Kuro5hin.org: technology and culture, from the trenches
create account | help/FAQ | contact | links | search | IRC | site news
[ Everything | Diaries | Technology | Science | Culture | Politics | Media | News | Internet | Op-Ed | Fiction | Meta | MLP ]
We need your support: buy an ad | premium membership

[P]
Anti-MS FUD

By enterfornone in Internet
Sun Aug 12, 2001 at 07:02:46 PM EST
Tags: Software (all tags)
Software

Read this. Pretty much sums up the three anti-MS misinformations that seem to be circulating lately, that being 1) email viruses are somehow Microsoft's fault 2) Microsoft implementing standard TCP/IP in their home user OS is a bad thing and 3) MS are about to create their own Internet Protocol and force the rest of the world to use it.


Admittedly the first has some basis in fact. All the common email viruses are Windows apps. But this is simply because Windows is the dominant OS. It would be just as easy to write a SirCam style virus for Linux or any other OS (no, you wouldn't even need to run it as root, just have it infect the users .profile) however since 99% of people in your address book or browser cache don't run Linux the virus wouldn't spread very far. The viruses aren't exploiting a flaw in Windows unless you consider popularity a flaw. What they are exploiting is the fact that people are stupid enough to open and run the file.

The second piece of FUD is based on the idea that a full TCP/IP implementation will allow hackers who break into Windows machines to spoof IPs. Hackers who break into Unix or Windows 2000 machines can already do this. In addition hackers can install a third party addon to Windows 9x OSs that will allow them to do the same thing. Microsoft is just making it a default. IP spoofing is bad, but MS aren't to blame for it. Anyone who has set up the most basic of firewalls knows that just as you can filter stuff coming in you can also filter stuff going out. Most people filter outbound traffic that obviously doesn't originate from IPs in your internal network. In my case (when I had a home network at least) I dropped anything that originated from anywhere other than 10.* since those were the only IPs I used. People who have networks that use public addresses should filter out outbound traffic that doesn't originate from IPs that they own, since it's obviously being spoofed. If they don't you can't really blame Microsoft. Sure, you can still pretend to be someone on your subnet, but you can't pretend to be someone on the other side of the world. In the former case you can at least be tracked back to your provider.

The TCP/MS FUD is one of the more far fetched rumours I've heard lately yet it seems to be taken seriously by many. The idea is that Microsoft will create a new Internet Protocol and force everyone to pay them to use it.

Microsoft already have their own network protocol, Netbeui. The default under all their previous network operating systems, as of Windows 2000 it has been dumped in favour of TCP/IP. While Netbeui had some serious flaws (it can't be routed, so it can't be used to communicate between networks) much of the reason why they switched to TCP/IP is because everyone wants to connect to the Internet and TCP/IP is the protocol the Internet uses.

For Microsoft to change the protocol of the Internet they would have to be the dominant player on the Internet. And they aren't. They might be the dominant player in terms of Internet clients, but if they release an OS that can only do TCP/MS then they can be fairly certain that it either won't sell or that people will just tack TCP/IP back on to it (as companies like Trumpet did in the Windows 3.1 days).

Sure they could release an OS that can do TCP/MS and TCP/IP but would anyone use it? Perhaps if it has features above TCP/IP some might use it in internal networks and then use a TCP/MS to TCP/IP gateway much the same way that many Novell networks gateway IPX/SPX to TCP/IP. But would any of their competitors really feel the need to join in? More than likely they would simply extend TCP/IP with open standards that implement the same features that MS tried to make proprietary. And between them, Sun, Cisco, the IETF and the authors of Linux and the FreeBSDs would have little trouble selling an open standard that runs on many platforms over a closed standard that runs on one.

Microsoft have been trying to control the Internet for years and they still don't control a single protocol in wide use. Their proprietary Microsoft Network dial up service failed against the popularity of the Internet. Their constant extensions to HTML are rarely used in favour of cross platform standards. Their latest attempts, the Active Directory extensions to DNS haven't made a great impact either. If they can't do that, why would anyone expect that they would be able to gain control of the Internet's core protocols.

I'm no great lover of Microsoft, but those who attack them with this sort of FUD need to get back to reality.

Sponsors

Voxel dot net
o Managed Hosting
o VoxCAST Content Delivery
o Raw Infrastructure

Login

Related Links
o Read this
o Trumpet
o Also by enterfornone


Display: Sort:
Anti-MS FUD | 97 comments (93 topical, 4 editorial, 0 hidden)
Popularity is a flaw: monoculture. (nt) (3.22 / 9) (#1)
by elenchos on Fri Aug 10, 2001 at 11:49:23 PM EST


Hey! Read this. That is all.

One can't really FUD the FUDDERs (3.60 / 10) (#2)
by Pac on Sat Aug 11, 2001 at 12:06:34 AM EST

Just a couple of observations on your anti-FUD campaign in favour of truth, honour and one of the largest corporations ever to exist on Earth.

First, your opinion on Linux virus is not much more than an opinion. Misinformed at that.Try logging as a normal user in a Unix box and edit the .profile of other users. Also, the fact that Windows is the dominant OS has almost nothing to do with the fact that Microsoft doesn't give a damm about secutiry until forced to.

Your second assertion is only flawed by the fact that it contradicts the first. It does not matter if W2K and Unix have these features. Windows IS the dominant OS. Furthermore, domestic Windows (and not Win2K) installations are the dominant userbase platform and more and more (with the spreading of *DSL and cable conections) the main launch platform for DDoS attacks. But I don't even agree with anyone proposing Microsoft should not implement the correct standard. But they are pointing to a real problem.

As for your last point, TCP/MS, those are just idle thoughts, yours and Cringley's. What can and can't be done is too much dependent on marketing, features and userbase-lockup. But Microsoft has already played this game many times on other markets. It is absolutely not above them to try it again. And people's ability to resist, fight back or overcome technical nicities is very weak, to say the least.

All in all, fear not: you will never see this kind of article in the main press. You will only see the kind makers of flawed software posing as good guys, blaming the problem on overworked admins for not having patched the thousandth security hole in a month.

Evolution doesn't take prisoners


ugh, learn to read. (3.40 / 5) (#3)
by delmoi on Sat Aug 11, 2001 at 12:26:24 AM EST

First, your opinion on Linux virus is not much more than an opinion. Misinformed at that.Try logging as a normal user in a Unix box and edit the .profile of other users.

Try learning how to read. The guy clearly didn't say anything about editing other peoples .profiles, just your own. A sir-cam style worm could easily be written for linux, as most users tend to have read access to their own files. The only problem is that the vast majority of Linux users arn't stupid enough to run programs they get in the mail.
--
"'argumentation' is not a word, idiot." -- thelizman
[ Parent ]
It's not just that... (4.00 / 2) (#43)
by chrisbolt on Sun Aug 12, 2001 at 01:01:11 PM EST

How many Linux email clients automatically run attachments? or hide the true extension from files?


---
<panner> When making backups, take a lesson from rusty: it doesn't matter if you make them, only that you _think_ you made them.
[ Parent ]
Extensions (5.00 / 2) (#86)
by Mitheral on Tue Aug 14, 2001 at 07:34:37 PM EST

Or for that matter use extensions to determine what is executable?

[ Parent ]
Linux virus (3.20 / 5) (#5)
by enterfornone on Sat Aug 11, 2001 at 12:29:49 AM EST

First, your opinion on Linux virus is not much more than an opinion. Misinformed at that.Try logging as a normal user in a Unix box and edit the .profile of other users.
You don't need to write to anyone elses .profile, just the user that opened the file. Infecting a single user would be good enough to further propagate the virus.

You don't really need to write to the .profile, that's just one way of making sure the program will exec again when the user next logs in.

--
efn 26/m/syd
Will sponsor new accounts for porn.
[ Parent ]

If it's that easy, then why doesn't it happen? (3.25 / 4) (#14)
by marlowe on Sat Aug 11, 2001 at 09:08:17 AM EST

You can spin dubious hypotheticals all you like, but here in real world, viruses are strictly a Microsoft problem.

Okay, there used to be Macinstosh viruses. But never Linux viruses. There an urban legend somebody tried to create a Linux virus once, and it wouldn't propagate worth a damn.


-- The Americans are the Jews of the 21st century. Only we won't go as quietly to the gas chambers. --
[ Parent ]
Not true. (3.00 / 1) (#73)
by mauftarkie on Mon Aug 13, 2001 at 12:37:17 PM EST

Okay, there used to be Macinstosh viruses. But never Linux viruses. There an urban legend somebody tried to create a Linux virus once, and it wouldn't propagate worth a damn.

It is possible to write a virus for some versions of Unix, including Linux. Search for linux ELF virus on Google and have fun reading about them all.


--
Without you I'm one step closer to happiness without violence.
Without you I'm one step closer to innocence without consequence.


[ Parent ]
Linux viruses and perpetual motion machines (4.00 / 1) (#77)
by plutarch on Mon Aug 13, 2001 at 02:13:27 PM EST

This is interesting, but have you any articles about an ELF virus actually propagating to a significant degree?

You've got lots of neat links here about how tocreate a Linux virus, but how is that any better than instructions on how to make a perpetual motion machine or acheive cold fusion?

The proof is in the pudding, as they say. So when will dessert be served?
Leftism is the ideology of resentment. It is is the ideology of the frustrated will to power. It matters not how much or how little power the Leftist has at the moment. The point is, he wants more, and he can't get it.
[ Parent ]

Of course not :) (4.00 / 1) (#80)
by mauftarkie on Mon Aug 13, 2001 at 06:21:17 PM EST

I don't think anyone is going to argue that there is some Linux virus out there running wildly. The very nature of the Unix security model keeps this from happening (or happening for very long). I was addressing the "hoax" part of the comment more than anything else.

