| Who we are | Organizations | Get Involved! | Helpdesk |
| Weblog | About FLORA | Server project | F.A.Q. |
|
|
|||||||
| ||||||||
Election 2006 (and beyond): Digital Copyright Canada
From: russell_-at-_flora.ottawa.on.ca (Russell McOrmond)
Date: 8 May 2000 11:37:07 -0400
---------- Forwarded message ---------- Date: Mon, 8 May 2000 07:30:33 -0400 (EDT) From: Russell McOrmond <russell@FLORA.OTTAWA.ON.CA> To: mailinglist-cpi-ua@list.techbc.ca Subject: Re: Microsoft and Viruses On Mon, 8 May 2000, Jay Hauben wrote: > Hi, > > I thought this viewpoint which attributes the ILOVEYOU virus and similar > ones to Microsoft has merit. Microsoft has made it possible for other > people than myself remote from my workstation to gain access to my > computer and launch programs on it. That is why these viruses work. Some details are needed to make a good evaluation here. There are problems with the Microsoft software, but remote launching is not part of that problem. In this case the user did need to run a program out of their email, something that Microsoft is only partly to blame by making it too easy to do so, but only half for the 'launching' aspect of the virus/Trojan. What happens with this virus: a) User receives email with attachment. They double-click on the attachment (which is customary for most attachments). If it is a 'known type' (Known to the Operating System, not just known to the email software) it then executes or launches the right application. Defect 1) The Operating System and all applications must define all information being received from the network as hostile and must not use a similar 'table of file types' for files received from the network as it does for files available from local hard disks or secure LAN connections. Users should have to go through many steps including moving a file from a Quarantine area before being able to execute them on their desktop. At this point the responsibility is that of the user and not of the remote author or software vendor (Note: I assign little blame for this mess to the person who wrote the virus, the majority to the vendor and a considerable amount to the user at their desktop). An important thing to note here is that AOL/Netscape-Time/Warner/the/entire-planet is just as guilty here as Microsoft is of making running programs from the network too easy. At least Netscape doesn't automatically view attachments like Outlook does with Word Macro Viruses. b) The Virus then, if you are running Microsoft Outlook, will email a copy of itself to everyone in your address book. While Microsoft Outlook is the target here, a little bit better written virus could have targeted MAPI and searched for a few more email programs. Once the 'program' from step (a) was launched, there is very little the vendor can do to protect the user from themself. Outlook is not the villain here as it was in the case of Melissa, which was a Word Macro virus executed by the viewing of a Word attachment. c) The virus stores copies of itself on the disk, including in the system area such that it will re-launch when the computer re-boots. Defect 2) Modern operating systems that are to be used on a network must have differentiated users (IE: You login with username/password or similar) and must require a special 'Root' or 'Administrator' password to install software. The fact that any user can install software on the computer is a basic defect that should make the computer unelegable to be connected to the network. Note: These two real defects are not only trivial to repair, they are what is done on systems that were networked long before Microsoft or Netscape were writing network software. There was considerable experience and knowledge here which Microsoft and others deliberately chose to ignore. They are in essence an incompetent companies when it comes to very basic network security, and users need to start to recognize this and no longer trust their software. We are moving more and more into a networked environment, and need to have more modern software tools in order to do that effectively: Microsoft is not offering those tools at an appropriate price point (IE: The more expensive Windows 2000 handles the second defect better than Windows 9x or current versions of MacOS which do not handle things at all). While Microsoft made the conditions to make this virus as trivial as it is, people chose their products ignoring the warnings of security experts, and people run attachments from the network even though they have been warned not to do so. --- Russell McOrmond, Internet Consultant: <http://russell.flora.org/work/> http://www.flora.org/flora.comnet-www/1637 Community radio going private? http://www.flora.org/flora.comnet-www/1640 If you really "Loved me" http://www.flora.org/flora.comnet-www/1641 Reponsibility and monopolies
| Please read the FLORA.org Terms and Conditions before you submit information to FLORA.org | |
Join the Blue Ribbon Online Free Speech Campaign(USA) (Canada) |
 FLORA Community Web
(FLORA.ORG) is sponsored by FLORA
Community Consulting (FLORA.CA).
|