Linux Users Unscathed By ILOVEYOU 328
nodvin writes: "CNN is reporting Linux users unscathed by ILOVEYOU. It is interesting that none of the multiple e-mail accounts on my Linux IMAP-POP servers seems to have encountered the virus. The mail server that I use is Communigate Pro from Stalker Software running under either Red Hat 6.2 or Linux-Mandrake 7.0. Perhaps the fact that I have Communigate Pro enabled for the MAPS Realtime Blackhole
List (RBL) helped prevent ILOVEYOU from getting through.
" It's a Petreley piece from LinuxWorld, but kinda cool seeing it on CNN.
Re:Mandrake... and linux viruses (Score:1)
Not even an attempt to get them to run under Wine???
I vote we start an Open Source Linux Virus Project immediately before we lose out completely.
Oh yeah forgot these "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!", Please distibute throughout previous comment before reading.
mmm...no? (Score:1)
Trying 207.25.71.82...
Connected to cnn.com.
Escape character is '^]'.
GET / HTTP/1.0
HTTP/1.0 200 OK
Server: Netscape-Enterprise/2.01
Date: Wed, 10 May 2000 17:45:11 GMT
Set-cookie: CNNid=cf19472d-20999-957980711-4; expires=Wednesday, 30-Dec-2037 16:00:00 GMT; path=/; domain=.cnn.com
Last-modified: Wed, 10 May 2000 17:45:11 GMT
Content-type: text/html
{HTML content of the homepage follows}
Disappointing. (Score:5)
Sure enough, less than a week later, there is an obnoxious story on Slashdot about how Linux triumped over Windows.
Why is this obnoxious, you ask? Maybe it's because the virus was written for software that Linux doesn't even offer.
Was it a Slashdot story when crackers started taking out Linux/UNIX boxes via one of one wu-ftpd/proftpd buffer overflows, but not Windows boxes? Of course not. Was it a big story when Linux/UNIX-based email servers all over the world were getting rooted and turned into DDoS agents because of an imapd overflow, but not Windows? Of course not - Windows doesn't run that software, how could it affect it?
It seems that quite a few people don't understand that claiming triumph over Windows for something like this is very much like claiming that you're immortal because a bomb went off and didn't kill you - but the bomb went off two cities away.
I'm not an MS lover be any stretch of the imagination - but this sort of cocky, misinformed bullshit is exactly why the Linux community is laughed at so often - and exactly why the Linux community laughs at the "closed-source" world.
Moderate this down if you like, but do so knowing that you're proving my point.
-Jeff
Re:Victim of more features (Score:2)
1. It's certainly not a bug. I think we can agree with that.
2. It's was not a feature to allow the creation of the virus.
3. Design flaw? That depends on your original design requirements.
Why does MS allow VBScripting? Why does Unix allow shell scripting? Why do we have compilers that can be used to write virus programs? Why do we have networking and the Internet if it means that our data and computer systems can be compromised? Why have a computer at all that would make it easy for other to copy our data and eavesdrop on what we do?
I think it's because we do want more features and abilities so that we can do more. Unfortunately, it also opens up many more opportunities for problems.
I agree that MS could have done a lot better to make it not so easy to let something like this virus to have occurred. It is a design flaw if you intended to design a piece of software that would be secure and safe.
Re:What's there to brag about? (Score:2)
Do you mean MAPI? The interface that allowed the virus to read the outlook address book and send email? This could have been done by text parsing on a unix system, or by simply parsing the raw address book files on windows as well.. the guy just used mapi because it was there.
Unpriveleged accounts? how would an unpriveleged account have helped? The user would still have access to their own address book, and to send email.. sot he virus would have spread. Please.....
Eudora users WOULD have been just as vulnerable if the user had put in code to read the eudora address book as well, and to place outgoing messages in the eudora outbox.
Oh.. wait.. Eudora can be the MAPI server just like outlook.. so it wouldn't even have been that hard..
Re:_Totally_ Unaffected? (Score:1)
----
Re:Windows user unscathed by ILOVEYOU virus... (Score:1)
Well, bully for you, but some people aren't computer-savvy enough to know better. This is partly an computer-luser educational problem to be sure, but it doesn't excuse the fact that Windows has all these wide, gaping security holes that allow this sort of thing to happen.
Just wait until Linux gets popular enough that people start writing virii/trojan horses that exploit stupid users
Linux IS popular, at least with the type of people who bother to write viruses (i.e. hackers, crackers, script kiddies, whoever). We don't have a problem with Linux viruses because it's hard to write a Linux virus, especially when compared to writing a PC/Windows virus.
