Simple question about Windows .......

Mathew P. · External Since: Feb 27, 2006 Posts: 277

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I have something to ask the group. Much has been said, at great
length on the topic, with very long and verbose posts. Really,
at it's most simple, basic level, it's a very straightforward
single sentence that defines the Windows experience:

######################
Why do rapid spreading, self replicating, successful viruses and
other malicious code exist for the Windows operating system?
######################

That's really the basic question, isn't it?

You see, it should be apparent to everyone once they give the problem
consideration, that malicious code, such as worms and viruses, will
only be written if a vulnerability exists for the author of the code
to exploit. This vulnerability if found, will only be exploited if
there is a return on the investment of the time and effort required
to develop the strategy and coding of the malicious software. This
leads to the inescapable conclusion that this OS's environment
offers significant windows of opportunity (so to speak) for the
authors of this kind of code to harvest that return on investment,
whatever it may be.

Before any voice is given to the argument, "it's because windows
is used more than any other system", just set that thought aside
for a moment and consider the above paragraph.

And reconsider the basic, one line question that leads to all
other questions such as why anti-virus software is absolutely essential
in a windows system:

######################
Why do rapid spreading, self replicating, successful viruses and
other malicious code exist for the Windows operating system?
######################

This really *is* the bottom line.

Regards,

Mathew

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.7 (GNU/Linux)

iD8DBQFFG3znlkJ5K/IU2ToRAle2AKCAWUWh6bnWmZWwAh9Q+lS7qSeg+wCgi0qZ
u4NhLKO+1FwA0ELyD0TxHVU=
=TnEL
-----END PGP SIGNATURE-----

--
"Always do the right thing: It will delight / Aluminum Foil Deflector Beanies
some and astound the rest" - Mark Twain / Psychotronic protection, low prices

Erik Funkenbusch · External Since: May 27, 2005 Posts: 2404

On Thu, 28 Sep 2006 07:42:32 GMT, Mathew P. wrote:

> You see, it should be apparent to everyone once they give the problem
> consideration, that malicious code, such as worms and viruses, will
> only be written if a vulnerability exists for the author of the code
> to exploit.

And you would be wrong.

Lots of viruses exist and propogate through no computer vulnerability
whatsoever, at least not one that is fixable. They spread through HUMAN
vulnerability. ie, executing attachments that get sent to them. There is
nothing that any OS can do about that problem without severely restricting
the users to the point they can't do anything.

> This vulnerability if found, will only be exploited if
> there is a return on the investment of the time and effort required
> to develop the strategy and coding of the malicious software.

Also false. For the most part, viruses and worms throughout history have
resulted strickly from "because I can" mentality.

> This leads to the inescapable conclusion

No, it doesn't, because you premise is severely flawed.

> that this OS's environment
> offers significant windows of opportunity (so to speak) for the
> authors of this kind of code to harvest that return on investment,
> whatever it may be.

The thing that leads to (if any) return on investment is that an OS
constitutes more than 1 BILLION PC's worldwide. I hate to break it to you,
but any installed base that big will CONSTANTLY have people hammering on it
to gain some kind of advantage.

> Before any voice is given to the argument, "it's because windows
> is used more than any other system", just set that thought aside
> for a moment and consider the above paragraph.

The above paragraph which is wrong on many accounts.

> And reconsider the basic, one line question that leads to all
> other questions such as why anti-virus software is absolutely essential
> in a windows system:
>
> ######################
> Why do rapid spreading, self replicating, successful viruses and
> other malicious code exist for the Windows operating system?
> ######################

Because Windows has more than 1 BILLION PC's running it worldwide.

> This really *is* the bottom line.

I guarantee you that if Linux, or MacOS or any other OS had the installed
base of Windows, you'd see the same thing. Any hole, no matter how small,
will be exploited. And the biggest hole, human gullibility, is the hardest
one to patch.

chrisv · External Since: Nov 02, 2004 Posts: 1797

Erik Funkenbusch wrote:

>> Um, there is quite a bit the OS *can* do without overly restricting users;
>> inmy opinion, the most important one is the x-bit, where files received
>> via e-mail can't possibly be executed unless the user jumps through
>> several hoops to make them executable.
>
>And what makes you think that the users who execute attachments on Windows
>wouldn't jump through those hoops EACH AND EVERY TIME on any other OS?

