[svlug] Virus FUD
rick at linuxmafia.com
Sun May 7 11:05:27 PDT 2000
Quoting dfox at belvdere.vip.best.com (dfox at belvdere.vip.best.com):
> Most of these email viruses use Outlook because it's popular, but more
> importantly the Outlook users tend to keep track of all their contacts
> in a common address book.
I haven't had cause to look into _this_ current virus's design (multiple
variant forms have now been reported, by the way), but at least a couple
of prior Visual BASIC Script viruses have been able to do the address
book trick via standard MAPI calls.
That interface plus the reckless auto-running of "associated" programs
for attachments are what make MS Outlook and MS Outlook Express such
especially dangerous designs.
> Other GUI style mailers on Linux could be easy targets if the users
> use them similarly, since the virus replicates itself by sending
> itself automatically to email addresses listed in a common database.
That's a common misconception: Supporting the MAPI address-book
protocol isn't the problem, one should stress; it's the auto-running
that's the critical flaw. (MAPI-compliant MUAs such as Netscape Mail
aren't vulnerable, for that reason.)
> The key thing is that it couldn't do anything unless it were given the
> permission to do so.
Quite. That's the auto-running flaw. My suggestion to companies: Brief new
employees on the hazards of such programs. If they insist on using them
anyway, make _them_ bear the consequences of any cost and company
embarrassment from VBS viruses and the like. (Reuniting action with
responsibility: What a concept!)
In my experience, firms don't do this for fundamentally company-political
reasons -- because it's primarily dumbasses at the _top_ of the company who
(overwhelmingly) cause the problem. Then, they pass the buck, and make
everyone _else_ pay for their negligence.
Cheers, "Linux means never having to delete your love mail."
Rick Moen -- Don Marti
rick (at) linuxmafia.com
More information about the svlug