Nasty New Virus Variants 1050
Lucidus writes "Numerous journals, such as Mac Daily News and The Motley Fool, are reporting that the latest versions of the Beagle/Bagle virus can infect users' computers whether or not they open an attachment. Apparently, the simple act of selecting the message activates the code. Given that you have to select an E-mail to delete it, how are users supposed to protect themselves from this one?"
Simple... (Score:4, Insightful)
Re:Simple... (Score:5, Informative)
I has served me well. Catches a lot of the spyware that my favorite pr0n sites try to push me, too.
Re:Simple... (Score:5, Funny)
Re:Simple... (Score:5, Informative)
This has ALWAYS been the case when it comes to Outlook and Outlook Express. The Preview will execute the code contained within the mail message in exactly the same way as if you had opened it. It has been this way for a few years. This is what Valve's Half-Life 2 Lead programmer claims happened that lead to the leaked source code for HL2.
Re:Simple... (Score:5, Informative)
Re:Simple... (Score:5, Funny)
And that's why I've always had the Preview pain switched off.
That's such an apt mis-spelling.
What to do (Score:5, Informative)
Also nice are programs that let you delete the email at the server before you download, such as mailwasher [mailwasher.net], and with free versions.
Of course, there are a number of alternate email clients out there that will also help block this beastie
Re:Mod Parent Down (Score:5, Informative)
Well, actually, I do well helping out joe sixpack with exactly this sort of thing. Not everyone is a programmer.
and you might be interested in these articles
Eric Raymond's rants: Part Onet ml
http://www.catb.org/~esr/writings/cups-horror.h
Some follow-ups:e ux.html
http://www.catb.org/~esr/writings/luxury-part-d
And mind you, I really don't like bill gates, either. So your criticism might be slightly off base. have a beer or take a pill, please
Re:Simple... (Score:5, Insightful)
After the latest infection on my parents' computer, though mcaffee was installed and auto-updating and eudora, I decided to choose for the first.
I wiped microsoft from the computer and installed gentoo with kde, firefox and sylpheed-claws and I made it autologin into their kde account.
My parents have never been happier with their computer: 'internet is so much faster now' and 'hey that solitaire game is much more fun' and 'that thing allows you to have multiple virtual screens', it even looks better now and I told them they could click on any email virus they wanted.
Re:Simple... (Score:5, Insightful)
The problem is most windows users do run as admin (That's the way it came from the store. They'd run it as 'root' as installed if they had a Linux box. They just don't know better). Most also don't do backups, which is the critical part. Most machines bought these days come with a 'restore' CD that can have the system back to original shape in a hour or two, but the critical thing, the users data is still gone. It doesn't matter if you are on *nix or windows, their is usually a lot more time/value lost in losing the user space files than in simply reinstalling the OS/apps. *nix viruses will do just about as much damage if the user runs something they shouldn't.
It's not an OS thing, it's a user education thing.
Re:Simple... (Score:5, Insightful)
Case in point: Omnipage.
We have an older version of Omnipage. I forget the logic behind not upgrading, but we'll leave that as an aside.
If you run as anything other than an Administrator, the application appears to freeze at startup. What's really happening is that the splash image is concealing an error message. You have to know the windows shortcut keys necessary to either move the error message until it's visible or just hit the "YES." Once loaded it's still a mess, and can't open any files.
Long story short, in order to be able to use a software package that has become critical to our business process, we have to have a bunch of users running as the administrators on their local machines. W2K "Run As" doesn't cut it, as the problems still occur.
Re:Simple... (Score:5, Insightful)
People who hide behind virus scanners as if they solve all of the world's problems are part of the problem themselves.
Re:Simple... (Score:5, Insightful)
Yes, it's actually impossible to be protected against the 'latest virus that just came out', because it's impossible that your AV vendor has protection against a brand new immediately (unless the AV vendor wrote it themselves). There always must be a "window" between time of discovery of a new virus and the time that your AV is updated to protect against it during which you are vulnerable, and this is typically anything from a few hours to a few days.
But just try to explain this logic to the damn "if you run an AV and keep your definitions up to date you'll have no problems" crowd ..
Re:Simple... (Score:5, Informative)
Don't forget that the Witty is entirely memory resident so most (if not all) virus scanners will miss it...
protecting from viruses (Score:4, Interesting)
Re:protecting from viruses (Score:4, Insightful)
Re:protecting from viruses (Score:5, Insightful)
Re:protecting from viruses (Score:5, Informative)
If people patched their computers, the virus would not have an effect on the computer. Atleast not this one.
