×

Announcing: Slashdot Deals - Explore geek apps, games, gadgets and more. (what is this?)

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!

Slashback: Mexico, Ukraine, Oceania

timothy posted more than 13 years ago | from the seymour's-gettin'-married dept.

Slashback 188

More reason below on why not to eat the yellow links, as well as the ongoing interesting effects of the Sircam virus, and whatever happened to Linux in Mexican schools. (Answer: it didn't.) And please send some good news for next time.

... and you'll like it! LupusUF writes: "As everyone knows by now...Kazaa is using top text links Kazaa is using top text. But not only are they using them, they are badmouthing people who complain about them. When someone posted a complaint, a Kazaa moderator (Super_Harris) started out his reply by saying "How Dare You!" and then went on trying to explain why they are using top text. Another moderator makes some more poor excuses in the same thread. The same thread also has some very useful information about the spyware that kazaa has installed with the latest version (cydoor, Onflow, New.Net, WebHancer).

My advice would be to get ad-aware.

I hope Kazaa starts treating its users with more respect, and at least gets moderators that can answer questions without treating their users like idiots."

Sircam Sircam A quivering, cowardly reader wrote to point out that sensitive Ukranian government documents were apparently leaked by the Sircam virus. Even juicier than the steady stream of love notes, recipes, tax information, homework, bids and schedules that keeps flowing into my mailbox.

Don't look for much help from Microsoft on this, either, and hardly any from ISPs. Most of the ISPs I've contacted still claim not to have heard of Sircam, and say "it's not our responsibility." Email from Microsoft (after I cc'd them on a few of my virus alerts) equally disclaims responsibility. Funny how Sircam never made it to the front page of their site. Kudos to Charter Communications for calling customers to let them know they were infected -- and a pox on Prodigy for refusing to.

May the path of least resistance rise to meet you. Alec Muzzy writes: "Wired has a story about a failed plan to install Linux on computers for Mexican Schools in an effort to save money. Instead they have decided to run Windows, because Linux wouldn't run on their hardware. As they say, 'It was easier to go with Windows.'

Here's a perfect example of where the free cost of Linux should have been an advantage, yet they decided to go with Windows instead. Does this mean that the costs of running Linux are higher than the cost to purchase Windows?"

Sorry! There are no comments related to the filter you selected.

Re:a good worm? (1)

Anonymous Coward | more than 13 years ago | (#2174783)

Fuck it, I was waiting for an on-topic article to post this, but there's been nothing really appropriate yet. Here's a quich hack that might just do some good!

---
I just has a fairly evil thought while reading through securityfocus:

Old address of www.whitehouse.gov
(as attacked by code-red): 198.137.240.91 = C6 89 F0 5B
Address of www.riaa.com: 208.225.90.120 = D0 E1 90 78

[coward@anonymous coward]$ grep "C6 89 F0 5B" codered.hex
FF 00 50 C7 85 80 FE FF FF C6 89 F0 5B 8B F4 6A ..P.........[..j

Someone please tell me it's not really this simple!! Grab a copy of the worm (netcat listen on port 80, you should have it in less than an hour) replace the whitehouse IP with the RIAA's, and then netcat it back into a bunch of IIS servers?

---

Re:Sorry, kaZaa users (1)

Anonymous Coward | more than 13 years ago | (#2174784)

Uh, I take it you've never installed KaZaa have you.. there's a bloody checkbox for all the plugins they ask to install on your machine, so you can choose NOT to install them.

Why do people bitch about add-on packages being spy-ware when all of such add-ons can be opted out, and have UNINSTALL options?

Re:ISPs' responsibility?! (1)

Anonymous Coward | more than 13 years ago | (#2174785)

Being that I work for Charter Communications (thanks for the kudos, Timothy) here in Michigan, and having had to deal with customers about virii infections, I can say that to an extent, it *is* in our best interests to let customers know when we find they have a virus.

Especially one like SirCam that sends out random bloated MSOffice files, BMP images, etc...

Truly not much we can do, except for call. Cutting off service is usually the last used of our options. It only takes a quick call, or even just a reply to that e-mail I just got with an attached .xls file. ;) Of course I would rather spend all that time hacking on a uBR924 to fix a corrupted flash image or forgotten password, but it's never a good thing to forget that our customers are the basis for my paycheck, at no matter what level of the biz I'm in.

It's *very* easy to say that it's the Outlook user's responsibility, but most, if not all, Outlook users I know had no choice in their mail client. And easily the majority of them are not as geeky as most of us, and it's easy for us to say they should be aware... How many of them have a part of their job description that they are to stay on top of the latest virus/worm/etc?

Please.

I will, of course, agree that MS is greatly responsible for the whole ease of spread of ILU and SirCam.

This is My Opinion®, not necessary that of my employer, etc, etc...

Randy Carnahan
--
SW::POP Michigan Region

No (2)

Anonymous Coward | more than 13 years ago | (#2174787)

It's just cheaper for Mexican schools to pirate Windows than to learn Linux. Wouldn't you agree? ;-)

Re:Linux wouldn't run on their hardware (3)

Anonymous Coward | more than 13 years ago | (#2174789)

It's pretty amazing to me that they decided to buy a $100 OS instead of a $30 modem card, and in general Linux requires fewer system resources than Windows. And having problems installing because of old drives not being able to read CD-R's is a little silly, too -- for the volumes they're talking, they could easily press their own CD's for almost nothing. I have to believe that there's something else going on there. Like it being absurd to have 2 people responsible for every aspect of of deploying computers and software to thousands of schools without any staff for training, backed by a bureaucracy that was willing to give $millions to MS rather than building staff to support this project.

Kickbacks? Corruption? How much would MS pay to keep latin america from developing into a center of Linux/open source development? :-)

Re:ISPs' responsibility?! (1)

mosch (204) | more than 13 years ago | (#2174790)

next time you make a pathetic attempt at a troll you should:
  1. pick a product which doesn't have an equivalent in the Linux world. (amavis + VirusScan)
  2. pick a product where the product you're touting doesn't die under heavy load (500k messages/day) for no apprent reason


--

Re:Mexican Linux and KaZaa (1)

Eccles (932) | more than 13 years ago | (#2174794)

On the part about Linux in Mexico, I have to wonder what part would not run on their systems.

No drivers for Winmodems. (Some of us actually read the article...;-)

Re:New Linux User (2)

Jason Earl (1894) | more than 13 years ago | (#2174795)

Linux installs are like Windows installs in that they are much easier after you have done 5 or 6 of them, but that's hardly consolation to the new Linux user. Even worse, Linux is only a little better if you can get it pre-installed. Even then it's not quite like Windows, and there certainly are quite a few things that aren't well supported. On the other hand Linux has some really cool advantages over Windows, especially for power users. I definitely prefer my Linux desktop over my Windows one, but I have learned to use Unixy tools.

There are some tips that make Linux a little easier to use. First of all, join a Linux mailing list, preferrably one for the distribution that you are using, and spend some time lurking. Yes, I know, you have better things to do than reading 100 emails a day about how to get a particular sournd card working. You don't have to actually read all of the email, you just need to get a feel for what sort of questions are being asked, so that you can A) not ask the same question as the last 400 people when you have a question and B) so that you can learn a little bit about how actual Linuxers get their work done.

For example, a new Windows refugee with a fresh install of Linux almost always heads straight for Wine, because they want to run their old familiar software. Now, Wine is certainly useful for those critical pieces of software that don't have Linux equivalents, but that kind of software is getting more and more scarce all of the time. Instead you should (after making sure that it hasn't been asked a million times) ask some actual Linuxers what they use as a replacement for the software that you would like to use. You would be surprised how enlightening this is. I learned about LaTeX that way (long before Linux had a word processor), and I have been grateful since. LaTeX is certainly not as easy to use as a word processor, but for some types of documents it is clearly the "right tool for the job."

Another word of advice is to refrain from building packages from source unless you really have to. Yes, I realize that this sounds contrary to the whole Open Source ethos, but the way to mastery is long and fraught with many perils (sorry I couldn't resist). Chances are good that there is an RPM package of the software you want to use, and since you use RedHat, it's almost certain to work for you. Save the source code for pieces of software that you want to hack (or debug).

If you decide that Linux isn't for you, try back again in six months to a year. You will be amazed at how far along it will have come. Linux isn't for everyone yet, but it is getting there.

I Tried... (1)

Kojo (1903) | more than 13 years ago | (#2174796)

Yes, I feel like an idiot replying to my own posting.

Anyway, I put my keyboard where my mouth is (or something like that) and sent Miguel the Wired link. I wonder how many others did? I know I'm not that original. Hope it helps the folks in Mexico.

Re:The Other Miguel from Mexico (1)

Kojo (1903) | more than 13 years ago | (#2174797)

Well, it would seem I actually am an idiot, as I was incapable of replying to my own posting correctly...

