RE: [SLE] (OT): M$ response to I LOVE YOU
-----Original Message----- From: Ole Kofoed Hansen [mailto:k01164@ko.sdu.dk] Sent: Friday, May 05, 2000 7:17 AM To: suse-linux-e@suse.com Subject: Re: [SLE] (OT): M$ response to I LOVE YOU
At 08:36 05-05-00, Dennis wrote:
Microsoft Corp., for its part, said the virus was not indicative of any particular vulnerability associated with Microsoft Outlook. [...snip...] Anyway, here's what a spin-doctor at Mickey$oft has to say about it, courtesy of Reuters-- prepare to gag. -------------BS follows-----------
``Viruses are really an industry-wide issue,'' said Scott Culp, program manager for Microsoft's security response center. ''They can be written for any platform. They can be written to use a variety of e-mail clients.
``In this case the virus author chose to target Outlook probably because it gave him better reach,'' he said. ``There isn't a security vulnerability in Outlook involved in this at all,'' Culp said. ------------end BS-------------
Actually he was right. As far as I know, this worm (it is NOT a virus) still requires the user to actively tell the computer to run the program.
If the user will run it, he might also save it and run it if he was using a different MUA or even OS. (Of course, in this specific case, the program would only run on a MS OS.)
Please note that I am not saying that Microsoft programs are safe, just that as long as a user has to actively run a program, it is no fault of the OS or applications if the program is malicious.
You can't possibly say that the amount of damage that can be done by this worm could be done on Linux. I could see a user running a script or executable that would send out e-mails but basic system files (such as the registry if there were one on Linux) aren't going to be overwritten on a decent multi-user system. Greg Because e-mail can be altered electronically, the integrity of this communication cannot be guaranteed. -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
----- Original Message -----
From: Thomas, Gregory (NBC, KNBC)
-----Original Message----- From: Ole Kofoed Hansen [mailto:k01164@ko.sdu.dk] Sent: Friday, May 05, 2000 7:17 AM To: suse-linux-e@suse.com Subject: Re: [SLE] (OT): M$ response to I LOVE YOU
At 08:36 05-05-00, Dennis wrote:
Microsoft Corp., for its part, said the virus was not indicative of any particular vulnerability associated with Microsoft Outlook. [...snip...] Anyway, here's what a spin-doctor at Mickey$oft has to say about it, courtesy of Reuters-- prepare to gag. -------------BS follows-----------
``Viruses are really an industry-wide issue,'' said Scott Culp, program manager for Microsoft's security response center. ''They can be written for any platform. They can be written to use a variety of e-mail clients.
``In this case the virus author chose to target Outlook probably because it gave him better reach,'' he said. ``There isn't a security vulnerability in Outlook involved in this at all,'' Culp said. ------------end BS-------------
Actually he was right. As far as I know, this worm (it is NOT a virus) still requires the user to actively tell the computer to run the program.
If the user will run it, he might also save it and run it if he was using a different MUA or even OS. (Of course, in this specific case, the program would only run on a MS OS.)
Please note that I am not saying that Microsoft programs are safe, just that as long as a user has to actively run a program, it is no fault of the OS or applications if the program is malicious.
You can't possibly say that the amount of damage that can be done by this worm could be done on Linux. I could see a user running a script or executable that would send out e-mails but basic system files (such as the registry if there were one on Linux) aren't going to be overwritten on a decent multi-user system.
It won't be that hard to right a shell or perl script to go though a pine or elm address book and send it's self to all the users in it. The registry on win would be the /etc directory on Unix (or LDP), but the scritpt won't be able to do this on Unix (and shouldn't be able to on NT/2000), only Win9* and MacOS are suspectiable to this type of "user == root at all times" type of attack. -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
On 05-May-00 Jack Barnett wrote:
----- Original Message ----- From: Thomas, Gregory (NBC, KNBC)
To: 'Ole Kofoed Hansen' ; Sent: Friday, May 05, 2000 11:29 AM Subject: RE: [SLE] (OT): M$ response to I LOVE YOU -----Original Message----- From: Ole Kofoed Hansen [mailto:k01164@ko.sdu.dk] Sent: Friday, May 05, 2000 7:17 AM To: suse-linux-e@suse.com Subject: Re: [SLE] (OT): M$ response to I LOVE YOU
At 08:36 05-05-00, Dennis wrote:
Microsoft Corp., for its part, said the virus was not indicative of any particular vulnerability associated with Microsoft Outlook. [...snip...] Anyway, here's what a spin-doctor at Mickey$oft has to say about it, courtesy of Reuters-- prepare to gag. -------------BS follows-----------
``Viruses are really an industry-wide issue,'' said Scott Culp, program manager for Microsoft's security response center. ''They can be written for any platform. They can be written to use a variety of e-mail clients.