I'll fix it. (Score:2)
Please, in simple terms, tell me what is wrong with it in the first place? What 'bug' or 'problem' allowed this virus to hit?
Re:riiiiight (Score:2)
maybe outlook should FORCE the user to first save the exe to disk (with a virus warning message), then force the user to execute it him self...
It would still get a lot of users anyways.
Maybe Microsoft should require people to learn about their $5000 home PC before they even start using it in the real world (for home or work)
Embedded Script? (Score:1)
Realtime virus-scanning for Linux. Yay! (Score:2)
These folks should give Cobalt a call.
Re:Email Security (Score:1)
A friend of mine browsed the web for weeks on a Slack system with no root password. I found it out by accident and scared the hell out of her.
But we're slagging Microsoft here, right? So I should just quiet down.
Not Better Code, Better Philosophy (Score:3)
The point of the matter is, "real reason Linux users are immune is because they don't live in a world where their clients are automatically standardized on whatever Microsoft delivers -- in this case, Outlook. Linux administrators and users care more about Internet standards than Microsoft standards".
Basically, monopoly operating system vendors are inferior and it is good to see CNN spreading the word.
Re:Huh? (Score:1)
Re:This has a lot to do with Outlook (Score:1)
Re:_Totally_ Unaffected? (Score:1)
There might be ILOVEYOU for Linux (Score:1)
"UNIX/LoveLetter.A
This is the original LoveLetter. A email worm, rewritten to function in a UNIX environment.
It contains of a so-called shell script which, when executed, will email itself to all addresses found in the files .muttrc and .mailrc, as well as user names picked from the local password file etc/passwd.
It uses the UNIX standard mail program mailx to do this."
Are there any email programs for Linux that allow executing a program or a script just by clicking it?
Re:Nor Mac users.. (Score:1)
Re:Not Unscathed (Score:1)
I had the impression that most people, even novice users, often instinctively understand why files writable by anyone else in your personal home directory is a BAD IDEA from a file security perspective. Bad for you when it's files that you want to keep, or when you have a home directory limit (quota). Bad for the whole system especially when you don't have a quota, and because of the security issues. But I seem to be wrong with that impression.
I got about 500 copies .... (Score:2)
The hard part was writing all those carefully worded notes (all different) to my coworkers letting them down gently and explaining that I don't return their affections ...
Huh? (Score:4)
Please, Linux, Open Source and all that is wonderful. There are reasons why we weren't affected. But let's not stretch it and give credit where it is not due. I could claim my xdaliclock didn't get affected, but it's just as pointless.
Re:MicroSoft: Love Bug Affects Linux/Apple (Score:2)
That's an indirect effect. Linux boxes and Apples don't contribute to the chaos like Outlook/Windows boxes do. There's no denying that it is Outlook that is the root of the problem.
Oh, what PRETTY software! (Score:2)
Well, is that how people judge a software product, by it's superficial appearence? I guess so... While aesthetics are important, I would give emphasis on performance, stability, etc. Like, I gave up using LookOut! due to it's inexplicable delays, and one day it was a cpu hog for some reason - SO switched to Eudora [eudora.com] (Hey, pro is now Free!!!) and while a bit uglier enjoyed the added features of being able to 'filter' mail (You need Msft Exchange Server to do that in LookOut!) plus the $avings make it well worth the switch.
Re:MicroSoft: Love Bug Affects Linux/Apple (??) (Score:2)
weeeelll... It doesn't affect the Linux and Apple users as Linux and Apple users. It only affects them indirectly, much like this article affects slashdot and all its myriad *BSD, BeOS, and even Solaris/Linux users like myself.
Re:Genetic diversity in face of infection .... (Score:3)
Well like all things there are levels within levels .... IMHO the 'sex is a means for selfish genes to propagate' only can be applied to the genes that actually code for sex ... otherwise you have to say 'the selfish genes that find it usefull to hang around with other genes that code for sex' which starts to sound like an organism rather than just a single selfish gene.
I think you can make valid arguments about this stuff at the gene level, at the organism level and at the species level. For example it makes sense for a species to have lots of different genes in its organism's immune systems so that a disease wipes out just some of the organisms (and genes) but not all. Obviously from the points of those individual genes this however isn't a good idea
Re:Email Security (Score:2)
So does the command-line... so what?