Idiot.

chrisv · External Since: Nov 02, 2004 Posts: 1797

Erik Funkenbusch wrote:

>> The problem is that Microsoft has
>> made several capital design errors regarding executables and security,
>> most of which are justified by waving the magic "ease-of-use" wand, or by
>> historic reasons:
>
>This is no defense. Regardless of whether you or anyone else believes that
>it's 'too easy" to execute attachments, you simply fail to take into
>account that it doesn't matter how difficult you make it. People will
>still do it.

Idiot.

chrisv · External Since: Nov 02, 2004 Posts: 1797

Erik Funkenbusch wrote:

>> - No effective execute permission system.
>> - Not even a built-in executable checklist security such as Trust-No-Exe.
>> - Click==execute.
>> - File extensions hidden by default
>
>Once again, none of these things matter when it comes to social engineering
>exploits. Difficulty is not an effective deterrant.

Hiding file extensions doesn't matter?

Idiot.

ray · External Since: Nov 13, 2004 Posts: 3387

On Thu, 28 Sep 2006 07:42:32 +0000, Mathew P. wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> I have something to ask the group. Much has been said, at great
> length on the topic, with very long and verbose posts. Really,
> at it's most simple, basic level, it's a very straightforward
> single sentence that defines the Windows experience:
>
> ######################
> Why do rapid spreading, self replicating, successful viruses and
> other malicious code exist for the Windows operating system?
> ######################
>
> That's really the basic question, isn't it?
>
> You see, it should be apparent to everyone once they give the problem
> consideration, that malicious code, such as worms and viruses, will
> only be written if a vulnerability exists for the author of the code
> to exploit. This vulnerability if found, will only be exploited if
> there is a return on the investment of the time and effort required
> to develop the strategy and coding of the malicious software. This
> leads to the inescapable conclusion that this OS's environment
> offers significant windows of opportunity (so to speak) for the
> authors of this kind of code to harvest that return on investment,
> whatever it may be.
>
> Before any voice is given to the argument, "it's because windows
> is used more than any other system", just set that thought aside
> for a moment and consider the above paragraph.
>
> And reconsider the basic, one line question that leads to all
> other questions such as why anti-virus software is absolutely essential
> in a windows system:
>
> ######################
> Why do rapid spreading, self replicating, successful viruses and
> other malicious code exist for the Windows operating system?
> ######################
>
> This really *is* the bottom line.
>
> Regards,
>
> Mathew
>
>
>

IMHO it's irrelevant 'why'. The fact is that MS systems are highly
vulnerable whereas others are not.

Jim Richardson · External Since: Jan 15, 2005 Posts: 1227

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 28 Sep 2006 07:49:58 -0700,
Larry Qualig <lqualig.DeleteThis@uku.co.uk> wrote:
>
> Richard Rasker wrote:
>> Op Thu, 28 Sep 2006 04:45:42 -0500, schreef Erik Funkenbusch:
>>
>> > On Thu, 28 Sep 2006 07:42:32 GMT, Mathew P. wrote:
>> >
>> >> You see, it should be apparent to everyone once they give the problem
>> >> consideration, that malicious code, such as worms and viruses, will
>> >> only be written if a vulnerability exists for the author of the code
>> >> to exploit.
>> >
>> > And you would be wrong.
>> >
>> > Lots of viruses exist and propogate through no computer vulnerability
>> > whatsoever, at least not one that is fixable. They spread through HUMAN
>> > vulnerability. ie, executing attachments that get sent to them. There is
>> > nothing that any OS can do about that problem without severely restricting
>> > the users to the point they can't do anything.
>>
>
>> Um, there is quite a bit the OS *can* do without overly restricting users;
>> inmy opinion, the most important one is the x-bit, where files received
>> via e-mail can't possibly be executed unless the user jumps through
>> several hoops to make them executable.
>> - No effective execute permission system.
>
> For the record, the NTFS file system does have an "Execute" permission
> for all files. (How and whether or not this is adhered to is another
> matter.) On NTFS users can be granted (or denied) the ability to read,
> write, execute or change permissions on files. The default for new
> files added/created in a directory is to inherit the permissions from
> the directory itself. But technically speaking, I can create a
> directory that does not have the "Execute" ACL permission and
> downloading files into that directory will not make them executable by
> default.
>

