I sent the following snippet of this conversation to my Linux guru, asking whether Klez has any significance for Linux users (this being interesting because this is, ostensibly, an OS forum).
> The recent outbreak of the Klez virus/worm has been very > significant. I know of people who have been shattered by > this, dropped their ISP e-mail provider, deleted all mail > unread and created a new account elsewhere. If secure, > trusted e-mail had been practical, things like Klez would > have never gotten off the ground..... A new round of > technology is called for, but as I said before, there is no > economic incentive for it to take place. I don't even see > it in open source...... The technology exists. Adoption is limited because people do not see the value. Are you interested in adopting a technology that asks you for a passphrase every time you send an email, in order to authenticate absolutely that it comes from you? The real problem isn't lack of technology, the problem is windows lacking security. Remember the email I sent you recently about Microsoft not releasing even API information because it would compromise security? > Is this significat for Linux systems? My only exposure to Klez has been that a bunch of extra mail has shown up in my mailbox to delete. As I have said before, Linux mail readers are not immune to bugs which create security vulnerabilities, but the defaults are intended to be secure (we don't automatically execute untrusted code) and when there is a buffer overrun, it gets fixed, and has generally not had the same magnitude of effect. So no, this is not particularly significant for Linux systems. michaelkjohnson "He that composes himself is wiser than he that composes a book." Linux Application Development -- Ben Franklin http://people.redhat.com/johnsonm/lad/
