Death To Virus Writers 237
davemie writes: "Looks like everyone is out to get the virus writers now!.
But it sure is funny when a friend double-clicks on that latest virus and sends everyone in the company a copy.
You get to slag him/her off for the rest of the week :-) 'Virus writers are the lowest form of life. AnchorDesk's David Coursey says we should put them out of their misery with a
quick, permanent solution. Why waste time and money with due process?' I spent a total of an hour and forty minutes on hold making two different calls to the ISP which serves my mail. Both times the polite phone reps I eventually reached were shocked to find that there was an Outlook-borne nastiness filling up customers' mailboxes.
Lowest form of life? (Score:3)
Better solution (Score:5)
--
Re:You'd think outlook would filter this by now. (Score:2)
Office XP goes even further than that. I was thrilled to find that the default installation completely blocks a lot of types of attachments, including exe's, vbscripts, etc. You can't even open them if you want to!
See that is exactly the wrong thing to do! I know what the hell I'm doing and I want the ability to save attachments if I want, regardless of extension!
Prevent me from running direct, I don't mind that. But preventing me from saving an attachment because of its extension? Come off it!
Re:You'd think outlook would filter this by now. (Score:2)
If you need to send an exe then put it in a zip file, not really that difficult to get around...
wrong answer. There is no technical reason to require such action. Sure you could do that. You could also avoid the problem by not using outlook. It's not really that difficult to get around...
The solution lies in either not allowing execution (but saves), proper sandboxing, or doing something like the old Thunderbyte days: heuristics!
- MAPI functions...check
- Addressbook access...check
- Unusual Recycle Bin access...check
There's enough there to raise a flag that this attachment may be doing something funky. Maybe let the user know that the program is going to access the email subsystem and let them make the choice.Re:Man... (Score:2)
Viruses have just lost their mystique. I remember my Dad telling me about Michelangelo back in the 80's. I remember being so impressed that something so devilish and evil could really exist.
Actually Michelangelo wasn't all that ...evil... just thorough. It started wiping at 0,0,1 and kept going. If you caught it in time you could recover from it. I actually made a bit of money back then with a partition scanner program I wrote (I was 12-ish at the time and way into assembly and viruses).
Now a virus that intrigued me at the time... Whale.
Re:wrong problem (Score:2)
One *could* hold the view that viruses (virii?) are a sort of public service. They can be considered an attempt to discourage live data (i.e. shipping around executables and expecting the receiver to run it), to promote good backups, to practice safe computing (do I *really* want to click on this link?), and so on and so forth.
Considering the MicroSoft has, apparently, successfully trained the average user to accept buggy software (that crashes the system, demonstrates many security and privacy holes, etc.), it is reasonable to desire some sort of countermeasure for breaking such habits.
Outlook is... (Score:2)
door to a public elementary school...
If you're so smart (Score:2)
cost me any of mine...
Re:wrong problem (Score:2)
Anybody actually use the imbedded elisp code in Emacs for anything useful?
Re:The real issue (Score:2)
Re:Hmmm. Might not take much, either. (Score:2)
Hmmm. Might not take much, either. (Score:4)
Re:wrong problem (Score:5)
Why? Because the vulnerability of MS machines to viruses is a direct result of business considerations colliding with technical/security ones, and the business considerations rolling over the others.
MS's whole schtick is to leverage dominance in one product to another. That's why they're so into integration. It just doesn't make any sense to have an email program automatically open a file that someone sends you -- at least not for many kinds of files. And it doesn't make sense to have complex vb macros in word processor documents.
Think about how much pain office macro viruses have caused, and how little benefit the average person gets from them. One user in 10,000 probably writes vb code to manipulate office documents. I'm not saying don't make word scriptable -- let people program it through COM. But that would put Delphi on an even footing with VB.
Despite the flames you read here, MS has some of the smartest tech people on the planet. Plenty of people inside of MS knew it was stupid to make an email system that would run programs that come in through the email. People outside of MS complained about it from the start. But the business logic won.
As far as I'm concerned, they don't get nearly enough grief for this stuff. It's different from a buffer overflow in IIS. That's an honest mistake, and you're right, there are plenty of those in Linux.
MS's decision making process about security is corrupt. You can see it in these macroviruses, and you can see it in their lame explanations for why they're pulling Java out of the OS. The security policy dances to the tune of the business logic people. They don't care about the billions it costs their customers.