Anyway, I put my keyboard where my mouth is (or something like that) and sent Miguel the Wired link. I wonder how many others did? I know I'm not that original. Hope it helps the folks in Mexico.

The Other Miguel from Mexico (2)

Kojo (1903) | more than 13 years ago | (#2174798)

...
Luis Miguel Ibarra, who prepared a customized distribution of the open-source operating system...Finding enough capable programmers and system administrators proved to be the primary obstacle for the project..."We need a lot of people trained in Linux here in Mexico," Ibarra said
Wouldn't this be a good time to contact Miguel "Ximian GNOME" de "Hey! I'm from Mexico" Icaza? Am I the only one who read this story and instantly thought of a phrase like:

"I started an entire Free Software Project while working at the largest University in my Home Country of Mexico, so I'd know a little something about Linux and might know 1 or 2 other people in Mexico who do too!"

or

"Hey! Didn't one of those GNOME guys come from Mexico? Maybe we should call him and see if he knows anyone..."

Just a thought...

Re:Hi! (1)

mmontour (2208) | more than 13 years ago | (#2174799)

I have been needing the help and advice on some things, but files send I to people, no response!

The thing is, if you want free help and advice from people, you need to show them some courtesy in return. Try putting a nice friendly "ILOVEYOU" in the subject line next time, and I'm sure you'll get a much better response. If that doesn't work, send them a picture of Anna Kournikova too.

I use KaZaA without intrusions - This is how (4)

ciurana (2603) | more than 13 years ago | (#2174801)

I've been using KaZaA for several weeks without intrusions or undesireable software running on my Windoze box.

The latest upgrade for KaZaA, including all the "enhancements" came over the wires either last Sunday or Monday. Neither TOPText, nor any of the other "intrusionware" were installed.

I believe "intrusionware" became a problem for us in 1998 or so with QuickBooks Pro and its desire to install AOL (Corel Draw! also installed some unnecessary crap by default). We realized that most default configurations of shrinkwrapped software tended to install things we didn't want in our (or our customers') systems. Ever since we follow these steps to prevent the introduction of undesirable code:

  • Never use the default installation. Always click on "customize install"
  • Always take a snapshot of the registry prior to installing the software and one immediately after running it for the first time. We use both Norton Registry Tracker and Remove-It for that. Remove-it also does a before/after snapshot of the contents of every directory on the HD.
  • Ensure that the after snapshot in the previous step is taken after you run the program. Yeah, I like repeating it because it's important.
  • Make sure (in your C:/AUTOEXEC.BAT) that the TMP and TEMP environment variables point to the same directory so you can view what temporary files were created during the installation.

We found that, 95% of the time, our desktops (and those of our customers still using Windows) were easily rolled back to a known "clean" state by using these tools. The other 5% we had to manually remove one or two registry entries, or DLLs/VxDs loaded during Windows start up. If we absolutely must run a piece of Windows software (i.e. QuickBooks), we can usually pick and choose what to remove and what to leave installed by following this procedure.

About the KaZaA installation
In the case of KaZaA, it drops an upgrade program in its download/share folder. That program gives the option for a "custom install". Deselect (is that a verb?) the options that you don't want such as TOPtext. Watch your registry. No changes to the system.

KaZaA installs some banners and other annoyware under C:/WINDOWS/SYSTEM/adcache. KaZaA's UI is a modified version of Internet Exploiter. It's a web browser with a custom UI. You can disable the annoying ads at the bottom of the screen by:

  • Using the junkbuster proxy for filtering the sites where KaZaA is getting its banners from. The default banners come from www.qksrv.net. Block it. There may be others down the line. Block them as they appear.
  • Unloading KaZaA and manually erasing all the GIF and JPEG files in that directory. Lave the two HTML/JavaScript files in place (B_416800.HTM and B_416900.HTM), though, or KaZaA won't work.

This process sounds like a lot of work, but in reality it only adds about 2 minutes to every new software installation. It saves us from endless hours of grief at a later time.

Annoyware aside, I really like KaZaA. It's quick, and I've been able to find everything I searched for on it.

(If you see my previous posts, we're a mostly-UNIX shop. We (and several of our customers) run a hybrid UNIX+Samba+Windoze environment. No flames on this, OK? I'm a realist, and business demands that we use Windows under certain circumstances)

Cheers!

E

Reading SirCam documents? (1)

ragnarok (6947) | more than 13 years ago | (#2174805)

I've gotten a bunch of documents for my advice (although they all have spanish filenames) and I would like to see what's in them. How am I supposed to open them? Obviously I don't want to execute them, because I would get infected.
Any ideas?

never mind (1)

ragnarok (6947) | more than 13 years ago | (#2174806)

I figured it out. Note to self: Search first, ask questions later.

The answer:
http://slashdot.org/comments.pl?sid=01/08/01/153 20 4&cid=216

Re:ISPs' responsibility?! (2)

JoeBuck (7947) | more than 13 years ago | (#2174807)

Yes, ISPs should be installing Sircam filters, assisting users with installing such filters, or both. It's in their own interest to do so, to cut back on terabytes of unwanted traffic clogging up their pipes.

It's not good enough to tell people not to open attachments, when those attachments are clogging up their pipe and filling up their disk, or using up their disk quota at their ISP.

Re:Linux wouldn't run on their hardware (1)

ansible (9585) | more than 13 years ago | (#2174810)

I was under the impression that most of these machines are standalone, and not clustered together.

Re:ISPs' responsibility?! (1)

ethereal (13958) | more than 13 years ago | (#2174812)

That makes sense, but it seems like admins always have three or four other high-priority projects that they could be working on when they're dealing with viruses instead. Things like getting ahead on their patching for the new security holes, setting up network security scanners, planning new software rollouts, etc. There is a real cost to the whole business when you take admins off of their planned support duties and throw them into minute-to-minute emergency virus defense.

What do you tell someone who's got SirCam? (3)

doom (14564) | more than 13 years ago | (#2174813)

What advice should you give to someone who's clearly got a bad case of SirCam?

If you look at the CERT Advisory [cert.org] , the only fix it discusses is installing commercial anti-virus software... While that might be a good idea, I would think that there's got to be some other proceedure, like Delete this or that, reinstall MS Word, go into the Control Panel and click the little box that says "I'm not a complete fool, and I care slightly about system security, so don't run any damn macros without asking me", or whatever.

Has anyone seen cleanup proceedures discussed? I know little about the Windows world these days, but my friends still have me pegged as The Computer Expert.

Re:ISPs' responsibility?! (2)

sharkey (16670) | more than 13 years ago | (#2174818)

Too bad Symantec's scanners, as of July 27, 2001 anyway, couldn't catch Sircam.

--

Re:Linux wouldn't run on their hardware (2)

Mike Schiraldi (18296) | more than 13 years ago | (#2174822)

You laugh, but you'd better believe Microsoft will be pointing to this story whenever one of their potential customers is considering Linux. "Look! Mexico tried it and it was a big failure. Stick with me, boys. Nobody ever got fired for buying Microsoft."

Sircam reply (2)

Linux Freak (18608) | more than 13 years ago | (#2174823)

This is a reply I typed up and started sending everytime I received one of these (annoying 200 Kb bandwidth-wasting) Sircam documents:

Hello. Just to let you know, it seems that your Windows-based PC appears to be infected with the "SirCam" virus (details at http://www.zdnet.com/filters/printerfriendly/0,606 1,2801171-2,00.html [zdnet.com] , possible anti-virus fix details at http://www.symantec.com/avcenter/venc/data/w32.sir cam.worm@mm.removal.tool.html [symantec.com] ). It is likely that you, or somebody else who has used your PC, double-clicked an attachment received from another infected user, which caused your own PC to be infected. (Double clicking on attachments you have received by e-mail, whether from a "trusted" source or not is almost NEVER a good idea.)

What you choose to do about this is your business, but I thought I'd let you know that your private documents are being sent to random Internet users around the world -- and not every one of them deletes them unread like I do.

By the way, you might wish to consider switching to Linux. I have been a happy Linux user since 1995, and I have not had to put up with these kinds of viral infections since giving up Microsoft software so long ago.

Re:Linux wouldn't run on their hardware (1)

alkali (28338) | more than 13 years ago | (#2174826)

It's pretty amazing to me that they decided to buy a $100 OS instead of a $30 modem card

Query whether Microsoft is cutting them a deal.

Re:Good Sircam web page? (2)

Restil (31903) | more than 13 years ago | (#2174827)

I'd set one up myself, but with the current climate of sue first and ask questions later, or worse jail first, ask questions later, I'm not too comfortable about the idea, even if it turns out in the end to be a legal proposition.

Now... find a lot of free anonymous webspace somewhere.... hmm...

