Kuro5hin.org: technology and culture, from the trenches
create account | help/FAQ | contact | links | search | IRC | site news
[ Everything | Diaries | Technology | Science | Culture | Politics | Media | News | Internet | Op-Ed | Fiction | Meta | MLP ]
We need your support: buy an ad | premium membership

[P]
Security over functionality?

By dieman in News
Wed May 24, 2000 at 11:04:01 PM EST
Tags: Software (all tags)
Software

An article on cnn talks about people now complaining that they can't send attachments of executable programs through Outlook with the new 'security' patch.

Is telling people not to use email for executables going too far? I think not. I've been surprised at how many enterprises haven't blocked all attachments and actually trust the outside. An amusing quote is that an admistrator believes that you can have something granular and still call it security. (I think that if you're going to allow some things, you've lost the battle allready, even if you have antivirus installed.) ISPs are going nuts because of user-friendlyness, but I am surprised that they aren't happy that their email servers will enjoy less load. Oh well.


Sponsors

Voxel dot net
o Managed Hosting
o VoxCAST Content Delivery
o Raw Infrastructure

Login

Related Links
o article on cnn
o Also by dieman


Display: Sort:
Security over functionality? | 60 comments (60 topical, editorial, 0 hidden)
So what's the solution? When I wor... (2.50 / 2) (#7)
by eann on Wed May 24, 2000 at 01:14:33 PM EST

eann voted 1 on this story.

So what's the solution? When I worked at a commercial ISP, we provided web and FTP space for our users to put files. Then, it was fairly easy to say "Email is for messages, FTP is for files." It never caught on.

At my current employer, the mail server scans attachments for viruses, and blocks the potentially dangerous messages. Because it's profile based, it didn't catch "I love you" until the virus software company released their patch. Sure, it had a hard time spreading after that (there were several hundred attempts within the few hours following), but the damage was already done.

In general, the people that are most susceptible to viruses are the ones who don't care anything about doing it the "right" way, if there is such a thing; they just want it to be quick and painless.

Personally, I use pine.

Our scientific power has outrun our spiritual power. We have guided missiles and misguided men. —MLK

$email =~ s/0/o/; # The K5 cabal is out to get you.


I say dispense with attachments on ... (2.00 / 1) (#3)
by bmetzler on Wed May 24, 2000 at 01:19:04 PM EST

bmetzler voted 1 on this story.

I say dispense with attachments on email. Email should be text only.

If you need to get a file to someone, there's got to be a better way to do it.

-Brent
www.bmetzler.org - it's not just a personal weblog, it's so much more.
Oh for god's sake. Now thay've just... (4.80 / 4) (#1)
by rusty on Wed May 24, 2000 at 01:42:51 PM EST

rusty voted 1 on this story.

Oh for god's sake. Now thay've just blocked all executables? Ok, no, it's not really "going to far", but it's the dumbest pssible fix.

How hard is this:

  1. Never execute anything without the user explicitly saying to. Not scripting, not executables, nothing.
  2. Make scripts run *from* outlook go in a sandbox, like HelixCode's Evolution client does. No access to systemn files or resources, no way to propagate themselves.
Two simple steps that block probably 99% of the security flaws in outlook, without killing any functionality. Do they have any sane designers left over there?

____
Not the real rusty
Re: Oh for god's sake. Now thay've just... (1.00 / 1) (#23)
by HiQ on Thu May 25, 2000 at 02:48:30 AM EST

Yep - that would be Bill Gates!
How to make a sig
without having an idea
just made a HiQ
[ Parent ]
Re: Oh for god's sake. Now thay've just... (4.00 / 1) (#35)
by slycer on Thu May 25, 2000 at 01:02:29 PM EST

Never execute anything without the user explicitly saying to. Not scripting, not executables, nothing.

Sure, except, that doesn't solve anything, double click the attachment.. message comes "up are you sure you want to run this, all kinds of warnings after that etc", user is thinking well DUH! - that's why I double clicked it in the first place, yes I do want to run it.

The sandbox idea is a GREAT idea though.

[ Parent ]
Re: Oh for god's sake. Now thay've just... (4.00 / 2) (#40)
by rusty on Thu May 25, 2000 at 02:32:38 PM EST

Right-- neither by itself is really good enough (well, a sandbox by itself might be, but still-- auto-executing untrusted code is just bad form), but both together would solve the majority of problems.

____
Not the real rusty
[ Parent ]
Sigh. Another techie not realizing ... (3.80 / 4) (#8)
by Ozymandias on Wed May 24, 2000 at 01:48:44 PM EST

Ozymandias voted 1 on this story.

Sigh. Another techie not realizing the net's no longer his own personal sandbox.

One of the main reasons people buy computers and internet access is email. And one of the things they like about email is that they can send pictures of Junior and the dog to Grandma without postage. Not to mention that neat joke program they got last week.

Useability IS a concern. When balancing security and convenience, the balance point is NOT always on the security side. The best solution is not to forbid attachments, it's to filter attachments. Allow files; even allow executable files. Only refuse ".vbs" and other high-risk attachments.
- Ozymandias

Re: Sigh. Another techie not realizing ... (5.00 / 1) (#25)
by bobsquatch on Thu May 25, 2000 at 03:36:15 AM EST

It's good to hear people arguing with their 'usability' hand; the 'security' hand has gotten out of hand of late. (Though it'd be a lot funnier if both hands were manipulating sock puppets, a la Sifl & Olly...)

