On Tue, Jun 24, 2003 at 01:32:22PM -0500, gep2(_at_)terabites(_dot_)com wrote
ALL operating systems are vulnerable to viruses, as long as the
systems are user-programmable (or program-extensible). OK, your
digital watch, your microwave oven (probably), and your laser printer
probably aren't vulnerable to viruses. But that's because nobody
else can much change their code, either.
Other operating systems, or at least late-releases (e.g., Max OSX),
are not susceptible to viruses.
And just what is the "magic bullet" that you think magically makes
those systems "not susceptible"? I don't believe that there IS such
a magic bullet.
Because they *DON'T AUTO-EXECUTE EMAIL*. Yeah, there's been a patch
out for a while, but each time somebody's Windows crashes, and they
re-install, they're back to square 1. Unixes used to have backtick
expansion enabled in mailcap. It was determined to be "not a good
thing" and was depracated. Windows comes with "Windows Scripting Host"
enabled. And even if you delete it, most 3rd-party programs' install
routines will install a copy to facilitate the install script. Of
course the installer leaves the scripting host installed.
And in particular, a WORD macro virus (for instance) which works on
a Windows-based OS will probably work on a Mac-based OS too... since
the level of abstraction provided by the macro facility SPECIFICALLY
shields the executing macro from vagaries based on the underlying OS.
Not on AbiWord for linux, it won't execute.
The better solution is really to put restrictions in place on
incoming material (and E-mail is our focus here) such that potentially
dangerous executable stuff (and in practice, this means ActiveX-type
stuff, scripting, and potentially malicious attachments) simply
aren't allowed to be delivered unless they come from pre-arranged
(or post-permitted, maybe), _trusted_ people who we EXPECT such type
of stuff to come from.
Howsabout the OS not allowing users to execute attachments from inside
email. Beyond this, what about *AUTO_EXECUTION OF ATTACHMENTS* ?
I got a spam just a day or two ago shilling for a porn site and
crowing about how "no credit card required". The link said,
in essence, "to connect to this site directly using your modem,
CLICK HERE." Under the concealment of the HTML, the link pointed
to a URL of .exe type. Most lusers wouldn't realize (of course)
the implication of the (truthful) prompt... that the executable was
planning to hang up the person's Internet connection through their
local ISP, then redial on the user's modem to a 900-type international
telephone number at staggering per-minute charges, which will of
course bill to the luser's phone bill to arrive a month later.
Windows *BY DEFAULT* displays an attachment named "Loveletter.txt.vbs"
as "Loveletter.txt". *EVEN IF YOU TURN OFF THE OPTION TO HIDE
EXTENSIONS* .lnk and .pif *WILL STILL BE HIDDEN*, unless you get into
some registry hacking that is beyond the ability of the average user.
We pound away at users not to execute executable attachments, and they
think that clicking on a *.GIF or *.JPEG is OK.
--
Walter Dnes <waltdnes(_at_)waltdnes(_dot_)org>
Email users are divided into two classes;
1) Those who have effective spam-blocking
2) Those who wish they did
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg