Nasty New Virus Variants 1050
Lucidus writes "Numerous journals, such as Mac Daily News and The Motley Fool, are reporting that the latest versions of the Beagle/Bagle virus can infect users' computers whether or not they open an attachment. Apparently, the simple act of selecting the message activates the code. Given that you have to select an E-mail to delete it, how are users supposed to protect themselves from this one?"
Simple... (Score:4, Insightful)
Switch!!! (Score:4, Insightful)
Well, this one is gonna start a whole slew of flaming and trolling over the virtues of one platform over another as it is kinda a loaded question with a simple answer:
Switch
So let's start right off with a big razz towards Windows users from both the Linux and Macintosh communities.........
Thhhbibibibibbbpt!!!
Seriously though, when are you guys gonna get the picture? Microsoft if chasing a moving target here and they will always be behind the curve, reacting to the latest virus outbreak until they fix what is fundamentally wrong with the Windows architecture. Hopefully this will happen with Longhorn in 2006......or 2007.........or whenever.
one word (Score:3, Insightful)
Simple (Score:1, Insightful)
1 answer. (Score:4, Insightful)
Aside from... (Score:5, Insightful)
I don't know. Webmail, one of the numerous non-vulnerable email clients for Windows, maybe give up email entirely [stanford.edu]?
Not hard (Score:2, Insightful)
There are tons of other options out there that aren't vulnerable, such as Mozilla and Thunderbird [mozilla.org].
Re:How about.... (Score:0, Insightful)
Monoculture is bad (Score:5, Insightful)
But as there are way too many deployments of Outlook as it is, and because it is Outlook/IE that is being exploited, the first solution would be to increase diversity in that field. Other mail clients, such as Thunderbird, or Eudora, will thrive while Outlook continues to succumb to these new diseases.
Oh who am I kidding, Outlook will continue to wreak its wrath upon the Net and cause us to all suffer as a result.
how to fix (Score:5, Insightful)
Anyway, according to this article here, [newsfactor.com]
"Bagle exploits a flaw in Outlook, revealed in October of 2003, that allows a hacker to upload and execute a file on a user's PC without that user opening the file. Microsoft has issued a patch for the flaw in October, but users who have not updated their systems with this patch are at risk."
If you run an MS machine, and don't know that you have to update regularly, you need your head checked. Besides, updating an MS machine really is easy.
This is hugely misleading (Score:0, Insightful)
From the article (Score:3, Insightful)
Is that guy clueless??? People still open attachments even though they don't know what it is. Remember a few weeks ago?? It happened and will happen again. This "new" twist of a virus is still crap news though...
Download Email Headers Only (Score:4, Insightful)
Actually, I use my own program to download headers, score them for likely spam, delete the garbage emails(without ever downloading the actual content), then start outlook to get the real ones.
Obviously, if a legit sender transmits a virus, it's a problem, but I guess that's why I pay Symantec.
Re:1 answer. (Score:4, Insightful)
Unless your IT department cluelessly refuses to turn on IMAP4 "for security reasons."
Re:How about.... (Score:5, Insightful)
Mozilla Thunderbird is a great lightweight email client replacement for Outlook. Your average home user who has an imap or pop account from an ISP really has no good excuse not to uninstall Outlook from their machine and switch. Corporate users on the other hand are a little more screwed, since many of them use Exchange servers that don't have OWA turned on and/or aren't Exchange 2000/2003, which precludes using Evolution's commercial plugin to get calendaring integration and whatnot. However corp users that do meet those server-side requirements can do so. Or if you don't use or need the calendaring part in your organization and the exhcnage server has IMAP, then you can also go Thunderbird there too.
Re:protecting from viruses (Score:4, Insightful)
Well, its pretty easy actually.... (Score:2, Insightful)
How about... (Score:5, Insightful)
Yes, I wrote it. I wrote it because 99% of the messages I receive in HTML format are advertising. Most of those use dinky little images with referrer IDs to verify your email address is valid. The 1% I really need to see in HTML
I know it's going back to the dark ages, but maybe NOT running javascript, html, etc is actually GOOD when it comes to emails.