Allow files; even allow executable files. Only refuse ".vbs" and other high-risk attachments.
How are you going to tell the difference between 'high-risk' executables and 'low-risk' executables? Who's gonna write the magic parser to do that? .vbs files are not the only thing that can propagate like a worm...

Here's a better idea: don't censor madly in the name of 'security' -- just make it absolutely clear that running an executable attachment is really running an executable attachment (and not just 'opening' the thing, for ghod's sake). Follow that up with a policy that running the attachment is at the runner's own risk. If the PHB can't stand a little personal responsibility, he can find himself another sysadmin.

(Yeah, I can't make myself take Windows-specific problems seriously. As the comic says, "Here's a quarter, kid. Buy yourself a better computer.")

[ Parent ]

Re: Sigh. Another techie not realizing ... (4.50 / 2) (#38)
by Ozymandias on Thu May 25, 2000 at 02:26:37 PM EST

I spend most of my "virus prevention" energy on training; and actually, 80% or better get it after one or two repititions. There are those, though, that make me want to use the electric stapler to fasten a warning over their eyes so they can't see anything but the warning even though it won't do any good and they'll still click, click, click those damned attachments...

Sorry. Flashbacks.

It's true that there are other extensions that could be used for self-propogating viruses; however, there are few if any legitimate VBS or BAT or COM files being sent as attachments. The most common attachments are DOC and ZIP files.

What I usually do is rely on user education and humiliation; a user who does something stupid that they've been repeatedly warned against gets the "Bad Monkey" award, a stuffed monkey in badly-fitting prison garb hanging over their cubicle. Everybody knows the Bad Monkey award, and the harrassment and ridicule afix the lesson... more firmly.

When things are high-risk, though - for example, during the "ILOVEYOU" storm - I have premade filters for attachments. I don't delete them, I reroute them to a "virus@" email account where I can check it out, make sure it's really "OK", and send it on to the user. Most of the time, I don't filter everything; just the extension the virus of the week is using, and ZIP files to catch leakers. It's worked well for me; I haven't had a problem since before Melissa.
- Ozymandias
[ Parent ]

Re: Sigh. Another techie not realizing ... (none / 0) (#42)
by Qtmstr on Thu May 25, 2000 at 06:30:39 PM EST

Havn't I seen this comment before?


Kuro5hin delenda est!
[ Parent ]
Those who would trade security in r... (4.00 / 2) (#10)
by marlowe on Wed May 24, 2000 at 01:52:32 PM EST

marlowe voted 1 on this story.

Those who would trade security in return for functionality will not have, nor do they deserve, either one.
-- The Americans are the Jews of the 21st century. Only we won't go as quietly to the gas chambers. --

This is a relavant issue in today's... (2.00 / 1) (#16)
by swiftone on Wed May 24, 2000 at 02:18:18 PM EST

swiftone voted 1 on this story.

This is a relavant issue in today's world. I disagree with the submitter's assertion, however. What is required is user training and user responsibility. The Superhighway analogy has been overdone to death, but comparing computers to cars is a long standing tradition with some good reasoning behind it. In this case, the people are new to the cars (computers), haven't learned the rules of the road, nad accidents happen. Who's at fault? Both the person (who didn't learn) and the giver of the machine (be it work or wherever) for not training them properly. Defensive computing should be how we think, and if you don't, you might get your system screwed.

Certainly software makers should take into account that the users are often not trained. Microsoft can be faulted for VBScript in Outlook because they had advance warning (anyone remember the GoodTimes hoax?) The fact of the matter is that ANY system with any functionality is a security risk if the person using it doesn't follow the rules.

People can and will exchange things over email. Said people will often NOT be tech-heads. Limiting their functionality is not a reasonable expectation, and in a capitalistic world, is not probable to happen as a rule.

Where is the line between "secure e... (3.00 / 1) (#18)
by TinCho on Wed May 24, 2000 at 02:36:55 PM EST

TinCho voted 1 on this story.

Where is the line between "secure enough" and "useless enough"? I mean, from the users point of view, what is the alternative? ICQ et al may be more dangerous in the long run, and ftp may not be a viable alternative.

Is telling people not to use email ... (3.00 / 1) (#9)
by HiRes on Wed May 24, 2000 at 03:17:38 PM EST

HiRes voted 1 on this story.

Is telling people not to use email for executables going too far?

Yes, absolutely.
--
wcb
wait! before you rate, read.

That's just how things work on a si... (4.50 / 2) (#14)
by jmcneill on Wed May 24, 2000 at 03:17:46 PM EST

jmcneill voted 1 on this story.

That's just how things work on a single-user operating system when the user isn't educated on the risk of running foreign executables. Many of them have an "A friend sent it to me, so it's ok" attitude, and with the recent VBS worms that kind of thinking is useless. I think rather than blocking attachments, the users need to be taught the risks beforehand. Maybe a "drivers license" for computers needs to be implimented? :D
``Of course it runs NetBSD.''

The only solution is to educate use... (1.00 / 2) (#17)
by Will on Wed May 24, 2000 at 03:34:29 PM EST

Will voted -1 on this story.

The only solution is to educate users.

Re: The only solution is to educate use... (4.00 / 1) (#21)
by inspire on Thu May 25, 2000 at 02:27:04 AM EST

Wow. IWPTA "The only solution is to eradiacate users".