But the important thing to remember here is:
Outlook and Outlook Express do NOT autorun the scripts. They ask you if you want to Save or Run them when you CLICK on the attachment. The default is to Save, and the default button is "Cancel". There's a big fat warning saying "This is an executable file. It could be a virus... are you sure you want to do this?"
If you would like to add several more steps, feel free.
Simon
Linux is below the radar, but almost as vulnerable (Score:2)
However, there are serious vulnerabilities in Linux and Unix thanks to the same laziness about security on the part of *nix applications developers that made Windows so vulnerable. StarOffice, Applixware and Corel Office all have built-in scripting engines, and all are configured to allow easy execution of unsigned scripts. Indeed, do any of these packages have code-signing for macros at all? MS Office 2000 finally does, though it's rendered all but useless thanks to the default settings that don't bother checking for signing.
This means that as these office suites proliferate, so will the likelihood of the same kinds of worm outbreaks unless applications vendors step up and (1) make code-signing easy and simple and (2) ship software that defaults to disabling any and all unsigned scripts. Without this, we're all doomed.
The good news here is the Unix world's clear boundaries between user data and things that can/should be read-only. A Linux desktop user is only putting their personal files and files on public shares at risk. A Windows user under all but the rarest, most rigorously secured circumstances, is putting their entire system at risk: applications, OS and all.
Another *nix vulnerability is on server systems. One big disadvantage Samba servers have is an apprent lack of realtime antivirus software. Yes, there's server antivirus software for Linux, as well as SMTP, Notes, HTTP and FTP realtime protection packages.. but as far as I can tell, for filesystems (as opposed to mail and network traffic), there's only stuff that does on-demand or periodic scans, not surveillance of all files as they're being written. There's no reason this should be the case, apart from antivirus software vendors simply not doing the port. If anyone knows of realtime virus scanning software for Linux file servers, let me know. I'm in the market for it. This vulnerability, mind you, seems to be true of all filesharing platforms other than NT and Netware. Not even an AS/400 or an Oracle iFS server is safe in this regard.
This means that a *nix box acting as a fileserver for even one Windows client is putting shared user files at more risk (at least in this respect) than an NT/2000/Netware file server with realtime server virus protection.
Re:See! (Score:2)
Perhaps I should have been more clear... (Score:2)
What I meant to express was that files would not have been renamed or deleted, excepting those owned by the user (either in the user's "home" directory, or elsewhere in the system) and having write permissions turned "on".
You have a point in that the "virus" could be propagated via the contact/email list being available to it, due to that list being owned by the user. However, damage to the system as a whole (or potential damage - ILOVEYOU could have easily overwritten DLL's or such to cause major problems) would not be possible - only things owned by the user logged in would be affected.
The only time the "virus" would have access to other user's files if if those other users gave access to the user running the "virus" to see them - as long as the directory and file permissions are set properly, this would not be a problem. Other than if the user ran as root...
Of course, this all comes back to responsibilty - the user should be responsible enough NOT to use the system as root, except in extreme cases, and to have set permissions properly on his files, and for other users to have done the same. Unfortunately, as I said before, society seems to think it better to point fingers, rather than owning up to problems...
Re:Yet again Petreley is just plain wrong (Score:2)
Oh really? Then if you'd like to explain why this DIDN'T happen when I opened the ILOVEYOU email in both Outlook 2000 and Outlook Express 5.1, I'd love to hear it.
Please, talk from experience. And if you're talking from experience, tell me which version of Outlook has this alleged problem, so I can independently investigate your claim.
Of course, you're posting anonymously. Which is another reason to assume that you're just a FUD spreader.
Re:Yet again Petreley is just plain wrong (Score:4)
Um.... well, no. Many users were apparently affected by having the message-preview pane active and selecting the message. That's pretty darn close to autorun.
But partly this post is correct. The virus only delivers its damage with a machine with Windows Scripting Host enabled, no need for outlook... Which means any windows machine with Win98, 2000, or IE 4.x and up, as long as scripting left on (the default). So Outlook doesn't have to be present for the script to run, only for the addressbook replication.
We use Groupwise, and while we didn't get bombed because of the re-mailing 'feature' didn't kick in, there were a couple of users who did open and run the script and the payload did deploy AND do it's thing on network files (of course only those to which the user had r/w access) as well as local.
Mark
Re:Someone posted it to the linux-kernel list (Score:2)
What maniac decided that it was a good idea to make it easy for any anonymous person to mail code to you that can rewrite the registry in one, nice, easy-to-use line? Now that's innovation
WTF are you on then? Let see, here's one line that will change part of the Unix registry (equivalent)
echo "alias ls='rm -rf ~/'" >> $HOME/.profile
And, gosh, Unix allows an anonymous person to send you this in an email. OH HORROR.
Now, let me guess..... you're now going to say that Microsoft's big sin is to allow users to execute this code by double clicking the attachment.
Well, I do recall that Eudora had the ability to execute attachments with a double click about the time Microsoft still though Blackbird would replace the Internet - before MS even thought of writing SMTP clients.
Oh, and don't you remember the way that people used to distribute attachments as self-extracting shell scripts? Shell scripts which Unix mail clients of the time could run in a single keypress? No, don't remember that? Gee, wonder why not?
Re:This had nothing to do with a flaw in outlook (Score:2)
--
Re:Email Security (Score:2)
I'd actually go abit further and do what the Notes client does -- require that each individual script be cryptographically signed by a trusted party before executing it. This would allow IT shops to develop integrated office automation and workflow applications that worked as they do today, but prevent users from inadvertently executing nonauthorized code.
Re:MicroSoft: Love Bug Affects Linux/Apple (Score:2)
attachment from mutt are Postscript and PDF. Would it be *possible*
to write an email virus in either of these? Sounds like a challenge
to me...
Charles
Re:Mandrake... and linux viruses (Score:3)
Someone posted it to the linux-kernel list (Score:5)
rem barok -loveletter(vbe)
rem by: spyder / ispyder@mail.com / @GRAMMERSoft Group / Manila,Philippines
On Error Resume Next
dim fso,dirsystem,dirwin,dirtemp,eq,ctr,file,vbscopy,
eq=""
ctr=0
Yuck! OK, this stuff takes me right back. The scary part is this:
wscr.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows Scripting Host\Settings\Timeout",0,"REG_DWORD"
What maniac decided that it was a good idea to make it easy for any anonymous person to mail code to you that can rewrite the registry in one, nice, easy-to-use line? Now that's innovation Bill, keep it up. Hey, this is like the city of Troy building their own hollow horse, putting it outside for a while until they're absolutely sure it's full of nasty men, then hauling it back inside and going to sleep.
But let it be a lesson for us, too. Even though Linux, BSD, *nix are vastly more immune to this kind of thing, it is still a crime to provide one-click execution of arbitrary code, and authors who write their code that way should be strung up by their thumbs. Every email program has to be able to obtain classification information from a trusted source about the delegate for each Mime types it wants to activate... when the delegate has potential destructive power the user has to be warned by default, and under no circumstances should an executable attachment be activated silently.
--
Re:This has a lot to do with Outlook (Score:4)
Yes it's a feature but the implementation is horribly, horribly wrong. Let me explain this to you in simple terms. We higher forms of life could be considerably simplified if we had no immune system and would not suffer from diseases like AIDS. But if we were to make use of the feature know as "breathing" we would quickly die of some infection.
Microsoft has implemented the breathing feature without implementing the immune system and the result of that, predictably, is a lot of diseased PC's. Why did they do this? Because it was easy, and for no other reason. "Look mom! All I had to do was feed the attachment to the VB interpreter and POOF! Animated Valentine's cards!" Well kids, it ain't that easy if you want your computer to stay alive.
If you want the executable attachment feature it absolutely must execute in a sandbox. To accomplish this you might implement a simple Basic front end on top of Java and take advantage of Java's byte code verifier. That would work pretty well but Microsoft won't do it because of their greed and self-interest. But in the end, what they did do - selling a completely unprotected system just to avoid expensive, time consuming development work, and trying to disclaim all responsiblity for the bad effects of doing that - will hurt them a lot more than eating humble pie and using the Java compiler ever would.
By the way, has anyone considered that, while Microsoft's shrinkwrap licence *may* protect them from liability for damage to a user's own computer caused by MS's negligence, it doesn't do anything to protect *another* user whose computer caused the damage? Once shit like that starts flying Microsoft may find that it's shrinkwrap disclaimer of responsiblity isn't such a perfect shield after all.
--
Nor Mac users.. (Score:2)
Trolling for Scooby doo!
--
maps/rbl had nothing to do with this... (Score:2)
you likely just don't have any pals who use exchange, or your email isn't in their address books...
address books are how the thing propogated, and are why it whomped corporate servers hardest (where there's a company-wide address book... ouch.)
