[svlug] LoveLetter reporting -- Microsoft, not computer, virus

J C Lawrence claw at cp.net
Fri May 5 11:43:56 PDT 2000


On Fri, 5 May 2000 00:55:51 -0700 
Rick Kwan <kenobi at coruscant.lightsaber.com> wrote:

>   * What stops someone from writing a virus that attacks a mailer
> (e.g., Netscape) on a UNIX/Linux system?  Couldn't someone just as
> easily read the address book there and propagate the attack?
> Isn't it just a case of Linux systems not being so widespread?

NetscapeMail under *ix doesn't really have a concept of
automatically executable content by default.  It also doesn't
present easily accessable external API's to nicely eploitable
internal content the way VBScript and friends do.

> * Can't a virus wipe out a hard drive on a Linux system just as
> easily as a Windows box?  (Explain this to a non-computer type.)

To do that the virus would have to obtain root privileges.  While
this is not impossible, it is difficult, and it is *impossible* to
do in the general abstract case (ie a program that when run as a
user on any arbitrary Linux (or BSD) box will obtain root
privileges) due to the fact that the individual systems vary so much
and there is no guarantee (or much likelyhood) of any given security
whole being present in all cases..

>   * Given the gravity of the attack, why don't the computer
> security folks just come out and say, "This software architecture
> is poorly conceived; Windows needs to be fixed."?  I have yet to
> see this particular statement.  (This one actually bothers me,
> especially after the "Linux users are sloppy" discussion.)

Actually they have.  For years.  Often.  Loudly.  They also get
ignored because, well, its Microsoft, and Microsoft are very very
smart people, the smartest in the world even, and obviously they're
trying as hard as they can to do this incredibly difficult and
complex "software" thing.  Asides, nobody is perfect.  Not even
Microsoft.  So we should give them a little leeway, because this is
obviously very difficult.

In case you're wondering the last sentences above are an almost
quote that I got once in retort.

-- 
J C Lawrence                              Internet: claw at kanga.nu
----------(*)                            Internet: coder at kanga.nu
...Honorary Member of Clan McFud -- Teamer's Avenging Monolith...





More information about the svlug mailing list