``In this case the virus author chose to target Outlook probably because it gave him better reach,'' he said. ``There isn't a security vulnerability in Outlook involved in this at all,'' Culp said. ------------end BS-------------
Actually he was right. As far as I know, this worm (it is NOT a virus) still requires the user to actively tell the computer to run the program.
If the user will run it, he might also save it and run it if he was using a different MUA or even OS. (Of course, in this specific case, the program would only run on a MS OS.)
Please note that I am not saying that Microsoft programs are safe, just that as long as a user has to actively run a program, it is no fault of the OS or applications if the program is malicious.
You can't possibly say that the amount of damage that can be done by this worm could be done on Linux. I could see a user running a script or executable that would send out e-mails but basic system files (such as the registry if there were one on Linux) aren't going to be overwritten on a decent multi-user system.
It won't be that hard to right a shell or perl script to go though a pine or elm address book and send it's self to all the users in it. The registry on win would be the /etc directory on Unix (or LDP), but the scritpt won't be able to do this on Unix (and shouldn't be able to on NT/2000), only Win9* and MacOS are suspectiable to this type of "user == root at all times" type of attack.
--
The only problem with writing such a script, is that you must get it to attack
(i.e. read) the file for a particular email app. Unlike Windows, Linux users
seem to have a plethora of email apps, albeit some more popular than others.
And the "address files" are probably slightly different for each.
But the inherent security within Linux itself prevents such a script from being
too destructive (maybe at best a single user). And even then, the script would
have to be run...who runs apps or scripts from unknown sources?!?!
-----------------------------------
Arlen Carlson
On Fri, 05 May 2000, you wrote: <SNIP>
And even then, the script would have to be run...who runs apps or scripts from unknown sources?!?!
From my experiences, when I used to run windows. These email virii or worms are generally received from people we possibly know and trust because we are in their address books. Most average users aren't cautious enough to think that their friend would send them a virus. I myself once thought, "oooh, my brother-in-law sent me this happy park thing, it must be pretty cool". I didn't have virus software installed at the time because in three years of being on the internet I didn't get a virus. Big mistake! It's little things like that which make it easy for virii or worms to have such an impact. my 1 cent -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
Damian Slavek wrote:
On Fri, 05 May 2000, you wrote:
<SNIP>
And even then, the script would have to be run...who runs apps or scripts from unknown sources?!?!
From my experiences, when I used to run windows. These email virii or worms are generally received from people we possibly know and trust because we are in their address books. Most average users aren't cautious enough to think
Exactly. But that doesn't stop me from deleting attachments at work. The usual attitude (at work) seems to be: 1. The source is trustful 2. There is "inocculan" running online to check for viruses (3. This is not my private machine) I compare this to running at high speed on a freeway with black ice in winter. You're save, cause your car got break locking systems, belts and airbags. Nothing can happen. And if, -well it's a rental car. Nobody knows the number of systems the little "message mate" has successfully run through and can't tell how many "surprises" it collected in that time. When last year "happy99.exe" was spread on this list by accident, I let it check by our scanners at work: It wasn't recognized.
that their friend would send them a virus. I myself once thought, "oooh, my brother-in-law sent me this happy park thing, it must be pretty cool". I didn't have virus software installed at the time because in three years of being on the internet I didn't get a virus. Big mistake! It's little things like that which make it easy for virii or worms to have such an impact.
And as to "I LOVE YOU.TXT.vbs" is (usually) displayed as "I LOVE YOU.TXT", since the (default) setup in Windows is to hide the registrated extensions, making it look like an attached text file on first sight. The main risk is *not* M$, but the (deaf) thing in front of the keyboard called user. You can talk and talk about basic securety, they don't listen and keep on speading on black ice. Juergen
my 1 cent
my small money on that subject... -- =========================================== __ _ Juergen Braukmann juergen.braukmann@gmx.de| -o)/ / (_)__ __ ____ __ Tel: 0201-743648 dk4jb@db0qs.#nrw.deu.eu | /\\ /__/ / _ \/ // /\ \/ / ===========================================_\_v __/_/_//_/\_,_/ /_/\_\ -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
On 7 May 2000, at 10:53, juergen.braukmann@ruhr-west.de wrote:
The main risk is *not* M$, but the (deaf) thing in front of the keyboard called user. You can talk and talk about basic securety, they don't listen and keep on speading on black ice.