Unfortunately, that does nothing for the "click the attached jpeg to see
the nekkid chick" problem, since the attachment isn't on the filesystem
in that sense yet. The windows shell "helpfully" executes whatever you
throw at it.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFFG/ind90bcYOAWPYRAuBYAKCOzAsPhf7nG97wGa5hwazisnxKRwCgo0Gy
SseZYDk7luPsYs2PjrjBb+g=
=sAij
-----END PGP SIGNATURE-----

--
Jim Richardson http://www.eskimo.com/~warlock
Perfection is a goal to be striven for, not a position to be reached.

[H]omer · External Since: Apr 21, 2006 Posts: 2134

Mathew P. wrote:
> I have something to ask the group. Much has been said, at great
> length on the topic, with very long and verbose posts. Really,
> at it's most simple, basic level, it's a very straightforward
> single sentence that defines the Windows experience:
>
> ######################
> Why do rapid spreading, self replicating, successful viruses and
> other malicious code exist for the Windows operating system?
> ######################

The Blasé answer is ... because somebody creates them.

They are created for the following reasons:

1) ... Malice (l33t h4xx0rs ... i.e. script kiddies)
2) ... Profit through spam (zombies)
3) ... Profit through Adware (tracking, popups)
4) ... Profit through blackmail (e.g. the Helen Barrow case)
5) ... Revenge (disgruntled employees)
6) ... Phishing (cons)
7) ... Probably other motivations too

They are more prevalent on Windows than any other platform because:

1) ... The default Windows account privileges for users is superuser
2) ... Windows has disproportionately more vulnerabilities
3) ... MS have a slow patch release cycle
4) ... As a commercial entity, Windows is a better target for profit
motivated scams
5) ... And yes, there are more Windows machines = bigger target

However, El Reg seems to have disproved theory No5 with their piece on
Apache, some time ago.

http://www.theregister.co.uk/2004/10/22/linux_v_windows_security/

> That's really the basic question, isn't it?
>
> You see, it should be apparent to everyone once they give the problem
> consideration, that malicious code, such as worms and viruses, will
> only be written if a vulnerability exists for the author of the code
> to exploit.

This seems to be implying the old Troll bait of "Linux doesn't have
bugs". It does, however the circumstances are different.

> This vulnerability if found, will only be exploited if
> there is a return on the investment of the time and effort required
> to develop the strategy and coding of the malicious software. This
> leads to the inescapable conclusion that this OS's environment
> offers significant windows of opportunity (so to speak) for the
> authors of this kind of code to harvest that return on investment,
> whatever it may be.

Linux users are often perceived as people who are generally
disinterested in commercial ideals (i.e. they do not make a good target
demographic for sales). This, for the most part, is a misconception,
however it is enough to convince e.g. spammers that targeting FOSS
platforms with their Mailware would not be worth the effort, quite
besides any security considerations.

> Before any voice is given to the argument, "it's because windows
> is used more than any other system", just set that thought aside
> for a moment and consider the above paragraph.

Or the El Reg link above.

> And reconsider the basic, one line question that leads to all
> other questions such as why anti-virus software is absolutely essential
> in a windows system:

And probably always will be. Unfortunately I can foresee the day when
the same might be said about Linux. Why do you think the NSA and Red Hat
are pushing SELinux so hard. Despite *nix's superior security model,
hackers are a determined breed, and will never be completely repressed.

> ######################
> Why do rapid spreading, self replicating, successful viruses and
> other malicious code exist for the Windows operating system?
> ######################

Because the world is full of evil bastards (whoops, there's that word
again DFS) who enjoy nothing more than exploiting others. In that
respect, I don't make much distinction between the criminals and Microsoft.