If you want additional reading material, some of the other comments in this article provide links to get you started. Visit the Bugtraq archives. They *do* exist, but many of them are just academic examples that you _can_ do it. The chances of finding anything in the wild are really slim-to-none.

--
Without you I'm one step closer to happiness without violence.
Without you I'm one step closer to innocence without consequence.


[ Parent ]
Ah, but there is a point to be made here. (4.27 / 11) (#4)
by regeya on Sat Aug 11, 2001 at 12:27:28 AM EST

Won't touch the TCP/IP bit, won't touch the new protocol bit, but I will touch the e-mail virus issue.

Come on. MS has firmly established themselves as the common-user OS provider. Through brilliant business maneuvering, Mr. Joe Sixpack thinks he gets Windows, Word/Works, Internet Explorer, and Outlook Express for free.

The responsible thing for MS to do would be to have their products default to a "safe" security setting, but they don't, and average users just don't know to check the settings. It's not that these users are idiots (I could say that about, say, my boss, but then again, he says that about me when it comes to understanding a modern printing press) but rather that they're undereducated when they get a new computer or are assigned a machine at a place of business.

With the rash of email viruses, if MS is guilty of anything, it's not doing enough coddling of the users who were inspired to be idiots by brilliant marketing. You might say they're not responsible; but hey, those "idiots" helped make MS the largest corporation ever. If they'd really like to retain their #1 status, they're either going to have to (in my opinion) work with vendors to convince users they need to learn what they're doing before putting a computer on a live Internet connection or something simple such as saner default settings for IE and Outlook Express.

But no, they seem to be more worried about getting paid for every copy of the upcoming WinXP. Because, as we all know, they're hurting thanks to pirating :-P

for the sarcasm-impaired: that was sarcasm

[ yokelpunk | kuro5hin diary ]

Microsoft's culpability (4.33 / 6) (#7)
by ajf on Sat Aug 11, 2001 at 01:01:34 AM EST

If a virus propagates because of a bug - a buffer overrun in Outlook Express or IIS, say - then OK, it's Microsoft's fault.

But if the virus or worm relies on the user voluntarily and explicitly executing bad code, then no number of "Warning: you're a fucking idiot if you run this program" hoops to jump through Microsoft could add will stop it.

Since SirCam operates by sending email and reading files the user should normally have access to, you can't fairly blame poor operating system security.

But I think Microsoft deserves criticism for its "hide file extensions" misfeature; it's a mild annoyance when Notepad saves a file as something.bat.txt, but the possibility that interesting.doc.pif may be displayed as interesting.doc does contribute to the problem of users unwittingly executing untrusted code.



"I have no idea if it is true or not, but given what you read on the Web, it seems to be a valid concern." -jjayson
[ Parent ]
Bill Gates on TCP/MS (4.30 / 10) (#6)
by delmoi on Sat Aug 11, 2001 at 12:31:29 AM EST

I of course wrote cringely's TCP/MS hypothisis as pure fancy, but then I read this in the Bill gates interview linked earlier in the queue:

The very protocols of the Internet will evolve for security and quality of service and richer caching. And so we are out talking with the Ciscos and the Akamais and Intel--you name it--for that level of stuff. They want to evolve their products, too, to work with Web services. So they are very anxious to talk to us to support broad industry developments and our services, in particular...

I'm still not sure I buy it hook line and sinker, but after read that right out of gates's mouth after reading the cringely artical definetly made me wonder :P
--
"'argumentation' is not a word, idiot." -- thelizman
IPv6 (3.00 / 4) (#29)
by thadk on Sat Aug 11, 2001 at 10:13:30 PM EST

Bill Gates's interview article (and Cringely's) earlier mentioned a few aspects that to me sounded like IPv6 a little, maybe we're all over reacting and they're just trying to get that in place a little early. Then again, maybe not...

btw, Cringely has a new article on his site that points out a few of the problems in his theories article linked here, check it out.

[ Parent ]

Linux email viruses (3.30 / 10) (#8)
by phliar on Sat Aug 11, 2001 at 01:27:02 AM EST

It would be just as easy to write a SirCam style virus for Linux or any other OS
I don't know what SirCam is, I'm assuming it is similar to Melissa etc. in broad general terms.

The flaw in this statement is that such a virus has to be targeted towards both the MUA (email reader) and the OS. In the case of Linux (or *BSD) there simply is no consesus.

I use emacs to read mail. Other people I know use elm, pine, KMail, and the Gnome email client whose name I don't remember. Of the vanilla non-integrated clients, there is no way to get the program to execute any content.

Of the "integrated" apps. like KMail and the Gnome reader, it may be possible; however in my admittedly limited use of KMail, there is no automatic execution of script files, programs and other "active" content.

Now Cringely's claim that access to "raw" sockets will somehow lead to increased exposure to viruses is bogus. First, I don't understand his use of "raw". Does he really mean "raw" in the technical sense, i.e.
   s = socket(AF_INET, SOCK_RAW, ...);
Or does he mean that a program can open a TCP socket? Either way, I don't understand his hysteria. Systems need to be secure; what MS (and any other OS or Linux distribution) needs to do is make a packet filter the default. That takes care of any issues from "raw" sockets.

His other suggestions are too complex and not well thought out. IPv6 does everything I think he's talking about. Instead of horribly complex band-aids, fix the real problem - MS MUAs executing content from attachments.


Faster, faster, until the thrill of...

You make incorrect assumptions. (3.87 / 8) (#10)
by plumpy on Sat Aug 11, 2001 at 04:54:16 AM EST

SirCam comes across the wire as a Windows executable. It is NOT executed by default upon recieving. It is executed by the user who decides they really want to see the contents of the file. It's not designed for specific mail programs at all. It could work just as well with Hotmail as anything else.

It then spreads via its own SMTP client, etc.

In other words, there's nothing that SirCam did that wouldn't have worked on Linux. You just have a smarter population in general that won't run such unknown attachments.

[ Parent ]
So what you're saying is... (3.00 / 5) (#15)
by marlowe on Sat Aug 11, 2001 at 09:13:49 AM EST

smart people choose Linux, while Windows is the choice of idiots?

Even considering all this, Linux is safer than Windows, simply because no ordinary user has root access. Plus, it really helps that we don't have anything so idiotic as executable email attachments. That rules out nearly all email worms. Any email trojan would have to be friggin obvious, and so much trouble for a user to start up, that he'd have too much time to think about what the hell he's doing.



-- The Americans are the Jews of the 21st century. Only we won't go as quietly to the gas chambers. --
[ Parent ]
Incorrect (3.83 / 6) (#20)
by Logan on Sat Aug 11, 2001 at 05:22:18 PM EST

No, while Windows users do not necessarily tend to be stupid people, stupid people do tend to be Windows users.

You seem to be continually ignoring the repeated point that, if this had been oriented towards Linux, all that would have been necessary for it to spread is stupid users. If Linux were a mainstream OS, then it would have at least one, very popular email client that provided easy, convenient methods for executing email attachments. Thus the overriding variable here is not security, but the number of gullible users.

Logan

[ Parent ]

-1 Pro-MS shilling (3.69 / 13) (#11)
by localroger on Sat Aug 11, 2001 at 07:33:07 AM EST

As someone else mentioned, once you edit out the factual errors (particularly the bit about email viruses) you don't have much of an article left. The Outlook/Office combination is the only software suite in common use that permits the transmission and automatic infection of e-mail viruses. And it's entirely because MS was unwilling to sacrifice its nifty gee-whiz functionality to pop up mails in Word and animate them in favor of security.

I can haz blog!

I'm not sure that's what's going on here. (3.40 / 5) (#13)
by marlowe on Sat Aug 11, 2001 at 09:03:54 AM EST

It could be a very clever Bartko, but judging on this guy's past history, I'd say he's sincere. After a fashion. At least on a superficial level. But at deeper levels...

I think this is a guy who's trying to look superior to the whole MS v. Linux argument by finding a way to lambaste one side without wholly endorsing the other. Call it counterfeit objectivity.

His research and logic are horribly sloppy, but not out of malice. He's not after the truth here. He's not even after falsehood per se. He's after looking superior. And he's flubbed it something awful.

-- The Americans are the Jews of the 21st century. Only we won't go as quietly to the gas chambers. --
[ Parent ]
how apt (2.66 / 6) (#25)
by enterfornone on Sat Aug 11, 2001 at 07:45:34 PM EST

You seem to go out of your way to tell my I'm wrong with no evidence to back it up. The only fact you have come up with is that Linux viruses don't exist - the reason why was explained in the article. If you think I have flubbed my attempt at superiority how about telling me how you arrived at that comclusion, oh great one.

-- you are dumb and not worth talking to -- (your sig translated)

--
efn 26/m/syd
Will sponsor new accounts for porn.
[ Parent ]

I see Marlowe was right (4.33 / 6) (#26)
by localroger on Sat Aug 11, 2001 at 08:55:55 PM EST

Enterfornone, I am amazed that you missed the fact that Marlowe was defending you against my accusation. I had you pegged for a Microsoft employee spinning astroturf, which given the K5 attitude toward spammers is just about one notch above being Jeffrey Dahmer. (Or is that below? I keep forgetting.)

So you waded into a bigass battle that has been fought for years -- really more years than Linux has even existed, in other forms -- by people who have been studying computers since before either of us was born. You decided to deconstruct this Gordian knot with a few platitudes and got the crap kicked out of you because, duh, it ain't actually so simple -- if it was that simple there wouldn't be a war going on over it.

You have exhibited a pitiful ignorance of how viruses work, how TCP/IP exploits are made possible, and of Microsoft's long and sordid corporate history (which was sordid for more than a decade before Windows ever became a household word). About the only accurate statement in your story is that NETBEUI is not routable. The rest is the kind of drivel you get from people who have read corporate press releases but never actually wrote a program, much less attempted a hack, themselves.