-Restil

Re:a good worm? (2)

Restil (31903) | more than 13 years ago | (#2174828)

First of all, #2. If a program is secure, it doesn't matter if the port is open. Also, if the system is secure, it won't be able to catch the worm in the first place, and therefore its not a problem.

#4 same issue. If the worm can get in, then you need to be playing a little less quake.

A well designed worm will do the following:

Search for one single hole (lets say a named hole). Install a resident program on the system. Patch the hole. Search out, locate, and infect 100 insecure systems. After infecting 100 other systems, remove itself.

This worm will only infect a machine once. There will be a lot of scanning, but only 100 times and once the first 100 have passed, that machine will never scan again for that vulnerability.

A separate worm should be available for every known exploitable security hole. Obviously here I'm thinking of linux systems, but its a start.
Ideally the scanning could be done to specific blocks of IP addresses in such a way that it will minimize repeated attempts.

-Restil

Re:Sorry, kaZaa users (1)

penguinboy (35085) | more than 13 years ago | (#2174835)

What is an issue is the vast majority (care to argue this point?) of windoze users, many of whom are no more than kids, who simply click "next" until a program installs.

It's not just kids - there is a surprisingly large chuck of adults that are just point-'n-drool. Mind-boggling and frustrating as it may be that they can't comprehend relatively simple stuff, it remains true.

Re:If you have the email addres... (1)

penguinboy (35085) | more than 13 years ago | (#2174836)

Here's a scenario:

1. You have an account with an ISP that you use for business purposes. The ISP has a maximum mailbox size of, say, 20MB. If the mailbox fills up, anything else gets bounced.

2. You usually check and download your email every hour or so, during business hours. You don't check it after hours or on weekends.

3. Over the weekend, someone who has your address in their addressbook or IE cache gets SirCam and sends you several multi-megabyte attachments, filling up your mailbox and preventing anything else from coming in.

4. An important client sends you an email but it gets bounced.

5. By the time you get to back work and sort out the mess, the bounced client is over deadline, costing you big money in lost business.

(Perhaps it wouldn't work exactly like that, but I think the idea is clear enough.)

Would you be able to collect damages from the infected individual, for allowing their machine to be used to (essentially) DOS you? It be argued that they were negligent by not keeping their antivirus software up to date and by opening the attachment in the first place.

Sure, it wouldn't be the nicest thing to do to someone, but I think I can see it happening in today's 'sue everyone' world.

Re:ISPs' responsibility?! (1)

thrig (36791) | more than 13 years ago | (#2174837)

ISPs should not bear the cost of treating the symptoms of an OS of negligent design.

Virus writers have always been steps ahead of the virus blockers. Outbreaks keep happening.

When people run Windows, they should be aware of the costs of doing so, including all the attendant virus, spyware, malware, executable documents, and other joys that accompany the start button.

Processing each email in whole is expensive. Any site that deals in a large volume of mail will have to install and maintain expensive servers dedicated to treating the above symptoms.

At work, we don't run IIS. We warn people not to run Windows, and espcially not to run Outlook. If they *must* use Outlook for some reason, we lecture them on the dangers of doing so, and fiddle with the preferences to avoid most of the problems.

Thus far, with N billion dollars in damages being quoted by industry experts for the likes of Sircam and Code Red, and other sites crashing under the load, we've seen little to no impact, and happily advise divesting Microsoft stock and product ownerships when our advice is asked for.

Re:ISPs' responsibility?! Yup. (1)

timothy (36799) | more than 13 years ago | (#2174838)

When they're alerted that a particular customer's documents are being sent to other users without that user's consent, Yes -- I think it's incumbent on the ISP to take action, not only because they can reduce the spread of the virus, but because their customer's privacy is being violated every time one of their documents is sent out randomly across the internet.

Filtering for it is something that I'd like to be able to choose, but not everyone would. I'm not talking about that; I'm talking about letting their customer know that her files aren't private any more. Especially considering that a lot of the mailboxes belonging to infectees are full (give you one guess why ;) ), ISPs are perhaps the best place to contact, or shoud be -- they have the users telephone number, at least generally, and should IMO contact the user to let her know why.

timothy

Re:If you have the email addres... (1)

timothy (36799) | more than 13 years ago | (#2174839)

Most of the sircam victim's email addresses reach mailboxes that are over-quota, probably because people have bounced the thing back to them.

I've been sending the headers and filenames (of the files Sircam has so nicely sent to me) to the sender, yes, in addition to abuse departments. But I guess you're a troll anyhow, so you don't care, do you? :)

timothy

according to people on that forum ... (1)

timothy (36799) | more than 13 years ago | (#2174840)

uninstalling Kazaa itself still leaves the reporting-in-sir software hidden on the disk.

That seems like something to bitch about. If the uninstall program doesn't uninstall all components that the installer put on, that's pretty snarky. (And it's sure not confined to sneaky programs -- as I understand it, lots of programs don't uninstall cleanly.)

timothy

Try buying a Dell computer without Windows (1)

timothy (36799) | more than 13 years ago | (#2174841)

Just tell them, No, I don't want the OS installed, can you please deduct that cost from the machine, since I won't be needing a license?

timothy

cluelessness and computer-centrism (2)

timothy (36799) | more than 13 years ago | (#2174843)

Most people (joe sixpack, joe average, joe professor, all of whom have sisters jane and kids bobby and susie -- my family, the folks down the block, 'normal' people in the world) use a computer as an interesting, more interactive television and storage locker.

They print papers for school, keep addresses handy on (electronic) sticky notes, click on interesting things they see on the web, draw picures, archive photos, send notes, play music -- all the things AT&T commercials want them to do. That's why they bought a computer.

For them, and for more informed computer users, people who spend hours a day at it, the same thing is true ... *All operating systems are bad for most people.*

I'm not that familiar with Windows (though I do use it sometimes) because the guts, even the outer guts, of Windows just aren't all that interesting to me compared to other things I'd like to know about in the world. I don't find the windows interface particularly intuitive, and I enjoy learning its particular brand of not being intuitive much less than I do the non-intuitive interfaces to various Linux environments ;)

I can see a user who installs an app from one dialogue box expect symmetry in its removal -- "Hey, I hit 'install Bingo' to put it on, so I can hit 'uninstall Bingo' to get it off, right?" -- and their expectation I think would be reasonable. It's not fair or reasonable to expect them to understand the assumptions made by a badly labeled, poorly-placed remove option, especially when programs are put on specifically to hide. (Installation puts on 10 programs, de-installation takes off one ... huh?) I've used the de-installer on Windows two or three times, didn't find it all that helpful or intuitive, in keeping with the rest of Windows ;)

For computer jocks (like other enthusiasts in any field) things that are esoteric and obscure to the newbie may be obvious, because they have insider's knowledge, have devoted time and study to it. A lot of them seem to think that only they deserve to use computers.

For *most* users, programs like kazaa's spyware tie-in are sufficiently difficult to detect that the users don't even know they're there.

The esoteric aspect of computers are cool -- it's neat to discover how things work (see Gary Brown's site, and ask him to stop submitting every single thing on it to slashdot;)) and to be interested in the inner workings of electronic things, but there's no good reason to expect people to jump in high on the learning curve of computers, and every reason not to.

Ignorance, not stupidity, is what's being preyed on here, and ignorance is curable, but not by osmosis. Bad interfaces make people feel stupid, so they never care to correct their ignorance in favor of doing other things with their time. So they end up with crud software on their disk, and don't feel like learning how or why it got there, have no idea that it's reporting info to others. ("but it would be trivial to monitor the ports that it might --") No. Again -- Jocks, yes. Most users, No. That's what's so slimy about this stuff.

timothy

idea: strip executable attachments (2)

coyote-san (38515) | more than 13 years ago | (#2174844)

One simple, specific act that would should have been done by Microsoft years ago, that should have been forced on them by angry users years ago, and which can be easily implemented today with either real mail servers or third-party Exchange add-ins, would stop SirCam and many other viruses in its tracks.

If an attachment is executable, drop it on the floor. (Be nice and replace it with a message explaining that the executable attachment was stripped and, if this is the 1-in-a-million legitimate occurance the attachment should be retrieved from the sender via FTP or HTTP.) "Executable" means anything with an executable extension (e.g., "vbs") or which starts with a Windows executable prefix.

This takes a little bit of time to perform, but it's far cheaper to automatically scan the first few kilobytes of a message than to needlessly send gigabytes of virus-laden mail. It also takes less customer service time than answering mail from irate customers who lost important messages because the virus filled their mailbox, who have lost hours as their system tried to automatically download megabytes of virus-laden mail, etc.

Is there a term for 'good' virii yet? (2)

cr0sh (43134) | more than 13 years ago | (#2174845)

Well, yeah - in a way: a "vaccine"...