By strip all executables... (Score:5, Funny)
Re:protecting from viruses (Score:5, Informative)
It used to be possible to say an e-mail with no attachments was safe, but today's virus of the day is proving that wrong... just using an IE bug in an HTML e-mail is enough to cause trouble.
So, really... nothing's safe. I'm sure somebody will find a buffer exploit for plaintext mail in Outlook someday...
Re:protecting from viruses (Score:5, Funny)
Perhaps it's really only "full power" in the sense that it's given the power to clobber your stuff. To me it brings to mind a visual of a child being handed a flamethrower. Sure, he can use it, but shouldn't such things be restricted to adults?
Re:protecting from viruses (Score:5, Informative)
VBA doesn't actually have anything much missing from the VB6 command set. The only thing it's really missing is the ability to make compiled executables, that VBA programs can only be embeded in certain MS filetypes. It's a much bigger power tool than most people expect...
VBA is useful (Score:4, Interesting)
I spent a large part of my last job writing custom Excel applications in VBA. Most of them were for engineers who wanted an easy yet flexible way to input and summarize data. Excel provides an interface they're already familar with, and I provided a few bits of VBA code to make complicated tasks easy. Sure, I could have written a custom application for each task, but that would have been overkill, not to mention a waste of my time and my employer's money.
The virus writers started to piss me off when we switched to Office XP. XP automatically sets your macro security to maximum, and it became a big hassle to tell my users to lower their security. Anymore, they don't trust any macros, even from someone in the same company. (In anticipation of someone mentioning signed macros: setting up my cert on every computer is no easier than setting the macro security to medium.)
Re:protecting from viruses (Score:5, Informative)
This is so true...unlike spam, it's quite possible to detect 100% of known viruses with no false positives. That's because every virus must contain essentially the same payload. Viruses simply can't vary their content as much as spam can, because it has to result in executable code, plus some MIME trick or IE/Outlook exploit, either of which have no legitimate use and could be detected easily.
I started running ClamAV [clamav.net] on my mail server a couple of weeks ago (after seeing a recommendation for it on Slashdot) and since then I have seen my viruses go down from 500 a day to 1 a week. I manually looked through thousands of the held messages and found no false positives, so now anything that ClamAV scans goes directly to
I have no idea why all ISPs don't use ClamAV! Obviously they don't need to throw messages away, just in case - advanced users might prefer that messages probably containing viruses just be quarantined instead - but that would eliminate the problem for most people.
Re:protecting from viruses (Score:5, Informative)
My school's mail server, after getting slammed very hard by er... one of them a couple months ago (I can no longer keep up with which virus is which), installed something that I think is called Vscan. What it does is sends you an email which informs you that you were sent a message with a virus attached, and gives you a link with a generated username (usually the "from" email address) and password to view the message... if you really want to.
I like this system, because it's soooo much easier to filter those messages as Junk than all the random stuff that might be thrown together by a virus
Re:protecting from viruses (Score:5, Funny)
No, I don't really remember those days. I used a Mac.
--Richard
Re:protecting from viruses (Score:5, Informative)
Joking aside, be careful that you check the exact exit code that you need to determine whether ClamAV found a virus or not. I was using a script called clamfilter.pl that someone else wrote. Since I was in a hurry, I went ahead and stuck it in my procmailrc without checking into it much. It seemed to work for quite a while. When one of the MS virus storms hit, I started sending all the viruses to /dev/null like you are. This turned out to be a mistake.
At some later point, we had a hard drive disaster that left most of /usr unreadable. However, the mail server was still running, and still using clamav to filter mail. Due to one of clamav's files becoming unreadable, clamav started exiting with a nonzero exit code, but not because it was finding a virus in the mail. Hence ALL mail went to /dev/null for a few days while the system was being rebuilt, and we didn't discover it until afterwards. I filed a bug with the clamfilter forum, but up till now the author hasn't fixed his (IMO dangerous) code that he is offering for general use.
The moral of the story is, if you are sending mail to /dev/null in ANY case, be damn sure that you are properly checking clamscan's exit code.
Re:protecting from viruses (Score:5, Funny)
I got some nice swamp land in Florida for you if you're interested.
Re:protecting from viruses (Score:5, Informative)
Its pretty cheap, and I've not had to worry about any email virii for years.
I'd (personally) like to see more companies (or even ISPs) going this sort of route as not only does it take the hassle away from sysadmins
(so you don't have to drive in at X in the morning to apply a patch), but it consequently helps reduce the rate of spread.
Re:protecting from viruses (Score:5, Funny)
Virii virii virii!