Then Marlowe comes along to say, Enterfornone isn't an evil corporate shill, he's just ignorant. He might be salvageable. After all, ignorance is correctible, while evil generally isn't. But, alas, you seem intent on proving that you aren't salvageable; you should take the hint, lick you wounds, and make sure you know what you are talking about next time you post.

BTW I am using Windows to post this. I'm immune to email viruses because I know how they work, but most Windows users aren't because they take what Redmond gives them at face value. You really don't want to be defending people that set up situations like that. You might find yourself in a situation one day.

I can haz blog!
[ Parent ]

ignorance is correctible (2.50 / 6) (#27)
by enterfornone on Sat Aug 11, 2001 at 09:33:08 PM EST

Then correct me. So far all I have heard is "you are wrong but I'm not telling you why".

--
efn 26/m/syd
Will sponsor new accounts for porn.
[ Parent ]
OK (4.16 / 6) (#31)
by localroger on Sat Aug 11, 2001 at 11:21:22 PM EST

All the common email viruses are Windows apps. But this is simply because Windows is the dominant OS.

No, it's because Microsoft created a unique vulnerability by making the default configuration -- that which most users will use, they not being net.wonks -- criminally vulnerable to easy exploits. There was no reason for them to do this except slavery to the "feature list" mentality which made it anathema for them to remove the exploit hole even when it had been revealed in all its festering awfulness.

The second piece of FUD is based on the idea that a full TCP/IP implementation will allow hackers who break into Windows machines to spoof IPs.

The problem with TCP/MS isn't hacker vulnerability (though experience shows it will be vulnerable); it's that this would give MS the keys to ownership of the entire digital world. Nobody sane wants this.

The idea is that Microsoft will create a new Internet Protocol and force everyone to pay them to use it.

They have tried exactly this, several times. Fortunately they have failed. Nobody who has actually tried to use their products for mission-critical apps wants them to be running the Internet backbone. They just aren't reliable.

For Microsoft to change the protocol of the Internet they would have to be the dominant player on the Internet

They have tried several times, and are still trying, to accomplish this.

Microsoft have been trying to control the Internet for years and they still don't control a single protocol in wide use.

Not for lack of trying. MS are powerful and persistent. They have a nearly infinite amount of money and are learning patience. You may not understand this but you really, really should not want them running any show which is important to you. They will not get it right, and its failure to be right will eventually make you look like a fool in front of a customer. I've been there, done that, and got the T-shirt.

I can haz blog!
[ Parent ]

Thanks (3.60 / 5) (#32)
by enterfornone on Sat Aug 11, 2001 at 11:42:06 PM EST

No, it's because Microsoft created a unique vulnerability by making the default configuration -- that which most users will use, they not being net.wonks -- criminally vulnerable to easy exploits.
The fact that double clicking an exe will run it is hardly "criminally vulnerable" and they certainly aren't the only OS to do that. It may help mail viruses spread but it can't be blamed as the sole cause. Linux trojans exist despite not commonly having the same interface, the reason they can't spread by mail is because most of the people in your address book don't run Linux.
The problem with TCP/MS isn't hacker vulnerability (though experience shows it will be vulnerable); it's that this would give MS the keys to ownership of the entire digital world. Nobody sane wants this.
The section you quote isn't referring to TCP/MS - it is referring to giving Windows TCP/IP the same standard functionality that already exists under Unix. That's hardly going to "give MS the keys to ownership of the entire digital world".
Fortunately they have failed.
My point exactly. If they have failed in the small things why would we expect them to succeed in TCP/MS. Why would they even attempt something as major as replacing IP unless they first succeed in replacing some of the lesser protocols with proprietary extensions.

The rest of what you have written basically agrees with everything I've said. So in what way am I ignorant?

--
efn 26/m/syd
Will sponsor new accounts for porn.
[ Parent ]

Email Viruses, Linux, and You. (4.00 / 4) (#48)
by pwhysall on Sun Aug 12, 2001 at 06:04:32 PM EST

Here's the deal. You're a virus writer, and you want to accomplish a simple task; create an email that will, on receipt, quite simply propagate itself to everyone in the recipient's address book.

On Windows, this is a snap. Only Outlook 2002 refuses to execute script in HTML mail without a patch, and how many people patch their software? Judging by the Code Red II episode, not many. As MS Office is by far the most prevalent, and Outlook by far the most popular MUA, you can just code the thing up in VBScript embedded in an HTML mail message. Outlook even conveniently uses the Preview Pane by default, where script *will execute*. The user doesn't even have to double click your message to activate it! And in case you were wondering, there's such a thing as The Windows Address Book, complete with API, all helpfully exposed to VBScript, for you.

On Linux, you've got a problem. Firstly, many people use MUAs that don't support HTML mail in any way shape or form. You can't presuppose what MUA people are using; I use Evolution, for example, whilst many Serious Linux People use mutt. Where's my address book? To be honest, you're screwed. You *could* write a virus that worked for people using, say, Evolution, or Mozilla Mail, but it'd be fruitless. You can't actually get at anything interesting.

So, the success of SirCam is due in the first instance to the domination of MS on the desktop; but it absolutely would not have worked if Outlook was anything resembling secure. If Outlook actually did its job properly it wouldn't matter if every last man, woman and child on this planet ran it, SirCam wouldn't have worked.
--
Peter
K5 Editors
I'm going to wager that the story keeps getting dumped because it is a steaming pile of badly formatted fool-meme.
CheeseBurgerBrown
[ Parent ]

Address book solution (4.00 / 1) (#69)
by dasunt on Mon Aug 13, 2001 at 10:37:39 AM EST

I could think of an easy solution to find addresses. Assuming that most email clients save their address books in plaintext form (something I haven't checked), the worm/virus only needs to crawl through each and every text file it can read, and look for something to match "*@*.[com|org|net|etc]". Just a quick and dirty solution.

Just remember, virii might be helped my MS, but they are primarily the user's fault. Never updating, never running a good anti-virus software, never setting up an easy firewall (ZoneAlarm would work most of the time). The primary Windows User has convience as his or her's first priority, security comes as an afterthought, if it is thought of at all.

[ Parent ]

It'll would work for some clients (4.00 / 2) (#84)
by pwhysall on Tue Aug 14, 2001 at 05:58:13 AM EST

A little investigation shows me that Evolution stores its addresses in a binary file, while Mozilla Mail uses what looks to me like an XML file (but it's plain text).

I can't comment on things like KMail or Netscape as I only use Mozilla and Evolution.
--
Peter
K5 Editors
I'm going to wager that the story keeps getting dumped because it is a steaming pile of badly formatted fool-meme.
CheeseBurgerBrown
[ Parent ]

nope (4.00 / 1) (#87)
by enterfornone on Thu Aug 16, 2001 at 01:34:17 AM EST

SirCam doesn't rely on Outlook automatically executing html mails. It relies on a user running an executable. Sure this is easier done on Windows than on Linux, but it doesn't make it Microsofts fault.

If Linux were the dominant OS and the usual way of opening an attachment were to save to disk and launch a command line app then an email that said "save the file to disk and type "sh notavirushonest.sh" wouldn't be too out of the ordinary. It's only out of the ordinary because 99% of people use a more user friendly mailer.

SirCam also looks for email addresses in the browser cache of both IE and netscape.

--
efn 26/m/syd
Will sponsor new accounts for porn.
[ Parent ]
That's almost a good point :) (none / 0) (#97)
by andrewm on Tue Dec 18, 2001 at 10:39:41 PM EST

SirCam doesn't rely on Outlook automatically executing html mails. It relies on a user running an executable.

Personally, I'm amazed it's taken so long for people to realise they don't have to put their virus in an attachment. Still, virus writers are starting to catch on to that, so you'll be pleased to know that impressive microsoft inspired security system ("anna.jpg.vbs" looks like anna.jpg so users just need to be trained not to open it anyway) will soon be irrelevant. (In case you didn't know: javascript in an HTML email will be executed when you look at an email. In order to delete an email, you must first look at it. This benefits two groups of people: virus writers, and people who sit down to write an email and decide to do a little javascript coding because old fashioned emails are too boring.)

Explain to me again how secure outlook is, because I seem to have forgotten that. I know it's the best and most secure email client ever, though, because it's so much more secure than anything you'll ever get for Linux. :)

Can people write insecure apps for linux? Well, duh. Of course. Does the possibility of Linux not being gods gift to humanity mean that Microsoft doesn't have to worry about security after all?

Sure this is easier done on Windows than on Linux, but it doesn't make it Microsofts fault

Computer programs don't get made by elves from the north pole. if it is easier to do something in windows than linux, and finding arguments why it's a useful thing is very difficult, then who's fault is it? It's not Microsoft's fault, because they're so concerned about security. It's not the user's fault, because changing the OS (and leaving the user the same) would make it hard for the viruses to spread. It can't be Linus's fault, because he didn't write windows.

So who exactly is responsible for the security of applications and operating systems written by Microsoft?



[ Parent ]
Not entirely correct. (4.50 / 4) (#37)
by Trepalium on Sun Aug 12, 2001 at 06:07:59 AM EST

All the common email viruses are Windows apps. But this is simply because Windows is the dominant OS.

No, it's because Microsoft created a unique vulnerability by making the default configuration -- that which most users will use, they not being net.wonks -- criminally vulnerable to easy exploits. There was no reason for them to do this except slavery to the "feature list" mentality which made it anathema for them to remove the exploit hole even when it had been revealed in all its festering awfulness.

Part of the problem is that the warning dialog that tells you that opening some types of attachments may be dangerous appears when opening any attachment, regardless of if it's executable or not. I'm unlikely to acquire a virus from a .gif, .jpg or .txt file, but Internet Explorer or Outlook Express will warn me anyway. Pretty soon a user gets conditioned to ignoring the warning, even when opening "dangerous" file types.