--
K.
http://slated.org - Slated, Rated & Blogged

..----
| L.A. town is falling down, while the ground moves around.
| We won't let it get us down; we're Californians!
`----
- Animaniacs ( http://youtube.com/watch?v=XKcgTnfoM9Q )

Fedora Core release 5 (Bordeaux) on sky, running kernel 2.6.16-1.2133_FC5
09:40:16 up 102 days, 9:57, 3 users, load average: 0.00, 0.00, 0.00

Erik Funkenbusch · External Since: May 27, 2005 Posts: 2404

On Thu, 28 Sep 2006 09:41:31 +0100, [H]omer wrote:

> They are more prevalent on Windows than any other platform because:
>
> 1) ... The default Windows account privileges for users is superuser

This is not a reason why they are more prevelant. Superuser is not
required for a virus to infect a machine, nor is it needed to replicate
itself. Certainly, superuser helps make them harder to discover and
recover from, but that's really a different argument.

> 2) ... Windows has disproportionately more vulnerabilities

I don't see how you can prove that.

> 3) ... MS have a slow patch release cycle

This too is a fallacy. Open Source coders have simply been better at
hiding when the patches were actually discovered and reported. I've proved
time and time again in this newsgroup that virtually EVERY TIME someone has
claimed a fast patch cycle, it's really been weeks or months.

> 4) ... As a commercial entity, Windows is a better target for profit
> motivated scams

I doubt that. It's just that these scams target gullible people.

> 5) ... And yes, there are more Windows machines = bigger target

Ding Ding Ding.

> However, El Reg seems to have disproved theory No5 with their piece on
> Apache, some time ago.
>
> http://www.theregister.co.uk/2004/10/22/linux_v_windows_security/

That article is severely flawed in many ways.

For example, Apache is *NOT* more prevelant on the net than IIS. IIS runs
on more physical servers than Apache does, that makes it a larger target
for infection. Apache merely has more *hostnames* running on Apache
servers, not more physical servers themselves.

Second, Comapring security of IIS 6 (now 3 years old) versus Apache 2,
Apache loses big time with more than 58 security patches. IIS had 3. This
completely blows a hold in the "security" argument.

Also note that he says this:

"Attacks _are_ of course aimed at Windows because of the numbers of users",
so he contradicts himself.

Then he goes on to make sweeping generalized claims about what is and isn't
possible that he has no factual basis to back up.

> Linux users are often perceived as people who are generally
> disinterested in commercial ideals (i.e. they do not make a good target
> demographic for sales). This, for the most part, is a misconception,
> however it is enough to convince e.g. spammers that targeting FOSS
> platforms with their Mailware would not be worth the effort, quite
> besides any security considerations.

Or, more importantly, Linux users are typically above average in
intelligence. They *HAVE* to be in order to figure everything out.

> And probably always will be. Unfortunately I can foresee the day when
> the same might be said about Linux. Why do you think the NSA and Red Hat
> are pushing SELinux so hard. Despite *nix's superior security model,
> hackers are a determined breed, and will never be completely repressed.

"Secure" is a nebulous term, and is relative to the level of knowledge of
the attackers. At one point in time, locks were considered secure, but as
knowledge grew, they became a "keeps honest people honest" tool. Hell,
nowadays, you can buy a bumpkey set that will open 99% of all locks in 1
second on ebay with virtually no knowledge of how to pick locks.

The same is true of exploits. It used to be that things like buffer
overruns were considered "too difficult" to exploit, then new tools came
along that made it ridiculously easy for even script kiddies to do it,
without knowing much about the software itself or how to program.

Complexity of the exploit is no safe harbor, and all it takes is a
motivated attacker to figure it out and the dam will burst. Issues like
"monocultures" will only keep you safe until the attackers figure out
blended attacks that work across platforms.

JDS · External Since: Oct 13, 2006 Posts: 245

On Thu, 28 Sep 2006 13:51:11 +0200, Hadron Quark wrote:

> You can be sure as hell that *if* Linux ever gets more than 2% of the
> desktop share then the virus writers will turn their gaze towards it.

