Re: And another one just for fun!
From: Mark Crispin (mrc_at_CAC.Washington.EDU)
Date: Thu, 18 Sep 2003 13:09:31 -0700
On Thu, 18 Sep 2003, Wolfgang Schelongowski wrote:
> So what? No OS is as friendly to a virus as windows. It's extremely
> braindead to run a file as a program when all the user wanted to
> open that file. But MS are just a bunch of "Barbarians led by Bill
There is nothing intrinsic in the Windows OS that makes it more virus
friendly. The flaw is in the email program that most Windows users run.
Similar flaws have been found in MacOS email programs and even some UNIX
It's slightly harder to convince a UNIX email program to run a UNIX binary
or shell script due to the need for the x bit. But only slightly. In one
highly amusing flaw that I remember from about 14 years ago, it was
possible for a well-crafted message to set /etc/crontab.local since the
agent that did the detaching ran setuid root.
Additionally, it was not the Evil Empire which invented the concept of
"just do the file's double-click action when all the user wants to do is
open it." That particular bit of idiocy was around in non-Windows email
programs at a time when you had to use a third-party TCP stack for Windows
because Microsoft hadn't created Winsock yet.
The entire culture from the mid-1980s until the mid-1990s was very
anti-security. Security was considered to be an annoyance that got in the
way of doing work, and one which could be discarded in the personal
computer revolution. It was a *feature*, not a bug, that a personal
computer user was effectively root.
I will blame Microsoft for playing "catch-up" and copying what everybody
else at the time was doing, instead of recognizing the obvious flaw and
doing something better.
Now we are all playing catch-up with the mainframe systems which were so
gleefully shut down in the 1980s because they were big, expensive, and had
this annoying security that got in the way.
-- Mark --
Science does not emerge from voting, party politics, or public debate.
Si vis pacem, para bellum.