I'm not advertising this thing, it's freeware anyway. I was a moderately happy Outlook Express user for years, but the lack of spam torturing implements drove me to write my own. Yes, I tried Mozilla, Eudora, etc etc. I think Thunderbird looks interesting too, and I recommend it. But personally I can't do without my POP3 preview window with colour tagging for spam, valid mail, blocked senders, ignored, etc. And deleting stuff before download. And bayesian filtering. And anything else I feel like adding, whenever I want to.
Re: Monoculture is bad (Score:5, Insightful)
> But as there are way too many deployments of Outlook as it is, and because it is Outlook/IE that is being exploited, the first solution would be to increase diversity in that field.
IMO e-mail viruses don't result from monoculture; they result from bad software design. Namely, e-mail clients that execute attachments.
We'd have Linux e-mail viruses in a minute if the popular e-mail clients added support for automatic execution of attachments. (Assuming anyone was foolish enough to use them.)
All you poor poor Outlook users (Score:5, Insightful)
Proud user of Pine since 1994. Thank you, Univ. of Washington!
? HELP - Get help using Pine
C COMPOSE MESSAGE - Compose and send a message
I MESSAGE INDEX - View messages in current folder
L FOLDER LIST - Select a folder to view
A ADDRESS BOOK - Update address book
S SETUP - Configure Pine Options
Q QUIT - Leave the Pine program
Copyright 1989-2003. PINE is a trademark of the University of Washington.
? Help P PrevCmd R RelNotes
O OTHER CMDS > [ListFldrs] N NextCmd K KBLock
Re:How about.... (Score:4, Insightful)
Preview Pane Virii are not New (Score:3, Insightful)
This is not New.
This is not News.
This doesn't even matter.
This is not even accuratly portrayed. Selecting an email isn't the problem, displaying it is the problem.
Generic Rant (Score:4, Insightful)
Re:Two Words: (Score:3, Insightful)
Same thing with web bugs - this is really not new in that respect. I've been using Outlook Express for several years now with no real problems, but I've had the preview pane off for exactly this reason.
Oh, and I also pay EmailSifter.com $35/month to filter my domain's email. They've been blocking around 70% spam on average, with 1% false positive rate, and only about 0.1% false negative rate, and have blocked about 800 virus-laden emails in one month...
Re:Switch!!! (Score:4, Insightful)
How about all the windows users check out Mozilla Thunderbird. You can keep your nice, friendly OS, and still not have to worry about insanely sad security. http://www.mozilla.org
However, if you're feeling a tad adventurous, then by all means check out the alternative OS choices. Need some names? Check out FreeBSD, Red Hat (Fedora Project), Mandrake, and there are plenty more on distrowatch.
Protect yourself... (Score:3, Insightful)
Switch to pine.
Or emacs/VM.
Or mutt.
Or...
Re:Not hard (Score:4, Insightful)
Re:God. (Score:2, Insightful)
Yes They Are Sexually Transmitted (Score:4, Insightful)
Re: My Photo by Cindi
Re: Hi Sweetheart by Melissa
Re: From you Secret Admirer by Linda Lovelace
etc.
Moderate this comment
Negative: Offtopic [mithuro.com] Flamebait [mithuro.com] Troll [mithuro.com] Redundant [mithuro.com]
Positive: Insightful [mithuro.com] Interesting [mithuro.com] Informative [mithuro.com] Funny [mithuro.com]
Re:Switch!!! (Score:5, Insightful)
i use both windows and linux machines day to day.
on my windows machines, i've activated the built-in firewall and use Mozilla Thunderbird for mail and Mozilla Firefox for web browsing.
i have zero problems with viruses or worms.
The real culprits here are IE, MS Outlook (& Express).
Block the email on server (Score:3, Insightful)
Re:Switch!!! (Score:5, Insightful)
The reason most (or all) viruses are written for Windows is because that's where they'll do the most damage, since most people use Windows.