I know they fixed the outlook hole. And I would even say that they have the right to leave java out, as long as OEMs have the freedom to put it in. (Whether or not they really do -- contract aside -- remains to be seen. If I were at Dell, I'd be afraid of po'ing MS, no matter what their press releases say.) They are getting better on security. After years of outlook viruses they plugged the hole -- for the small percentage of users smart enough to dl the patches.
Let's roast them for their real problems. Because when the press gets bad, they do respond, and that will make the world a better place. As everyone who uses the product knows, the MS-SQL Server story was BS, a cheap shot. This is proof that there are still plenty of fair shots to go around.
Re:You'd think outlook would filter this by now. (Score:2)
Re:You'd think outlook would filter this by now. (Score:2)
It will scan your machine and tell you what updates you need to install, much like Windows Update does. It's a very handy tool, especially for those of us in IT, when we can't remember exactly what patches were put on which disk images...
---
Re:You'd think outlook would filter this by now. (Score:2)
And those extensions are quite invisible, unless you use a special file utility to see/change them.
--
lil destruction stops big destruction (Score:2)
The fact that many companies refuse to protect themselves even after many threats just goes to show how stupid they are and how much they deserve to be the grass that burns to protect the others. I never feel sorry for such idiots.
In the decade or more I've been online I've only had one machine catch a virus and that is because I had the urge to install a few thousand on one pc and see how they'd effect each other. In all the time I've been running networks only once did I have one get cracked and that was due to the companies refusal to change their method of doing things in order to be more secure.
It's the Users, Stupid--no, wait, reverse that... (Score:2)
Who on earth would believe that in this day and age, after all the big viruses like Melissa and I Love You and Anna Kournikova and Naked Wife and I don't know what all, that got major media coverage . . .
. . . people would still be stupid enough to open files attached to an ungrammatical message from someone they didn't even know? I mean, what's up with that? Obviously, peole aren't getting the message. If they were getting the message, I would not have gotten at least two dozen random document files in my emailbox in the last few days, all of them asking for my advice. (I always reply, "My advice is to run a virus checker, and not to open any more strange attachments"--so far I haven't heard back from anyone; I wonder if the emails even get through?)
I mean . . . what can you say? I never got any I Love You emails. I get a new SirCam almost every time I check my email. If I were to draw a conclusion just from strength of numbers, I would have to guess that people are getting more stupid as time goes by!
Yes, it's easy to blame the virus writers; yes, it's easy to blame Microsoft for the security singularity that is Outlook. But none of these viruses would get very far at all if people would just use a little common sense about what files they opened! I mean, geez, I knew not to open strange files just from BBS days, before I even made it to the Internet. Why don't more people these days?
Sigh. I suppose I shouldn't be so surprised by this. I see enough rampant stupidity in my part time job as a K-Mart cashier already to realize the truth of that old George Carlin line. But it seems like every time I turn around, someone else is reminding me . . .
"You know how dumb the average person is? Well, by definition, half the entire population is even dumber than that!"
--
Re:You'd think outlook would filter this by now. (Score:2)
I don't believe hidden extensions are acceptible in a windows environment.
hanzie
Re:_the_ lowest form of life (Score:2)
Take the bullets out of the gun? (Score:2)
Why not just stop using Windows and/or (especially) Outlook? Keep trying to protect yourself against MS products, you have a life-long uphill battle ahead of you. Jeez, if you can't give up Windows, use Eudora. It works better than Outlook and it's reasonably safe.
I can't believe people are still willing to get hit with this kind of crap over and over and over...
-B
Re:Liable (Score:2)
Person(s) responsible for virus-writing should be held in jail for an amount of time to make them think twice about it. But actual killing is silly, but makes for humourous articles.
Re:wrong problem (Score:2)
Right. As someone pointed out yesterday, the federal idea about making software more secure is to fund an army of prosecutors. But what the heck do lawyers have to do with software security?
I suggest the opposite: legalize cracking. The h@x0rz would have a field day for about a month, but after that the world would be running (fairly) secure software, and sysadmins who don't have a clue will be sacking groceries.
--
Re:You'd think outlook would filter this by now. (Score:2)
Office XP goes even further than that. I was thrilled to find that the default installation completely blocks a lot of types of attachments, including exe's, vbscripts, etc. You can't even open them if you want to! The only way around it is to edit the registry. Now, don't get me wrong, I don't want the junior users editing the registry either, but at least it's a step in the right direction.