How about the server market share? Most of the websites on the WWW
run on Apache on Linux. That's a pretty big market share. Where are the
viruses for those systems?

--
JDS

JDS · External Since: Oct 13, 2006 Posts: 245

On Thu, 28 Sep 2006 15:25:49 +0200, Hadron Quark wrote:

> And it is a reasonable argument : who do I target? 0.2% of the PC market

It is not reasonable, because it can and has been proven false.
--
JDS

B Gruff · External Since: Jun 17, 2004 Posts: 1639

On Thursday 28 September 2006 08:42 Mathew P. wrote:

> I have something to ask the group. Much has been said, at great
> length on the topic, with very long and verbose posts. Really,
> at it's most simple, basic level, it's a very straightforward
> single sentence that defines the Windows experience:
>
> ######################
> Why do rapid spreading, self replicating, successful viruses and
> other malicious code exist for the Windows operating system?
> ######################
>
> That's really the basic question, isn't it?

Indeed.
May I throw another one into the pot? It's this:-

My understanding is that very few AIDS sufferers actually die of AIDS - my
understanding is that they tend to die of other things. These other things
tend (I understand) to be diseases which the rest of of just "shrug-off",
or which can be treated with antibiotics etc.
Why is this?

dsteel0 · External Since: Sep 27, 2005 Posts: 28

B Gruff wrote:
> On Thursday 28 September 2006 08:42 Mathew P. wrote:
>
> > I have something to ask the group. Much has been said, at great
> > length on the topic, with very long and verbose posts. Really,
> > at it's most simple, basic level, it's a very straightforward
> > single sentence that defines the Windows experience:
> >
> > ######################
> > Why do rapid spreading, self replicating, successful viruses and
> > other malicious code exist for the Windows operating system?
> > ######################
> >
> > That's really the basic question, isn't it?
>
> Indeed.
> May I throw another one into the pot? It's this:-
>
> My understanding is that very few AIDS sufferers actually die of AIDS - my
> understanding is that they tend to die of other things. These other things
> tend (I understand) to be diseases which the rest of of just "shrug-off",
> or which can be treated with antibiotics etc.
> Why is this?

Because the "I" and the "D" in AIDS stand for "immune" and "deficiency"
(or Immunodeficiency)

Not quite sure I see your point, unless you are trying to say that
users are not affected by viruses, but by the effects of viruses...

DSt.

High Plains Thumper · External Since: Mar 06, 2005 Posts: 716

Erik Funkenbusch wrote:
> [H]omer wrote:
>
>> 2) ... Windows has disproportionately more vulnerabilities
>
> I don't see how you can prove that.
>
>> 3) ... MS have a slow patch release cycle
>
> This too is a fallacy. Open Source coders have simply been
> better at hiding when the patches were actually discovered
> and reported. I've proved time and time again in this
> newsgroup that virtually EVERY TIME someone has claimed a
> fast patch cycle, it's really been weeks or months.

According to:

http://www.symantec.com/specprog/threatreport/
ent-whitepaper_symantec_internet_security_threat_report_
x_09_2006.en-us.pdf

http://tinyurl.com/s5qaz

Page 61

| There does not appear to be any discernible trend in patch
| development times for Web browsers. This may be because
| these times are influenced by the number of vulnerabilities
| that are disclosed for each browser. Mozilla is the only
| vendor whose patch development time has decreased
| consistently over the past three six-month periods.
| Generally speaking, Internet Explorer has the longest patch
| development times of any browser. This may be due to the
| vendor's practice of issuing patches on a regular monthly
| schedule.

Note, IE has longest patch development time in general.

| Window of exposure, Web browsers
|
| The window of exposure is the difference between the
| average patch development time and the average exploit code
| development time for vulnerabilities in the selected Web
| browsers. In the first half of 2006, Internet Explorer had
| a window of exposure of nine days, down considerably from
| 25 days in the second half of 2005 (figure 23). During this
| reporting period, Apple Safari had a window of exposure of
| five days, up from zero days in the second half of 2005.
|
| In the first half of 2006, Opera had a window of exposure
| of two days, down considerably from 18 days during the
| second half of 2005. In the first six months of 2006,
| Mozilla had a window of exposure of one day. In the second
| half of 2005, Mozilla had a window of exposure of negative
| two days, meaning that exploits were generally released
| after patches were available.