All fine and well, but it will help you if you switch, because then you'll be joining the happy minority that don't worry about such things.
Of course if everyone switches it will be a problem, but really, what are the odds of that actually happening?
It;s all fine and well to say "If everyone switched we'd still have the same problems with viruses", but realistically, everyone isn't going to switch. A lot of people are heavily locked into their current platform - so, if you can, switch...
Jedidiah.
Re:protecting from viruses (Score:4, Insightful)
Now, one side of this is that SMTP needs (and lacks) a "this particular message will always be refused" error code. That would work well for virus filters, since the delivering system (eg Yahoo) could them just discard that message and continue with everything else.
The real fix is not to use these buggy mail clients. Like M$ LookOut!
And, though it's not applicable to the outright-buffer-overflow viruses like this one, not to use systems with the vile design flaw of letting users click on attachments and execute stuff. For example, my mutt mail reader has a mailcap that drives its attachment handling. Every clause runs a viewer. If I get a .exe I get told its size or offered an opportunity to save it to disc. It does not offer or try to run it.
This core distinction is the weakness in the windows mail world:
no attachment should have executable power. An explicit user driven
install ritual should be needed to get such a thing into
a context where it can be run.
i.e. it should be a safe action for a user to double click
any attachment - that act should always invoke a viewer of some kind.
Re:protecting from viruses (Score:5, Insightful)
Re:Switch!!! (Score:5, Insightful)
My mail client (mutt) does not run under an account that has full access to the entire system. Instead, it runs as me, and cannot replace parts of the OS even if it wants to. So it can't do things like replace part of the TCP/IP stack -- a popular Windows worm/virus trick.
My mail client does not automatically execute things sent to it. Instead, it shows me the text included in a file, and if I want to, I can open an external program to view it (like a movie player.) But under no conditions does it execute the email as a program, unless I save it to a file myself and execute that.
Re:Switch!!! (Score:4, Insightful)
I use Outlook 2003 every day with an up-to-date virus scanner and I maintain my Windows XP with Windows Update regularly.
Every virus I get is automagically snagged by Norton AntiVirus before it can do any harm.
My Windows 2000 server running IIS is fully visible to the public, and it never gets hacked. Know why? Because I can properly configure IPSec and maintain my patches.
Maybe the solution is not "OMG SWITCH TO LUNIX LOLLERS", but rather, educate the Windows users better. Make them more intelligent and clue them in to what they need to do to not fuck up their system.
People often tout Windows as "it's so easy my dead grandmother can do it" but I've learned in my years of sysadmining that Windows takes quite a bit of general knowledge to get working great, and once you do, you will have no problems.
Somewhat misleading headline? (Score:3, Insightful)
Shouldn't the headline have been "virus exploiting known Outlook vulnerability" or similar?
So while the headline gives a different impressions, everyone using Opera, Mozilla, The Bat or others are still not affected.
who in their right mind uses html mail? (Score:3, Insightful)
Linux is the solution? I don't buy it. (Score:4, Insightful)
I've said this before, SWITCHING FROM WINDOWS TO LINUX WILL NOT ELIMINATE THE PROBLEM. .zip file prove that.
If a user does not know how to run a windows machine (keeping up to date on patches, running antivirus software, etc) then please explain to me how they'll be able to admin a linux machine. The truth of the matter is, they can't and they won't. The ranting of *nix fanbois aside, the problem exists between chair and keyboard. The email viruses that require you to open a password-protected
I'm certainly not trying to hold up windows as the platform of choice, because it sure as hell isn't mine; but regardless of your operating system of choice, if you're clueless you're clueless; and unless you fix that first, you're not going to fix the overall problem.
Re:Wow, people love to blame Outlook. (Score:4, Insightful)
The virus writers have the source code for Outlook? No wonder there are so many viruses for it!
The solution is easy, but... (Score:5, Insightful)
I'm not saying this to single out Windows users. Most non-professional Mac users are the same way. It's just that Windows is used by people who use what everyone else uses because they feel safe in doing so. They may not know how their computers work, but they're more afraid of looking deviant than having technical malfunctions.
