RE: [iwar] News
From: Riccardo Sibilia
From: sibilia@ims.ee.ethz.ch
To: iwar@egroups.com
Wed, 21 Jun 2000 10:19:34 +0200 (MET DST)
fc Wed Jun 21 01:22:13 2000
Received: from 207.222.214.225
by localhost with POP3 (fetchmail-5.1.0)
for fc@localhost (single-drop); Wed, 21 Jun 2000 01:22:13 -0700 (PDT)
Received: by multi33.netcomi.com for fc
(with Netcom Interactive pop3d (v1.21.1 1998/05/07) Wed Jun 21 08:22:06 2000)
X-From_: sentto-279987-424-961575585-fc=all.net@returns.onelist.com Wed Jun 21 03:20:57 2000
Received: from mx1.biz.mindspring.com (nocmail01.atl.mindspring.net [207.69.200.150]) by multi33.netcomi.com (8.8.5/8.7.4) with ESMTP id DAA03526 for ; Wed, 21 Jun 2000 03:20:57 -0500
Received: from ch.egroups.com (ch.egroups.com [207.138.41.144])
by mx1.biz.mindspring.com (8.9.3/8.9.3) with SMTP id EAA26479
for ; Wed, 21 Jun 2000 04:21:03 -0400 (EDT)
Message-Id: <200006210821.EAA26479@mx1.biz.mindspring.com>
X-eGroups-Return: sentto-279987-424-961575585-fc=all.net@returns.onelist.com
Received: from [10.1.10.36] by ch.egroups.com with NNFMP; 21 Jun 2000 08:19:45 -0000
Received: (qmail 7476 invoked from network); 21 Jun 2000 08:19:38 -0000
Received: from unknown (10.1.10.27) by m2.onelist.org with QMQP; 21 Jun 2000 08:19:38 -0000
Received: from unknown (HELO ims.ee.ethz.ch) (129.132.163.195) by mta2 with SMTP; 21 Jun 2000 08:19:37 -0000
Received: (qmail 4126 invoked from network); 21 Jun 2000 08:19:35 -0000
Received: from lacrosse.ethz.ch (HELO lacrosse) (129.132.163.215) by gnome.ethz.ch with SMTP; 21 Jun 2000 08:19:35 -0000
To: iwar@egroups.com
Content-MD5: hm2UKWslelEu6Yt2S2FCjg==
X-Mailer: dtmail 1.2.1 CDE Version 1.2.1 SunOS 5.6 sun4u sparc
From: Riccardo Sibilia
MIME-Version: 1.0
Mailing-List: list iwar@egroups.com; contact iwar-owner@egroups.com
Delivered-To: mailing list iwar@egroups.com
Precedence: bulk
List-Unsubscribe:
Date: Wed, 21 Jun 2000 10:19:34 +0200 (MET DST)
Reply-To: iwar@egroups.com
Subject: RE: [iwar] News
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
>
> You make it sound like your first line of defense is a Microsoft product. Why
> not instead sue antivirus vendors for failing to protect you?
>
> Ask yourself why popular antivirus software DOESN'T check for the years-old
> ".???.???" filename trick. How much effort does it take to look for two
> periods in the last eight characters of a filename? Only evil attachments use
> it. Checking for it would have saved the world (before the fact!) from
> ILoveYou, NewLove, and now Stages.
>
Rob
Good point. In my opinion in this moment antivirus software is beeing abused
to take care of things that MS or the admins should have take care of.
For example recognizing BackOrifice and other programs is more a task of the
local admins and of enforcement of the security policy than one for VirusScan
or whatever.
This sort of solution (antivirus) is peculiar to the fact that you cannot
avoid in any other way the execution of a program with such a high-level
of access under Windows (...even under NT if you want your users to be still
able to do something useful with their computers).
This is possible under Unix and other OSes, with a strictly implemented
security policy.
The so called "ILOVEYOU" virus is not a virus in the sense that it does not
propagate by itself and works only because of these three points:
- "dumbness" of users (that is not bad, btw, that is just the reason
why they are users and not admins) that just open any file they see.
- the fact that some a..h..e (fill in the points) at MS has found it would
be a cool idea to have script executions in the attachments and some other
person of the same category in the security dept. of the same company did
not object to it. This shows that security is a low-priority issue at MS,
monopolizing the market beeing the primary one ( :-) I had to write this
one).
- many IT managers do not know better than go mainstream and buy Outlook/
Exchange.
It would have been a true virus, if it would have exploited some buffer
overflow in the program or in some APIs and propagated by itself. This is
also a plausible scenario for the future (...in my opinion the nightmare has
just begun).
... and Devlon: guess what, I do not use any M$ software on my Ultra 10
workstation and the "ILOVEYOU" troyan is not a worry to me ;-).
The fact that this event has become an international case and that everybody
is screaming at the bad hackers that wrote the program, instead of recognizing
the roots of the problem (and in many cases admit their responsibilities) is
sort of crazy.
Also I am sure that sueing Microsoft in the USA would make a very hard case.
There is no reason to call their fault a "bug". This functionality has
certainly been defined in the design of the product, which makes them
co-responsible for the success of the "virus".
Rick
> Rob Rosenberger, webmaster
> Computer Virus Myths home page
> http://www.kumite.com/myths
> U.S. (319) 646-2800
>
>
> ------------------------------------------------------------------------
> IT Professionals: Match your unique skills with the best IT projects at
> http://click.egroups.com/1/3381/7/_/595019/_/961540387/
> ------------------------------------------------------------------------
>
> ------------------
> http://all.net/
--
Riccardo Sibilia sibilia@ims.ee.ethz.ch
Inst. fuer militaerische Sicherheitstechnik http://www.ims.ee.ethz.ch/
Auf der Mauer 2 Tel. +41 1 252 6260
8001 Zurich / Switzerland Fax. +41 1 252 1667
------------------------------------------------------------------------
SALESFORCE.COM MAKES SOFTWARE OBSOLETE
Secure, online sales force automation with 5 users FREE for 1 year!
http://click.egroups.com/1/2658/14/_/595019/_/961575585/
------------------------------------------------------------------------
------------------
http://all.net/