The other problem is one that Microsoft doesn't have a monopoly on -- enabling features and technology in places where they're entirely inappropriate. For example, there have been a number of worms that have spread because Outlook and Outlook Express enable JavaScript/VBScript, Java and ActiveX by default when viewing HTML formatted e-mails. Unfortunately, they're not alone -- so does Netscape. Things like this just plain reek of poor design.

The second piece of FUD is based on the idea that a full TCP/IP implementation will allow hackers who break into Windows machines to spoof IPs.

The problem with TCP/MS isn't hacker vulnerability (though experience shows it will be vulnerable); it's that this would give MS the keys to ownership of the entire digital world. Nobody sane wants this

Well, that's not exactly what he means, I believe. What he's referring to is "raw" sockets, functionality that every variety of UNIX has had for years. We can thank Steve Gibson for this paranoia, since he was the one that started it after his domain grc.com was hit by a DDoS attack. His arguments that the release of Windows XP with raw sockets functionality in a consumer version of MS Windows has been thoroughly refuted by just about anyone with any real security knowledge (aka, you don't secure the network by placing artificial limits on the client that aren't under your control) that it would be nice if the press would stop talking about it. Raw sockets won't cause the imminent collapse of the Internet, plain and simple.

Microsoft have been trying to control the Internet for years and they still don't control a single protocol in wide use.

Not for lack of trying. MS are powerful and persistent. They have a nearly infinite amount of money and are learning patience.

Microsoft's HTML extensions, DHTML, ActiveX, VBScript, etc are on the rise. There are more and more pages that simply tell you that "You must use Microsoft Internet Explorer to view this page." On the LAN side of things, SMB/CIFS/whatever_MS_renames_it_to_next_week is the most popular file server protocol, and Microsoft IIS is the most popular for SSL sites, according to Netcraft.

[ Parent ]
Don't be so sure (2.50 / 2) (#61)
by newellm on Mon Aug 13, 2001 at 12:25:47 AM EST

You mention that the warning dialog should not be displayed for seemingly harmless attachments such as .gif, .jpg, or .txt. This is rather ironic, because a while ago there was an email virus that resided in a jpeg file:)


[ Parent ]
To be exact (4.00 / 3) (#65)
by pwhysall on Mon Aug 13, 2001 at 06:15:46 AM EST

It relied on the fact that if you have a file called blah.jpg.vbs, Windows cheerfully hides the .vbs part from you. So you double-click on what you think is a picture and inadvertently email everyone in your address book with a list of porn sites (or whatever) and their very own copy of the virus.

Ya know, I often wonder what MS are smoking. On the one hand Windows 2000 has gud schtuffs like Kerberos (yeah yeah I know), a proper PKI, IPSec and EFS, and on the other they pull stunts like this.

That's a seriously unfocussed company.
--
Peter
K5 Editors
I'm going to wager that the story keeps getting dumped because it is a steaming pile of badly formatted fool-meme.
CheeseBurgerBrown
[ Parent ]

You can do SirCam for Linux? (4.00 / 11) (#12)
by marlowe on Sat Aug 11, 2001 at 08:58:03 AM EST

Go ahead and try it then, you fibber.

It's not FUD if it's true.

-- The Americans are the Jews of the 21st century. Only we won't go as quietly to the gas chambers. --
SirCam for Linux (2.83 / 6) (#23)
by enterfornone on Sat Aug 11, 2001 at 07:00:46 PM EST

In theory you could, but it would rely on it being sent to enough people who are running Linux and enough of those people executing the file. Like a few people have said it is slightly harder to fool someone into executing an attachment under Linux, but the main reason SirCam under Linux wouldn't work is because most people who read email don't do it under Linux. This was explained in the article.

--
efn 26/m/syd
Will sponsor new accounts for porn.
[ Parent ]
Modify it (3.33 / 3) (#35)
by Jebediah on Sun Aug 12, 2001 at 02:40:59 AM EST

So why not modify the SirCam virus so that it only goes out to people who have email addresses containg *linux* or something. You do have a valid point that it is harder to fool somebody running Linux. I think you also must note that Linux MUA don't fall over themselves trying to open binary attachments.

[ Parent ]
And how do you access the addressbook ? (4.20 / 5) (#38)
by glaurent on Sun Aug 12, 2001 at 06:59:12 AM EST

Doing a sircam port to Linux is simply unfeasible, because there's no such thing as a standard way to access the user's address book, nor even a standard address book, nor a standard way to send mail.

[ Parent ]
What about accessing the temporary internet files (4.00 / 2) (#54)
by plone on Sun Aug 12, 2001 at 08:50:17 PM EST

In my opinion, what made Sircam really interesting was the fact that it could harvest e-mail addresses from your temporary internet files (not sure if it searched in netscape's cache). That is why CmdrTaco over at the other site complains so bitterly about the gigs of sircam infected files being sent to him.

If a linux variant of Sircam was to be developed it would not need to access a standard address book, it would just look in your netscape's cache. Sure, it would send e-mails to a lot of strangers, but if you use a web-based email, it will also propogate to some of your friends. That alone makes Sircam feasible on linux.

But, what would kill Sircam on linux is that Linux users have enough common sense to spot out the rather poor social engineering attempts that go with these types of viruses/worms.

[ Parent ]

Well, something similiar is there... (3.00 / 1) (#78)
by WWWWolf on Mon Aug 13, 2001 at 02:21:06 PM EST

Doing a sircam port to Linux is simply unfeasible, because there's no such thing as a standard way to access the user's address book, nor even a standard address book,
Ah, but most (good) E-mail programs for Linux use vCard. Just find all vCard files, and... boom! You have an address book.

Of course, it's million times more easier to use libpcap or similiar, but that needs r00t access to work...

nor a standard way to send mail.
/usr/lib/sendmail, or the cheap plastic imitation that comes with most of the MTAs? Of course, if the MTA delivers only locally, there should be no harm... (For "consumer boxes", local delivery would be enough for Fetchmail, and outgoing mail would go to the ISP's mail host - and herein would lie the worm's dilemma: finding out the smarthost could be tricky.)

-- Weyfour WWWWolf, a lupine technomancer from the cold north...


[ Parent ]
I don't mind you taking an unpopular stance here. (4.72 / 22) (#16)
by marlowe on Sat Aug 11, 2001 at 09:27:52 AM EST

In fact, I would applaud it, if only you knew what the hell you were talking about. But you don't, and that makes all the difference.

You've got no hard facts to back you up. None. Not one. Couldn't you even manage one? Whenever you even close to a hard fact, (Windows viruses, NETBEUI) it's an argument against you, which you only mention in order to pooh-pooh it away. Doesn't it bother you that all the facts you have argue against you? Doesn't that tell you something?

You haven't even got any personal anecdotes to back you up. That would at least be something. Some actual experience that actually happened in the real world. But no.

All you've got if "I'm sure this could happen to Linux, even though it never has" and "Microsoft doesn't own TCP/IP yet, and I've never heard of file formats or Passport or ActiveX, so Microsoft doens't have any power over the Internet." Argument by speculation, and argumetn from ignorance. If this is the best you can do, why bother?

You really should learn more about the concept of facts. Do research. Go out and experience things. Or failing that, have a look at all those links that have been posted here in the past. Links are good. If you had more links sprinkled throughout your pile of denial, it might actually look as if you'd done some basic research.

-- The Americans are the Jews of the 21st century. Only we won't go as quietly to the gas chambers. --
If you think I'm wrong (2.57 / 7) (#22)
by enterfornone on Sat Aug 11, 2001 at 06:58:07 PM EST

why don't you explain why? What are these arguments against me?

How many people actually use Passport of ActiveX? Yeah they exist. So does IPX/SPX but it's not taking over the net any time soon.

--
efn 26/m/syd
Will sponsor new accounts for porn.
[ Parent ]
Passport (3.33 / 3) (#44)
by flimflam on Sun Aug 12, 2001 at 02:00:41 PM EST

How many people actually use Passport of ActiveX?
Only everyone who uses Hotmail or MSN.

-- I am always optimistic, but frankly there is no hope. --Hosni Mubarek
[ Parent ]
Not to mention... (3.33 / 3) (#46)
by TheLaser on Sun Aug 12, 2001 at 05:19:17 PM EST

...anyone who uses Windows XP.

Ok, ok... that's not quite fair. XP will just bug you one or two times an hour until you go and sign up for Passport.

[ Parent ]
Does it now? (3.00 / 2) (#57)
by static on Sun Aug 12, 2001 at 09:51:16 PM EST

How does it fare if someone doesn't have an Internet connection?

Wade.

[ Parent ]

Well... (3.00 / 2) (#53)
by piman on Sun Aug 12, 2001 at 08:38:49 PM EST

<a href="http://washingtonpost.com/ac2/wp-dyn/A56191-2001Jul26?language=printer">According to this Washington Post article about AOL and MS</a>, 160 million people.

It also mentions Starbucks and 1-800-flowers as high-profile Passport-using companies.

Of course, 160 million isn't that much. Just more than half the population of the US.



[ Parent ]
The fallacies continue... (4.00 / 1) (#88)
by core on Thu Aug 16, 2001 at 03:43:28 PM EST

>>"If you think I'm wrong...why don't you explain why? What are these arguments against me?"<<

This is a Shifting the burdon of proof fallacy. For those of you watching at home, a fallacy is an error in logic. It is a 'fatal exception' in arguments and logic that renders arguments using them invalid. Even if a conclusion being argued for is actually true, you can't use an invalid argument to get there.

You swoop in, make a bunch of unsubstantiated assertions, and then when people point out that they are unsubstantiated, you cry, "If I'm wrong, then why can't you prove it?". This is not a fair dialogue. Your argument just dumped core (no pun intended).

The reason that people may not be able to refute your points is, you have not made assertions that necessarily can be refuted. If you had said, X is not true because of A, B and C, then someone could actually refute your assertion by refuting premises A, B or C. We have a fully valid claim for actual evidence to support your assertions. Supposition does not make for very strong premises to support your conclusions.