The subconscious refrain of Windows users around the globe is, "Well, at least I'm not the only one with this problem."
Those Windows users who actively try to prepare themselves against the almost daily barrage of new worms, viruses, vulnerabilities, and other Windows annoyances still have a difficult time keeping up with it all. Even experienced Windows power users frequently find themselves overpowered by the ongoing war against malicious code.
So the solution to this vulnerability is simple. But when you look at the situation in context, the potential for widespread havoc is a lot greater.
Re:protecting from viruses (Score:3, Insightful)
The patch for this was released in October 2003. Users should have auto-update up and running if they're using windows. ISPs should make sure users have auto-update on and an anti-virus when they install broadband service.
Re:Switch!!! (Score:5, Insightful)
I'd like to see someone try to write a virus or worm that affects plain-text-only mail readers like Mutt [mutt.org]. That would be a clever hack. I also suspect it'd be damn near impossible to pull off. How badly would you have to screw up something that displays plain text for a vulnerability to appear?
The moron who had the "bright" idea to start sending HTML in email needs to be taken out back and shot.
The answer is obvious. (Score:3, Insightful)
What a stange question to be asked on Slashdot. I figure everyone else here but the poster know the answer. One hint. It starts with a moz and ends with a zilla and can be found at www.mozilla.org [mozilla.org]
Seriously - most of the questions end-users give me regarding their frustration with the internet are answered with that simple website. We do now have a choice of what we can use.... sooner or later we will have to just stop being suprised that anything starting with the word Outlook is a dangerous way to receive email, and abandon it for something safe.
Re: Monoculture is bad (Score:5, Insightful)
No it is outlooks fault (Score:3, Insightful)
Re:protecting from viruses (Score:3, Insightful)
Re:Switch!!! (Score:4, Insightful)
Re:Wow, people love to blame Outlook. (Score:2, Insightful)
Re:Two Words: (Score:4, Insightful)
He isn't saying that 30% of spam is getting through.... He is saying that they are blocking 70% of their incoming mail as it is spam. That means that 30% is determined to be real mail.
Even lesser-used apps (Score:4, Insightful)
Email is also a good candidate for a piece of software to be written in eiffel or ocaml or some other safe language (Java might use too much memory, but there are safe languages that aren't as RAM-intensive). An email client does very little that's computationally expensive.
Groupware (Score:3, Insightful)
Devil's Advocate (Score:5, Insightful)
1. Unless you have a special 'l00s4h' account for running network programs, you can lose anything owned by your normal account. Typically that's all your data (norp, zeraw, 3PMs, financial data, etc). You're saying losing all that stuff is _better_ than losing the core OS, which you can replace over HTTP in 10 minutes?
2. Even with 'l00s4h', if your kernel has priviledge escalation bugs, bad guys can still get r00t. Linux had two of these in the past six months.
3. You've personally audited mutt for overflow issues? How about the 1GB mozilla codebase?
4. You trust Debian? Gentoo? GNU? Even though they don't always cryptographically sign binaries and even though their servers were 0wned a few weeks back?
5. apt-get, emerge, etc don't typically use SSL, so how do you know you aren't being man-in-the-middled when you run it (as root)?
Linux can be made more secure than d0ze--but don't delude yourself, or others.
Re:Not hard (Score:3, Insightful)
It took years to have all the pc's with the same applications installed through managment bueacracy to cut down on support costs. Its not like you can switch 4k corporate desktops at once.
Also to the suits, Outlook is the best mail client today because it fully integrates with Exchange Server for things like Scheduling. Many even have custom VB/VBA apps that take advantage of this functionility with customer order, sheets, special projects calanders, etc.
It is standard and will not go away. They will go crazy even if you could switch 4k desktops in a corporation to Thunderbird due to the lost functionality not to mention applications.
Maybe if we got off our butts and wrote an equilivant mail server with scheduling features and a protocal for clients we might have something to offer the suits as an alternative.