GUID, not email (Score:3)
I've never heard of anyone including an personal email address, though.
Re:You'd think outlook would filter this by now. (Score:2)
I can assure you that the Norton AV Corporate Edition plugins for Exchange Server caught and quarantined quite a few messages in our site and those we manage. We've seen no evidence of infection on any of the PCs. I feel that anything less than virus scanning at every level you can afford is irresponsible in a corporate environment. For the example of mail server protection, programs exist for most major mail server software packages to handle this.
I know you want to say that this doesn't help the home user, and you're right...it doesn't. But, a locked-down corporate setup was your example.
Re: (Score:2)
Re:The Armys' response (Score:2)
That's my story, and I'm sticking to it.
Re:Hmmm. Might not take much, either. (Score:2)
The Armys' response (Score:5)
From: NISA CIRT
Sent: Thursday, July 19, 2001 8:04 PM
Subject: CIRT ALERT: Web Traffic Limited to Military Sites Only
** Unclassified - For Official Use Only **
As of 1900 hours, 19 July 2001, the Joint Task Force-Computer Network
Operations (JTF-CNO) has ordered that the DoD gateways be disconnected
from the Internet on TCP port 80 (protocol http) from now until a time to
be announced. The reason for this outage is the proliferation of the Code
Red worm.
All traffic between military installations will continue without
interruption. However, access to domains other than *.mil will be
limited. This restriction means that connections through a commercial
ISP, such as AOL or Earthlink, will not be available. Your military
organizations web-based Outlook will not be accessible from a commercial
ISP. Furthermore, if you are connecting from your office, you will not be
able to access *.com, *.net or other non-mil domains.
Any questions regarding this outage should be directed to the agency or
service CERT or JTFCND.
** Unclassified - For Official Use Only **
Not /just/ death for virus writers. (Score:2)
Not even
Instead, death after a year of torture. Recorded on film, and shown to teenagers on the first day we give them access to Visual Basic. Sorta like driver's ed class.
Man... (Score:5)
I suppose that's why I became a programmer.
No, wait. It was for the babes.
Freakin script kiddiez.
Re:Ritchie Quote (Score:2)
About 15 years ago I worked for a company that
"fixed" cable TV boxes. One branch of the company modded boxes after exploits where found and the
other branch made and released exploits into communities. It's a real profitable business
model.
Re:Dismount from high horse. (Score:4)
--
Sircam victims violate the DMCA (Score:5)
Thus everyone who executes (falls victim) to the sircam virus is guilty of a 1201(b) violation for distributing circumvention devices.
Obviously anyone who receives the trojan email has a cause of action, but actually anyone who uses the TPM in questions does too. That is, everyone who uses a computer that is susceptible to sircam can sue anyone who fell victim to it (in addition to the person who wrote it).
Anybody know anyone at the MPAA, RIAA, or Adobe that got hit?
Re:Man... (Score:2)
Yeah, right. Make that "your learn alot writing another one which won't be caught as easily as the first, and which does even more fun stuff".
Btw, Sircam is fun. It indeed succeeds at mailing out interesting stuff: tax filings, business proposals (including pricing/special favors), etc. Does it have a heuristics algorithm to pick out the juicy stuff, or is it just being lucky?
Re:Man... (Score:2)
Re:virus writers are the lowest form of life? (Score:2)
Things like random acts of violence are senseless crimes, right?
Ever seen a hurricane? tornado? flood? lightning?
I think our primary target should be nature. Virus writers can come second!
Re:Hmmm. Might not take much, either. (Score:2)
--
Re:You'd think outlook would filter this by now. (Score:5)
Yet, if you have a look at Symantec's Discussion Forums [symantec.com] you will see many NAV2001 users complain that their e-mail scanner does not pick up SirCam attachments. Detaching those same attachments and running a manual scan of them then does find SirCam. Thois has been an issue since day 1 of SirCam (six days now) and Symantec still has yet to acknowledge it.
So you're a corporate user. You have a locked-down image with hidden extensions. Your NAV templates are up-to-date. E-mail scanning is active. You receive an e-mail from your boss with the title and attachment as a
Sometimes it's not always the user's fault.
Re:You'd think outlook would filter this by now. (Score:2)
I don't want to get this thread too off topic but the practise of extension-hiding has come up recently on a lot of Mac boards. Apparently Apple's MacOS 10.1 (due in September) has an option to turn off filename extensions. Why they're doing this I don't know (it has cause so many problems in the Windows world) but if anybody here is all concerned about this you may want to send Apple some feedback [apple.com].