Re:protecting from viruses (Score:4, Insightful)
Now, one side of this is that SMTP needs (and lacks) a "this particular message will always be refused" error code. That would work well for virus filters, since the delivering system (eg Yahoo) could them just discard that message and continue with everything else.
The real fix is not to use these buggy mail clients. Like M$ LookOut!
And, though it's not applicable to the outright-buffer-overflow viruses like this one, not to use systems with the vile design flaw of letting users click on attachments and execute stuff. For example, my mutt mail reader has a mailcap that drives its attachment handling. Every clause runs a viewer. If I get a .exe I get told its size or offered an opportunity to save it to disc. It does not offer or try to run it.
This core distinction is the weakness in the windows mail world:
no attachment should have executable power. An explicit user driven
install ritual should be needed to get such a thing into
a context where it can be run.
i.e. it should be a safe action for a user to double click
any attachment - that act should always invoke a viewer of some kind.
Re:protecting from viruses (Score:5, Informative)
Obviously the mail client is not the problem. The user is
(And if you're wondering why the virus is encrypted, it's so it passes through filters. Encrypting with a random password has the nice side effect of randomizing the data. So there are no known strings to filter on. Pretty clever.)
Yes and No (Score:5, Informative)
AV solutions can and do break. Our's did at my provider. We still haven't got it back online. Our users have had to endure the full brunt of infected email for far too long.
No single AV solution can be up-to-date at all times. For starters we can't update our virus definitions within minutes of a newly discovered virus. It just doesn't happen. AV companies couldn't afford the bandwidth without raising our costs beyond what's considered reasonable. Free solutions such as ClamAV [clamav.net] certainly couldn't afford it. Also, not all AV companies discover viruses at the same time. F-Prot might find the latest version of MyDoom before Symantec does. The fact that they found it means it's already in the wild as someone has had to analize it, create a patch for the defs to match this virus, get the patch through Q&A, and get it approved for the next release. There could be numerous hours between the virus getting into the wild, being discovered, being analyzed, and being caught in the latest virus defs.
Finally no defense of any kind should ever be one layer thick. One layer thick means you have no backup plan. No backup plan means you have no contingency for failures. No contingency for failures means your DRP (disaster recovery plan) has either been written fraudulently or you don't have one. In today's business world that means you'd better start updating your resume. A provider's mail system should not be the only line of defense from email-based viruses. Every single end-user desktop should have an up-to-date AV tool scanning all mail ahead or as a companion to the MUA. This is the *only* acceptable means of defense. You have to have end to end protection.
Many AV company's licensing scheme take both mail system users and desktops into account. Read the wording carefully because you may very well be able to use the end-user license to cover that user's part of the mail system....
Re:protecting from viruses (Score:5, Interesting)
False positives aren't that bad if you handle them well. The trick is to never silently discard an email. It's much better to send a friendly error message like:
I do this with a 5xx rejection during the SMTP session. So what happens is:
Switch!!! (Score:4, Insightful)
Well, this one is gonna start a whole slew of flaming and trolling over the virtues of one platform over another as it is kinda a loaded question with a simple answer:
Switch
So let's start right off with a big razz towards Windows users from both the Linux and Macintosh communities.........
Thhhbibibibibbbpt!!!
Seriously though, when are you guys gonna get the picture? Microsoft if chasing a moving target here and they will always be behind the curve, reacting to the latest virus outbreak until they fix what is fundamentally wrong with the Windows architecture. Hopefully this will happen with Longhorn in 2006......or 2007.........or whenever.
Re:Switch!!! (Score:4, Insightful)
How about all the windows users check out Mozilla Thunderbird. You can keep your nice, friendly OS, and still not have to worry about insanely sad security. http://www.mozilla.org
However, if you're feeling a tad adventurous, then by all means check out the alternative OS choices. Need some names? Check out FreeBSD, Red Hat (Fedora Project), Mandrake, and there are plenty more on distrowatch.
Re:Switch!!! (Score:5, Insightful)
i use both windows and linux machines day to day.
on my windows machines, i've activated the built-in firewall and use Mozilla Thunderbird for mail and Mozilla Firefox for web browsing.
i have zero problems with viruses or worms.
The real culprits here are IE, MS Outlook (& Express).
Even lesser-used apps (Score:4, Insightful)
Email is also a good candidate for a piece of software to be written in eiffel or ocaml or some other safe language (Java might use too much memory, but there are safe languages that aren't as RAM-intensive). An email client does very little that's computationally expensive.
Linux is the solution? I don't buy it. (Score:4, Insightful)
I've said this before, SWITCHING FROM WINDOWS TO LINUX WILL NOT ELIMINATE THE PROBLEM. .zip file prove that.