Re:.NET (Score:5, Insightful)
Color me cynical, but didn't MS tout the absolute security of W2k3? And Win2k before that? Sorry, with their record they're guilty until proven innocent.
Re:Switch!!! (Score:4, Insightful)
As for text clients, there's been a few real world mail-based exploits for Pine over the years. Buffer-overflows in date or MIME parsing isn't exclusive to GUI programs.
Re:Check's in the mail. -Bill (Score:3, Insightful)
I get what you're saying in your analogy, but we're talking software here. It's not unreasonable to expect someone to get an update for a program if one is available. That's what it's there for.
If you buy a car, you expect it to be working properly. If it's not, there's a recall. Can't exactly download a patch for your tires. However, it IS your responsibility to drive it properly and to maintain it.
Yes, it is Microsoft's fault for making OE such an open and vulnerable piece of softare, but again, a patch WAS released for this worm MONTHS ago. It would be quite different if this was an exploit that just snuck up on most people out of the blue, but it's not, and these are the cases I'm referring to.
Even Code Red/SQL Slammer. Sorry, but if you got hit by this, it's not MS's fault, but your own since you or your sysadmin didn't apply the patches that came out 3 months prior.
Plugging your system in and expecting it to work perfectly from now till the end of time is extremely naive. I don't care how experienced of a computer user you are, you need to know the potential dangers of being online before you even connect.
Re:How about.... (Score:1, Insightful)
Your post makes no sense.
Duh... how do i avoid viruses? (Score:2, Insightful)
Re:Wow, people love to blame Outlook. (Score:2, Insightful)
Be careful with your rationalizations.
Outlook problem... (Score:2, Insightful)
Apparently that feature is in the Outlook and IE combination only, based on their bugs.
We Mozilla [mozilla.org] users wonder why anyone uses those anymore.
Re:protecting from viruses (Score:2, Insightful)
Preview Pane (Score:4, Insightful)
Disable the Preview Pane (Pain).
It's a stupid feature anyway, it's unsafe by design, and the last thing on earth I want is my computer opening my e-mails without my input.
This is OLD news. The Preview Pane shouldn't even exist until Microsoft can find some way to totally secure it, which probably won't ever happen as long as harmfull tricks can be planted in e-mail.
I've NEVER used the Preview Pane, and I don't miss it one bit. Maybe more so called "computer experts" should stop carrying stupid misconceptions and actually learn the truth behind the stupid ideas they so firmly hold onto.
Re:Simple... (Score:5, Insightful)
After the latest infection on my parents' computer, though mcaffee was installed and auto-updating and eudora, I decided to choose for the first.
I wiped microsoft from the computer and installed gentoo with kde, firefox and sylpheed-claws and I made it autologin into their kde account.
My parents have never been happier with their computer: 'internet is so much faster now' and 'hey that solitaire game is much more fun' and 'that thing allows you to have multiple virtual screens', it even looks better now and I told them they could click on any email virus they wanted.
Re:Simple... (Score:5, Insightful)
People who hide behind virus scanners as if they solve all of the world's problems are part of the problem themselves.
Re:protecting from viruses (Score:2, Insightful)
Better to keep the virus checking in-house IMHO.
Re:Preview Pane (Score:3, Insightful)
Re:Preview Pane (Score:2, Insightful)
Re:Simple... (Score:5, Insightful)
Yes, it's actually impossible to be protected against the 'latest virus that just came out', because it's impossible that your AV vendor has protection against a brand new immediately (unless the AV vendor wrote it themselves). There always must be a "window" between time of discovery of a new virus and the time that your AV is updated to protect against it during which you are vulnerable, and this is typically anything from a few hours to a few days.
But just try to explain this logic to the damn "if you run an AV and keep your definitions up to date you'll have no problems" crowd ..