Although not strictly "good" - because vaccines are typically (always? I am not a virologist) made from weakened or dead viruses, which basically give the immune system time to build up a resistance as it fights this lesser threat (and yeah, sometimes even a vaccine can cause the illness it tries to prevent).

But I am not sure it would be accurate to describe a virus-killing/patching virus a vaccine or not...

Besides, all the points you made are valid, and are things that really keep this kind of idea on a back burner...

Worldcom [worldcom.com] - Generation Duh!

Re:Linux wouldn't run on their hardware (3)

cr0sh (43134) | more than 13 years ago | (#2174846)

Right! As others have said, wait for the BSA audit. What I can't understand is why all those machines even need modems? Throw some cheapo network cards in them, add a hub and put a good modem in one machine acting as a modem gateway (I tend to doubt each machine has it's own phone line, too)...

Worldcom [worldcom.com] - Generation Duh!

Re:Parasite Software (1)

vladkrupin (44145) | more than 13 years ago | (#2174847)

yeah, I usually notice those programs running only when they generate a GPF or some sort of access violation anw to IS reports to me that this or taht app crashed. And I go "Huh? This thing crashed and I do not even know I was running it - moreover, I never knew it existed on my machine and have no clue what installed it or what it does!"

Typical virus-ware. I think we just coined a new term here. Good one too.

BTW: WebHancer got reinstalled at least 4 times on my machine @ work and @ home, and I do not even have a clue about *what* installs this piece of @#$%^.

I am ticked off and can't even do a thing about that. Time to throw away my computer and go live in the woods, like our predescessors...:(
------------------------------ -------------------

Hi! (5)

bravehamster (44836) | more than 13 years ago | (#2174849)

I have been needing the help and advice on some things, but files send I to people, no response! Where can send I this file to get advice that I am needing?

Goodbye!

Good Sircam web page? (2)

invenustus (56481) | more than 13 years ago | (#2174852)

Is there one main web site out there where people can submit interesting things they've received in order to have their advice? An admitted voyeur, I've been disappointed with the quality of things I've gotten so far - although one zip file full of (clean) pictures of some girl was interesting. I guess this means I correspond with boring people. Oh well.
----

Re:Sircam - Code Red synergy (2)

glitch! (57276) | more than 13 years ago | (#2174853)

I always figured that it would be cute to modify a spammer's bulk mailing program so that it quietly slipped in a couple emails traceable to the spammer. Emails with threats... To high-placed politicians... That should get the wheels of justice going :-)

But I have mixed feelings about making life worse for the dumb clod that catches viruses. Yes, they deserve to be LART'ed, but going beyond that is probably stepping from justice into barbarism.

How about a virus that sends an email to the local paper, which can have a weekend insert listing all the community dumbasses?

Re:ISPs' responsibility?! (1)

SLot (82781) | more than 13 years ago | (#2174854)

Excuse me, but WTF are you smoking? Do you expect ISPs to filter email for sircam, or block sircam-sending IPs, or ... precisely what exactly?

Of the two ISP's I've had to deal with re: sircam
bullshit: Both responded within 30 minutes of my
phone call. Particular credit to nethawaii.net
for disabling the account until the user could
remove the virus.

I would think that it would be easier to disable
offending accounts than it would be to stay on the
phone all night dealing with calls from irate people
that *aren't* their customers.

Rev. wRy

Re:Linux wouldn't run on their hardware (1)

FattMattP (86246) | more than 13 years ago | (#2174856)

I figured that no one would actually write 'but what part of "Linux wouldn't run on their hardware" did you not understand?' if they had actually read the article.
Right. But the submitter, Alec Muzzy, wrote himself that "Linux wouldn't run on their hardware" then goes on to talk about how Linux should have been an advantage due to the cost savings. Then he asks his question about if running Linux costs more than running Windows. Humorous to ask given that Linux wouldn't work properly for them to begin with.
Since you say that you have read the article. This morning.
Hey, Slashdot isn't the only site that covers Linux news, you know. Linux Today did have the article up this morning [linuxtoday.com] which is where I clicked on the link and read it.

Re:Linux wouldn't run on their hardware (2)

FattMattP (86246) | more than 13 years ago | (#2174857)

Yes, I read it this morning. Thanks.

Linux wouldn't run on their hardware (3)

FattMattP (86246) | more than 13 years ago | (#2174858)

...because Linux wouldn't run on their hardware

[snip]

Here's a perfect example of where the free cost of Linux should have been an advantage, yet they decided to go with Windows instead. Does this mean that the costs of running Linux are higher than the cost to purchase Windows?"

No, it's because Linux wouldn't run on their hardware. Not to state the obvious or anything, but what part of "Linux wouldn't run on their hardware" did you not understand? The hardware was already purchased and waiting for drivers to appear wasn't an option. They needed something to get up and running with.

I Still Want to Know... (2)

Greyfox (87712) | more than 13 years ago | (#2174859)

If I can detect that toptext software from my web server so I can have the server refuse to serve pages to people using toptext.

Strangely enough, I would not object to client/server software that allowed users connecting to a server to annotate my pages and read the annotations of others if:
1) The software did not install deceptively as part of another product.
2) The annotations don't take the form of advertisements and
3) I was running the server or the person running the server asked my permission before pointing it at my pages.

I suppose one might question the value of the stuff on my web page, but it is valuable to me and I'll not stand for it being modified against my wishes.

Re:Parasite Software (1)

Sax Maniac (88550) | more than 13 years ago | (#2174860)

Hey, thanks for linking to the printer-friendly version. It loaded so fast it pleasantly shocked me. I wish more folks would do the same...

Re:The Linux Issue (1)

philipm (106664) | more than 13 years ago | (#2174868)

Dude, linux has way more deniability than microsoft. Example: My compouter's broken - its because I'm running linux and it has crappy support for my HW.

How is it a failure? (5)

jorbettis (113413) | more than 13 years ago | (#2174873)

Hardware compatibility problems have been solved, and the idea to adopt an open-source platform still stands.

This year, 1,400 schools will be equipped with external modems, and Ibarra plans to install Linux on those computers.

Dosen't sound like they're giving up to me. Also, they already have twenty schools running on GNU/Linux. They have schools already on it and they're planning to add more, it's just not a fast or as wide-spread as they had hoped. Just because a project dosen't go off as well as expected dosen't mean it is a failure.

Was Linux 2.4 a failure because it shipped a year late?

Re:idea: strip executable attachments (2)

sigwinch (115375) | more than 13 years ago | (#2174874)

If an attachment is executable, drop it on the floor. (Be nice and replace it with a message explaining that the executable attachment was stripped and, if this is the 1-in-a-million legitimate occurance the attachment should be retrieved from the sender via FTP or HTTP.)
Congratulations, you've just destroyed the referential integrity of the message. If the message had a MIME-encoded cryptographic signature, you rendered the entire message useless.
"Executable" means anything with an executable extension (e.g., "vbs") or which starts with a Windows executable prefix.
Wrong, wrong, wrong. There is no such thing as an 'executable extension'. Any supposed set of 'executable extensions' will block plenty of legitimate, innocuous files and fail to block plenty of malicious executables. (Hint: every Microsoft Word document is an executable file.)

Moreover, extensions are not entirely meaningful with MIME. Marking a .txt file as 'content-type: executable' can cause surprising things to happen.

This takes a little bit of time to perform, but it's far cheaper to automatically scan the first few kilobytes of a message than to needlessly send gigabytes of virus-laden mail.
Balderdash. People who use poorly engineered mail clients *deserve* what the get, in the same way that people who drive a car without a spare tire deserve what they get.

The real solution is a well-designed email client:

  1. Uses cryptography to establish trust.
  2. Only automatically opens/runs attachments via sandboxed methods.
  3. Requires user intervention, and by default displays a warning, for accessing attachments that cannot be sandboxed.

Anything else is just half-assed attempt at a solution that will inevitably break.

Re:If you have the email addres... (2)

sigwinch (115375) | more than 13 years ago | (#2174875)

1. You have an account with an ISP that you use for business purposes. The ISP has a maximum mailbox size of, say, 20MB. If the mailbox fills up, anything else gets bounced.
Based on a $1600 street price for a 181GB Seagate Barracuda hard drive, 20MB of storage costs $0.18. Including the costs of administration and operation, the lifetime cost of that 20MB would be, say, a whopping $5.
5. By the time you get to back work and sort out the mess, the bounced client is over deadline, costing you big money in lost business.
Richly deserved lost business. If you aren't willing to invest more than $5 in communication infrastructure, you are obviously running an absolute joke of a business. A 20MB email quota is as absurd as getting party-line telephone service: customers will flee.
Would you be able to collect damages from the infected individual, for allowing their machine to be used to (essentially) DOS you? It be argued that they were negligent by not keeping their antivirus software up to date and by opening the attachment in the first place.
That's the nature of the Internet. You are relying on the goodwill and competence of millions of people you will never meet. If communcation really matters to you, you will have backup systems in place. (Such as modems or even leased lines.) If you have no backups, and run your single point of failure on a shoestring, count on having spectacular total failures.