Mozilla had a response time of 1 day from time of exploit to
patch.

--
HPT

William Poaster · External Since: Sep 10, 2006 Posts: 125

On Thu, 28 Sep 2006 07:42:32 +0000, Mathew P. wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> I have something to ask the group. Much has been said, at great
> length on the topic, with very long and verbose posts. Really,
> at it's most simple, basic level, it's a very straightforward
> single sentence that defines the Windows experience:
>
> ######################
> Why do rapid spreading, self replicating, successful viruses and
> other malicious code exist for the Windows operating system?
> ######################
>
> That's really the basic question, isn't it?
>
> You see, it should be apparent to everyone once they give the problem
> consideration, that malicious code, such as worms and viruses, will
> only be written if a vulnerability exists for the author of the code
> to exploit. This vulnerability if found, will only be exploited if
> there is a return on the investment of the time and effort required
> to develop the strategy and coding of the malicious software. This
> leads to the inescapable conclusion that this OS's environment
> offers significant windows of opportunity (so to speak) for the
> authors of this kind of code to harvest that return on investment,
> whatever it may be.
>
> Before any voice is given to the argument, "it's because windows
> is used more than any other system", just set that thought aside
> for a moment and consider the above paragraph.

That's the old argument dished out by many ignorant windows users.
Completely false, of course, & here's why:-
http://www.securityfocus.com/columnists/188

> And reconsider the basic, one line question that leads to all
> other questions such as why anti-virus software is absolutely essential
> in a windows system:
>
> ######################
> Why do rapid spreading, self replicating, successful viruses and
> other malicious code exist for the Windows operating system?
> ######################

´ Microsoft's email software is able to infect a user's computer when
they do something as innocuous as read an email! ¡
A flaw/fault in Internet Exploder *also* affects OE, & emails in
HTML can hide all kinds of nasties. But OE goes right ahead displays it in
all it's glory, including any Java & Javascripts that may be present.
Furthermore, there are over 45 extensions in windoze which are executable.
So, is it any wonder why it's a target?

In linux, OTOH, if you use kmail at least you're *warned* that the message
is in HTML, & asked if you trust the message sender. Even if you choose to
display it in HTML, any Java & Javascript elements will NOT display.
Also any attachments will NOT *automatically* run.

> This really *is* the bottom line.

--
Never argue with a wintroll, they drag
you *down* to their level of stupidity,
then beat you with their experience.
-- Paraphrased, with acknowledgement to Dilbert --

Gordon · External Since: Sep 27, 2006 Posts: 8

Erik Funkenbusch wrote:

>
> And you would be wrong.
>
> Lots of viruses exist and propogate through no computer vulnerability
> whatsoever, at least not one that is fixable. They spread through HUMAN
> vulnerability. ie, executing attachments that get sent to them. There is
> nothing that any OS can do about that problem without severely restricting
> the users to the point they can't do anything.

And YOU are wrong too. Take the "I Love You" virus. Yes that was /activated/
by a human, but /spread/ due to a vulnerability in the design of the
Outlook and Outlook Express address book. Remember that those of us who
used Thunderbird or Mozilla or Pegasus or other non-MS email clients were
NOT affected.....

High Plains Thumper · External Since: Mar 06, 2005 Posts: 716

Gordon wrote:
> Erik Funkenbusch wrote:
>
>> And you would be wrong.
>>
>> Lots of viruses exist and propogate through no computer
>> vulnerability whatsoever, at least not one that is
>> fixable. They spread through HUMAN vulnerability. ie,
>> executing attachments that get sent to them. There is
>> nothing that any OS can do about that problem without
>> severely restricting the users to the point they can't do
>> anything.
>
> And YOU are wrong too. Take the "I Love You" virus. Yes
> that was /activated/ by a human, but /spread/ due to a
> vulnerability in the design of the Outlook and Outlook
> Express address book. Remember that those of us who used
> Thunderbird or Mozilla or Pegasus or other non-MS email
> clients were NOT affected.....