Re:Simple... (Score:4, Insightful)
Maybe its just me here, but I think that might be a very dangerous way to think about viruses. Sure there aren't that many viruses know to affect Linux boxes, but one nasty one, possibly written by a Windows geek who's fed up with your kind of thinking, could do a lot of damage. Combined with the simplistic idea that "I have linux, no virus can touch me" and the growing popularity of Linux, I see a growing potential for harm.
The answer is very simple... (Score:3, Insightful)
It is amazing how the Convicted Monopolist has managed to make a near-monopoly of the email client, and how people are so easily fooled into using such dangerous, insecure, bug-ridden trash. It does not even have a particularly good user interface.
The answer is in your hands!
Note to Sir Bill: You can't fool all of the people all of the time.... The end of your illegal monopolistic reign will come shortly, when your shareholders rebel, after the European judgment causes a collapse in the share price. And don't bother trying to get a job in software anywhere, your incompetence is not wanted anywhere.
Re:Switch!!! (Score:3, Insightful)
You are quite right. But that's most important only to why windows is targetted, and not why virii in this context are such a problem. Moreover, targetting is undoubtedly correlated with perceived success, so another key factor is how well the virus "does."
To be successful, it only seems reasonable that a virus needs both a vulnerable host design, and a reasonable number of potential hosts within reach of each other. Propagation won't be effective if there are too few victims, too poorly connected. Better connectivity is at least loosely implied by abundance---it doesn't have to be a monoculture, but the more like one it is the better it is for viral transmission.
It's a tradeoff between the easy and the plentiful, with i agree a strong emphasis on the easy. Thinking about it further, there are probably a number of other weights in the equation too: chance of punishment for the virus writer, impact of each individual infection, peer-acceptance (windows=bad, linux=good),
hmm: weight these factors, empirically test & refine, publish master equation of virus writer motivation, enjoy eternal fame...
Re:Simple... (Score:5, Insightful)
The problem is most windows users do run as admin (That's the way it came from the store. They'd run it as 'root' as installed if they had a Linux box. They just don't know better). Most also don't do backups, which is the critical part. Most machines bought these days come with a 'restore' CD that can have the system back to original shape in a hour or two, but the critical thing, the users data is still gone. It doesn't matter if you are on *nix or windows, their is usually a lot more time/value lost in losing the user space files than in simply reinstalling the OS/apps. *nix viruses will do just about as much damage if the user runs something they shouldn't.
It's not an OS thing, it's a user education thing.
Re:Simple... (Score:4, Insightful)
Re:Simple... (Score:5, Insightful)
Case in point: Omnipage.
We have an older version of Omnipage. I forget the logic behind not upgrading, but we'll leave that as an aside.
If you run as anything other than an Administrator, the application appears to freeze at startup. What's really happening is that the splash image is concealing an error message. You have to know the windows shortcut keys necessary to either move the error message until it's visible or just hit the "YES." Once loaded it's still a mess, and can't open any files.
Long story short, in order to be able to use a software package that has become critical to our business process, we have to have a bunch of users running as the administrators on their local machines. W2K "Run As" doesn't cut it, as the problems still occur.
Re:Duh... how do i avoid viruses? (Score:3, Insightful)
Frankly, I'm very tired of all the whining from MS users. There is a solution to your problem. You have been told hundreds of times what the solution is. If you refuse to listen, there is nothing I or anyone else can do to help you. If you continue to use MS email products, you WILL get hit again, and again, and again. Are you waiting for malware that formats your hard drive? Maybe one that subtly changes all your documents / spreadsheets? How about another one that spreads your confidential data to your competitors...
While I won't miss the whining, I will miss the humor aspect or watching people wring their hands, run around with their heads cut off, pontificating security "experts", etc.
Easy... (Score:3, Insightful)
Re:Simple... (Score:4, Insightful)
Re:How about... (Score:3, Insightful)
The pop thing is a kludge because not only do you have to not download her email, but she has to not download yours. If either of you make a mistake it's a pain.
With IMAP if a few get in the wrong category you can simply mark them as unread and drag them into the appropriate folder, as if they never went in the wrong place originally.
Re:protecting from viruses (Score:3, Insightful)