The price of Linux (1)

MrResistor (120588) | more than 13 years ago | (#2174879)

rather than type it all again and take up more server space, I'm just goint to post a link to the comment I just posted [slashdot.org] to another article [slashdot.org] .

The Linux Issue (2)

small_dick (127697) | more than 13 years ago | (#2174881)

I meet "software engineers" and "system administrators" all the time who want nothing whatsoever to do with Linux.

Here's the deal, in case anyone hasn't figured it out yet: PEOPLE WANT DENIABILITY.

"Well, it doesn't work, and we have a trouble ticket in with Microsoft" (Translation: I don't have to do anything for the rest of the month!)

"Well, the Visual C++ toolset have been upgraded, and we need to upgrade several parts of the server infrastructure, and the vendors are shipping late" (Translation: I don't have to do anything for the next two years!)

"Well, the infrastructure has been upgraded, but now we all need training" (Translation: off to vegas for drinking and whoring!)

"Well, the system just crashes -- Microsoft products aren't the greatest, but it's the only game in town. It'll get better with the next service pack" (Translation: I don't do anything but install the crap!)

Dr. Who refered to these people as "The Tesh" (The techs or technicians). They had little interest in science or engineering, or creating anything new, or even improving what they had, but rather had a kind of cult of knowledge where *they* held the secrets and they rarely let anyone else in. Microsoft is the cult, the MCSE/MCSD is the tesh. They can always throw up the "Microsoft has bugs!" excuse when things go bad.

Contrast this with Linux -- all you need is desire, skill and talent. There is nothing hidden, and it's all free. How far can you go? It's up to you.

The choice seems so simple, but I meet more and more programmers and admins who just want to use access and VB -- no interest in anything that is not just "a few clicks to the next paycheck", or anything that could remove their golden parachute of deniability.


Treatment, not tyranny. End the drug war and free our American POWs.

Re:The Linux Issue (2)

small_dick (127697) | more than 13 years ago | (#2174882)

I agree. The quest for deniability knows no boundary, even in operating systems.

But, with Linux, you could (OH MY GOD HERE IT COMES) actually fix the problem, thereby helping yourself, your company, and others.

Grotesque concept, eh?


Treatment, not tyranny. End the drug war and free our American POWs.

An extra file from SirC32 (1)

Morris Schneiderman (132974) | more than 13 years ago | (#2174886)

I removed SirC32 manually from a computer last week, based upon information made available by the folks at CERT.

In the process I found a few things that I haven't seen mentioned anywhere else. One is that SirC seems to create it's own password file. Another is that it writes a file that may be a log file (or, possibly a data file...)

This latter file was: c:\windows\applog\sirc32.lgc

Here's an excerpt from that file. Anyone care to speculate?

o c9383000 23000 "C:\RECYCLED\SIRC32.EXE"
R c9383000 0 40
R c9383000 100 f8
R c9383000 100 238
R c9383000 20000 1000
R c9383000 1ca00 1000
o c15f0240 92110 "C:\WINDOWS\SYSTEM\OLEAUT32.DLL"
R c15f0240 82000 1000
R c15f0240 82000 1000
R c15f0240 2000 1000
R c15f0240 2000 1000
R c15f0240 83000 e00
R c9383000 1da00 200
R c15f0240 33000 1000
R c15f0240 34000 1000
R c15f0240 35000 1000
R c9383000 1dc00 200
o c929b640 26ff "C:\WINDOWS\WIN.INI"
R c929b640 0 26ff
C c929b640
o c15a65f0 c0000 "C:\WINDOWS\SYSTEM\OLE32.DLL"
R c15a65f0 ad000 1000
R c15a65f0 b2000 1000
R c15a65f0 b1000 1000
R c15f0240 e000 1000
R c15f0240 84000 1000
R c15f0240 13000 1000
R c15f0240 85000 1000
R c15f0240 86000 1000
R c15f0240 87000 1000
R c15f0240 32000 1000
R c15f0240 17000 1000
R c15f0240 14000 1000
R c15f0240 88000 1000
R c15f0240 29000 1000
o c1526230 862e0 "C:\WINDOWS\SYSTEM\USER.EXE"
R c1526230 1844 225e
o c1574000 e000 "C:\WINDOWS\SYSTEM\MPR.DLL"
R c1574000 a000 400
o c15a3650 156000 "C:\WINDOWS\SYSTEM\SHELL32.DLL"
R c15a3650 88000 a00
o c15a3680 a000 "C:\WINDOWS\SYSTEM\WSOCK32.DLL"
R c15a3680 6000 a00
o c15b1990 12000 "C:\WINDOWS\SYSTEM\WS2_32.DLL"
R c15b1990 f000 a00
o c15a2590 41035 "C:\WINDOWS\SYSTEM\MSVCRT.DLL"
R c15a2590 35000 e00
R c15a2590 35000 1000
R c15a2590 2f000 1000
R c15a2590 2f000 1000
R c15b1990 f000 1000
R c15a2590 31000 1000
R c15a2590 32000 1000
R c15a2590 34000 1000
R c15a2590 33000 1000
R c15a2590 36000 1000
R c9383000 0 400
R c15a2590 37000 1000
R c15a2590 38000 1000
R c15a2590 30000 1000
R c15a2590 39000 1000
R c15b1990 d000 1000
R c15b1990 e000 600
o c15c6a70 19000 "C:\WINDOWS\SYSTEM\URL.DLL"
R c15c6a70 10000 200
o c15e7c10 15000 "C:\WINDOWS\SYSTEM\MSWSOCK.DLL"
R c15e7c10 f000 1000
R c15e7c10 e000 1000
R c15e7c10 10000 400
o c15b3df0 5d000 "C:\WINDOWS\SYSTEM\WININET.DLL"
R c15b3df0 4c000 1000
R c15b3df0 4d000 1000
R c9383000 19400 1000
R c9383000 4400 1000
R c9383000 1ac00 1000
R c9383000 3400 1000
R c9383000 400 1000
R c9383000 2400 1000
R c9383000 1400 1000
R c9383000 a400 1000
R c9383000 5400 1000
R c9383000 9400 1000
R c9383000 1bc00 e00
R c9383000 21000 1000
R c9383000 8400 1000
R c9383000 7400 1000
R c9383000 6400 1000
R c9383000 d400 1000
R c9383000 b400 1000
R c9383000 e400 1000
R c9383000 f400 1000
R c9383000 10400 1000
R c9383000 11400 1000
R c9383000 12400 1000
R c9383000 14400 1000
R c9383000 13400 1000
R c9383000 17400 1000
R c9383000 1a400 800
R c9383000 15400 1000
o c9383300 d000 "C:\WINDOWS\NOTEPAD.EXE"
R c9383300 0 800
R c9383300 1000 400
R c9383300 5800 200
R c9383300 a00 200
R c9383300 800 200
C c9383300
o c929b640 d000 "C:\WINDOWS\NOTEPAD.EXE"
R c929b640 0 40
R c929b640 80 f8
C c929b640
o c906a340 1e000 "C:\WINDOWS\SYSTEM\TAPI32.DLL"
R c906a340 1a000 1000
R c906a340 1a000 1000
o c15a7ac0 4f000 "C:\WINDOWS\SYSTEM\RPCRT4.DLL"
R c15a7ac0 49000 800
R c906a340 19000 e00
R c906a340 18000 1000
o c900ed20 8000 "C:\WINDOWS\SYSTEM\SVRAPI.DLL"
R c900ed20 5000 200
o c15a5630 13000 "C:\WINDOWS\SYSTEM\MSNET32.DLL"
R c15a5630 e000 1000
o c906e920 43000 "C:\WINDOWS\SYSTEM\MSVCRT20.DLL"
R c906e920 2f000 1000
R c906e920 31000 1000
R c906e920 30000 1000
R c906e920 35000 1000
R c906e920 36000 400
R c906e920 32000 1000
o c9063930 a000 "C:\WINDOWS\SYSTEM\SECUR32.DLL"
R c9063930 6000 800
R c9383000 c400 1000

Re:ISPs' responsibility?! (2)

rgmoore (133276) | more than 13 years ago | (#2174888)

Well, telling people not to click on attachments will help at least somewhat. The viruses propagate by social engineering, so it's important to break the cycle of infection by teaching people not to open the attachments uncritically. That won't do anything to keep current infections from sending out messages, but it will cut down on the next generation of infections and may (ha, ha, ha) prevent the next virus from propagating at all. It's certainly better than just ignoring the problem completely, and there's always the risk of deleting a legitimate attachment accidentally if you scan transmitted email for viruses. Just think about the damage that could be done if some cracker inserted a bogus entry that recognized MS Word headers into the virus definitions for the on-server virus scan used by a major ISP. Then you'd have a really nasty lawsuit on your hands.

