Unless, of course, you always login as root, "because it's easier".
This is most likely going to be the attitude of clueless people coming
from an Microsoft environment.
]>
]>If you use Microsoft for your operating system what happens to you is
]>similar to using
]>your butt for a gun holster! You end up shooting your butt off.
Not really. I've been running Windows for, what, 3 or 4 years? I've
never gotten hit by a virus. Why? I'm careful. I *never* installed
who-knows-what software from the Internet. I did install shareware,
if the person is a member of the ASP (Association of Shareware Professionals).
I always ran a virus checker on this software. I never installed "bleeding
edge" software. I always waited for about a month to see if anybody reported
a virus being accidently (or otherwise) distributed. I also do the "DP Mantra"
"backup, backup, backup".
A fool running Linux is still a fool!
John
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and comp.os.linux.advocacy) via:
Internet: [EMAIL PROTECTED]
Linux may be obtained via one of these FTP sites:
ftp.funet.fi pub/Linux
tsx-11.mit.edu pub/linux
sunsite.unc.edu pub/Linux
End of Linux-Advocacy Digest
******************************
