-----Original Message----- From: Ole Kofoed Hansen [mailto:k01164@ko.sdu.dk] Sent: Friday, May 05, 2000 7:17 AM To: suse-linux-e@suse.com Subject: Re: [SLE] (OT): M$ response to I LOVE YOU
At 08:36 05-05-00, Dennis wrote:
Microsoft Corp., for its part, said the virus was not indicative of any particular vulnerability associated with Microsoft Outlook. [...snip...] Anyway, here's what a spin-doctor at Mickey$oft has to say about it, courtesy of Reuters-- prepare to gag. -------------BS follows-----------
``Viruses are really an industry-wide issue,'' said Scott Culp, program manager for Microsoft's security response center. ''They can be written for any platform. They can be written to use a variety of e-mail clients.
``In this case the virus author chose to target Outlook probably because it gave him better reach,'' he said. ``There isn't a security vulnerability in Outlook involved in this at all,'' Culp said. ------------end BS-------------
Actually he was right. As far as I know, this worm (it is NOT a virus) still requires the user to actively tell the computer to run the program.
If the user will run it, he might also save it and run it if he was using a different MUA or even OS. (Of course, in this specific case, the program would only run on a MS OS.)
Please note that I am not saying that Microsoft programs are safe, just that as long as a user has to actively run a program, it is no fault of the OS or applications if the program is malicious.
You can't possibly say that the amount of damage that can be done by
worm could be done on Linux. I could see a user running a script or executable that would send out e-mails but basic system files (such as the registry if there were one on Linux) aren't going to be overwritten on a decent multi-user system.
It won't be that hard to right a shell or perl script to go though a
In a message dated 5/6/00 4:36:36 AM Pacific Daylight Time, adcarlso@visinet.ca writes: this pine
or
elm address book and send it's self to all the users in it. The registry on win would be the /etc directory on Unix (or LDP), but the scritpt won't be able to do this on Unix (and shouldn't be able to on NT/2000), only Win9* and MacOS are suspectiable to this type of "user == root at all times" type of attack.
-- The only problem with writing such a script, is that you must get it to attack (i.e. read) the file for a particular email app. Unlike Windows, Linux users seem to have a plethora of email apps, albeit some more popular than others.
And the "address files" are probably slightly different for each.
But the inherent security within Linux itself prevents such a script from being too destructive (maybe at best a single user). And even then, the script would have to be run...who runs apps or scripts from unknown sources?!?!
-----------------------------------
Here is my 2 cents. I administer several FreeBSD systems and I have to say from that experiance, it is very difficult if not impossiable for a user executed script to damage the system unless the script is run at UID 0. At the most only a single user will be damaged or destroyed. This is the reason why I run all internet access daemons from their own UID to separate the services from each other AND to limit the vurnabilities to the system if one should crash and dump the user into the shell session for that UID. Windows Nice Try and Windows 2Knockout more than likely have numerous holes in their security that people (Hackers/Crackers/Sysadmins/End Users) have not yet discovered. This E-Mail Virus or Worm is in the message atachment with the filename "I LOVE YOU.TXT.vbs". Basically the .vbs is critical here. It types the file to Visual Basic Script which is akin to either a shell script in a UNIX environment or a BATCH file in the DOS world. This malicious program is targeted directly at Microsoft Outlook because VBS is a Microsoft only scripting language. Even Netscape 4.72 under Windows as well as any other Windows E-Mail client and other platforms such as Unix, Macs, etc are immune from it. Dan. -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/