We actually came out unscathed. 25 of the messages came to our department before the folx adminstering our mail server 86'ed the subject. No one opened them. We had a few infections from Happy99, and when this happened, I became really relentless about educating my users. Every time I get a virus report, I forward it to our deptpartmental mailing list, along with commentary about using virus software, upgrading signatures, opening attachments, not using Outlook, etc. I also take the time to talk to the users personally, as often as possible, and stress the importance of virus protection, backing up data, putting important stuff on the server, and so forth. I also get them from a purely self-interest angle-- "How much do you have invested in your data, and how much time would it take you to recreate it if it was destroyed?" Then I tell them about what a crapshoot data recovery is from a trashed hard drive is. A little enlightened self interest gets 'em every time ;) Cheers, Dennis "Custard pies are a sort of esperanto: a universal language." --Noel Godin -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
----- Original Message -----
From: Arlen Carlson
On 05-May-00 Jack Barnett wrote:
----- Original Message ----- From: Thomas, Gregory (NBC, KNBC)
To: 'Ole Kofoed Hansen' ; Sent: Friday, May 05, 2000 11:29 AM Subject: RE: [SLE] (OT): M$ response to I LOVE YOU -----Original Message----- From: Ole Kofoed Hansen [mailto:k01164@ko.sdu.dk] Sent: Friday, May 05, 2000 7:17 AM To: suse-linux-e@suse.com Subject: Re: [SLE] (OT): M$ response to I LOVE YOU
At 08:36 05-05-00, Dennis wrote:
Microsoft Corp., for its part, said the virus was not indicative of any particular vulnerability associated with Microsoft Outlook. [...snip...] Anyway, here's what a spin-doctor at Mickey$oft has to say about it, courtesy of Reuters-- prepare to gag. -------------BS follows-----------
``Viruses are really an industry-wide issue,'' said Scott Culp, program manager for Microsoft's security response center. ''They can be written for any platform. They can be written to use a variety of e-mail clients.
``In this case the virus author chose to target Outlook probably because it gave him better reach,'' he said. ``There isn't a
vulnerability in Outlook involved in this at all,'' Culp said. ------------end BS-------------
Actually he was right. As far as I know, this worm (it is NOT a virus) still requires the user to actively tell the computer to run the program.
If the user will run it, he might also save it and run it if he was using a different MUA or even OS. (Of course, in this specific case, the program would only run on a MS OS.)
Please note that I am not saying that Microsoft programs are safe, just that as long as a user has to actively run a program, it is no fault of the OS or applications if the program is malicious.
You can't possibly say that the amount of damage that can be done by
worm could be done on Linux. I could see a user running a script or executable that would send out e-mails but basic system files (such as
registry if there were one on Linux) aren't going to be overwritten on a decent multi-user system.
It won't be that hard to right a shell or perl script to go though a
security this the pine or
elm address book and send it's self to all the users in it. The registry on win would be the /etc directory on Unix (or LDP), but the scritpt won't be able to do this on Unix (and shouldn't be able to on NT/2000), only Win9* and MacOS are suspectiable to this type of "user == root at all times" type of attack.
-- The only problem with writing such a script, is that you must get it to attack (i.e. read) the file for a particular email app. Unlike Windows, Linux users seem to have a plethora of email apps, albeit some more popular than others. And the "address files" are probably slightly different for each.
true, maybe scan the /etc/aliases and /etc/virtusertable?
But the inherent security within Linux itself prevents such a script from being too destructive (maybe at best a single user).
True, but also NT/2000 should also prevent this, win9x and Mac users are kinda screwed
And even then, the script would have to be run...who runs apps or scripts from unknown sources?!?!
Uh, all the Windows users that clicked on "ILOVEYOU.vbs"?? I mean, What is all the windows users that clicked on the "ILOVEYOU.vbs" script. Techinally though, the apps/scripts came from known users, you don't have people you don't know in your address book do you?
----------------------------------- Arlen Carlson
A nuclear war can ruin your whole day.
This message was sent by XFmail (Linux)
-o) /\\ _\_v
The penguins are coming... the penguins are coming... -----------------------------------
-- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
-- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
participants (6)
-
adcarlso@visinet.ca
-
damianks@netnet.net
-
dsoper@clipper.net
-
gregory.thomas@nbc.com
-
jbarnett@axil.netmate.com
-
juergen.braukmann@ruhr-west.de