-core

[ Parent ]

You didn't even read the article (3.42 / 14) (#17)
by boxed on Sat Aug 11, 2001 at 10:58:43 AM EST

Cringely clearly thinks it's GOOD that MS has standard TCP/IP in their OSes. He just think it's bad with raw sockets, something that IS bad since with them you can send packets with a faked source IP address.

Furthermore, email viruses exists ONLY on windows. Let me say that again ONLY ON WINDOWS. If it's true it's not FUD by definition.

This smells like astroturfing.

Raw sockets is a standard TCP/IP implementation (2.20 / 5) (#21)
by enterfornone on Sat Aug 11, 2001 at 06:55:25 PM EST

And like I said above, not having raw sockets doesn't prevent anything and there are better ways of preventing IP spoofing. Looks like you didn't read my article.

--
efn 26/m/syd
Will sponsor new accounts for porn.
[ Parent ]
raw sockets (4.00 / 7) (#39)
by boxed on Sun Aug 12, 2001 at 07:59:06 AM EST

Not having raw sockets prevents IP spoofing on packets. Preventing anyone except root from raw socket access is standard implimentation behaviour.

[ Parent ]
Man, this isn't even funny (1.21 / 14) (#18)
by darthaya on Sat Aug 11, 2001 at 12:34:03 PM EST

Poor you, you shouldn't have spoken out what you believe. Because, unlike me, a lot of people here hate MS because they are too stupid to use windows properly. I mean, a stupid bum like me can even manage to run my windows system correctly and flawlessly. And all those smart people who can manage to code and adminitrate mass systems can't? awwwww...

Groupthink (4.11 / 9) (#24)
by enterfornone on Sat Aug 11, 2001 at 07:28:10 PM EST

I think it's more the fact that when people get together they try to think alike to fit in. If your friends smoke pot you are more likely to start. If you hang around slashbots you are more likely to think that Linux rules and MS sux.

BTW free software isn't communism as such. If people volunterily make software free it's just co-operation the same as doing volunteer work or giving to charity. It's when people insist that other people be forced to make software and other IP free that you start getting into communist territory. That sort of thing is more the warez/napster communities than the free software community (although many belong to both camps).

--
efn 26/m/syd
Will sponsor new accounts for porn.
[ Parent ]
Force? (2.40 / 5) (#40)
by darthaya on Sun Aug 12, 2001 at 10:06:50 AM EST

Haven't you seen enough "Free XXXXXX" screaming among FSF advocates?? Lots of softwares were "forced" to be OSS otherwise they will be boycotted, cursed over.

I don't really see the benefit of opening up the source code for a complex software other than the one that is like just another editor on freshmeat. Hell, I don't even think the opening of mozilla source code helps anybody. The bug reporting did, but hardly anybody understood the humongous source code anyway.

I kinda like Microsoft's shares source idea. hmm... If you don't want to strut your ego and contribute to their benefit, that is not a bad idea at all.

[ Parent ]

Allegory (4.33 / 6) (#45)
by RadiantMatrix on Sun Aug 12, 2001 at 03:06:31 PM EST

Lots of softwares were "forced" to be OSS otherwise they will be boycotted, cursed over.
Perhaps you mistook the intent of boycotting certian applications. Yes, the community wanted them to be free -- many free software advocates would like all software to be free. However, the ones that raise the bile of the community do so because they were based on Free software and yet are not free.

Imagine that you grew a garden for charity purposes -- anyone who wishes may come and pick vegetables for thier own use. Several members of the community respond to this by starting similar gardens, or helping you to plant and cultivate yours. One day, the owner of a catering company harvests some vegetables from the larger gardens, then makes meals and sells them to the community. When people find out where the ingredients came from, they ask that the caterer give them the recipie -- but the caterer staunchly refuses. Would you give that caterer your business? I wouldn't -- [s]he abused the goodwill of the community.

In the free software, people run projects or help maintain them -- the code is free for anyone to use. However, when one uses the code they agree to keep any derivations free. If someone violates that good-faith agreement, I won't give them my business.

This isn't communism -- it's capitalism: we're voting with our wallets.

--
No amount of genius can overcome a preoccupation with detail.

[ Parent ]

Slashbots and groupthink (none / 0) (#91)
by hardburn on Tue Aug 21, 2001 at 10:31:23 AM EST

If you hang around slashbots you are more likely to think that Linux rules and MS sux.

I think most people coming into Slashdot for the first time already think MS sucks and GNU/Linux rules. That's what attracted them there in the first place.

So it's more like a bunch of pot smokers who never knew each other happend to come into the same alley.


----
while($story = K5::Story->new()) { $story->vote(-1) if($story->section() == $POLITICS); }


[ Parent ]
Danger of executables looking like documents (4.00 / 7) (#19)
by trippy on Sat Aug 11, 2001 at 05:10:57 PM EST

IMO email viruses are Microsofts fault. Their is one major flaw in the MS setup that makes them easy to propagate - documents are treated as executables, or vice versa. In MS land, you don't "open" a document, really you execute it, and that loads up the respective program to open it. From this the lines between "real" executables and documents are blurred. Sircam looks like a document, and acts like a document, when you double click it, the document opens.

Outlook XP goes some way towards fixing the problem by not allowing executables to be opened, but really it needs to be done at the OS level.

OS level (4.00 / 3) (#30)
by enterfornone on Sat Aug 11, 2001 at 10:15:15 PM EST

Doing it at OS level would strip a lot of ease of use away from Windows. What do KDE/Gnome do when you double click an executable?

Most of the early mail viruses (happy99 etc) were fairly obviously executable. I guess people are used to seeing Flash animations and the like distributed in exe format. If Linux had the same sort of popularity as Windows then the same would occur, but no one expects to see a Linux self executable animation.

--
efn 26/m/syd
Will sponsor new accounts for porn.
[ Parent ]
otoh (4.33 / 3) (#52)
by kubalaa on Sun Aug 12, 2001 at 08:14:57 PM EST

This is the right thing to do from a usability standpoint. Imagine if the real world worked like computers; you'd have to get your "book viewing" glasses to read a book, your "picture viewing hat" to look at a painting, and your "magazine-reading monocle" to flip through a magazine.

In real life, objects have functionality built-in. Maybe that's why object-oriented programming works so well conceptually. Anyways, I agree that it's a security risk, but that doesn't mean the model is a bad idea, just that it must be implemented with caution.

Microsoft's problem is that they implement things before they are really understood, so people get "features" which don't work right all the time. Which is why Linux people are so much happier in their ASCII text editors and config files; they may not do much but at least what they do is well-defined and understood.

[ Parent ]

minor point: Netbeui is not a Microsoft protocol (3.57 / 7) (#33)
by adamba on Sat Aug 11, 2001 at 11:52:08 PM EST

Netbeui (which is really two layers, LLC and Netbeui) is actually an IBM thing. It's documented in a pair of god-awful IBM manuals that also describe their token-ring card and who knows what else.

Microsoft adopted Netbeui for LAN Manager because it was working on Lanman with IBM.

I also don't think Netbeui was the default protocol for all previous versions of NT. It seems to me that IPX was the default in 3.5 (to combat Novell) and then TCP/IP became the default in 3.51 and later. Or maybe it was 4.0. Whatever.

- adam

-1, Clueless (2.44 / 9) (#34)
by Jebediah on Sun Aug 12, 2001 at 02:36:37 AM EST

Either you are astroturfing or don't know what you are talking about. Either way, -1. I don't mind people standing up for MS, but christ on a crutch don't give the same answers that MS gives.

raw sockets (3.85 / 7) (#36)
by loualbano on Sun Aug 12, 2001 at 06:01:13 AM EST

A little clarification on this "full tcp/ip implementation" mentioned in the article.

What he is talking about is MS's decision to include raw sockets in Win XP. Crigley mentions this but the guy making most of the noise about this is Steve Gibson.

Gibson and Crigley point to the fact that raw sockets give programs the ability to spoof the IP of packets being sent out. This makes DDOS attacks that much tougher to stop. They point out that this ability, along with Windows' lackluster security will make DDOS attacks that much eaisier to launch. Imagine a codered/melissa type virus, a DDOS attack launched and spread through an email virus.

Here is more info:

http://www.theregister.co.uk/content/archive/20387.html

http://grc.com/dos/intro.htm





This is a feature (3.00 / 2) (#62)
by nowin on Mon Aug 13, 2001 at 01:35:54 AM EST

In *nix this is already a feature. They are doing nothing wrong.

[ Parent ]
But the MS implementation is a bug (4.00 / 1) (#89)
by Rizzen on Fri Aug 17, 2001 at 01:46:02 PM EST

In Unix, only root processes can create raw sockets to "spoof" addresses. In XP Home, there is no "root" user. In XP Pro there is, so it will not be a problem (unless you change all your programs to execute as "admin"). In XP Home, all programs will run as "root" (or admin or whatever MS calls it now), all programs will have full access to raw sockets, all programs can be used to spoof addresses. *THIS* is the problem.

The standard is good, the implementation is beyond poor, and the security model in XP Home just does not exist. If they ship with a default packet filter of "only allow packets with my current IP address out" then it will be okay (Win2K has this ability but it's turned off by default) then there's no real issue here. However, based on past experiences, everything will be open, available, useable, and enabled by default, causing all kinds of problems.

For example: having the ability to use a scripting language to access the innards of the OS is a good thing (Windows Scripting Host). Allowing just any user process to script the innards of the OS is a bad thing (the default behaivous in 9x -- no concept of admin vs normal users).
----- The years of peak mental activity are undoubtedly those between the ages of 4 and 18. At age four, we know all the questions; at eighteen, we have all the answers. -- unknown
[ Parent ]
"root" on XP (none / 0) (#92)
by IntlHarvester on Tue Aug 21, 2001 at 01:03:53 PM EST

I get the idea that XP Home only has a thin veneer of friendlyness over the existing NT security model. The main problem is that all users are set up to be "owners" (Administrators or sorta like 'root') by default, and specific actions must be taken to demote them to regular unprivledged users.