Methinks I've been a sysadmin too long.
--
What is the helix?
[ Parent ]

More virus, more email, more load, ... (1.00 / 1) (#13)
by deimos on Wed May 24, 2000 at 03:43:52 PM EST

deimos voted 1 on this story.

More virus, more email, more load, bigger boxes, more toys. Oh boy!
irc.kuro5hin.org: Good Monkeys, Great Typewriters.

People are inherently stupid. That'... (2.00 / 1) (#5)
by Pelorat on Wed May 24, 2000 at 04:39:38 PM EST

Pelorat voted 0 on this story.

People are inherently stupid. That's ok, cos the Right Thing has been done in this case, and they can be safely ignored.

People need to learn about FTP :)... (1.50 / 4) (#15)
by ravenskana on Wed May 24, 2000 at 04:54:27 PM EST

ravenskana voted 1 on this story.

People need to learn about FTP :)

Hmmmmm... not bad... some thought..... (1.00 / 2) (#12)
by ishbak on Wed May 24, 2000 at 04:57:57 PM EST

ishbak voted 0 on this story.

Hmmmmm... not bad... some thought... needs more depth though.

Need more info.. links?... (1.00 / 1) (#11)
by angelo on Wed May 24, 2000 at 05:25:22 PM EST

angelo voted -1 on this story.

Need more info.. links?
lowmagnet.org

Ok. rant = TRUE; ... (2.50 / 6) (#4)
by Inoshiro on Wed May 24, 2000 at 05:32:52 PM EST

Inoshiro voted 1 on this story.

Ok. rant = TRUE;

Why the FUCK can't these godamned motherfucking useless lusers get a fucking clue and ZIP their fucking attachments? It'd save bandwidth, and save the chances of a bad thing happening by chance. And why the fuck aren't they using a DATA only format, like rtf or txt?

rant = FALSE;. If they don't want security, they get what they deserve. Zipping up multiple files for transmission is not hard, especially with the aid of Winzip or a similar annoying wizard driven program.



--
[ イノシロ ]
Re: Ok. rant = TRUE;... (3.00 / 1) (#20)
by Anonymous Hero on Thu May 25, 2000 at 01:11:26 AM EST

Would zipping the files really help? Users will probably STILL unzip and run them (Winzip makes it easy enough). Or MS will add an auto-unzip feature, like Netscape's sometimes-annoying auto-gunzip feature.

I remember reading about an experiment, where someone sent a VBS file around their company - when you ran it, it would pop up a message saying something like "this is a virus, click ok to run it". It would mail the author if you clicked OK. Apparently about 1 in 4 people ran it and clicked OK. They should have sent around a program that disabled VBScript.

[ Parent ]

Re: Ok. rant = TRUE;... (4.50 / 4) (#22)
by Anonymous Hero on Thu May 25, 2000 at 02:37:30 AM EST

Apparently about 1 in 4 people ran it and clicked OK.

It's depressing, isn't it?

For me, the worst thing about it is that the general public have become so accustomed to promiscuous data transfers that they don't even think about it.

"Enter your email address here for free porn everyday!". Sounds good, lets do it!

"Enter your credit card number to establish your account and you could be in the draw for $5000!". Sounds good, lets do it!

"Just download and install our customised Age Verification software ( with *free* Back Orifice connectivity! ) and you can gain immediate access to our huge collection of porn!". Sounds good, lets do it!

*Sigh*. The main problem is that people don't want to listen if it involves any inconvenience at all ( and that includes the inconvenience of listening ). This is the whole problem with the "we must educate the public argument". It's a perfectly reasonable thing to do, but the public unfortunatly doesn't want to listen. Instead, their eyes glaze over and they look for the first excuse to exit the conversation.

Would zipping the files really help?

It would help the more cluefull members of the public. To me though, the main problem though is that people want convenience and security. Unfortunatly, these two things will remain contradictory until the technology has stabalised for a long period of time.

Until then, this sort of thing is going to keep happening, and as more and more institutions ( such as banks and finance companies ) try to jump on the "e-commerce" bandwagon the consequences are also going to escalate. Instead of loosing some jpg or mp3 files, you could loose your bank balence.

Whan I was younger, I used to read a lot of William Gibsons "Cyberpunk" stories. With the way that things currently stand, the current reality of the internet seems to be more of a cross between William Gibson and Terry Pratchet - high tech gizmo's and absurdist comedy resulting from the fact that people keep insisting on using systems that they have very little understanding of.

You might be strangling my chicken, but you don't want to know what I'm doing to your chicken.



[ Parent ]

Re: Ok. rant = TRUE;... (3.00 / 1) (#24)
by rusty on Thu May 25, 2000 at 02:49:21 AM EST

Have read all of Gibson. Am reading Pratchett right now, and loving his work. Y'know, it just now occurs to me that Neal Stephenson might be some kind of Gibson-Pratchett bastard love child...

Hm. I need to get more sleep.

____
Not the real rusty
[ Parent ]

Re: Ok. rant = TRUE;... (3.00 / 1) (#49)
by Anonymous Hero on Fri May 26, 2000 at 04:33:45 AM EST

Am reading Pratchett right now, and loving his work.

Yes, Terry Pratchett is allways good for a laugh. The idea of building a mechanical computer ( HEX ) out of mice propelled wheels and ants is something that would have certainly appealed to the MIT model railway club.