- j
God Bless Microsoft!!! (Score:5)
The last thing in the world I want is Linux/BSD/Mac OS to become the mainstream operating system of choice. With Microsoft ruling the roost, I will never be poor. Instead of punishing these virus/worm writers and the script kiddies, I would like to erect a monument to praise their work. Without them, I would be destitute.
Re:"Viruses" can be funny... (Score:2)
Why do you insist that? The plural of "virus" is, and has always been, "viruses". Check any (respectable :)) dictionary or pathology papers that discuss viruses. People think that the plural of "virus" is "virii" only because some clever 12-year old asshole fifteen years ago went, "Hey, radius becomes radii, therefore virus becomes virii!"
Neglecting, of course, the fact that English is a fucked-up language and we do not always use Latin pluralization for words. Even IF the plural of "virus" was Latinized, it would be "viri", as follows:
Singular: radi-US
Plural: radi-I, hence radii
Singular: vir-US
plural: vir-I, hence viri
The "us" becomes an "i", not "ii". However this is irrelevant because the plural of "virus" is "viruses". Claiming that any word that ends in "us" pluralizes to "i" (or "ii" for those who missed my previous point) is disingenuous. "Bus" does not become "bi" or "bii" (it's "buses"); the plurals of "plus" and "minus" are not "pli" or "plii" or "mini" or "minii" (they're "pluses" and "minuses").
I'm sick to death of people perpetuating this stupid fallacy of language. And don't give me that "common usage" bullshit; the only people who say "virii" are undereducated computer neophytes. </RANT>
Re:"Viruses" can be funny... (Score:2)
This page explains, again, all about the plural of "virus", telling us (among other things) that in Latin, "viri" was NOT a proper plural of "virus":
http://language.perl.com/misc/virus.html
So, next time you feel like pulling something out of your ass, how about making sure it's shit and not linguistics?
Re:Viruses and bad software (Score:2)
"Folks, we are going to make you a whole lot of money."
In a past life I worked for an MSP. Woe! The shame!
Careful... (Score:2)
Or what if MS tries to convince the public that Linux is a primary hacker tool, and gets it declared illegal. They already have been making noises about it being communist and un-American. If you think the notion of the police breaking in your door to confiscate your Linux system is preposterous, try growing a couple pot plants in your living room.
Dismount from high horse. (Score:2)
What is, of course, the bigger crime, is that more posters are not punished for comments that are undeserving of a Score of 2. Posters that automatically post at the 2 level should be punished by moderators for failing to provide any humor, insight, or whatever, but the moderators are only able to penalize posters for being OFFTOPIC, FLAMEBAIT, or TROLLing.
Of course, I'll get OFFTOPIC or FLAMEBAIT for this li'l puppy, because it has nothing to do with the larger discussion, namely, "Death to Virus Writers".
Re:wrong problem (Score:2)
Virus Writers (Score:2)
Re:On a related note... (Score:2)
No, it's both. If I leave my front door unlocked, and someone steals my stuff, I am dumb... but that person is still a thief.
steveha
Re:Dismount from high horse. (Score:2)
'Scuse the off-topicness.
wrong problem (Score:5)
I'm not just picking on Microsoft - open-source projects have had their fair share of security holes as well.
But the fact is that Outlook, ISS, and various other products didn't even have security as an afterthought, it was just no thought at all. The charge shouldn't be "kill the virus writers", it should be "stop buying unsecure software".
After all, if you left your front door open for a week, and someone made off with your stereo, I'd argue that you had it coming. I'm not sure viruses are any different -- we just need to secure our damned software.
Re:Man... (Score:2)
He is obviously an idiot with wreaked logic. (Score:2)
Economic crime? (Score:2)
And why do not kill the admis that deploy such OS anywhere where its infection based on core insecurity of the operating system can cause economic harm?
Re:Man... (Score:2)
I saw Dan Rather talk about that virus on the news back in the day and got all scared that my Macintosh LC III would get infected. That's literally the day I learned that virii were platform dependant.
Thank God, because I've gotten like three or four Word docs mailed to me in the past few days from this damn virus, but I have neither Word nor Windows nor do I know the wags the emails come from so I'm not really scared.
MyopicProwls
Let the virus writers -stay- this stupid. (Score:2)
Really... you don't want this to turn into a challenge. Let things stay this easy to write; you'll only end up infecting the people silly enough to double-click random binaries from their Outlook client.