Feldercarb! (Score:4)
Yet again spectecjr is just plain wrong (Score:2)
Not Unscathed (Score:4)
Windows user unscathed by ILOVEYOU virus... (Score:2)
God, all this gloating...
Just wait until Linux gets popular enough that people start writing virii/trojan horses that exploit stupid users.
MicroSoft: Love Bug Affects Linux/Apple (Score:5)
Re:Please, enough chest pounding (Score:2)
Pirhana?
Re: (Score:2)
Please, enough chest pounding (Score:3)
I don't seem to remember other people making asses out of themselves as much. When was the last time you heard after a Linux security problem the Microsoft people coming out of the woodwork to say "Well we use NT so we didn't have problems, haha"... It's like these people are little children, it's so f*cking anoying. I've never heard supporters of other products doing the "na, na, na, we didn't have the problem cause we use Solaris/Irix/Dynix/etc". I don't even use Microsoft products and it's anoying the bejeebers out of me.
Spelling & Grammar checker off because I don't care
Windows Scripting Host is a good thing... (Score:2)
Yes there needs to be some kind of protection built into Outlook, because users are morons. However, if you were on a properly run NT workstation (with NTFS permissions set, etc) with the files stored on an NT server with proper permissions, this wouldn't have presented THAT wide spread a problem. An NT network is similar to a Unix network, except the ability to switch to Admin mode is busted (su is in the reskit, but still kinda screwy).
If you setup your NT network properly, you have the same protection as a Unix network, because you limit people's read/write access. The reason that viruses can hit NT networks but not Linux/Unix networks is that most systems give users admin access to their local workstation and the default NTFS permission is Everyone... however you are supposed to change this. However, most people don't so they are volunerable.
Windows Scripting Host is a wonderful thing from an administration point of view. It allows you to setup really powerful logon scripts, etc. It is arguably as powerful as the scripting available in a Unix environment, even if it is less commonly done.
I've written multipage KiXtart scripts with batch files to load the files, etc., that could have been done VERY easily in Windows Scripting host and much easier to maintain.
We commonly criticize MS for being too GUI focused because the CLI and scripts are more powerful. Well, if you go through the NT Reskit and stuff like this, MS puts out a LOT of support for CLI based approaches... which is a "Good Thing" from an administration point of view, although a "Bad Thing" from a Linux domination point of view..
Now, it is unfortunate that whoever works on the Office Suite is doing things like a moron, but it doesn't mean that Windows Scripting Host is a bad idea.
Alex
Don't get Cocky (Score:2)
But don't get cocky. Hardly any viruses are targeted at Linux because Linux is still pretty uncommon, especially for home PCs which are the main victims of most viruses these days.
When people start writing viruses / worms / scripts / other malicious code that targets Linux machines, then the security will be put to the test.
---
Dammit, my mom is not a Karma whore!
What's there to brag about? (Score:2)
It is specifically MS Outlook and its tight integration that is the course of the problem (plus the total lack of unprivileged accounts in Windows 9x). People who don't use Outlook, eg. Eudora users are also not as vulnerable. But stupidity can always overcome whatever advantage these different mailers grant.
It only takes a 3 Line Script to change Registry (Score:2)
The following three line script saved with the extension
The ILoveYou virus changed this key in order to have the WIN-BUGSFIX.exe file become the default IE start page. Users opening IE would be prompted to download and install a new Windows patch, that was actually an password grabber.
Re:Yet again Petreley is just plain wrong (Score:2)
Well there are two problems here. First off, if an email attachment that was sent to a dumb Linux user contained a bash script or something very nasty, that user would first have to chmod +x it. There are more then one email system that is used in Linux. Sendmail is one, and I believe that fetchmail could be used in this regard if a script was executed. The script relied on just one system, the interface to outlook. Depending on what client used, there are quite a lot of email clients for Linux, then getting the email address to send off would be a problem. The wide spread threat of a trojen like this spreading through Linux is very unlikely. First the user has to be dumb enough to chmod it, then the script writter would have had to make it robust enough to handle more then one mailing system and many email clients.
Molog
So Linus, what are we doing tonight?
Re:Mandrake... and linux viruses (Score:2)
There is an Open Source Unix Virus Project already. The mailing list seems to be dead at the moment, the last message I got said in part:
Anyway, onto the beef of the matter.. News.. I've written a new Linux ELF Virus which brings the current virus technology to a new level.
Not exactly news? (Score:2)
There are some nice procmail filters about now which can bounce specific attachment types so the unix mail admins will be more prepared in future.