It would require some thought in the design though. Otherwise there would be too many nasty possibilities of what could be done with some cheese and a sling-shot. It might make for an interesting story, since I tend to doubt that system security was very much of a concern to the members of the un-seen college who wired "HEX" up.

"Cheese buffer overflow - administrator priveledge will be granted at the start of the next ant cycle". And yes, you might need more sleep but I spend too much time reading security advisories ( but then again, these days, who doesn't? ). ;)

You might be strangling my chicken, but you don't want to know what I'm doing to your hampster.



[ Parent ]

People are dumb*. Simple. They have... (2.80 / 5) (#2)
by hattig on Wed May 24, 2000 at 08:10:22 PM EST

hattig voted 1 on this story.

People are dumb*. Simple. They haven't worked out that they can drag the executable to the desktop and then run the virus, i mean, fun executable game that they have been sent?

Computers should be kept for clever people and dumb people should use the postal service!

Or, dumb* people shouldn't be let near a real computer. Let them view the net through a Dreamcast or WebTV - that is a device that has been designed for them.

*dumb: in this context, someone who is not computer literate, although they might be clever or write for zdnet.

I don't really see anything wrong w... (3.00 / 1) (#6)
by evro on Wed May 24, 2000 at 08:17:47 PM EST

evro voted 0 on this story.

I don't really see anything wrong with mailing executables really. Can't they be zipped before being sent?
---
"Asking me who to follow -- don't ask me, I don't know!"

Mail is for text. (2.67 / 3) (#19)
by pjr on Thu May 25, 2000 at 12:18:20 AM EST

I'm a little amused when I read about executable email bombs in the news. When I was young (a while ago), I ran a VMS system for the physics department where I was a student. I was suprised and encouraged to discover that the mail transport system stripped the high order bit from every byte transfered. This meant that one could only transfer values between 0 and 127 in an email byte. To this day I respect that constraint and send only text in my email messages.

The best way to be ignored amoung members of the Free Software Movement is to send them a message with a MIME attachment. Many people throw these messages on the floor before delivery.

The only significant use of MIME that I have found is letting Apache know what's going on. But that stuff is all on my machine and I know what Apache does with it.

pjr

I have to disagree... (3.00 / 1) (#27)
by Jules on Thu May 25, 2000 at 08:41:22 AM EST

In order to move our techno-filled lives forward, we have to constantly refine and tweak protocols, languages, etc. The very first incarnation of HTML didn't allow for images, background colors, fonts, etc.

Would you really want a Web that has none of those things now? What about cookies for maintaining state? As a Web programmer, I sure as hell wouldn't want life without them.

And if the Gods didn't want us to send attachments, there would be no MIME ;-)

[ Parent ]

Re: I have to disagree... (5.00 / 1) (#39)
by Anonymous Hero on Thu May 25, 2000 at 02:29:14 PM EST

I'd love a web with no background images or font changes or frames... :) w3m rules! :)

[ Parent ]
I can grant you two out of three! (none / 0) (#51)
by Jules on Fri May 26, 2000 at 07:39:44 AM EST

But of course you <a href="http://lynx.browser.org/">already have it, right?

[ Parent ]
w3m -- lynx on steroids (none / 0) (#56)
by kmself on Sun May 28, 2000 at 03:49:36 AM EST

w3m is a text-mode browser with table and frame support. There's also links (clearly distinquished, in coversation, from lynx, by the 'i').

--
Karsten M. Self
SCO -- backgrounder on Caldera/SCO vs IBM
Support the EFF!!
There is no K5 cabal.
[ Parent ]

Re: Mail is for text. (3.00 / 1) (#28)
by Alhazred on Thu May 25, 2000 at 09:46:00 AM EST

Thats silly.

Thats like saying "roads are for horses".

The problem is the entire security paradigm. trying to make each and every machine proof against any conceivable attack is a flawed concept. It obviously won't work. People won't practice "safe sex" and the stakes there are MUCH higher, so why is it any surprise to anyone that people won't refrain from running untrusted code on their computers?


That is not dead which may eternal lie And with strange aeons death itself may die.
[ Parent ]
Re: Mail is for text. (4.00 / 1) (#43)
by Anonymous Hero on Thu May 25, 2000 at 06:42:06 PM EST

I apologize in advance for this long and tedious explanation ;^)

Your comment about vms mail is generally true. However, there is an optional parameter that can be used when invoking the mail command on vms which will allow you to transfer a binary, executable file without modification.

Of course, I cannot remember what that command is.

The reciever of the email could then extract the binary file from their mail, and save it as a file.

The "easier" way to transfer files was to have a world writable directory which people could put files into. (un)fortunately, under vms files had owners, and the file you got had the owner set to the sender. Using the command "set file/owner=parent" fixed that, but you needed access to the system account to do that.

[ Parent ]

Mail is for text - but so is MIME! (none / 0) (#59)
by WWWWolf on Mon May 29, 2000 at 07:00:26 AM EST

Actually, MIME is known to work with 7-bit transportation channels fairly well... It's called "base64" in techspeak, and for 8bit text, we have a thing called "quoted-printable" (though it's often called "quoted-unprintable" here =) ...

But to the point: I understand text attachments. I understand picture attachments (except when one of my friends sent me .bmp files...) I understand datafile attachments to some extent. I have problems understanding why people use HTML attachments when text will do (but I don't particularly blame them). I really, really hate MS Word attachments, particularly because they really clog the network. =)

I don't ignore attachments, and I know that they do have a value! And I do have an use for MIME - It tells those pesky mail systems that most of the stuff I mail is in 8-bit anyway (and 7-bit mail systems can convert the stuff from 8-bit to quoted-printable if it needs to be done). I'm from one of those weird European countries that use an indecipherable language, you know...