There's no good reason that they can't implement some really creative worm that would work cross-platform and cross-client. Yes, it would be hard but you don't want a worm running out, downloading C compilers for the specific platform, compile worm, link itself, run as a background process, and go on finding hosts around it to infect. Make the bugger look for common Linux services holes, email it self to people in your inbox who run Outlook (Just look at the message headers)... infect an IIS webserver nearby, begin propogating... then unleash some unholy attack to DoS networks everywhere.
Nope... I'd rather we just left it nice and easy for them to write a trojan that's Win32 only, and requires human intervention to activate it.
Death? Certainly! (Score:2)
Re:wrong problem (Score:2)
same thing with computers. No one deserves to get a virus, or have someone trespass into your system.
Criminals are not there because of locks, locks are there because of criminals. a subtle yet critical point.
Re:Death to virus spreaders (Score:2)
lame... (Score:2)
Re:Better solution (Score:2)
No need to gather mail addresses.
No need to pay for bandwidth.
Excuse me while I get scripting....
Re:The real issue (Score:2)
"We are ordering free pizza tomorrow in the break room. Click on the link to confirm."
Nothing gets folks like free pizza...
mrgoat
Death for this guy (Score:2)
Wrong OTHER problem (Score:2)
I think you meant IIS - Internet Information Server. In fact, I'm sure that's what you meant, er, uh,
RUN FOR THE HILLS! THE SPACE STATION IS CRASHING WITH MUTANT VIRUSES ON BOARD!
AAAARAARRRRGGGGGGHHHHH!
Re:You'd think outlook would filter this by now. (Score:2)
The file type/creator codes are certainly NOT stored in the filename. They are part of the resource fork.
Re:Is a virus worse? (Score:2)
Here is my current hosts [wrongcrowd.com] file. Mac users, you need to reformat the info... Apple just HAD TO BE DIFFERENT.
Anyway, this is no cure-all but it does bust a lot of ads. I've been lazy about keeping it updated but it should help a bit.
Re:God Bless Microsoft!!! (Score:2)
That's only funny because it's so true.
I need to get some worthless certifications and cash in on this MS thing as well!
Re:You'd think outlook would filter this by now. (Score:2)
You get this message that "Some unspecified program is trying access your address book" prompt, whether it's a VBScript virus or you are trying to use routing features from MS Excel etc. Meaning there is no way to have trusted code which actualy does office automation features without annoying the users to hell and just giving them another prompt to ignore. I figure the Virus Writer club will be back to their old tricks of sending Word or Excel-based viruses pretty quickly.
Not that it really matters -- The only think that "Melissa" and ilk prove is that a 12 year old can write a mail worm without warezing a copy of VisualBasic. It's not like reading the address book off disk or sending mail directly using MAPI or even the winsock is too difficult for the advanced 14 year old.
Re:If you're so smart (Score:2)
The first few cost me time because I hadn't heard about the worm, and was trying to figure out why friends were sending me these large random attachments which my virus scanner didn't like.
The next few dozen cost me time as I got alerted that an email had arrived, went to check it, and deleted it.
Then I had to spend five minutes or so adding a procmail rule to dump sircam mail into a holding pen folder. Since then, I've had to spend a few additional minutes making sure the filter wasn't accidentally eating 'real' mail, and bulk-deleting the holding pen emails now and then.
In addition to all that, I administer a couple of mailing lists, and I had to respond to user inquiries about sircam both on- and offlist.
All told, the sircam worm has probably cost me half an hour. No huge thing on the cosmic scale, of course. But still, it's half an hour that was stolen from me, during which I would have prefered to work on something else. Multiply that by all the techies out there dealing with the effects of sircam, and it gets pretty significant.
--
Death to virus spreaders (Score:5)
Oddly, though, with this SirCam outbreak, I find more of my wrath landing on those who help spread the stupid thing. Every single one of the hundreds of emails I have received thanks to SirCam resulted from some otherwise intelligent person being incredibly negligent about network security. I have spent significant amounts of my own time paying for their lack of caution.
I have taken to sending a standard reply to each person from whom I receive SirCam, pointing out that connecting to the net without proper precautions in place is both silly and rude. I'm hoping to trigger a shame response that will motivate people to think about security enough to avoid being so rude again.