Apparently someone over at Microsoft thought that the only way they could bring NT to the masses was to bork what could have been one of it's primary advantages. Focusing on the raw socket support ignores the myriad of other problems this causes (or more accurately, fails to resolve).

For all the talk about NT's security over the years, the 9x-style app situation has made it very difficult to run as an unprivledged user. (This is just as app vendors (including MS) have begun to fix perm issues for Windows 2000, too. Grr.)

Apparently MacOS X brought the idea of privledged/unprivledged users over to the single user desktop world. Too bad MS didn't have the balls to do similarly.

[ Parent ]
Precisely!! (none / 0) (#94)
by Rizzen on Thu Aug 23, 2001 at 05:21:50 PM EST

It's not so much the raw socket support that is the problem, but hte underlying lack of security and the "removal" of the admin/root vs regular user distinction. Programs run in XP Home will run with admin rights to "simplify" things for the home user. How this is supposed to be any better than the lack of security in Win9x is beyond me. Considering that MS touts NT as the king of security and stability this *really* doesn't make much sense.

NT is very secure and stable.
XP is built on NT technology.
XP Home will keep the security model of 9x.
XP Home will feel just like 9x... insecure and unstable.

Or so goes my opinion. Yours may vary. :D
----- The years of peak mental activity are undoubtedly those between the ages of 4 and 18. At age four, we know all the questions; at eighteen, we have all the answers. -- unknown
[ Parent ]
Not as much of a risk as SG claims. (4.00 / 1) (#66)
by simon farnz on Mon Aug 13, 2001 at 08:33:51 AM EST

Raw sockets are not as much of a danger as is being claimed for one simple reason: It is trivial to configure most routers to drop unexpected IP addresses; if I try and send packets through the router I am connected to here, but I use the wrong IP range, it will drop them silently. This means that ISPs can easily limit the dangers of spoofed IP addresses, as generally each and every user connection has a gateway with knowledge of the remote IP address; spoofing is fine, but if you can only spoof your own allocated addresses, nothing happens.

In addition, upstream providers tend to take care to drop packets from the wrong IP range. If Steve's nightmare comes true, upstream providers are going to get a lot more vicious about dropping packets.
--
If guns are outlawed, only outlaws have guns
[ Parent ]

Will they though? (4.00 / 1) (#74)
by mauftarkie on Mon Aug 13, 2001 at 12:48:37 PM EST

This means that ISPs can easily limit the dangers of spoofed IP addresses

Yeah, and people can easily patch against all the security holes that Microsoft so thoughtfully provides. Do they? Usually not until it becomes a problem. And even then they don't. Example: Code Red.

The ability to spoof packets has been around for a long time. The last big spoof attack I remember was the Smurf attack a few years ago. Did ISPs filter then? No. Will they when we have a Smurf 2002? Doubtful. Filtering slows down overall traffic, so ISPs tend to not do it.


--
Without you I'm one step closer to happiness without violence.
Without you I'm one step closer to innocence without consequence.


[ Parent ]
If the economics demand it, then yes. (4.00 / 1) (#85)
by simon farnz on Tue Aug 14, 2001 at 06:29:16 AM EST

Firstly, this sort of filtering does not slow down overall traffic. To set it up, configure your border routers to drop all traffic. Then configure it to route {your IP range} to the outside world, and {other IP ranges} to the inside world; the delay is the same as it was when you were vunerable to spoofing.

Secondly, if an ISP finds that its expensive bandwidth is being used up by spoofed packets, then they will set up schemes like this, to reduce the cost of providing a decent service. My ISP at the time of the Smurf attack was immune; silent drops at each end of the PPP link stopped me spoofing packets, and their border routers blocked traffic from ISPs generating large numbers of spoofed packets.
--
If guns are outlawed, only outlaws have guns
[ Parent ]

"...routing COMMUNISM!" (2.66 / 6) (#41)
by WWWWolf on Sun Aug 12, 2001 at 10:15:03 AM EST

Admittedly the first has some basis in fact. All the common email viruses are Windows apps. But this is simply because Windows is the dominant OS. It would be just as easy to write a SirCam style virus for Linux or any other OS (no, you wouldn't even need to run it as root, just have it infect the users .profile)
Well, not everyone uses Bourne-derived shells... though that's mostly their problem. =) (csh variants should die a fiery death...)

I guess Sircam and co. are bad because Outlooken make virus spreading so easy. No warnings about attachments that have potentially viral content. No warnings when opening attachments... And when MS people heard this in local newsgroups, they just said "oh, yeah, but that's what makes it Easy To Use®." I suppose so...

The second piece of FUD is based on the idea that a full TCP/IP implementation will allow hackers who break into Windows machines to spoof IPs. Hackers who break into Unix or Windows 2000 machines can already do this.
Yeah, but they need the r00t access on those systems... and in consumer-grade Windows everyone's r00t. This is what I've heard...

I guess this thing is bit on the side of overreaction, though.

Most people filter outbound traffic that obviously doesn't originate from IPs in your internal network
Yep. I proposed this sort of campaign in Slashdot: Make posters/ads/whatever that say "If you don't check the source of your outbound packets, you are ROUTING COMMUNISM!" to educate the network admins. =)

-- Weyfour WWWWolf, a lupine technomancer from the cold north...


WinXP and r00t (none / 0) (#95)
by jt on Sat Aug 25, 2001 at 11:53:31 AM EST

Yeah, but they need the r00t access on those systems... and in consumer-grade Windows everyone's r00t. This is what I've heard...

To make it Easy To Use®, MS decided to make the default user's account in XP an Administrator account... so Joe Win9x Luser will just run as Admin all the time if he upgrades to XP...

[ Parent ]
Although, come to think of it... (none / 0) (#96)
by jt on Sat Aug 25, 2001 at 11:55:57 AM EST

...a lot of people probably already do that with Win2k. Whatever.

[ Parent ]
FUD on both sides... (4.33 / 12) (#42)
by ScottBrady on Sun Aug 12, 2001 at 10:57:32 AM EST

Jesus F. Christ. I haven't seen so much crap coming from both sides of an argument since I stopped reading Slashdot. Let me start with the original article and take it from there.

1) email viruses are somehow Microsoft's fault

Email virii/worms that exploit Outlook are the fault of MS. No email client should ever execute code in an email as a default behavior. With that said, anyone who hasn't patched their version of Outlook (when a patch is, in fact, available) gets what they deserve. I don't care how unsophisticated the user's computer knowledge is; vendors can't be held responsible for users who don't apply patches. In summary: bad MS for making promiscuous software and bad user for not patching their system.

On another front we have an email worm like SirCam. This worm is completely self-contained and doesn't require a vulnerable email client to propagate itself. All this worm needs is a stupid user to execute it and a fresh address book. This type of worm is completely the user's fault.

2) Microsoft implementing standard TCP/IP in their home user OS is a bad thing

That is complete bull shit. We ride MS for not completely implementing protocols and then when they do actually decide to fully implement one we ride them for that. WTF?! I disdain people who bash $NAME_HERE simply because they think everything that person/org. does is evil.

3) MS are about to create their own Internet Protocol and force the rest of the world to use it.

Microsoft has a history of embracing and extending open protocols. This isn't some new revelation. They want to hold all the technological keys to the kingdom and Internet protocols are fair game. Will they succeed? That's a tough question. You must remember that MS completely missed the Internet boat. They didn't see the potential until it slapped them in the face. Because of that they've been playing a lot of catch up. Look at how long it took them to implement their first significant Internet protocol (.NET).

They still have a long way to go before they get to the point of reimplementing TCP/IP.

--
Scott Brady
"We didn't lie to you... the truth just changed."
YHBT. YHL. HAND.

patches (4.25 / 4) (#51)
by kubalaa on Sun Aug 12, 2001 at 08:09:21 PM EST

"Vendors can't be held responsible for users who don't apply patches"

What about writing the software correctly the first time? You can't provably catch all possible exploits, but you can sure get rid of the obvious ones and all you have to do is make your software more secure than other vendors (efficiency-minded hackers will take the easier route).

On the other hand, it is consumer demand for new features and quick release times over security and stability that puts us in this situation. So you're right, it is all the user's fault.

[ Parent ]

The problem with patches/other methods of securiy (3.50 / 4) (#56)
by DrEvil on Sun Aug 12, 2001 at 09:47:07 PM EST

(when a patch is, in fact, available)

Are we talking about the same patch that I know of that many people have had to uninstall (by no other means than uninstalling the entire Office. package!) The patch took away a feature out of Outlook that many people rely on. That is getting attachments. Outlook would simply just block the attachment if it were one of the many vulnerable file types, no option to bypass this, no option to get rid of it, you were just stuck with a file you could not open.

Obviously this method works great, but there are many files that you could recieve that are important. So I guess it is just a matter of going without, or suffer the concequnces when something bad happens.

The Linux/BSD communities should strive to make opening rouge binary files by default run in a jail. What if every new executable that ran on the system started in the jail, when and only when everything looks safe it would be allowed to run normally. The user could then be notified of what is going on and then if everything looks normal they could then run it. Microsoft could do this too, but I somehow doubt this would ever happen.

The problem with every security method there is, is the user. Some users, while knowing full well what they are opening isn't safe, they do it anyway! While I feel some of this mess is because of Microsoft's mistakes (features?), it is still the users responsability to ensure that they do not execute any problematic code.

[ Parent ]
The trouble with MS Patches (4.33 / 3) (#75)
by Karmakaze on Mon Aug 13, 2001 at 12:58:08 PM EST

With that said, anyone who hasn't patched their version of Outlook (when a patch is, in fact, available) gets what they deserve. I don't care how unsophisticated the user's computer knowledge is; vendors can't be held responsible for users who don't apply patches. In summary: bad MS for making promiscuous software and bad user for not patching their system.
I used to install every patch and security patch as they came out.