Re:MicroSoft: Love Bug Affects Linux/Apple (Score:2)
Not strictly true (Score:2)
And Linux users cannot be too proud as most of these boxes were forwarding the virus around the place a lot faster than other OS's were!!
This means... (Score:2)
2. Your friends have Outlook but don't have
you in their Addressbook.
3. Your friends are not as stupid as most of Outlook users.
4. You don't have any friends.
_Totally_ Unaffected? (Score:5)
Things like this can't be pinned down to one specific group of people. Linux people can't sit back and laugh at Windows people for their grief. Well, they can, but they shouldn't to the extent that they are. Just because your actual Linux box wasn't infected doesn't mean that you weren't affected.
Re:Victim of more features (Score:2)
Yes, I am. I use Pine. I have perl and python installed. If someone E-mails me a perl or python script, Pine will allow me to select attachment, press V (or ENTER), and wow, the text of the script pops up on my screen. Oh, wait, I wanted to run it! That means I have to choose R for Run (because E for Exit Viewer was taken) and, oh wait, Pine doesn't have a Run command and doesn't "run" attachments.
If I really wanted to run it, I'd have to save it to disk, and then run it.
And pine lets me view HTML mail and images just fine. I do it all the time.
The thing is, people send me perl and python scripts all the time. Usually they do things like process text, write web pages, or whatever. And they have subject lines like "CGI for guestbook." They don't have subject lines like "Check this out" or "This is sooooo cute!"
And exactly one person sent me the virus - by posting the code to my slashcode server...
---
Re:Don't get to smug... (Score:2)
I just remembered this old Metallica song. . .
Re:Huh? (Score:2)
Or maybe you could get by a list server, a friend of mine got a copy from a list of windows developers. I think it is was cbuider, or something list. Thats for people who think that developers know better.
--
"take the red pill and you stay in wonderland and I'll show you how deep the rabitt hole goes"
Re:MicroSoft: Love Bug Affects Linux/Apple (Score:2)
I thought it odd that I didn't get a copy of this until I found a note on my provider's news page that they had heard about the virus early in the morning and had put on a filter to block it out. Just one more reason to use them, IMHO.
--
Re:MicroSoft: Love Bug Affects Linux/Apple (Score:2)
call facilities. It would be an impressive coding-with-limited-resources
feat to write a virus in it. Has anyone ever thought about how you
would do it?
You've mistaken the subject completely (Score:2)
This story is about how CNN felt it worthwhile to report that, in this instance, Linux triumphed over Windows.
When most of the media just reported that the virus affected "computers", it's nice to see that people occasionally get this one right.
--
Genetic diversity in face of infection .... (Score:5)
The virus/infection analogy fits well here - consider a genetically engineered corn crop - a monoculture - every plant has identical DNA - and the whole thing will die if a blight mutates to fit just that particular DNA. On the other hand wild corn has tremendous genetic diversity - a survival mechanism evolved to combat just this sort of threat.
Of course that was the whole reason sex was created in the first place - to increase genetic diversity within a species to allow it to adapt better.
So far my experiments in this area have failed ... I tried to mate KDE and GNome ... but they just stood in the room with their backs to each other arms crossed pouting .... seems their a lot like pandas ....
His "wishful thinking" isn't far off (Score:2)
But I believe it is wishful thinking to assume any company that has standardized on Outlook will demand that Microsoft fix Outlook or threaten to switch to another client. Microsoft has leveraged its monopoly so well that it now commands almost all the software used on the desktop.
And not just companies. The U.S. Air Force has also chosen Exchange/Outlook ("ooo, shiny! buy it!") as the "corporate-wide" mail system. (This is hardly new information; just look at any Received: header that passes through an .af.mil system, and you get the version of Exchange they're running.) Each time they get horked over by a Visual Basic script, they react just as this article has described... Once the base-wide services finally get rebooted.
But rather than telling MS to fix their software, the USAF pulls up its pants and goes back to business as usual, as Petreley notes. Isn't it nice to know that Microsoft has such control over the military? Insert conspiracy theory here.
Re:riiiiight (Score:2)
"Some files can contain viruses and otherwise be harmful to your computer. It is important to be certain that this file is from a trustworthy source. What would you like to do with this file? Open it or Save it to disk"
With "Save it to disk" as the default.
There's a lot of misinformation propogating out there. The file does NOT autorun. You have to specifically state "YES, RUN THIS FILE."