If we can foster a culture in which abetting the spread of a virus or worm though lax security is considered a serious social faux pas, we may have be able to contain them better. People are motivated by considerations of power, prestige, and group acceptance; push those buttons properly, and you can sculpt behavior as you will.
--
Killing is too easy... (Score:2)
Viruses and bad software (Score:4)
Which is part of the problem. People who sell folks on bad solutions because it also spells job security
;-)
Check out the Vinny the Vampire [eplugz.com] comic strip
Re:wrong problem (Score:2)
One user in 10,000 probably writes vb code to manipulate office documents.
You're wrong about that. Ever used Outlook to automagically arrange a meeting? It does that by sending VBA macros with the notification messages so that if the recipients click "I Accept" (or whatever the button label is), their calendar is automatically updated and a confirmation message is sent with more VBA code to update your calendar to show that they're coming.
This is actually a Neat Idea, BUT the implementation is lousy. You can argue it should be hard-coded, but that restricts organizations' capacity to customize their setup. Instead, the problem is simply that the security model hasn't been thought through. There's no reason why, if you're using Outlook to automagically schedule meetings, you should allow messages from outside your internal network to automatically run their attached VBA code. And why should any mail message you receive have the ability to zap your files? It's also quite difficult to centrally administer the configuration to make sure some luser doesn't fat-finger his/her own config and open up a gaping hole in your security. This is what prevents this Neat Idea from becoming a Good Thing.
That, and the fact that you have to have an all-Outlook shop for the whole thing to work.
Re:You'd think outlook would filter this by now. (Score:2)
Seriously, I like the notion. But I think it is mildly impractical to try and figure out an FTP scheme that is as flexible and user-friendly that would be ultimately any more secure than using email with attachments. You know the first thing every user would want is an "autofetch attachments" or "single click attachment fetch" option, and they'd all be downloading and opening the virus/worm/trojan anyway.
I'd say give general computer education time for the public to get to a basic, solid bedrock of how this stuff all works and the next generation coming up will make things like not opening attachments from strangers seem like second nature.
Re:rehabilitation may sometimes be possible (Score:2)
punishment... (Score:4)
Re:The real issue (Score:4)
The real issue (Score:4)
Re:You'd think outlook would filter this by now. (Score:2)
Like when someone attaches a 113MB PowerPoint Slide show from a pppppublic drive and sends it to half the company, all of witch have access to the original file. Then 47 people save the file to their user folders. Then the person that sent the E-Mail bitches about E-Mail running slowly!!!!
No what is funny is a month later when every version is diffrent and every one thinks the server isn't saving files anymore.....
Linux as an antivirus tool. (Score:2)
Linux as you mail server? Check out Enhancing E-Mail Security With Procmail [impsec.org] to send this nasty crap to
How about taking it a step further and having you Linux box scan all incoming e-mail for virisus? See Amavis [amavis.org] and others [freshmeat.net]
If you're using Linux as your file server, invest in some linux based antivirus software. Let linux scan away at your uses Windows files and keep them virus free using an OS they can't infect in the first place.
If you're a network admin, and you don't take counter measures from preventing your users from infecting themselves and others, your a part of the problem as the virus writer. Educate your users, use counter measure that prevent your users from getting the virus in the first place, etc. etc. etc.
rehabilitation may sometimes be possible (Score:4)
How many virus writers go on to live normal, productive lives? How many never write another virus?
(Ah, to heck with it. Kill 'em all and let DoS sort 'em out!)
Tim
Juvenile mentality: (Score:3)
Perhaps if we let a certain former Texas governor order the killing of virus writers, he might refrain from killing retarded adults, people who committed their crimes as juveniles...
The real kicker here is that most of the viruses out there have been created by... you guessed it... juveniles.
They're juvenile in mind if not in body at least...
There's a reason we call these people 'script kiddies'. Steve Gibson, of grc.org fame beleives that the k1dd3s DOS'ing his site are no older than 12 or 13. I would imagine that most of the people who downloaded this virus creation kit are just about as old.
Re:The real issue (Score:3)
I'm not surprised.
Re:"Viruses" can be funny... (Score:4)
'hey everybody, I'm looking at porn!'
I think that kind of virus is a high form of human pathos and should be encouraged, always.