--
Karma down to 50 again. Thanks Karma Kap.

Re:idea: strip executable attachments (2)

rgmoore (133276) | more than 13 years ago | (#2174889)

One simple, specific act that would should have been done by Microsoft years ago...

If an attachment is executable, drop it on the floor.

For every complex problem there is an answer that is clear, simple, and wrong. -- H L Mencken

Thanks for proving the truth of your sig. Auto-dropping executable attachments is not a good idea. Your contention that they're incredibly rare is less true than you think. I know someone who wound up with a big hassle just the other day because our email system does drop executable attachments and somebody was trying to send him one that he needed for his work. As an alternative to your suggestion, might I suggest the following:

  • Not let executables disguise themselves as non-executables. Windows currently lets this happen and even sets it as the default behavior.
  • Require explicit authorization for a file to be executable, rather than implicit as it is currently. This could be something like Unix's executable bit, but could be as simple as prompting the user for permission the first time he tries to open an executable file.
  • Allow executables to be sent, but only in a way that requires an extra step to unlock them. You could, for instance, automatically zip all executables but not non-executalbes when sending them by email, and then attach a note telling the user that you've done so. This lets you send executables but gives the user fair warning that they are potentially dangerous.

IMO any of these alternatives would be preferable to what you suggest.

--
Karma down to 50 again. Thanks Karma Kap.

Re:I use KaZaA without intrusions - This is how (2)

rgmoore (133276) | more than 13 years ago | (#2174890)

Ever since we follow these steps to prevent the introduction of undesirable code:

[Description that includes using add-on software deleted]

Of course an alternative to this approach is for businesses to behave decently and not try to screw their customers by installing a bunch of unwanted junk. Maybe I'm a naive idealist, but I think that users should be allowed to deal with software under the assumption that the default install will only include components that are significant for the nominal function of the program. Extra packages should be clearly marked as extra and require a separate installation. Any company that doesn't follow this simple principle is behaving obnoxiously and customers have a reasonable right to complain, even if they could have prevented the problem by installing defensively. I understand that this isn' the case, but the rule should not be caveat installor, and companies that behave as though it is should be smacked.

--
Karma down to 50 again. Thanks Karma Kap.

Nonprofit deals abound (1)

metallidrone (149048) | more than 13 years ago | (#2174895)

This is most likely what it is. I've spent time at a nonprofit organization, and client licenses for the software they use (various flavors of windows and office 2000, at least) are often in the below-$30 range (with volume buying and the Open License program). A (possibly significant) part of that discount is due to the fact that it is a nonprofit organization. Chances are that they'll (MS will) make the deal even sweeter if they think the schools are 'in danger of' switching to Free software (or just non-Microsoft software, probably).

Re:Mod up! (2)

IronChef (164482) | more than 13 years ago | (#2174897)


If MS was really smart they'd offer free Windows licenses to all K-12 education. Not that they are having a problem keeping users, but that would probably insure vast amounts of Users for Life.

Re:ISPs' responsibility?! (2)

danheskett (178529) | more than 13 years ago | (#2174901)

Thus far, with N billion dollars in damages being quoted by industry experts for the likes of Sircam and Code Red, and other sites crashing under the load, we've seen little to no impact, and happily advise divesting Microsoft stock and product ownerships when our advice is asked for.

I agree the brunt of the virus thing should fall on MS, but really, those estimates are CRAP.

They figure like this:

If we have 10 boxes needing patching, and each patch takes 10 minutes, that 100 Minutes. We'll call that 2 hrs. If the IT staff makes $50/hr than this bug cost us $100. We have 80 sites so this virus cost us $8000.

The only flaw, of course, is that IT people patch boxes for a living, and do general maintenance. Its not like they went out and hired these people for the job, now did they? Naw, mostly those $9 billion and $40 billion and $120 billion numbers are bullshit.

The real costs are not even counted, in most "experts" numbers - bandwidth, diskspace, increased latency, etc. THOSE are real costs, the time of many admins is counted very high, but in fact shouldn't be counted as high. Its their job, you know?

Re:Linux wouldn't run on their hardware (1)

Reality Master 101 (179095) | more than 13 years ago | (#2174902)

No, it's because Linux wouldn't run on their hardware.

Did you actually read the article? Thought not.

Bottom line, it was the administrative costs and lack of people who understood it that did it in.


--

Re:Linux wouldn't run on their hardware (1)

Reality Master 101 (179095) | more than 13 years ago | (#2174903)

Hmm. Apparently you missed this sentence: "Finding enough capable programmers and system administrators proved to be the primary obstacle for the project."

I figured that no one would actually write 'but what part of "Linux wouldn't run on their hardware" did you not understand?' if they had actually read the article.

But I guess I was wrong.

Since you say that you have read the article.

This morning.


--

For want of a nail (2)

Alien54 (180860) | more than 13 years ago | (#2174904)

Finding enough capable programmers and system administrators proved to be the primary obstacle for the project. "We need a lot of people trained in Linux here in Mexico," Ibarra said. "It's a problem we didn't expect, and that has slowed our progress. We must prepare people.

reminds me of the old rhyme, "For want of a nail, a shoe was lost, for want of a shoe a horse was lost, for want of a horse a skirmish was lost, etc etc etc, all for want of a nail"

ISPs could help with viruses (2)

shokk (187512) | more than 13 years ago | (#2174906)

For the price of a stinking Network Associates Webshield [mcafeeb2b.com] operating in transparent mode at the router of each ISP, they could filter out most viruses. They could route port 25 traffic through one of these babies and things might be rosier. I chalk that up to lazy/overworked/ignorant admins not caring/able/knowing to put such a system in place. We have a webshield and the only time we saw SirCam was because we had to take it out of the loop for some quick maintenance; the one guy that go it knew not to open it and deleted it.

Of course, security is a process so no amount of filtering is going to keep 100% out. If you still get that one virus headed for the guy in the company with Outlook and who blindly opens every message that comes at him, then you've still got a cultural problem to cure.

ISPs' responsibility?! (5)

sulli (195030) | more than 13 years ago | (#2174909)

Excuse me, but WTF are you smoking? Do you expect ISPs to filter email for sircam, or block sircam-sending IPs, or ... precisely what exactly?

Outlook viruses are, in my opinion, the responsibility of (1) Mictosoft, and (2) the Outlook user, who should be trained not to open crap that comes from random people with attachments! I really don't see how an ISP can help. (Of course, helpdesk people need to know about it, etc.)

Windows for Charities (1)

sasha328 (203458) | more than 13 years ago | (#2174911)

There is an article [zdnet.com] on ZDNET [zdnet.com] about Microsoft giving away the equivalent of AU$65,000(U.S. $32,500) for 150 packs of Windows 95 and 10 refurbished computers .

If the Win95 licence is worth $250, then that makes the "refurbished" PC worth over $2600. I can buy new machines for less than that! So I think my logic is incorrect. The RRP for Win95 must be around $400. Is it worth that much?

Sircam - Code Red synergy (1)

yali (209015) | more than 13 years ago | (#2174916)

Suggestion to all blackhats: What's clearly needed is an Outlook virus that appends itself to a random document and emails it as an attachment to everybody in your address book AND to president@whitehouse.gov. Bonus points if W clicks on one of the attachments.

Mod up! (1)

Chazmati (214538) | more than 13 years ago | (#2174917)

Sadly, that's the most realistic thing I've read in this thread. We'll probably see a new /. post in a month describing Microsoft's crackdown on the Mexican school system. And right or wrong, Microsoft has to hate the negative publicity they'll get for cracking down on the poor Mexican schoolchildren (but not as much as they love money, so you know they'll go for it.)

Re:The truth of coherent politics (1)

letxa2000 (215841) | more than 13 years ago | (#2174918)

You actually find George W. Bush to be a coherent speaker?

He's not a particularly coherent or refined speaker, but I agree with his policies. I prefer a poor speaker with good policies (has a hard time selling his good ideas) to a good speaker with bad policies (has an easy time selling bad ideas).

Re:BsA? (2)

letxa2000 (215841) | more than 13 years ago | (#2174921)

The BSA exists in Mexico. It's not a bunch of Americans enforcing it--it's a bunch of Mexicans employed by the Mexican branches of the American companies.

A company I worked at in Mexico got caught in a BSA audit. They found lots of pirate copies because that's what companies in Mexico do software-wise.

So at the end of the day the deal was a certain NUMBER of computers were identified as having pirated software. The company was allowed to choose which ones. Those computers were "secured" with a legal sticker over the power buttons that could not be legally broken until the requisite number of software licenses were purchased.

