[iwar] Virus or not?
From: Fred Cohen
From: fc@all.net
To: iwar@egroups.com
Wed, 21 Jun 2000 04:18:28 -0700 (PDT)
fc Wed Jun 21 04:19:14 2000
Received: from 207.222.214.225
by localhost with POP3 (fetchmail-5.1.0)
for fc@localhost (single-drop); Wed, 21 Jun 2000 04:19:14 -0700 (PDT)
Received: by multi33.netcomi.com for fc
(with Netcom Interactive pop3d (v1.21.1 1998/05/07) Wed Jun 21 11:19:07 2000)
X-From_: sentto-279987-425-961586309-fc=all.net@returns.onelist.com Wed Jun 21 06:18:27 2000
Received: from jk.egroups.com (jk.egroups.com [208.50.144.83]) by multi33.netcomi.com (8.8.5/8.7.4) with SMTP id GAA13541 for ; Wed, 21 Jun 2000 06:18:27 -0500
X-eGroups-Return: sentto-279987-425-961586309-fc=all.net@returns.onelist.com
Received: from [10.1.10.38] by jk.egroups.com with NNFMP; 21 Jun 2000 11:18:32 -0000
Received: (qmail 27950 invoked from network); 21 Jun 2000 11:18:28 -0000
Received: from unknown (10.1.10.27) by m4.onelist.org with QMQP; 21 Jun 2000 11:18:28 -0000
Received: from unknown (HELO all.net) (24.1.84.100) by mta2 with SMTP; 21 Jun 2000 11:18:28 -0000
Received: (from fc@localhost) by all.net (8.9.3/8.7.3) id EAA28172 for iwar@egroups.com; Wed, 21 Jun 2000 04:18:28 -0700
Message-Id: <200006211118.EAA28172@all.net>
To: iwar@egroups.com
In-Reply-To: <200006210821.EAA26479@mx1.biz.mindspring.com> from "Riccardo Sibilia" at Jun 21, 2000 10:19:34 AM
Organization: I'm not allowed to say
X-Mailer: don't even ask
X-Mailer: ELM [version 2.5 PL1]
From: Fred Cohen
MIME-Version: 1.0
Mailing-List: list iwar@egroups.com; contact iwar-owner@egroups.com
Delivered-To: mailing list iwar@egroups.com
Precedence: bulk
List-Unsubscribe:
Date: Wed, 21 Jun 2000 04:18:28 -0700 (PDT)
Reply-To: iwar@egroups.com
Subject: [iwar] Virus or not?
Content-Type: text/plain; charset=ISO-2022-JP
Content-Transfer-Encoding: 7bit
I have 2 points to make here:
1) What are the information warfare implications of these issues? I
don't wish to discourage participation, but rather to focus this forum
in iwar. Having said that, I will now fail to do so in the rest of this
message...
2)
...
> The so called "ILOVEYOU" virus is not a virus in the sense that it does not
> propagate by itself and works only because of these three points:
Any sequence of symbols can only be a virus in particular enviroments.
The environment of today makes ILOVEYOU a virus because user behavior
is part of that environment.
> - "dumbness" of users (that is not bad, btw, that is just the reason
> why they are users and not admins) that just open any file they see.
Let us say behavior - they are not dumb just because they know how to
use the system and do so. Poor assurance in the design - perhaps.
> - the fact that some a..h..e (fill in the points) at MS has found it would
> be a cool idea to have script executions in the attachments and some other
> person of the same category in the security dept. of the same company did
> not object to it. This shows that security is a low-priority issue at MS,
> monopolizing the market beeing the primary one ( :-) I had to write this
> one).
Limited function in applications such as word have been a published
solution since 1985 - and the vendors have known about it all along.
> - many IT managers do not know better than go mainstream and buy Outlook/
> Exchange.
There are sound business reasons for making this decision in many cases.
> It would have been a true virus, if it would have exploited some buffer
> overflow in the program or in some APIs and propagated by itself. This is
> also a plausible scenario for the future (...in my opinion the nightmare has
> just begun).
If it did not reauire the user to run a program, it would be a subset of
viruses called worms.
------------------------------------------------------------------------
仲間とはじめる、仲間を見つける eグループ
「グループメールしませんか?」
サークル・同窓会・同僚・ビジネス・家族でどうぞ!
http://www.egroups.co.jp/info/features.html
http://click.egroups.com/1/3411/14/_/595019/_/961586309/
------------------------------------------------------------------------
------------------
http://all.net/