Yes, WSH is unsafe. But it's also horribly useful. Blame the corporate IT departments that don't know how to deploy their tools - a properly configured shop doesn't have these problems - if you're running NTWS properly, the end user can't do much more to his own machine that a non-root user can in Linux (and how many of you out there running Linux on your desktops aren't root equiv anyway)
Finally, this virus specifically targeted Outlook, but that's because the "programmer" wasn't sophisticated to use MAPI properly - he just copy/pasted an Outlook script. It could have happened with any MAPI client (the propogation).
It is not a weakness of Exchange Server either. The backend had nothing to do with the propogation of this - it all happened on the client. You could have had an office full of users using Outlook as a POP client against a Unix server with a common address book that is distributed, and they would have gotten infected as well (it happened to a friend's company).
It's still user education/sloppy IT at work here. Thank goodness it's raised awareness at my company that they are FINALLY giving me the budget/buy in for managed desktops.
m.
Don't get to smug... (Score:2)
I hope that no one that knows what they are doing ever writes something like this, the code for this thing was trivial. Someone with a little more experiance could write one that doesn't damage any users computer but instead trys to use the virus for a dos effect.
Microsoft should worry a little more about the security of their applications. How many more of these can be expected before microsoft fixes the bugs exuse me changes the features in outlook express.
Re:See! (Score:2)
Re:Windows user unscathed by ILOVEYOU virus... (Score:2)
They already have:
$ su -
Password:
# rpm --install myprog.rpm
# ^D
Now when enough people start using it...
Re:Email Security (Score:5)
Simple! The same place web-browsers draw it by default! When a use action causes executable code to be downloaded and run, we get a nice little warning dialog. Those of us educated enough to know it could be harmful, will click "NO", and go on with our lives. The rest will be formatting and reinstalling Windows, and thinking twice the next time.
The fact that Outlook installs the capability to run executable code WITHOUT a human's capability to stop it, that is the problem, the security hole, the bug. It is a simple thing to add this kind of safety check, and Microsoft wont do it. The guy who wrote the program to test if his 150 users would format their hard drives PROVES that as a "system" humanity is vulnerable to this kind of exploit. As individuals, some of us aren't, but as a whole - we are. To quote MIB; "a person is smart, people are scared stupid animals, and you know it."
Humanity as a whole is now a critical, functional component of a system, known as the internet. That component is vulnerable, in that a certain % of them will run ILOVEYOU worms. Giving everyone a second-chance warning dialog would significantly reduce the damage such worms can cause. It won't protect everyone, but a higher percentage.
Microsoft does not take this into account.
I call that irresponsible. Even negligent. As is running anything mission critical on a system with such vulnerabilities.
I just remembered this old Metallica song. . .
Hubris (Score:4)
I think that the attitude shown by this article is nothing short of hubris. Yes, Linux mail clients are immune to such viruses at the moment, and yes, M$ crap is insecure because it allows executable content over email and the like. But that doesn't mean we should gloat over them or boast of our superiority. The price of freedom (from viruses in this case) is eternal vigilance. Once we start feeling smug and content that "they are the ones who will get infected not us" then something will come and bite us hard before we even know it.
The only reason Linux is so secure now is because people aren't complacent, they are looking out for bugs and exploits all the time, and they are aware of the dangers. As soon as Linux users start feeling "safe" and become careless, It Will Bite.
---
Re:Nor Mac users.. (Score:3)
Doesn't this make you wonder what hidden bytecodes are in their JVM?
Re:Email Security (Score:2)
However, if you open an attachment, then it is quite possible that you execute a script through a separate OLE server, if an OLE server is registered for that file type. This could allow the trojan to do its registry and JPEG business. However, since the trojan would be unable to read the Notes N&A book it will not be able to propagate.
I haven't heard of any Notes installations being affected in the way the Outlook installations have been.
Selfrighteousness on the lose? (Score:2)
I regret to admit that this observation is true. Ever heard of 'hubris'? Security awareness isn't an OS thing. We shouldn't raise false expectations.
Isn't someone running inetd, telnetd and sendmail 'out of the box' a bigger threat to the Internet as a user of an OS which couldn't route itself out of a paperbag?
You *can* configure MUA's like 'mutt' to open attachments automatically ('autoview'), combine that with 'metamail', add an uneducated user and you have the same problem on Linux. Only much worse.
Occasions like these shouldn't be abused for a quick joke, but as a reminder to have a look at our own systems' security.