Until the day I installed a patch that was supposed to stop Outlook Viruses and instead crippled my ability to use Mail Merge - a function I needed to perform my job function at the time.

The only way to remove the patch was to unintall and reinstall from scratch. Microsoft's ever-so-useful repsonse in their FAQ? "We know this is annoying to many users, but we have no plans to fix this issue". The issue wasn't even mentioned in the patch documentation until weeks after I applied it. The original documentation labeled it as a critical patch - essential. Silly me - I believed them.

When the patch breaks the software worse than the original flaw, you start hesitating to apply patches.


--
Karmakaze
[ Parent ]

Did someone mention viruses? (4.60 / 5) (#49)
by hotcurry on Sun Aug 12, 2001 at 07:57:16 PM EST

I suppose, for balance's sake, I should provide a list of Linux viruses, but I couldn't find one. A Linux virus, that is.

Also, I'm counting email trojans as viruses, becuause they're close enough. And I couldn't find a Linux email trojan either. In fact, I couldn't find a single non-Windows email trojan or virus or whatever. This really does look like a Microsoft only problem the more you look at it.

<h3>Viruses, worms and e-mail trojans</h3>
Net4TV: WebTV Security Breach: Hijack Code Can Forward Stored Mail
00-Apr LWN Eric Raymond: Microsoft -- Designed for Insecurity <h3>Viruses, worms and e-mail trojans</h3>
00-Jan CNet: Windows 2000 virus detected
SARC: SubSeven (Windows trojan)
00-Mar Wired: WebTV's 'Non-Virus' Virus
00-May TMF: RFC1521 on email attachments

As you can see, by executing an attachment using an interpreter of some type (whether it be IE, Word, VB, or a native executable), Outlook is exposing a well known security hole that is specifically warned against in the MIME specification.

00-May ZDNet: NewLove bug nastier than ILOVEYOU
00-May Wired: Worm Wreaked Gov't Havoc
00-May ABC: `Killer Resume' Doing a Job on E-Mail Systems
00-Aug Cnet: Consumers open email to targeted virus attacks
01-Jan ZDNet:: Hybris virus: Sleeper hit of 2001
01-Jan: Four European Companies Wiped Out by New Worm Little Davinia
01-Feb Washington Post: Virus Spreads in Tennis Star Guise
01-Apr Computerworld: Microsoft gives a virus to its support customers
"Microsoft received notification of some infected files on a private access Web site for Premier Support and Microsoft Gold Certified Partners in the U.S. only," a Microsoft spokesperson said.

01-Jul CNet: White House dodges Web worm
Computer worms are programs that have the ability to spread across Internet and execute instructions. In this case, the worm sought out vulnerable Web servers using Microsoft software. As for the instructions, the Code Red worm was written to flood the Whitehouse.gov site with a massive amount of data, overwhelming it to the point where it could not be accessed.


popularity (3.50 / 2) (#50)
by kubalaa on Sun Aug 12, 2001 at 08:05:25 PM EST

This doesn't imply anything about the security of Linux. If you were going to write a virus, would you write one that only ran on 2% (or whatever it is these days) of desktop computers?

[ Parent ]
Email viruses, popularity, and MS (4.85 / 7) (#55)
by swr on Sun Aug 12, 2001 at 09:44:30 PM EST

If you were going to write a virus, would you write one that only ran on 2% (or whatever it is these days) of desktop computers?

Once upon a time, *nix was the prevalent system on the internet. There were no email viruses back then.

There is a very obvious correlation between the appearance of email viruses and the release of Microsoft's MUA. I don't think that is a coincidence. In fact, before MS Outlook, the very idea of getting a virus just by reading email was considered ridiculous.

[ Parent ]

just by reading email.. (5.00 / 1) (#83)
by enterfornone on Mon Aug 13, 2001 at 11:25:29 PM EST

Most email "viruses" can't be spread "just by reading email" you have to evecute the attachment and current MS mailers will give you a warning (or more than one depending on the attachment) as to why this is a bad idea. Obviously if you ignore the warning and run it anyway it's not MSs fault. You could just as easily save it to disk, chmod it and execute it (no doubt the theoretical Linux virus would instruct you to do that, and you wouldn't get a warning not to).

--
efn 26/m/syd
Will sponsor new accounts for porn.
[ Parent ]
Microsoft has a vested interest in Linux viruses. (4.00 / 2) (#76)
by plutarch on Mon Aug 13, 2001 at 02:05:22 PM EST

And there's no doubt they have the resources to write and propagate one without getting caught. Why haven't they done so? Out of the goodness of their hearts?
Leftism is the ideology of resentment. It is is the ideology of the frustrated will to power. It matters not how much or how little power the Leftist has at the moment. The point is, he wants more, and he can't get it.
[ Parent ]
Microsoft are evil! (5.00 / 2) (#82)
by enterfornone on Mon Aug 13, 2001 at 11:20:32 PM EST

Microsoft also have the resource to buy a bunch of nukes and bomb cuba.

Have you ever though the reason they might not want to write a Linux virus is because they are a legit business who have a certain amount of morals and willingness to obey the laws. The idea that the only reason they don't do something evil is because it's impossible reeks of paranoia.

--
efn 26/m/syd
Will sponsor new accounts for porn.
[ Parent ]

Microsoft Morality (none / 0) (#93)
by sqwudgy on Tue Aug 21, 2001 at 05:12:18 PM EST

``they are a legit business who have a certain amount of morals and willingness to obey the laws.''

Sure. They're just selective about which laws they choose to obey. Antitrust laws aren't on their list right now.

[ Parent ]

Linux Viruses exist in academic sense only (4.71 / 7) (#58)
by bediger on Sun Aug 12, 2001 at 09:53:17 PM EST

Linux viruses exist: something called bliss and something called staog probably constitute "file infector" viruses. Shell script viruses probably could infect any unix or unix-a-like shell script. Some guy named Keith McMillan wrote a virus that infects TeX documents, but he had to use Emacs as sort of a "helper". That virus could probably infect tens of documents all over the world.

But so what? Linux viruses exist, Apple-][ viruses exist, VMS viruses exist. Every operating system can probably host viruses. See the work of Fred Cohen for further information. In real life, Linux and Unix viruses don't exist. The question is "why?" I think the answer comes from epidemiology. Epidemics only happen when a large fraction of the populace doesn't have any immunity. In the context of computers, "immunity" derives from things like access controls (a.k.a. file permissions by user and group), different hardware architectures, different software systems (I could run SunOS, Solaris, Linux or NetBSD on my SPARCStation).

Unix and unix-a-likes (Linux, NetBSD, etc) don't exhibit epidemics of worms, viruses and chainmail because the populace has a lot of variety, in terms of all the things that cause "immunity" - different user and group IDs, fractured hardware base, lots of operating systems with enough differences that count, many, many email reading systems, most of which can't "launch" something like SirCam.

But to bring my point back to "Anti-MS FUD", the mere existance of some academic shell script virus that just might run on all NetBSD and Linux boxes, but not on Solaris boxes doesn't really matter. What matters is that Microsoft has created what constitutes a "monoculture" (everyone runs Outlook on an OS with a Win32 or VBS interface, on a single hardware architecture). This monoculture is extremely susceptible, as evidenced by Code Red, SirCam, Melissa, ILOVEYOU, Anna Kournikova, etc etc etc. And that's entirely Microsoft's fault. There's no dodging that, there's no ignoring it, unless you're an antivirus vendor whose livelihood depends on an unrelenting stream of viruses, worms and chainmails.


-- I am Spartacus.
[ Parent ]
Hackers Looooooove Standards! (4.25 / 4) (#59)
by bitspotter on Sun Aug 12, 2001 at 10:41:38 PM EST

Ramen, anyone?

I was hit by this Linux Worm at work.

It was specifically designed to target RedHat Linux 6.2 and 7.0 servers.

While it wasn't pointed at Microsoft's satndard apps, it was still pointed at standards. RedHat being very high up in the list of most popular Linux distributions, it would seem that the same standards that make software easier to adopt & use is equally exploitable by mailcious coders, without regard to whether it's Microsoft who writes the software or not.

I was giddily reminded of the Christian problem of evil as I read this story. I can't help thinking (though I've not researched this question) that it would be fairly easy for MS to restrict email attachment viruses to a sandbox, like java, or somehow prevent attachment scripts or programs from accessing the OutLook address book, or at least make it unavailable to outside programs entirely.

The question then becomes if Microsoft, like God, could be held morally responsible for the evil which it cold easily stop, yet permits to exist. :)

[ Parent ]

How can anyone forget about the Morris worm? (4.20 / 5) (#60)
by loualbano on Mon Aug 13, 2001 at 12:12:30 AM EST

There were never any major worms/virii/trojans specific to linux, but there was the Morris Worm in '88 that used a sendmail hole to propagate. I imagine Linux boxes would have been affected by this, had they been around then.

This worm was the baddest of the bad, much worse than anything since. This worm had to element of surprise as no one ever had to deal with such a beast.

More info:

http://www.sans.org/infosecFAQ/malicious/morris.htm

http://www.cs.berkeley.edu/~srhea/morris-internet-worm.html



[ Parent ]
Sure (4.00 / 4) (#64)
by nowin on Mon Aug 13, 2001 at 02:14:46 AM EST

I certainly hope no one is saying UNIX is immume to security problems. I think the issue here would be: Has MS done what they can to prevent them? or have they let ease of use concerns override security concerns?

I think ultimately the pendulum will swing back the other way and there will be a backlash of public sentiment (and that's really what we are talking about here, MS's license agreements make them not liable for anything more then the cost of the app (if that)). I think people DO have a right to expect that their software is as bug/hole free as possible. And to have the situation fixed ASAP when a bug/whole is found.