So, the company just "chose" to have them secure all their old 386 machines that they were going to get rid of anyway. They then stuck them in storage in the basement and purchased the new computers they were going to buy anyway... but they never broke the stickers on the "secured" computers--and never purchased the "required" licenses. Problem solved.

The truth of Linux in Mexico (5)

letxa2000 (215841) | more than 13 years ago | (#2174922)

FWIW, I'm an American who has lived in Mexico for over 5 years now. Let me help the general public with the translation of what the article says. "There weren't enough people available trained in Linux" translates to "The organization wasn't willing to spend the money to hire people trained in Linux."

Organizations in Mexico, for some reason, would rather spend $5 on hardware/software than $1 on human resources. Perhaps it's because there's so much corruption everywhere that no-one trusts their employees to do their job and to do it honestly. Then again, can you blame them when a CS graduate might earn US$1000/month...

Believe me, the reason they went with Windows is because they'd rather pay Windows people US$800/month rather than paying Linux people US$1000/month, even if it means having to spend millions of dollars on Windows license. And, of course, some politicians will probably be taking a good part of that $124 million to their personal bank accounts.

Mexico is a wonderful country, but it's very frustrating to live here and see the incompetence and corruption in decision-making. Believe me, it makes American politics and decision-making seem PURE and reasonable in comparison. Heck, even Democrats sound coherent after witnessing the absurdities and abuses that go on down here--and for a Democrat to sound coherent ought to give you an idea of how bad things are down here.

Anyway, this isn't a blow against Linux. It's about par for the course in terms of Mexican political decision-making.

PS--For what it's worth, I can't really see the government actually paying for all the licenses anyway. They'll probably set aside $20 million for licenses, buy one license, and the politicians will keep the rest.

Re:How is it a failure? (2)

NonSequor (230139) | more than 13 years ago | (#2174925)

My experience with Windows 2000 is fairly limited, but it's not all "cakes and ale" as everyone says it is. Apparently certain hardware configurations don't work well with Windows 2000. I'm in a Windows 2000 lab right now (only computers I have access to since I'm out of my home country on a study abroad program) and the computers in here seem to fucking hate Windows 2000. On several occasions they have blue screened as I was logging in (I can't come up with any logical explanation for this). Internet Explorer and other programs crash frequently for no apparent reason. The computers are all Pentium II 350s with 128MB of RAM which seems like it should be enough to run Windows 2000 to me.

My other problem with Windows 2000 is that there isn't enough stuff to tinker around with. I like the fact that I can configure Sawfish to perform a merry jig for me. I won't be satisfied with any version of Windows until I am provided with a means of making it do a merry jig and other such silly things.

Au pays de L'Emperereur Tomato-Ketchup
Les Enfants sont les rois et ils font la loi!

Re:ISPs' responsibility?! (1)

DeadMeat (TM) (233768) | more than 13 years ago | (#2174926)

My question is, why wouldn't they? If anything, they should be more concerned about it than we are -- they're the ones paying the bandwidth bill and rebooting the clogged mail servers. Not only is running a virus scanner on POP3 and SMTP servers a good idea to do out of courtosey (sp?) for their customers, but it will save them money in the long run every time the next Sircam or Melissa comes around.

KaZaA and Ad-aware (4)

eah (240538) | more than 13 years ago | (#2174927)

As everyone knows by now...Kazaa is using top text links [...] My advice would be to get ad-aware.
I was playing with KaZaA for a few days, but didn't install Top Text with it. (It pays to read those stupid installation screens, I guess.) Anyway, today I ran Ad-Aware and nuked a couple of hits (from Cydoor). After it finished, KaZaA refused to run, because components were missing.

The punchline was that it wouldn't even uninstall from Add/Remove Programs. I had to reinstall it just to uninstall it nicely.

I've installed Morpheus from musiccity.com, and I'm running Ad-Aware again. Wonder if this'll turn out any differently...

(Side note, damn if Morpheus doesn't look almost exactly like Kazaa.)

Where can I find more info on sircam? (1)

ConsumedByTV (243497) | more than 13 years ago | (#2174929)

I was sent a file that asked me for advice but it was filtered and thus deleted, so no copy for me. Can anyone help me in learning more about it?


The Lottery:

Re:Sorry, kaZaa users (2)

tulare (244053) | more than 13 years ago | (#2174930)

Since you post as ACoward, my first impulse is to ignore you and wait for you to be modded down. But here's the deal: you (presumably) and I (most assuredly) actually pay attention to the screens which appear after each click of the "Next" button. For us, then, that's not a problem. What is an issue is the vast majority (care to argue this point?) of windoze users, many of whom are no more than kids, who simply click "next" until a program installs. Yet I believe that most of these people wouldn't want anything to do with some of the spyware which comes with kaZaa.
As for the checkboxes option, how many pieces of software (any commercial word processing app, for example) have you installed which had such a checkbox window with about ten options, some of which you didn't know too much about, and you accepted because that's the default install. Face it, it should be a reasonable expectation that when you install a piece of software advertised to perform a given task, that software isn't going to do a number of completely unrelated tasks which have the further effect of telling a complete stranger what websites you choose to browse?

Kill Smart Tags:

kAzaA quicky (3)

tulare (244053) | more than 13 years ago | (#2174931)

It is definately getting interesting on the discussion thread [kazaa.com] mentioned at the top of this article. I think the kakaA folks are now realizing just how badly they have screwed up :)

Kill Smart Tags:

Sorry, kaZaa users (4)

tulare (244053) | more than 13 years ago | (#2174932)

I mean, at least BearShare practices disclosure when it wants to install garbage on your machine. And (although I've never felt the need to bother with this one) I'm sure that if you complained to BearShare folks, you'd get a more coherent response than "How dare you! ... blah blah advertisments and buisness..." OK, maybe the writer wasn't a native speaker of English, but I mean, come on. When I deal with anyone, even via email, I at least attempt to make an effort to sound and act like a professional (which, if you met me, is by no means assured). These guys look like a bunch of baked s'kiddies and halfwit marketers to me. If they aren't, then their behavior needs to adapt to what are really reasonable expectations from the consumer which aren't that hard to meet. Picking adware more carefully and clearly stating in the installation what each program is, and why it is installed would be a good start.

Kill Smart Tags:

Why my company doesnt use linux (2)

rebelcool (247749) | more than 13 years ago | (#2174933)

a couple weeks ago we had a meeting about our latest server tech to deploy. since all our backend software is in java, it doesnt really matter if we deployed on linux or windows.

Anyways, after some discussion, linux turns out to be more expensive for us to use than windows. Why? Because we're a small company. The tech guys there (myself included) double as both programmers and system administrators. All of us know windows inside and out just by using it for years. For upgrades, windows is trivial to upgrade.

Linux is a different story. We all also know how to use linux - but none of us are expert admins at it. We would need to hire a linux sysadmin to be safe and ensure it was configured correctly (yes kids, linux is easily hacked too if not configured right) I've never known a linux sysadmin who worked for cheap. So we spent a couple grand going for a windows machine and setup, and saved ourselves several thousand dollars in the salary we would need to pay someone to maintain and secure the linux setup.

Re:a good worm? (1)

NevarMore (248971) | more than 13 years ago | (#2174936)

Despite the do-good superhero aspect of hole patching virii, they will be looked upon as being more dangerous than harmful worms for a few reasons:

1. Bandwidth. The issue with the ILoveYou virus wasnt that itd did anything particularly malicious but that it ate bandwidth on mailservers. A 'good virus' would have to carry enough information with it to know what patches to apply or require a server to check in with to acess a database/list of patches.

2. Special circumstances. For example, a company is testing a secure driver for windows filesharing (samba) and NEEDS to have port 138 open on its server as part of a test. A patch virus would see that as a drastic security risk and close the port, royally screwing up a beta test.

3. Honeypot's. Servers being used to find security risks wouldnt work very well if there were no security holes.

4. Turf. You're a highly trained sysadmin who has spent most of a year setting up a system that runs so flawlessly that you can play Quake all day and NOT be missing any work. Do you really want someone else messing with it.

5. Common courtesy. Pointing out faults is not a good way to help people. Do it on the street and you'd get your ass kicked.

Thats all i can think of. I've done waht i can to create situations that give you the basic idea.

Is there a term for 'good' virii yet? Perhaps something likening it to a digestive bacteria.

Re:a good worm? (1)

NevarMore (248971) | more than 13 years ago | (#2174937)

I like the idea of having one worm for an individual hole that needs patched, but how many holes are there in any OS? I hear of at least one major windows hole each month and linux poses a different risk because of the numerous customized versions. There are many more problems to be worked out such as how will the bandwidth problem be minimized? Scanning for uninfected machines while done with good intentions is still scanning and most base installs of firewalls will halt this.

I understand why a vaccine would be a good thing, but in general it would be difficult to install and would not be accepted. The community that slashdot represents would be the first to lash out at such an action.

Despite the benefits, only the users who aren't likely to install patches in the first place would like it. Those who would use patches would resent thier loss of choice and control.

WHOA! . This would never work on the internet at large, but what about mid and large networks/intranets with relatively homoogenous systems. A sysadmin of these wouldn't have to send his interns out to apply pathces manually, just send out a vaccine worm. Updating the major servers might take some hands on work, but the hundreds of NT and X workstations in the cube farms could be patched very quickly.

Re:ISPs' responsibility?! (1)

Skuld-Chan (302449) | more than 13 years ago | (#2174939)

We block email all the time - about 8000+ infected attachments a month using a little program called Norton Anti Virus Server - which has an exchange plugin.

Oh you meant how do you block viruses using a linux server?

BsA? (1)

tlhf (312423) | more than 13 years ago | (#2174944)

Since when exactly has the BsA had any authority in Mexico?

It pisses me off when Americans think that their laws rule the world.

New Linux User (1)

pudge_lightyear (313465) | more than 13 years ago | (#2174945)

Ok...Ok...I don't think I'm a moron. I develop fairly complex web apps for a fortune 500 company (ok..windows based), but I'm not liking a lot of the things I'm reading about xp and such...so, I WANT to use linux. I mean I really do. So I installed Mandrake 8 this Monday night. Everything went great and the install was easily to par with windows. One problem. My aureal soundcard was not supported. My two isa soundcards gave me the same kind of problem. So...I installed RedHat 7.1. Not as pretty of an install...but still pretty good. My aureal card did not work, although it was supposed to under 6.1. But my ISA creative card did.
Then, I brought up shockwave.com, my girls like to play games on nick jr. The flash movies played, but shockwave didn't. Man... So, codeweavers is releasing support for shockwave in a couple of weeks. That's good...hopefully. Used wine..., most of the installations are hacks. Don't work very much. I like the effort though.
Right now, I'm frustrated because I downloaded ksamba. I did a /.configure...ok so far...then a make...ok...then a make install...errors all over the place...ends with an error 1.

I'm not complaining. I knew the entry level would be high.

I'm just saying that I understand these school's dilemma. It can be frustrating starting out.

Surprised that the Linux Companies aren't helping (1)

TargetBoy (322020) | more than 13 years ago | (#2174947)

You would think this would be a goldmine of publicity to show what a success linux can be on the desktop...

I'm pretty surprised that none of the major linux distros have stepped up to the plate to help keep create a whole generation of Linux users in Mexico...

Or maybe there aren't enough spanish speaking Linux gurus? ;-)

Linux in Mexico...It's coming. (2)

srvivn21 (410280) | more than 13 years ago | (#2174948)

Later in the article [wired.com] a different, more optiomistic (torwards open software at least) picture is painted.
But all hope is not lost. Hardware compatibility problems have been solved, and the idea to adopt an open-source platform still stands. This year, 1,400 schools will be equipped with external modems, and Ibarra plans to install Linux on those computers.

Re:idea: strip executable attachments (1)

TeraCo (410407) | more than 13 years ago | (#2174949)

If an attachment is executable, drop it on the floor. (Be nice and replace it with a message explaining that the executable attachment was stripped and, if this is the 1-in-a-million legitimate occurance the attachment should be retrieved from the sender via FTP or HTTP.) "Executable" means anything with an executable extension (e.g., "vbs") or which starts with a Windows executable prefix.

I don't know about your users, but my users view "christmas.exe" and all of those other dodgy flash/whatever things as "legit occurances" and will complain if it 'strips' them. I suspect that the majority of 'home users' feel the same way.

I'm not knocking the idea, I think it's the greatest thing since sliced bread, but not too many 'users' will spring for it.

Re:The truth of coherent politics (1)

slashdot_commentator (444053) | more than 13 years ago | (#2174950)

Heck, even Democrats sound coherent after witnessing the absurdities and abuses that go on down here--and for a Democrat to sound coherent ought to give you an idea of how bad things are down here.

You actually find George W. Bush to be a coherent speaker?

Re:Mexican Linux and KaZaa - Sorry about that (1)

jes94 (448876) | more than 13 years ago | (#2174951)

Oops. The first part was the quick and dirty opinion. I was more concerned on the KaZaa stuff.

I'll check out articles a little better next time.

Thanks for the reminder.

Mexican Linux and KaZaa (2)

jes94 (448876) | more than 13 years ago | (#2174952)

On the part about Linux in Mexico, I have to wonder what part would not run on their systems. I have a feeling it was more along the lines of would have taken a bit of looking around to find the correct drivers and/or picking another distribution. I am sure that Microsoft did something to sweeten the deal for the Mexican government, and I'll bet that their deal with the devil will come back to bite them when the BSA comes down in a few months to perform a software audit. They'll get what they deserve.

On the KaZaa thread, the first email which I get saying that my site had links which I did not put up myself will send me to an attorney to discuss what I can do to them along the lines of changing my content, including copyright infringment (I know that I'll have to put notices on the pages) and to see if defacing a website charges can be arranged along the lines of prosecuting them like the Code Red Worm writers could be prosecuted. The fact that things were done on the client side instead of the server side should not be relevant (IANAL).

Re:Parasite Software (1)

jeffy124 (453342) | more than 13 years ago | (#2174953)

it's ridiculuous to do so without a)allowing opt-out and b)clearly notifying users

And i'm sure someone could say the same for Windows Scripting Host

Re:ISPs' responsibility?! (2)

jeffy124 (453342) | more than 13 years ago | (#2174954)

I beleive ISPs should provide some level of support for handling viruses. A lot of ISPs already do filter for viruses. Symantec offers products [symantec.com] that retrofit themselves onto mail servers to automatically reject viruses from being sent and reject viruses from entering. Or at least generate an automatic email to the sender/receiver/mail admin that a virus was spotted in the mail stream and temporarily hold it until advised on what to do. Unfortnately, the same product can also be used by your boss as spy-ware.

Re:ISPs' responsibility?! (2)

jeffy124 (453342) | more than 13 years ago | (#2174955)

Disclaimer: I am not a Symantec employee. To prove it, McAfee [mcafee.com] has their own product.

Help (2)

agdv (457752) | more than 13 years ago | (#2174957)

I just downloaded and installed ad-aware. That will teach them!
But I'm still a bit confused, and need some help. What exactly are the files that ad-aware installed along with itself? They're in c:\windows and they're called 'make_money_fast.exe' 'enlarge_your_penis.dll' 'lose_weight.vxd' 'herbal_viagra.com' 'send_all_your_data_to_our_company.vbs' and 'popup_x10.js', and they're set to run on startup...

Re:Linux wouldn't run on their hardware (1)

David99 (461740) | more than 13 years ago | (#2174960)

Step 1. Check out which hardware works with OS
Step 2. Purchase said hardware and OS
Step 3. Install OS

Basic project management really.

Mexican Linux (1)

DNS-and-BIND (461968) | more than 13 years ago | (#2174961)

A lack of political support...in other words, free software has no money with which to grease officials and politicians. Sadly, even in the era of the PAN presidency, that is still how things work in Mexico, and it's not surprising Linux in schools didn't work...nobody was going to make any money off of it.

KaZaA (1)

ziggy_zero (462010) | more than 13 years ago | (#2174962)

It should be noted that the install program for KaZaA lets you choose what software to install. I merely unclick all of them. Not a big deal.


"Snootch to the noonch!"

Parasite Software (4)

4n0nym0u53 C0w4rd (463592) | more than 13 years ago | (#2174963)

Salon has a pretty good article [salon.com] on the whole parasite software thing. KaZaA figures prominently. There are some reasonable aspects of bundling such software, but it's ridiculuous to do so without a)allowing opt-out and b)clearly notifying users...

Why I don't use Linux here in Brazil (2)

pdcull (469825) | more than 13 years ago | (#2174965)

I run a small non-profit project [truepath.com] for at-risk kids in a slum area in Rio de Janeiro state. We have a small Novell 3.11 network (legally licensed, even though the server does think we're in 1901) and running on a variety of ancient, often rebuilt hardware, ranging from 386-SX-16s to a 486-DX-120. The reason for such low-end hardware is very simple: money (or rather the lack of it).

I have been unable to find a Linux version with a GUI that runs on such low end boxes. Windows 3.1 runs on some, I have OS/2 2.1 on a 386 and Windows 98 on the 486-DX. I'm also using FreeGEM and homewritten VB/DOS software on most machines.

Does anybody know of a low-end Linux distribution (that will ideally install without needing a CD drive) with some sort of GUI and some useful application software that could be used for teaching purposes on such ancient hardware?

Maybe Linux couldn't be installed on some of the existing hardware in some Mexican schools for the reasons?

Comments anyone?

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?