If a user does not know how to run a windows machine (keeping up to date on patches, running antivirus software, etc) then please explain to me how they'll be able to admin a linux machine. The truth of the matter is, they can't and they won't. The ranting of *nix fanbois aside, the problem exists between chair and keyboard. The email viruses that require you to open a password-protected
I'm certainly not trying to hold up windows as the platform of choice, because it sure as hell isn't mine; but regardless of your operating system of choice, if you're clueless you're clueless; and unless you fix that first, you're not going to fix the overall problem.
Re:Linux is the solution? I don't buy it. (Score:5, Funny)
Re:Linux is the solution? I don't buy it. (Score:5, Funny)
No idea. An unfortunately MacOS X is also well known for it's extreme complexity and difficulty to use.
Jedidiah.
Re:Switch!!! (Score:4, Informative)
It's ridiculous that more viruses (or worms) come through email than through any other means. I predict that someday soon, people will stop using Outlook [Express] and start getting their viruses through Internet Explorer, Samba shares, or straight through the wire (smashing the IP stack). Maybe then it really will be important to switch to Linux.
I agree, people should switch, but if people used Windows with more intelligence... Well, maybe people wouldn't want to switch, which would be a Bad Thing, so maybe I should keep my mouth shut.
Re:Switch!!! (Score:5, Insightful)
The reason most (or all) viruses are written for Windows is because that's where they'll do the most damage, since most people use Windows.
All fine and well, but it will help you if you switch, because then you'll be joining the happy minority that don't worry about such things.
Of course if everyone switches it will be a problem, but really, what are the odds of that actually happening?
It;s all fine and well to say "If everyone switched we'd still have the same problems with viruses", but realistically, everyone isn't going to switch. A lot of people are heavily locked into their current platform - so, if you can, switch...
Jedidiah.
Re:Switch!!! (Score:4, Insightful)
I use Outlook 2003 every day with an up-to-date virus scanner and I maintain my Windows XP with Windows Update regularly.
Every virus I get is automagically snagged by Norton AntiVirus before it can do any harm.
My Windows 2000 server running IIS is fully visible to the public, and it never gets hacked. Know why? Because I can properly configure IPSec and maintain my patches.
Maybe the solution is not "OMG SWITCH TO LUNIX LOLLERS", but rather, educate the Windows users better. Make them more intelligent and clue them in to what they need to do to not fuck up their system.
People often tout Windows as "it's so easy my dead grandmother can do it" but I've learned in my years of sysadmining that Windows takes quite a bit of general knowledge to get working great, and once you do, you will have no problems.
Re:Switch!!! (Score:5, Funny)
General knowledge... and a whole lot of voodoo! -matthew
Re:Switch!!! (Score:4, Insightful)
Re:Switch!!! (Score:5, Insightful)
My mail client (mutt) does not run under an account that has full access to the entire system. Instead, it runs as me, and cannot replace parts of the OS even if it wants to. So it can't do things like replace part of the TCP/IP stack -- a popular Windows worm/virus trick.
My mail client does not automatically execute things sent to it. Instead, it shows me the text included in a file, and if I want to, I can open an external program to view it (like a movie player.) But under no conditions does it execute the email as a program, unless I save it to a file myself and execute that.
Re:Switch!!! (Score:4, Interesting)
Re:.NET (Score:5, Insightful)
Color me cynical, but didn't MS tout the absolute security of W2k3? And Win2k before that? Sorry, with their record they're guilty until proven innocent.
Devil's Advocate (Score:5, Insightful)
1. Unless you have a special 'l00s4h' account for running network programs, you can lose anything owned by your normal account. Typically that's all your data (norp, zeraw, 3PMs, financial data, etc). You're saying losing all that stuff is _better_ than losing the core OS, which you can replace over HTTP in 10 minutes?
2. Even with 'l00s4h', if your kernel has priviledge escalation bugs, bad guys can still get r00t. Linux had two of these in the past six months.
3. You've personally audited mutt for overflow issues? How about the 1GB mozilla codebase?
4. You trust Debian? Gentoo? GNU? Even though they don't always cryptographically sign binaries and even though their servers were 0wned a few weeks back?
5. apt-get, emerge, etc don't typically use SSL, so how do you know you aren't being man-in-the-middled when you run it (as root)?
Linux can be made more secure than d0ze--but don't delude yourself, or others.
Re:Switch!!! (Score:5, Interesting)
So IIS has had more security issues than Apache and SQL server more than Oracle becuase they are more widely used right? Oh...
There has not been ONE single Linux virus that has propagted in the wild: given the huge nubmer of viruses out there I would have thought someone* would have written and released one for Linux just to show it can be done.