If MS does not get this fixed and soon the public perception could become that their products are a risk and then they will fade away. Lets face it, it takes awhile for management and business people to form a technological opinion, but once they are formed they do not get changed, they retire. (An example of this is the perception that any free software is an inherant security risk. Although 99% of freeware is good clean software this is still a prevalent opinion amongst IT management.)

Dan

[ Parent ]
Nestea (5.00 / 2) (#68)
by poochers on Mon Aug 13, 2001 at 10:32:05 AM EST

How easily we forget nestea - the 'bug' that allowed any remote user to halt your linux machine in seconds without any local privilages. The problem was about 2 lines of code in the kernel and a patch was distributed that day. However, the same can be said about Microsoft. Take code red for example - microsoft released a patch immediately. The difference between linux and windows is that Nestea could not do longterm damage because a) the program was designed to be user-activated unlike code red's "smarter" implimentation that spread on its own (I guess because the exploit did not have a way to reach the problemativ box), and b) the linux community responded by patching their own machines immediately. We can not blame microsoft for their widespread userbase, though they can only blame themselves for not being more responsive when exploits are discovered.

[ Parent ]
Code Red Not Patched (4.00 / 2) (#79)
by Matrix on Mon Aug 13, 2001 at 05:17:55 PM EST

Microsoft, no matter what Windows fanatics say, has not yet released a patch that fixes the holes Code Red exploits. Even with the patch installed, the holes are still present if certant preferences are set. Namely, URL redirection in ISS 4.0.

They do admit that there are still problems, but claiming their turnaround time is the same as or better than the turnaround of Linux developers on the abovementioned nestea bug is wildly inaccurate. The Linux kernel team had a turnaround of under twenty-four hours, Microsoft has been trying to kill this worm for how many weeks?

Not exactly inspiring of confidence, especially given how much money they can throw at developers to get good ones. And how much advance warning they've had.


Matrix
"...Pulling together is the aim of despotism and tyranny. Free men pull in all kinds of directions. It's the only way to make progress."
- Lord Vetinari, pg 312 of the Truth, a Discworld novel by Terry Pratchett
[ Parent ]

The difference (4.20 / 5) (#63)
by nowin on Mon Aug 13, 2001 at 01:50:15 AM EST

The difference between MS and others is not market share.

The difference is that to be executable in windows you need simply tack on .exe, .com, .bat, .vbs, .scr or whatever onto your file.

In UNIX there is a distinction between that which is executable and that which is not. This distinction is the file mode.

To make a traditional UNIX e-mail virus would involve the user saving the attachment and then choosing to make that attachment executable, and then running it.

In my book that makes the virus a really insane user virus, not an e-mail virus.

Now if someone were to write a UNIX e-mail client that would execute code recieved with little or no input from the user then this client would be a security risk.

Basically MS is at fault since they wrote such an app, and windows itself will always be a risk as long as it fails to make a distinction between executable and non-executable content (something greater then the file extension).

UNIX has had 30 years of trying to be secure*, it would be nice if MS could jump on the bandwagon.

Dan

*and still fails on occasion, but their heart is in the right place.

Outlook Viruses (4.66 / 6) (#67)
by spiv on Mon Aug 13, 2001 at 09:47:45 AM EST

The term "email virus" is misleading to me. I do not know of any virus (or trojan, or similar) for any mail client other than Outlook and Outlook Express. When people say "email virus", they really mean "Outlook virus" -- for example, SirCam is Outlook specific.

It's not a flaw in the OS, it's a flaw in the application. Outlook's default settings hides extensions, runs scripts, and allows executables to camouflage themselves as passive data files such as JPEGs.

If Outlook were ported to Linux with the same flaws, then the same viruses could be written. Instead of using VBScript and COM, they'd probably use shell scripts and read dotfiles.

In summary, I agree with you that Linux is not inherently more secure against that sort of virus -- but this is not a fault of the OS, it is a fault of the application, and perhaps of gullible users. On the other hand, I feel that MS deserves all the criticism they get regarding Melissa, SirCam, and friends, because Outlook is practically designed to automatically disguise and run these programs, and this behaviour has not improved even in Office XP. "We are so popular that people only write viruses for our software" is a poor excuse.

And finally, please, call them Outlook viruses. There's no such thing as an email virus.

-Spiv.



As I understand it (4.50 / 2) (#81)
by stuartf on Mon Aug 13, 2001 at 08:21:29 PM EST

As I understand it, SirCam is not Outlook specific. It contains it's own SMTP server, and simply relies on the user running an attached file. It will use the Outlook address book if it can, but also tries to find other address books as well.

[ Parent ]
Please to tell me (4.85 / 7) (#70)
by Bob Abooey on Mon Aug 13, 2001 at 11:14:23 AM EST

How I'm going to run an email "virus" on my Linux box? All my attachments come in without permissions for anything except read. Thus I would have to look at the file and change it to be executable, then actually execute it. At that point it's a moron virus, not a Linux virus. Thus, it is indeed a problem with Windows/Outlook and the default permissions they set for all those unsuspecting users who really don't know any better.

No, it's not the users fault, it's microsofts fault, because they target their products to new users as being "easy to use" and "user friendly" etc. My mom buys that stuff and feels she has no reason to worry, she thinks her Windows system is built for the new user so she trusts what they tell her. Nope, it's not her fault. If they want to make a home computer seem as simple as a toaster then they are responsible for making it as secure as a toaster.

Although it's silly to have to make a disclaimer here I will, just because the windows zealots are so defensive: "I'm not saying that Linux is bulletproof with regards to malicious programs, or 'virii' as the media likes to call them, but you would have to be far more clever than just sending a malicious script as an email attachment."



This is another genuine Bob Abooey post -annoying spelling and gramer nazi's on the Internet since 1995
I agree. It's microsoft's fault. (4.00 / 2) (#72)
by scross on Mon Aug 13, 2001 at 12:31:15 PM EST

I agree. It's microsoft's fault. What good reason is there to give Outlook, essentially a file manager of files that came from somewhere else, the same level of file access as explorer has for local files.
Cheers, Sarah
[ Parent ]
Not Microsoft's fault? (3.00 / 1) (#90)
by hardburn on Tue Aug 21, 2001 at 10:09:24 AM EST

The viruses aren't exploiting a flaw in Windows unless you consider popularity a flaw. What they are exploiting is the fact that people are stupid enough to open and run the file.

I would agree if Microsoft at least took some minor steps to try to curb viruses (or virii, whatever). They have shown very little evidence of doing such, though. AFAIK, Outlook will still automaticly execute .vbs attachments. Further, all of Visual Basic Script is just one big security hole. If you're going to allow people to send others arbitrary scripts, the least you can do is sandbox it (like Java does). No such feature has ever been added, nor does Microsoft show any evidence of adding it in the future.

(Every time this comes up, I ask: "Does anybody actualy use VBS (not Visual Basic, but VB-SCRIPT) for a ligit use"? I have heard only one person so far say that yes, he does.)

Further, I think Code Red shows a major flaw in how Microsoft Operating Systems run. Microsoft tries to market Win2000 as being so easy that a monkey can do it. Monkeys are doing it, so you end up with servers where Code Red and it's variants continue to spread despite the fact that there are patches clearly available to fix the problem.

Getting the server running is the easy half. The hard part is keeping it running. A monkey might be able to set up Win2000, but letting them administer the server would be a grave mistake.

The second piece of FUD is based on the idea that a full TCP/IP implementation will allow hackers who break into Windows machines to spoof IPs.

Agree on your points about having a sane firewall for blocking IP spoofing.

The TCP/MS FUD is one of the more far fetched rumours I've heard lately yet it seems to be taken seriously by many.

Agree that MS is not yet capable of making "TCP/MS". Let's say that WinXP has a Microsoft-controled internet protocol. First, it absolutly must use IP as a building block, or a few million routers have to be "upgraded" to TCP/MS. The internet is having a hard enough time upgrading routers for IPv6, much less a propreity Microsoft protocol. Perhaps a better name would be "MS/IP", since (IIRC) routers don't generaly deal with TCP (please correct me if I'm wrong).

Now lets say that there is a "MS/IP" or perhaps even "TCP/MS". Let us also say that WinXP has no ability to connect using the good ol' TCP/IP protocol. Thus, it's impossible for WinXP users (or perhaps even WinME/98/95 users who got a patch) to connect to servers running a non-Microsoft OS. What kind of sites could you no longer reach?

  • yahoo.com (FreeBSD)
  • amazon.com (GNU/Linux)
  • google.com (GNU/Linux)
  • cnet.com (Solaris)
  • zdnet.com (Solaris)

(Note that cnet.com and zdnet.com are owned by the same company. I wanted to list them seperatly because I assumed that the merged company wouldn't want to migrate to a new server platform so quickly. Also note that ZD is widly thought of as an arm of Microsoft marketing.)

According to the latest Netcraft survey, you would only be able to accsess 25% of the Internet with MS/IP.

If Microsoft does make MS/IP, then they are even stupider then I thought.


----
while($story = K5::Story->new()) { $story->vote(-1) if($story->section() == $POLITICS); }


Anti-MS FUD | 97 comments (93 topical, 4 editorial, 0 hidden)
Display: Sort:

kuro5hin.org

[XML]
All trademarks and copyrights on this page are owned by their respective companies. The Rest © 2000 - Present Kuro5hin.org Inc.
See our legalese page for copyright policies. Please also read our Privacy Policy.
Kuro5hin.org is powered by Free Software, including Apache, Perl, and Linux, The Scoop Engine that runs this site is freely available, under the terms of the GPL.
Need some help? Email help@kuro5hin.org.
My heart's the long stairs.

Powered by Scoop create account | help/FAQ | mission | links | search | IRC | YOU choose the stories!