Oh yeah, first post. (Not to this story, but my first post to K5 - so be gentle, please =)

-- Weyfour WWWWolf, a lupine technomancer from the cold north...


[ Parent ]
Reduced functionality (3.00 / 1) (#26)
by DesiredUsername on Thu May 25, 2000 at 08:34:39 AM EST

"Is telling people not to use email for executables going too far? I think not."

Think again.

First, the user's point of view: "Hey, I used to be able to send updates to my shareware prog to my subscribers but now I can't." People used to be able to do X, now they can't. These people are rightly pissed. The problem wasn't that "people are sending exe's", the problem is that PROGRAMS are sending exe's and people (or programs) are running them. Don't punish innocent people for the mistakes of bad programs.

Second, MS's point of view: "Uh, we're getting a lot of phone calls from users asking how to send exe's. They say that if we don't 'fix it', they are going to switch to netscape mail/mutt/eudora/pine/unix mail." MS goofed big on this. They removed a vital feature that is already present in ALL other mailers. Goodbye marketshare!

This is not to say that this could have been handled better. Windows' security model is so fsck'd that there may be no other "sure" solution. Just like you sometimes have to pull the plug on a brain-dead patient, killing Outook may have been the only way to fix this brain-dead problem.

Play 囲碁
But Rusty... (3.00 / 1) (#29)
by Alhazred on Thu May 25, 2000 at 09:53:18 AM EST

That would make too much sense... :o)

Microsloth knows they are hosed in the security arena, and they would just rather have let things slide and not draw attention to the fact by fixing it. Just like car manufacturers will refuse to recall vehicles with obvious safety problems because it would acknowledge their cognizance of the problem.
That is not dead which may eternal lie And with strange aeons death itself may die.
Computers are not just for "clever people&quo (3.50 / 2) (#30)
by TheLocust on Thu May 25, 2000 at 10:34:53 AM EST

This notion that the average joe shouldn't be let "near a real computer" is absolutely silly. Yes, people are *dumb. That is what user-level security is for. That is what the *nixes were built on. Windows, on the other hand had networking (more to the point, the Internet) thrown into it, and with it's lax security, made people vulnerable to these types of attacks.

Should MS have released this patch? Yes. People are dumb, and to keep them from inadvertently forwarding around these malicious attacks is only prudent *for them*. They fucked up. They know it. Now, *hopefully* MS will realize that the time for security has come! In fact, the time for security has ALWAYS been there.

The internet came along, and the ultra-capitalist mindset was full force at Microsoft. They allowed a LOT of people to get on the internet, and pretty easily at that. However, they did it in a relativly uncontrolled way. The internet itself is *somewhat* secure (to say, more secure than windows). Windows has NO security once so ever, access-level or otherwise. Thus, the chain is only as strong as the weakest link.

While i don't agree with some (most) of Microsoft's wares or business practices, i do appreciate the fact that i probably wouldn't have the job or the career i have now because of them (and others, to a degree). I hope they jump on the goddamned ball and quit pussy-footing around with this patch-level shit.
.......o- thelocust -o.........
ignorant people speak of people
average people speak of events
great people speak of ideas

Re: Computers are not just for "clever people (4.00 / 1) (#36)
by slycer on Thu May 25, 2000 at 01:42:34 PM EST

That is what the *nixes were built on. Windows, on the other hand had networking (more to the point, the Internet) thrown into it, and with it's lax security, made people vulnerable to these types of attacks.

User level security wouldn't have stopped melissa or love bug from spreading, it would have stopped love bug from deleting files etc (W2K has these capabilities too), but all it needs access to would be the user's pab (in outlook terms) or even read access to the gab (not much use without read perms on that) and it would still have sent itself all over the place. Maybe harder to get on *nix, but assuming that user level security was included with all versions of windows (ie write access to only say a home folder), these 2 viruses still would have spread. The spreading is the bigger issue, that is what hammered mail servers etc..

[ Parent ]
User level security, design philosophy (none / 0) (#55)
by kmself on Sun May 28, 2000 at 03:37:50 AM EST

User-level security alone, you're right, won't stop LoveBug type exploits. I've made the point myself, heatedly, in a number of forums. In fact, the propogation mechanism of the 1987 Morris Worm was in many ways similar to the current crop of Microsoft VBA Outlook exploits.

The important distinction is this: the Morris worm was a one-time occurance. Multiuser systems on an untrusted network meant that the lesson could be learned once, repeats were simply too expensive to contemplate. The design philosophy of Unix is that you don't trust arbitrary executables, particularly from nontrusted sources. However, this is a philosophy and convention, there's nothing in the design of Unix or Linux which prevents writing an integrated office application with a mailer and scripting functions -- StarOffice, Correl, and Netscape are three such examples.

It's an issue the Linux community will have to be on vigilant guard against -- the "features" Microsoft has crammed down users' throats for the past decade are in fact ticking time bombs. The bad example has been set, let's not duplicate it.

OTOH, dumb users have used phenomenally powerful, shared, networked systems for years. Mainframes and server systems have long supported end-users (though not always comforatably), without opening up gaping holes. This is not a user problem, it's an architecture and application problem.

