[svlug] LoveLetter reporting -- Microsoft, not computer, virus

Rick Moen rick at linuxmafia.com
Fri May 5 10:23:46 PDT 2000

Quoting Rick Kwan (kenobi at coruscant.lightsaber.com):

>   * What stops someone from writing a virus that attacks a
>     mailer (e.g., Netscape) on a UNIX/Linux system?  Couldn't someone
>     just as easily read the address book there and propagate
>     the attack?  Isn't it just a case of Linux systems not being
>     so widespread?

That's not the main reason.  Quoting from my essay at
http://linuxmafia.com/~rick/faq/#virus :

There remains one other option: viruses (and similar things) that 
_don't attempt_ to affect system binaries or take over entire machines,
but instead dwell in a particular user's account and attempt to spread
to other user accounts, on that or other machines, via inter-user
communication mechanisms such as e-mail. One might imagine, for example,
a virus written in "elisp", the macro language of GNU emacs and xemacs,
and propagating as attachments to e-mail sent to other emacs users. 

Such an invention would be _at worst_ a nuisance among a few users, as
it could affect only users running the same combinations of user
software.  Further, the Unix community long ago became wary of
auto-executing programs/macros, so ultimately this technique would rely
on convincing each additional user to execute (run) the program/macro,
to "infect" his files. Also, in the Linux/Unix world, macros tend to be
stored as readable plain text (unlike the case with, say, MS Word), so
that untrustworthy code is difficult to conceal from user scrutiny.

In these areas, again, viruses wouldn't stand out from the general
category of programs another user sends you that you shouldn't run: If a
friend mailed you a script that would erase all your files, would you
run it? Of course not. In the same sense, you would not automatically
run any _other_ executable that landed on your doorstep, from another
user -- and Linux programs will pretty reliably not auto-run them _for_
you. If Linux programs emerge that _do_ auto-execute (e.g.) macros in
documents attached to e-mail (as does the combination of MS Outlook or
MS Outlook Express with MS Word on Win32 systems), there might be a
flurry of viruses transmitted that way, until the foolishness of such a
feature becomes obvious to all -- or until only fools run such programs.

>   * Can't a virus wipe out a hard drive on a Linux system just as
>     easily as a Windows box?  (Explain this to a non-computer type.)

Only if it runs with root or root-equivalent authority, or subverts or
circumvents the security of other operating systems resident on the same
computer (e.g., dual-boot).  Boot-sector viruses entering from floppies
-- when the user is incautious enough to leave "A:" first in an Intel
box's BIOS boot order -- would be an example of the latter category.

>   * Given the gravity of the attack, why don't the computer security
>     folks just come out and say, "This software architecture is
>     poorly conceived; Windows needs to be fixed."?

Why, indeed?

Cheers,              "By reading this sentence, you agree to be bound by the 
Rick Moen             terms of the Internet Protocol, version 4, or, at your 
rick (at) linuxmafia.com   option, any later version."  -- Seth David Schoen

More information about the svlug mailing list