* probably one of those fanatical Windows apologists who think that Linux users are communists** or worse
** despite the fact that it is MS that advocates central planning.
Re:Switch!!! (Score:5, Interesting)
That is more myth than truth. Most virus writers target MS due to simplicity. Read any of the online articles that dealt with interviews of a number of virus writers and you will see that they target not the plentiful system but the easiest.
If nothing else, consider the case on servers. Apache is now fully 2/3 of all servers, yet IIS accounts for the majority of break-ins.
Likewise, if you watch the credit cards that are stolen, they have been nothing but IIS for about 3.5/4 years. The last url to have CC's stolen that was not MS induced was playboy which uses Sun
Re:Complete lie (Score:5, Informative)
I saw the study. It was done the British group Mi2, who is about as useful as IDC or Gartner, with their own vested interest. In almost every situation, the Linux openings were simple PHP's being hit on systems with multi domains rather than the systems being owned. Too be honest, I would love to see a company/group without a vested interest do a real study and report the numbers.
BTW, even though your BSD statement was a simple red herring, I suspect that it has merit.
Re:Switch!!! (Score:5, Insightful)
I'd like to see someone try to write a virus or worm that affects plain-text-only mail readers like Mutt [mutt.org]. That would be a clever hack. I also suspect it'd be damn near impossible to pull off. How badly would you have to screw up something that displays plain text for a vulnerability to appear?
The moron who had the "bright" idea to start sending HTML in email needs to be taken out back and shot.
Re:Switch!!! (Score:4, Insightful)
As for text clients, there's been a few real world mail-based exploits for Pine over the years. Buffer-overflows in date or MIME parsing isn't exclusive to GUI programs.
Re:Switch!!! (Score:4, Informative)
If everyone switches to wearing condoms or practicing abstinence then you'll start to see AIDS mutations that jump through the air or something.
That is nonsense. A HIV strain that propagates through the air will be strongly favored whether people practice safe sex or not, because people breathe more than they have sex. Taking precautions against venereal spread of HIV will do nothing to increase the mutation rate of the virus.
Two Words: (Score:5, Funny)
err...
One word, hyphenated.
Re:Two Words: (Score:5, Funny)
How can you get a 0.1% false negative rate when 30% of spam is getting through?
Re:Two Words: (Score:4, Funny)
Who claimed they were blocking all the spam? Obviously they intentionally allow about 29.9% of the spam on average.
Re:Two Words: (Score:4, Insightful)
He isn't saying that 30% of spam is getting through.... He is saying that they are blocking 70% of their incoming mail as it is spam. That means that 30% is determined to be real mail.
1 answer. (Score:4, Insightful)
Re:1 answer. (Score:4, Insightful)
Unless your IT department cluelessly refuses to turn on IMAP4 "for security reasons."
Not a problem at all! (Score:4, Informative)
I found that out when I started work at a new company with my PowerBook. Connect to the Exchange via IMAP4 for mail, point the address book at the exchange server via LDAP. iCal wasn't around then, but using that along with groupcal would allow you to do your calendaring, and all without using a single 'authorized' MS client.
On windows...dunno, perhaps there something similar to the groupcal/ical combo to get your calendaring done without Outlook, but I'm not aware of one offhand.
I know when I want virus info (Score:4, Funny)
Aside from... (Score:5, Insightful)
I don't know. Webmail, one of the numerous non-vulnerable email clients for Windows, maybe give up email entirely [stanford.edu]?
Monoculture is bad (Score:5, Insightful)
But as there are way too many deployments of Outlook as it is, and because it is Outlook/IE that is being exploited, the first solution would be to increase diversity in that field. Other mail clients, such as Thunderbird, or Eudora, will thrive while Outlook continues to succumb to these new diseases.
Oh who am I kidding, Outlook will continue to wreak its wrath upon the Net and cause us to all suffer as a result.
Re: Monoculture is bad (Score:5, Insightful)
> But as there are way too many deployments of Outlook as it is, and because it is Outlook/IE that is being exploited, the first solution would be to increase diversity in that field.
IMO e-mail viruses don't result from monoculture; they result from bad software design. Namely, e-mail clients that execute attachments.
We'd have Linux e-mail viruses in a minute if the popular e-mail clients added support for automatic execution of attachments. (Assuming anyone was foolish enough to use them.)
Re: Monoculture is bad (Score:5, Insightful)
Not just clicking on it (Score:5, Interesting)
how to fix (Score:5, Insightful)
Anyway, according to this article here, [newsfactor.com]
"Bagle exploits a flaw in Outlook, revealed in October of 2003, that allows a hacker to upload and execute a file on a user's PC without that user opening the file. Microsoft has issued a patch for the flaw in October, but users who have not updated their systems with this patch are at risk."