--
Karsten M. Self
SCO -- backgrounder on Caldera/SCO vs IBM
Support the EFF!!
There is no K5 cabal.
[ Parent ]

Mommy Microsoft knows what's best. (4.80 / 4) (#32)
by dhartung on Thu May 25, 2000 at 11:52:39 AM EST

I'm sorry, all due respect to the GNU corner, but big hairy deal that these supposed luminaries drop MIME attachments. I don't have to listen to them. Mail is an excellent way to transfer files (at least up to a certain size). The EXE is an excellent way to make a ZIP file archive hassle-free. These are conveniences, and although they have drawbacks, I have things in place to deal with those drawbacks (e.g. scripting security set high; running antivirus software).

I certainly have said for a long time that Microsoft should not be enabling all these nifty features for the vast majority of users who won't use them. But to patch the program so you cannot transfer executables AT ALL is a big spanking that I don't need. I'm an intelligent end-user and I should be reserved the right to transfer files with other intelligent end-users when necessary.

Basically, once again Microsoft is solving a problem with a big "We Know Better Than You" baseball cap on, and with no respect given to those whose needs are different from their perceived ideal customer. In this case, they're playing "You Wouldn't Stop Fighting so I'm Taking the Toys Away", instead of what they should be doing, which is letting the end-users like me retain ultimate control over my environment. Kids left alone to squabble ultimately solve their problems and learn how to handle frustration and dealing with other people. End-users with the control to turn executable attachments on or off will do so when and if they need it; the rest will deal without it.

This is right in line with another M$ practice that I detest, which is the "check this box if you don't want to be asked again" option so frequently found ... except that often there's no way short of editing the registry to RETURN to asking, say, for a week during a security/virus scare.

I'm happy that Microsoft appears to be doing something about this problem, but I resent being coddled.
-- Before the Harper's Index: the Harper's Hash Table
Did anybody actually check? (4.20 / 5) (#34)
by Rasputin on Thu May 25, 2000 at 12:40:57 PM EST

I just finished reading the actual release from M$ about this misadventure. They are not (contrary to popular opinion) disabling sending attachments, .exe or other. They are disabling the ability to run any exe or script from within Outlook. This is about the best we could expect them to do. Now you have to store the file on your hard-drive somewhere, find it with exploder(or on the desktop) and actually run it before you can benefit from the latest virus/worm/whatever. The second step should take long enough to get to that it will discourage most of the people who can't/won't understand the danger they're in.

I understand the desire to rant that seems to prevail when M$ is the topic, but this is silly. The original story is somewhat misleading, in that it implies no more attachments with Outlook, although that may not be what was intended. That so many people accepted that interpretation without checking is more than a little disturbing.
Even if you win the rat race, you're still a rat.

Believe me, I checked. Thoroughly. (5.00 / 2) (#50)
by dhartung on Fri May 26, 2000 at 04:38:40 AM EST

Microsoft's own introduction to the Outlook patch says:
If you receive a message that contains a Level 1 file as an attachment, your Inbox will display the paperclip in the attachment column to let you know that the message originally contained an attachment. When you open the message, the attachment will not be available and the following will be displayed at the top of the message: Outlook removed access to the following unsafe attachments: [filenames]
Level 1 files are EXE, VBS, even URL and LNK files. These can't be touched by the end-user. Level 2 files can be saved to disk, but not executed, from within Outlook. Now, there is an addition to this information since it was first posted, indicating that the Level 1 and Level 2 file extension lists CAN be customized at the Exchange Server level. This wasn't in the release initially (I have no idea if the functionality was there or not). So, apparently, there's at least the possibility that you can zero out the Level 1 list and have Level 2 (save to disk) security on EXEs, but only for everyone in your organization. This is slightly better, but still a hassle.
-- Before the Harper's Index: the Harper's Hash Table
[ Parent ]
Re: Believe me, I checked. Thoroughly. (5.00 / 1) (#52)
by Rasputin on Fri May 26, 2000 at 10:04:50 AM EST

I stand corrected. The information I saw, also from the M$ site, wasn't nearly as explicit as the link you provided. I though it was a little misleading when I read it, but interpreted it to mean only that it would no longer be possible to launch executables from within Outlook.
Even if you win the rat race, you're still a rat.
[ Parent ]
Computers are tools (4.00 / 5) (#37)
by GeoffinIdaho on Thu May 25, 2000 at 02:01:56 PM EST

Computers are (supposed to be) tools, remember? The job for us (the geeks) is to make them into useful tools. We can blather endlessly how browsing with 'telnet 80' should be good enough for anybody, or (more specific to this case) you should put that file up for FTP rather than attaching it in an email message. "Putting a file up for FTP" is beyond the average user and, you know what? That's ok!

I just had to replace the head gasket on my car. Did I do it myself? No way! Could I have? Maybe, but it would have taken a lot longer, and I probably wouldn't have done a very good job of it. In the same way, we shouldn't expect all users to be 32nd degree geeks. Rather, we should focus on making the computer useful enough that they don't have to be. (And that takes more than a pretty desktop and a "Start" menu, by the way.)

Re: Computers are tools (4.00 / 1) (#44)
by Anonymous Hero on Thu May 25, 2000 at 06:53:44 PM EST

Changing the head gasket on an inline 4-cyl takes 40 minutes. The gasket costs $7. Follow the illustrated instructions on which order to tighten the bolts, and what torques to tighten them to in each pass, and everything will be peachy.