Activated by human could mean something as simple as allowing
Windows to auto connect for OS registration after installing
OS, prior to installing antivirus and personal firewall
software.

Way to prevent auto connect is *unplug* the network cable
until AV is loaded and running. I failed to do that and my
system got infected.

--
HPT

Erik Funkenbusch · External Since: May 27, 2005 Posts: 2404

On Thu, 28 Sep 2006 10:55:13 +0100, Gordon wrote:

> Erik Funkenbusch wrote:
>
>>
>> And you would be wrong.
>>
>> Lots of viruses exist and propogate through no computer vulnerability
>> whatsoever, at least not one that is fixable. They spread through HUMAN
>> vulnerability. ie, executing attachments that get sent to them. There is
>> nothing that any OS can do about that problem without severely restricting
>> the users to the point they can't do anything.
>
> And YOU are wrong too. Take the "I Love You" virus. Yes that was /activated/
> by a human, but /spread/ due to a vulnerability in the design of the
> Outlook and Outlook Express address book. Remember that those of us who
> used Thunderbird or Mozilla or Pegasus or other non-MS email clients were
> NOT affected.....

You most certainly could be effected. You just had to save the attachment
before executing it manually. What makes you think that someone who will
click on an attachment to execute it wouldn't save it and execute it if
that were the only option?

Hell, a few years back, there were these streams of very complicated hoaxes
going around that asked users to delete various files from their hard
drive, because they were claimed to be viruses. There were also viruses
that shipped themselves in zip files tha the users had to open, then
execute the contained programs.

Do NOT understimate the amount of work someone will go through to see those
Anna Kournakova pictures, or to view that cute greeting card they got from
a "friend".

B Gruff · External Since: Jun 17, 2004 Posts: 1639

On Thursday 28 September 2006 12:08 Richard Rasker wrote:

> Um, there is quite a bit the OS can do without overly restricting users;
> inmy opinion, the most important one is the x-bit, where files received
> via e-mail can't possibly be executed unless the user jumps through
> several hoops to make them executable.

A super post, which I greatly appreciated and enjoyed, Richard.

However, just on the above point, may I draw your attention to the dozens of
times over the last few weeks that this group has been harangued by a
certain flatfish+++ bleating time and again how comparatively DIFFICULT it
was for him to install Google Earth?
He had to do exactly as you say - set the x-bit on the downloaded file.
It seems that he and all 12 (not 11, not 13, but 12) of his friends who
tried expected to double-click the downloaded file for it to install, and
that The System was at fault because it didn't!

I reckon that we have a long way to go in edgjerkating the masses!
(In the case of flattie, perhaps culling would be more appropriate?)

Peter Hayes · External Since: Oct 10, 2005 Posts: 202

In <pan.2006.09.28.11.08.13.631323.TakeThisOut@linetec.nl> Richard Rasker wrote:

> For a large part, Microsoft can't be blamed any more - these design
> decisions have a historical background, in that Microsoft didn't
> foresee networking going beyond perhaps a handful of trusted machines
> on a trusted network; also, they didn't foresee that people would
> start making viruses. Their stuff was designed for a non-networked one-
> person computer, and now they can't change it, lest they render most
> of current, popular software useless in one stroke.

To excuse Microsoft through historical baggage and a lack of foresight
isn't valid. They had two major opportunities to beef up security, the
release of Windows 95 and the release of NT4, or perhaps even NT3.51.

By 1990 viruses were becoming widespread, usually spread on floppies.
Five years later the release of Windows 95 was a pivotal moment - a new
OS with a new UI, a new kernel, and a new opportunity for Microsoft to
develop security policies and make a fresh start. They didn't, and from
that decision flows the trillions of $$$ lost to no purpose.

The Linux/Unix security paradigm was well in place by 1995 and Microsoft
chose to ignore it, presumably for short term marketing purposes. Social
engineering exploits aside, they are fully liable for financial losses
greater than the GDP of several third world nations. Yet they are
allowed to get away with it. Sheesh...

--

Peter