If you run an MS machine, and don't know that you have to update regularly, you need your head checked. Besides, updating an MS machine really is easy.
Re:how to fix (Score:5, Informative)
James
Download Email Headers Only (Score:4, Insightful)
Actually, I use my own program to download headers, score them for likely spam, delete the garbage emails(without ever downloading the actual content), then start outlook to get the real ones.
Obviously, if a legit sender transmits a virus, it's a problem, but I guess that's why I pay Symantec.
well... (Score:5, Funny)
place 2 other junk emails around it, select the top 1, hold shift, select the bottom one.... DELETE.
How about... (Score:5, Insightful)
Yes, I wrote it. I wrote it because 99% of the messages I receive in HTML format are advertising. Most of those use dinky little images with referrer IDs to verify your email address is valid. The 1% I really need to see in HTML
I know it's going back to the dark ages, but maybe NOT running javascript, html, etc is actually GOOD when it comes to emails.
I'm not advertising this thing, it's freeware anyway. I was a moderately happy Outlook Express user for years, but the lack of spam torturing implements drove me to write my own. Yes, I tried Mozilla, Eudora, etc etc. I think Thunderbird looks interesting too, and I recommend it. But personally I can't do without my POP3 preview window with colour tagging for spam, valid mail, blocked senders, ignored, etc. And deleting stuff before download. And bayesian filtering. And anything else I feel like adding, whenever I want to.
All you poor poor Outlook users (Score:5, Insightful)
Proud user of Pine since 1994. Thank you, Univ. of Washington!
? HELP - Get help using Pine
C COMPOSE MESSAGE - Compose and send a message
I MESSAGE INDEX - View messages in current folder
L FOLDER LIST - Select a folder to view
A ADDRESS BOOK - Update address book
S SETUP - Configure Pine Options
Q QUIT - Leave the Pine program
Copyright 1989-2003. PINE is a trademark of the University of Washington.
? Help P PrevCmd R RelNotes
O OTHER CMDS > [ListFldrs] N NextCmd K KBLock
This is really old news (Score:5, Informative)
In a nutshell, Microsoft uses the filename extension, not the mime type, to decide how to open a particular file. On the other hand, Outlook uses the mime type to decide whether or not to automatically launch images, sound files, etc. So all you had to do was to send a mail with an embedded image with a filename ending in
It has been more than a year since Microsoft crippled^H^H^H^H^H^H^H^Hfixed IE/OE sufficiently to remove this vulnerability.
I must concur with previous posters that the best approach is to avoid these software products.
Generic Rant (Score:4, Insightful)
Re:Generic Rant (Score:5, Funny)
Wow, people love to blame Outlook. (Score:5, Informative)
I'm sure that if someone wanted to take the time and analyze the source for Thunderbird, they could easily write the same type of worm/virus. However, you won't get the same type of media coverage that the others written for mainstream products will get. And yes, MS does write some exploitable code.
Most users who aid in the spread of these viruses/worms are ignorant. Time after time, news report after news report, they CONTINUE to fail to keep their systems up to date.
What's funny is each and every mainstream worm has been written AFTER the patch has been released.. and it's not like the day/week after, it's 5-6 months after. That's sad.
Re:Wow, people love to blame Outlook. (Score:4, Insightful)
The virus writers have the source code for Outlook? No wonder there are so many viruses for it!
Re:Wow, people love to blame Outlook. (Score:5, Informative)
I'm not, for several reasons:
1. Thunderbird has never thought implementing auto-launch of executables embedded in email was a good idea.
2. If you're using Thunderbird, you're probably using Firebird, and it's not as likely to try to do what the malformed HTML tells it to.
3. Even if you *do* manage to get Firebird to do it, it's not part of the operating system, and isn't likely to be able to do really nasty stuff to your computer.
Re:Wow, people love to blame Outlook. (Score:5, Interesting)
a) Failed to solve the problem in the first place,
b) Caused another problem to appear in a seemingly unrelated application, resulting in significant time spent debugging, uninstalling, and otherwise wasting time for something I had no control over,
c) Ended up adding significantly to the amount of unusable space on my Windows XP system,
d) Added considerably to the bloat of the System Registry.
I moved our entire company off Windows to SuSE Linux after one of our primary public facing servers became infected with a worm which enterprising hackers used to store (and later serve) German porn movies. This despite our sysadmin religiously installing patches.
That is a big part of the reason why I no longer find the argument that Windows is just simply the largest target even remotely accurate. My sysadmin also does some coding work, and every patch that needs to be uploaded reduces his profitable time; to have something that compromises the integrity of our system in such an egregious manner is not acceptable.
I would rather have a good sysadmin that knows what he's doing maintaining a secure Linux system than having a less competent sysadmin maintaining a Windows system because the system tools are easier to use, even if it means paying more to the Linux admin.
Lame Post, Lame Articles (Score:5, Funny)
It occurs to me that both of the articles in the post are extremely light on facts. Furthermore, one of them has the rather pithy headline "Five new Windows Bagle virus variants break nasty new ground; Macintosh unaffected". Frankly, I don't care enough about the story to go hunting for news from appropriate sources like Symantec or McAffee, but it would be nice to see /. posters and/or editors go the extra mile to get out there and find information that is slightly higher than tabloid-quality.
Normally, I would bite my tongue on something like this, but it seems pretty obvious that in this case, the underlying theme of the article is "ha ha, isn't Microsoft terrible", which is pretty juvenile and meaningless. Here's a company that provided - in October - a working patch to prevent the flaw that is exploited by this virus. I'd say that's pretty reasonable, given the circumstances.
[Cue flames.]
Nothing New (Score:5, Informative)
This is nothing new. Leigh Stivers of DP Technology, researching in the wake of ILOVEYOU from May 2000, demonstrated in the fall of that same year [com.com] that anything goes with poor products like Microsoft Outlook.
This revelation, like ILOVEYOU and all that followed, did nothing to move the masses away from their bad habits. AnnaK followed, and after that things only got worse, and still we find people trying to batten down the hatches and still use Outlook and Swiss cheese Microsoft technology.
So how do you avoid threats like these new Bagles? Easy. You stop using Windows because you're supposed to be smarter than that at this point in time - after getting the shit kicked out of you for four years straight.
Second, if you're simply too lame to abandon your beloved Windows, then you at least abandon Outlook and all IE-related email technologies such as Eudora. Any email client relying on Internet Explorer is a sitting duck, and you know it.
I am not telling anyone anything they do not already know; even posing such a question - 'how in heavens will we protect ourselves now?' - is so lame it's beyond description.
The Bagles are hardly the worst threat right now anyway. Phatbot is out there, harvesting machines like they're going out of style, and coming ever closer to the first million mark. This is outright organised crime. The machines are left as backdoored P2P bots and can harvest bank account details, credit card details, passwords all over the place, and the corrupted machines can be used in further spam attacks - where the unwitting, claiming ignorance and helplessness, go ahead and click on things and use Windows and Outlook and then ask 'how can we protect ourselves?'
It's not interesting anymore. There's no point in trying to help those who categorically refuse to help themselves and take the necessary steps to be safe. The only concern, voiced for years now, is that these ignoramuses are ruining the Internet for the rest of us - and that is a very real and very justified concern.
Four Years Old (Score:5, Informative)
http://radsoft.net/news/roundups/luv
May 8, 2000 0:00 AM UTC
This is getting ridiculous. An email appears in Outlook's inbox, and even before the user does anything, a message pops up on the screen. 'Had this been a real virus, you would not be happy', it reads. The relieved user clicks 'OK' and another box pops up.
'Deleting hard drive now... Just kidding!'
It was written by Leigh Stivers of DP Technology, who is trying to draw attention to a hole in Outlook that is far more dangerous than the ones ILOVEYOU found - this hole allows any email to be loaded invisibly with a destructive program that could go as far as deleting an entire hard drive.
Unlike viruses like ILOVEYOU or Melissa, these programs have no attachment and give no indication that they are anything other than ordinary email.
And with Outlook's factory defaults, this program - which might have been set to wipe your entire hard drive clean - can start running without you having to click a thing, before Outlook even tells you mail is there.
'The script can do almost anything', said Stivers. ''We were amazed to see how open everything was in house here, and we take security pretty seriously.'
You shouldn't have been amazed, Mr. Stivers. But thanks for the tip. We shall now visit the C|net link and read the article and within 30 minutes be running a better email client - for this writing on the wall is surely enough for even the lamest Outlook user?
http://news.com.com/2100-1001-240189.html
Simple rules for avoidance (Score:4, Informative)
1) Disable the preview pane. View messages by double clicking them. That way you're never forced to view a message you haven't made the decision to view, either by trying to delete it or by it being the top message in your inbox. This also helps to reduce spam, because spams with linked images can be used to verify that you read the email.
2) Only view email you trust. For the rest, view the message source or ignore the message.
3) The above will stop 99% or more of email viruses out there. To further reduce the risk, patching frequently and using a spam filter helps. Virus scanners like AVG also help but you can expect a noticeable slowdown in system response if you use one. I don't. No virus problems ever in 12 years.
Solution (Score:5, Informative)
From best solution to workaround:
1. Don't use a Microsoft E-mail client
2. Use a virus-scanner that catches it before it is opened
3. You do not *have* to view an e-mail in order te delete it, if you close the preview pane you can delete it without viewing (even in Outlook Express). This is not exactly what I'd call convenient, though.
Re: How about.... (Score:5, Funny)
d. Read your mail on someone else's computer
Re:How about.... (Score:5, Insightful)
Mozilla Thunderbird is a great lightweight email client replacement for Outlook. Your average home user who has an imap or pop account from an ISP really has no good excuse not to uninstall Outlook from their machine and switch. Corporate users on the other hand are a little more screwed, since many of them use Exchange servers that don't have OWA turned on and/or aren't Exchange 2000/2003, which precludes using Evolution's commercial plugin to get calendaring integration and whatnot. However corp users that do meet those server-side requirements can do so. Or if you don't use or need the calendaring part in your organization and the exhcnage server has IMAP, then you can also go Thunderbird there too.
another alternative (Score:5, Informative)
It really ensures the user wants to open attachments to emails, and it integrates fine with Norton Antivirus. It even comes with a Bayesian Spam filter (Which really works, once you get a lot of spam emails for it to learn from).
The Bat is a great program, and it's really improved, especially over the past year.
Comment removed (Score:4, Interesting)
Patch was available on October (Score:5, Informative)
I dont know why slashdot posted this particular fact-free article and with the "what are users supposed to do?" tagline.
The patch is six months old, people. This isn't some major zero-day exploit that is tearing the internet apart.
I use firefox/tbird on windows, but still, lets be sensible here. People can use the IE/OE combo without too much fear as long as they keep auto-update running.
Re:How about.... (Score:4, Insightful)
Re:Not hard (Score:4, Insightful)
Re:Not hard (Score:5, Funny)
There are tons of other options out there that aren't vulnerable, such as Mozilla and Thunderbird.
Thank you for telling me this!! As a Slashdot reader, I never would have known that Microsoft's products suck and far superior open source equivalents exist!
Everything I ever read on Slashdot has been pro-MS propaganda until your brilliant comment escorted me out of the cave of ignorance to the enlightened world above!
My eternal thanks.
Yes They Are Sexually Transmitted (Score:4, Insightful)
Re: My Photo by Cindi
Re: Hi Sweetheart by Melissa
Re: From you Secret Admirer by Linda Lovelace
etc.
Moderate this comment
Negative: Offtopic [mithuro.com] Flamebait [mithuro.com] Troll [mithuro.com] Redundant [mithuro.com]
Positive: Insightful [mithuro.com] Interesting [mithuro.com] Informative [mithuro.com] Funny [mithuro.com]
Re:Well, its pretty easy actually.... and painful (Score:5, Informative)
The problems come about when you have a bunch of software set up together that works. Then MS goes change something in IE and Acroreader stops working forcing you to go upgrade or reinstall acroreader. Things seem OK for a while, then something else stops working...
This is fire-fighting of an out of control software platform. It is not exactly a great user experience. MS stuff was never really designed to be hooked to the internet.
The solution is easy, but... (Score:5, Insightful)
I'm not saying this to single out Windows users. Most non-professional Mac users are the same way. It's just that Windows is used by people who use what everyone else uses because they feel safe in doing so. They may not know how their computers work, but they're more afraid of looking deviant than having technical malfunctions.
The subconscious refrain of Windows users around the globe is, "Well, at least I'm not the only one with this problem."
Those Windows users who actively try to prepare themselves against the almost daily barrage of new worms, viruses, vulnerabilities, and other Windows annoyances still have a difficult time keeping up with it all. Even experienced Windows power users frequently find themselves overpowered by the ongoing war against malicious code.
So the solution to this vulnerability is simple. But when you look at the situation in context, the potential for widespread havoc is a lot greater.
Re:What do you do? What do you do?! (Score:4, Informative)
The firm doing the study are known bozos - they pretty much predicted armageddon on 1/1/2000, and still have much egg on their face from that. They also stretched the truth about their experience and expertise in the computer security field - they were doing something quite different for the first several years of the company's existence, but their press claims security expertise for the whole time.
An AC citing a "study" known to be flawed, designed to gain free press for the flawed company conducting it should not be trusted.
Re:MacDailyNews? (Score:4, Informative)