Is it "ok" to not do it yourself?

Sure.

But you spent $300 and missed a chance to learn something.

[ Parent ]

Re: Computers are tools (4.00 / 1) (#54)
by jackyb on Fri May 26, 2000 at 11:29:27 AM EST

But you are missing the point. It is absolutely vital that my car operate properly, for if something goes wrong while I'm driving down the motorway, I stand to kill myself and possibly others. To know enough about cars to correctly identify problems and be able to fix them competently would take a lot of time. Most of us prefer to spend some money keeping our cars properly maintained, so that the responsibility is not ours, and so that we can do things we enjoy.

On the other hand, being taught how to handle things on computers (even "complicated" things like email attachments) is something which the user is perfectly competent to handle by himself, because a) there's usually someone in charge who takes care of backups and so on, so the user can be helped out if something goes wrong and b) if there isn't such a person available, then the user's in trouble unless he or she knows himself how to sort out problems. The consequences are not so dangerous.

[ Parent ]

Re: Computers are tools (4.00 / 1) (#47)
by Anonymous Hero on Fri May 26, 2000 at 12:04:23 AM EST

Unlike a car, to drive a computer you don't have to take a test - and the internet is way to similar to an urban freeway for that to be a good thing. Learning to use the internet in a respectful and responsible manner is an aspect of responsible internet usage!

sometime soon, some one will sue the person one up the cascade of one of these virus (etc) epedemics - and they will win - maybe that will force users to be more responsible about their cavalier approach to security.

[ Parent ]

Re: Computers are tools (3.00 / 1) (#53)
by HiQ on Fri May 26, 2000 at 11:02:59 AM EST

An average user is x% of his/her time operating a computer: - Formatting floppies - Rearranging files & directories - Etc. I think that a good interface could take care of these things, and let the user concentrate on his/her work. That includes e-mail: if you send an attachment, your mailclient could automagically zip the mail for you. The receiving client could unzip & store the attachment, but never *run* it without permission.
How to make a sig
without having an idea
just made a HiQ
[ Parent ]
Secure OSes (4.00 / 1) (#41)
by bnolan on Thu May 25, 2000 at 05:15:37 PM EST

At the risk of being labelled 'one of them', i don't believe there are any OSes in use at the moment that are secure for unlearned users.

The problems users have with security, maintainability, reliability and ease-of-use are fundamental to the way many operating systems work. The problems won't be solved until some new operating systems / user interfaces surface.

Self maintaining, good security and trustworthiness model, non-hierachael (sp) filesystems and goal oriented (among other things).

Any attempt to provide security by hacking up current operating systems is only going to create more complaints like those being expressed above.
:wq

non-hierarchial (I think I fixed the sp) filesyste (none / 0) (#61)
by LoonXTall on Mon May 29, 2000 at 09:56:19 PM EST

I started thinking about this roughly 10 seconds ago. Specifically, I'm thinking of how to make an H-fs appear non-H.

I'm going to build on WinDOS, because that's what I use.

1. Links should act like real files in dialog boxes.
2. All user-initiated file actions should update the Recent folder/Documents menu.
3. Any file operation involving a file on the Documents menu should update that link if necessary.
4. Dialogs should always start in the Recent folder. (Hence the need for #1.)

If we use crypto (as suggested elsewhere), we need fast enough servers to handle it. I suggest our friends' now-hosted-by-Exodus servers...

As for the security issue, Melissa and ILoveYou cannot exist without a means to automagically forward themselves. Magic is fine for files that start+end locally. Anything that has an endpoint on the Internet (or even the LAN) is suspect. Even local files can be suspect... look at boot virii.
-- LoonXTall "To brand a book as unsuitable is an important step toward making it required reading." ----Marvin Kaye
[ Parent ]
Reality check (2.00 / 3) (#45)
by Puzzlebox on Thu May 25, 2000 at 10:33:51 PM EST

To the vast majority of users, computers are inscrutable devices. The average user justs want to do some word processing, send some email, maybe play a game or listen to some music.

Most users do not know how computers work and - guess what - THEY DON'T CARE. Just like I don't give a damn about how exactly the plumbing in my house works. As long as I can shower and flush the toilet, I'm clueless and happy. If I have a problem, well, that's what plumbers are for.

Face it, THEY are not "stupid" ... YOU are being unrealistic, elitist, and (if you're the sysadmin) irresponsible.



CERT toilet advisory, number 1098567 (3.00 / 1) (#46)
by Anonymous Hero on Thu May 25, 2000 at 11:59:36 PM EST

Recent analysis by CERT has shown that there is a major security flaw in the use of flush toilets which can result in serious and even life threatening situations.

In instances where people will carry out a bit of impromtu re-decorating, it has come to our attention that residual hydrocarbons such as paint thinners are often poured down toilent's which are then flushed.

The problem with this is that hydrocarbons of this type are of a lower density than water and as such, insufficient flushing will fail to remove said hydrocarbons.

If a heat source is then supplied ( for example, by dropping a lit cigarette into the convenience ), then this can result in fire and/or explosion.

Remedies.

Toilet vendors have been contacted with regards to this problem but at this point in time no easy solution is anticipated simply because of the current installed base of existing toilet technology. Because of this, CERT advises all government, corporate and private users of toilets to refrain from dropping lit cigarettes into toilets that have been used for the disposal of hydrocarbons.

