| Who we are | Organizations | Get Involved! | Helpdesk |
| Weblog | About FLORA | Server project | F.A.Q. |
|
|
|||||||
| ||||||||
Election 2006 (and beyond): Digital Copyright Canada
From: russell_-at-_linux.ca (Russell McOrmond)
Date: 5 May 2000 03:12:27 -0400
I am starting to get a bit frustrated with only half the story being presented. Yes, the Internet allows the proliferation of information very quickly, and yes, there are legitimate security attacks and viruses. "Melissa" and the "Love bug" are not, however, sophisticated enough to be considered a security attack - they rely on well known design flaws in a few Microsoft products and are trivially preventable. The real story here is not that yet another virus has been written that targets Microsoft Outlook users. The real story is why people continue to run defective software and blame someone else when a problem happens. Being connected to a network is a security risk, and a bare minimum of security is required. This bare minimum of security is simply not being offered in some of the most popular products but that is offered elsewhere. a) Modern networkable computing systems have differentiated users where a person logs into the computer before they use it. They specifically separate a 'special' user (root, administrator, or other names are used) which is required for installing software. Users know when they are running as administrator and know that they need to be careful with security at that point. Systems such as Microsoft Windows 9x or older versions of Apple MacOS which do not have this basic networking facility are by definition insecure and should not be used on the Internet. b) It is generally understood that non-digitally signed files coming from the internet, even if they report to be from someone we know, should be considered hostile. There is absolutely no excuse for software to assume that all file attaches are friendly and automatically 'display/execute' them as is the case with Microsoft Outlook. This bug was not required for this trojan (IE: The user had to click on the attachment and run it), but the fact that one only needs to double-click in order to execute the program is itself a security/design flaw. These are basic design flaws, not legitimate security problems. I am not suggesting that any other computer system is immune from attack, but there is a difference between being immune from attack and being a wide-open trivial target when very simple and well understood measures exist. ILOVEYOU Microsoft http://linuxtoday.com/story.php3?sn=21266 A better article (in this case in Smart Reseller, ZDNet) that gets to the point that this is an Outlook problem, not an Internet one. LoveLetter not a comptuer virus (it is a Trojan) http://www.flora.org/flora.oclug/6140 http://www.digitaldesk.com/2000/05/iloveu.htm http://www.pulse24.com/newstories/may0400-viruscopy.asp --- Russell McOrmond, Internet Consultant: <http://russell.flora.org/work/> FLORA SERVER UPDATES: http://www.flora.org/flora/server/ It really is about Copyright Law! Microsoft is abusing copyright. Will it be their downfall? http://www.flora.org/flora.comnet-www/1614
| Please read the FLORA.org Terms and Conditions before you submit information to FLORA.org | |
Join the Blue Ribbon Online Free Speech Campaign(USA) (Canada) |
 FLORA Community Web
(FLORA.ORG) is sponsored by FLORA
Community Consulting (FLORA.CA).
|