Now I've had to deal with weeks and weeks worth of anti virus and anti anti virus (yea, McAfee is worse than the virii sometimes) crap but virii remind all of us that computers are, well computers and we're, well, the people. Do you understand? They reinforce the roles so often blurred or ignored, we must be the responsible, semi-cognizant ones in the relationship, we can't rely on them to think for us, etc. Basic hacker ethos. Virii are like big snow storms (or rolling blackouts), they shut things down, disrupt the normal clean flow of days and power and make people look around their momentarily decontextualized surroundings and maybe, think with some perspective.
Besides, with out the Anna virus we'd never know how many top executives are *eager* to look at tennis porn. Right?
I'm actually serious. Yes, they suck and yes they're mostly written my morons and yes PE infectors at least require a modicum of computer knowledge and yes destructive and yes. But I'd rather have them, at this stage in the game.
Re:Dismount from high horse. (Score:2)
BTW, I posted @ 1 for you. I'd always do that, but it takes effort (you need to click a box that says "No Score +1 Bonus". You should have to click to post @ 2, not 1.
Re:The Armys' response (Score:2)
ABC News reported on this yesterday [go.com] (I submitted it to /. but of course was rejected)
Key quote from a military spokesperson:
"To protect our DoD [Department of Defense] Web sites from being compromised, DoD organizations have been told to review the status of the Internet information servers ⦠to make sure that all the patches that were previously installed had been installed"
The last part of that statement makes me feel REAL warm and fuzzy about the technical readiness of our military - even if he is just a spokesperson.
Re:rehabilitation may sometimes be possible (Score:2)
Re:Viruses keep the economy going (Score:2)
Re:wrong problem (Score:2)
It is a COM object; I've programmed Word, Excel, and Outlook through the COM interface. But you still need some kind of record-and-playback keystroke macro system for eend users. Those things have been around since the DOS/WordPerfect/Lotus 1-2-3 days
MS has some of the smartest tech people on the planet
I need to see some proof of that one. Their top people have been 'retiring' in droves, and the major incentive to working at Microsoft has always been the stock options. Now that the stock isn't doubling every year, and the pay is still way below industry average, I wonder how many really bright people are left.
the MS-SQL Server story was BS, a cheap shot
Read the supporting documents, look at the code samples and the responses from the Microsoft tech support person, then come back here and say that. They screwed up, big time.
virus writers are the lowest form of life? (Score:4)
Re: The real issue (Score:2)
s/pizza/beer
It's the only way to be sure.
--
Have crack, will moderate.
Re:wrong problem (Score:2)
Tempting as it might be to go after the virus writers when something like this happens, the real problem is the buggy insecure code which lets it happen in the first place.
Right! Attack the problem at its source, and kill all programmers. That'll solve both problems, since virus authors are programmers by definition.
The charge shouldn't be "kill the virus writers", it should be "stop buying unsecure software".
So since (as you yourself argued) all software is prone to security holes, we should stop using all software. Then destroy all computers and return the world to an agrarian utopia. Then I'll solve all my security problems with the customs devised under the feudal system -- with a mace to the head.You'd think outlook would filter this by now. (Score:4)
Okay, you caught me. (Score:2)
What's ironic is that... (Score:4)
Screw 3...
Ritchie Quote (Score:2)
-- Dennis Ritchie, 1979
That's the big difference between all non-MS operating systems and MS. The whole damn world knows that systems are insecure, and that safeguards must be taken, not only to avoid known exploits, but to be prepared for future exploits. MS shows no remorse or shame every time they're caught with their pants down. Microsoft attitude to security is the same as their attitude to bugs in general. If it sells, why bother fixing it?
I can guarantee you all that Microsoft will continue to ignore security. Untill the day when the computer security industry (antivirus software, firewalls, etc.) is so big that Microsoft decides to corner that market. What a sweet deal that will be for them. It's like having a pharmaceutical company releasing a plague so that they can sell you medicine.
Re:wrong problem (Score:2)
So, we're talking about the CTO's and the IS departments. THEY are the ones supposed to be smart and educated about computers and security. They need to assume that their USERs are like 3 year olds when it comes to computer security, or educate the users to be as smart as they are.
By purchasing and using such inherently insecure software, the IS departments and CTO's are doing the same as a parents handing loaded guns to their infants.
NO!! (Score:2)
There is a large tendency to over-regulate computers as it is (DMCA, etc.). The last thing anyone (sane) would want to do is give the over-regulation MORE power. Think of all the recent cases (DeCSS, Dmitry Sklyarov, etc.)... you do NOT want the people who thought stuff like this illegal to have the power of the death penalty in their hands.
______________________________________
Re:The Armys' response (Score:2)