Additionally, CERT advises anyone who must deal with large quantities of these materials ( such as profesional painters ) to enquire as to safe disposal methods for bulk hdrocarbons. While the "Toilet Exploit" is limited in terms of the potential for malicious attack by individual home owners, government agencies and corporations that deal with bulk hyrdocarbons are potential targets for attacks of this type.

We advise that anyone who may be affected by this exploit to regularly visit the CERT advisory site for future updates.

You might be strangling my chicken, but you don't want to know what I'm doing to your hampster.



[ Parent ]

Cryptography is the answer (3.30 / 3) (#48)
by Anonymous Hero on Fri May 26, 2000 at 01:02:38 AM EST

I wonder why nobody is talking about cryptography. It would be easy to build crypto into the culture of email. This is really the only way to get grandma and my secretary to buy into these things.

1) Make an easy and obvious way to create keypairs in all operating systems

2) Program the email user agents such that they won't execute or save executable unsiged attachments. When a signed attachment arrives, give grandma some advice on whether to open it or not. Remember THIS CAN BE EASY iff the computer presents the information ina reasonable way. The program can go out, check the web of trust of the person who signed, and give grandma a go or no go for the attachment.

3) Program all mail transfer software to reject unsigned attachments. If people want attachments, they are going to have to get crypto. This is how you get the crypto into the culture. Make it easy for people who are sending their first attachment to issue keys.

4) This is the real punch line. Build the network so that you can easily shitlist any key that is used to sign a virus or trojan. When the mail agents check the web of trust, they will be able to alert grandma that the signer is not trustworthy. This does not rely on grandma having to install some worthless virus profiling software.

Regards,
Jeffrey Baker
jwbaker@acm.org

I like. Add a directory, authlist, and sandbox (none / 0) (#57)
by kmself on Sun May 28, 2000 at 04:03:25 AM EST

This one grows on me slowly, but I'm starting to dig it.

Corporate environment, keypairs. Use a directory to list authorized keys. Tools to allow users to add/remove keys of their own need from the directory. An authorities list which allows administration of groups of keys from known trusted sites (the user tools would act in addition to this list). And regardless of keys, most signed content is only runnable in a sandbox anyway (how much content really needs your system to run in? Your shitlist idea can be semi-automated by the sandbox, if it can be made aware of attempts to bypass its authority and automatically flag keys for denial. Like the halting theorem, a perfect defense isn't possible, but a good first-order approximation should be.

The cool part -- because of architectures and standards, this would probably be far easier to implement on an open system such as Linux than on Windows, where the signing standard(s) and sandbox spec(s) would be constantly gamed for <strike>proprietary advantage</strike> innovative features (another tag to support, Rusty).

Point is, email attachments are convenient, and executable content may be necessary. If direct executables are restricted, text-only tools such as uuencode can accomplish the same thing, and with file associations, are just as conveniently lethal to Joe and Suzy Q. Public.

--
Karsten M. Self
SCO -- backgrounder on Caldera/SCO vs IBM
Support the EFF!!
There is no K5 cabal.
[ Parent ]

Re: Cryptography is the answer (none / 0) (#58)
by Anonymous Hero on Mon May 29, 2000 at 02:28:32 AM EST

The network thing wouldnt work. Why? Because some company would take over, most likely Microsoft.
And, if Microsoft took over, do you really believe they would let netscape/any Linux browser access their web? Central database isnt the way to go, unless a nonprofit organization controlls it.

[ Parent ]
And people *really* send raw executables over mail (none / 0) (#60)
by WWWWolf on Mon May 29, 2000 at 07:08:46 AM EST

Do the dumb people... er, I mean, ignorant end-users really send executables over E-mail? Is it, heaven forbid, a common procedure?

It's really disturbing if it is. There really is no reason why one should embed directly executable content on E-mail. Think of it. Someone mentioned software patches, but that's what FTP is for - or have you ever heard of WinZip, ever-glorious program for reducing bandwidth usage? I guess you have...

::shrugs:: I'm just wondering. I mean, people send images or documents, but executables? Is sending raw executables really vital? Or, most importantly, if it is, why the users can't save it to file before executing it? =)

Sorry if these thoughts are horribly redundant in this context, I have a headache and that kind of makes me unmotivated to read most of the other comments =)

-- Weyfour WWWWolf, a lupine technomancer from the cold north...


Some people only have email access to the net. (none / 0) (#62)
by Anonymous Hero on Wed May 31, 2000 at 11:46:16 AM EST

This page is pretty concise on how you do just about anything on the internet by email alone. Maybe you live in a third world country, use the free dial up juno email account(although with the advent of free internet accounts this has become less of an issue) or maybe your company is run like a third world country and you only have email access.

Joe

Security over functionality? | 60 comments (60 topical, 0 editorial, 0 hidden)
Display: Sort:

kuro5hin.org

[XML]
All trademarks and copyrights on this page are owned by their respective companies. The Rest 2000 - Present Kuro5hin.org Inc.
See our legalese page for copyright policies. Please also read our Privacy Policy.
Kuro5hin.org is powered by Free Software, including Apache, Perl, and Linux, The Scoop Engine that runs this site is freely available, under the terms of the GPL.
Need some help? Email help@kuro5hin.org.
My heart's the long stairs.

Powered by Scoop create account | help/FAQ | mission | links | search | IRC | YOU choose the stories!