Re: And another one just for fun!

From: Mark Crispin (mrc_at_CAC.Washington.EDU)
Date: 09/18/03

  • Next message: Fred_McGriff: "Make OS Liable for Security"
    Date: Thu, 18 Sep 2003 13:09:31 -0700

    On Thu, 18 Sep 2003, Wolfgang Schelongowski wrote:
    > So what? No OS is as friendly to a virus as windows. It's extremely
    > braindead to run a file as a program when all the user wanted to
    > open that file. But MS are just a bunch of "Barbarians led by Bill
    > Gates".

    There is nothing intrinsic in the Windows OS that makes it more virus
    friendly. The flaw is in the email program that most Windows users run.
    Similar flaws have been found in MacOS email programs and even some UNIX
    email programs.

    It's slightly harder to convince a UNIX email program to run a UNIX binary
    or shell script due to the need for the x bit. But only slightly. In one
    highly amusing flaw that I remember from about 14 years ago, it was
    possible for a well-crafted message to set /etc/crontab.local since the
    agent that did the detaching ran setuid root.

    Additionally, it was not the Evil Empire which invented the concept of
    "just do the file's double-click action when all the user wants to do is
    open it." That particular bit of idiocy was around in non-Windows email
    programs at a time when you had to use a third-party TCP stack for Windows
    because Microsoft hadn't created Winsock yet.

    The entire culture from the mid-1980s until the mid-1990s was very
    anti-security. Security was considered to be an annoyance that got in the
    way of doing work, and one which could be discarded in the personal
    computer revolution. It was a *feature*, not a bug, that a personal
    computer user was effectively root.

    I will blame Microsoft for playing "catch-up" and copying what everybody
    else at the time was doing, instead of recognizing the obvious flaw and
    doing something better.

    Now we are all playing catch-up with the mainframe systems which were so
    gleefully shut down in the 1980s because they were big, expensive, and had
    this annoying security that got in the way.

    -- Mark --
    Science does not emerge from voting, party politics, or public debate.
    Si vis pacem, para bellum.

  • Next message: Fred_McGriff: "Make OS Liable for Security"

    Relevant Pages

    • Re: Card Reader
      ... it is theoretically possible to infect a Unix executable with a virus, such things are almost never seen in the wild because the Unix design blocks them from propagating. ... Contrast that with the virus sewer that Windows users swim in every day. ... Until I retired I worked with AIX servers,, and the same precautions were in effect for them as for the 40 or so Windows servers we used. ...
    • Re: New Patch Fixes 43 Flaws In OS X, Many Serious
      ... It was a virus if anything was. ... hacking and making viruses for windows. ... Windows security *design* was copied from the best, ... The hackers won't bother doing one for UNIX due to the fact that the program would then become large and obvious. ...
    • Re: Card Reader
      ... Windows doesn't graft the card into the filesystem the way Unix does, so there's no consequence to just pulling the card out or unplugging the cable. ... You could dump your virus and spyware problems as well. ...
    • Re: Linux is the favourite hacker target
      ... The Globe Technology article normalize the attack ... That's because there are multiple virus toolkits for Windows, ... don't get attacked is that Unix simply isn't a widespread as MS-Windows. ...
    • Re: dual G5 -- do you recommend it?
      ... > Good thing the Mac doesn't have any wiping-out-disks code in ROM, ... > I'm surprised they put that into the ROM on Windows boxes, ... >>the more virus writers will turn their attention to Unix. ...