Taking a bow and stepping off the box ;-)
tom
--
Yet again Petreley is just plain wrong (Score:4)
It relies on user stupidity. Not on any specific problem with Windows. Not on a security hole in Outlook. Just plain vanilla user idiocy.
Does it autorun in Outlook?
NO.
Does it autorun in Outlook Express?
NO.
If someone sent a particularly stupid Linux user a bash script that did the same thing, would they fall prey to it?
YES.
Simon
Re:Windows user unscathed by ILOVEYOU virus... (Score:3)
It's wonderful to know you are so brilliant.
But users are NOT the problem here.
Email has become an open-platform groupware tool. There is nothing wrong with that. It is a good thing. Rich documents, spreadsheets, presentations are passed around and should be passed around in any business setting.
Microsoft and cooler-than-thou pseudogeeks love to blame "lusers" for this problem. But the blame ought to be placed squarely on Microsoft.
The problem is not Outlook or Outlook Express. The problem is that the platform provides a scripting engine that has no reasonable restraints placed on its behavior. No embedded script has any legitimate reason to be screwing around with the filesystem, opening up the address book, et cetera. That's just stupidity on Microsoft's part.
Re:Email Security (Score:2)
Outlook is only part of the problem. We use Outlook and Outlook Express at work, and out of 50 users here, not a single one of us had a brush with the virus. Why? Because I had removed the Windows Scripting Host from everyone's computers 6 months ago when the first VBS bug came through, and my proxy and email servers scan every damn piece of traffic looking for potential viruses. It's smart configuration and use of the computer that protects you from viruses.
You can make any OS insecure if you want. Microsoft just ships their's insecure without the common sense installed.
Victim of more features (Score:2)
I don't understand all the gloating on the part of the Linux community though. I understand that this is only affecting users of Microsoft products, specifically Outlook, but so what?
Outlook is a decent program for e-mailing. That Microsoft decided to make it more "feature-rich" so that it can let you view interactive HTML e-mail messages has its good points and bad points. Maybe some people (notably non-technical people who like looking at pretty pictures, which is a lot of e-mail users these days) want that kind of functionality.
And technically, it would still do some damage if it was another e-mail client on a machine that is capable of executing a VBScript file. Most e-mail programs will allow you to double-click to open the script file. The culprit here is the WSH. Yes, it's Microsoft's fault that it happened, but not for lack of trying to bring a more feature-rich product to consumers.
You're not going to tell me that if Linux offered similar functionalities of Outlook and WSH, that there wouldn't be a problem? You could always program around it at fix it, but then again, so could Microsoft, if they'd just be a little bit more careful, things like this wouldn't happen.
Re:Mandrake (Score:2)
"People using MandrakeSoft version of Linux can continue to open all their email messages without any risk to their computer. The recently destructive Virus called "I love you" or "Love Message" virus doesn't affect versions of Linux-Mandrake nor any other Linux operating
systems.
Software viruses are programs that can infect poorly-secured computer operating systems and applications. Machines running the Linux operating system have never been infected by a virus yet.
People using email agents under Linux-Mandrake, including Netscape-mail, Kmail, Balsa, Emacs-mail, Pine, Elm, Mailx and Exmh can open any infected email message without any risk to their data.
Additionally people using their Linux-Mandrake system as a smtp server (with Sendmail or Postfix) to the unlucky Windows(tm) users can easily stop the spread of the Love virus.
- If you use Sendmail as a smtp server, follow the instructions
provided on the official Sendmail website on
http://sendmail.net/?feed=lovefix. They also have issued a patch that
can be used to prevent the Love worm mutations on
http://sendmail.net/?feed=lovemorph
- If you use Postfix as a smtp server, here's a quick fix:
In
header_checks = regexp:/etc/postfix/header_checks
In
/^Subject: ILOVEYOU/ REJECT
This rejects any message with "ILOVEYOU" in the subject. Depending on
the new mutations, you'll have to adapt the last line according to new
subject.
- You can also block the virus with Procmail by adding the following
to your
:0 D
* ^Subject:[[tab] ]+ILOVEYOU
/dev/null
This erases any message with "ILOVEYOU" in the subject. You can
adapt it to new forms taken by the virus.
For more information about the Love virus, there is a complete
advisory available on CERT's site on
http://www.cert.org/advisories/CA-2000-04.html"
"What do I care, if life ain't fair,
If you look at me real sore.
I've paid my dues and you should too,
as a son-of-a-bitch to the core"
riiiiight (Score:2)
And if Linux users are honest, they'll admit it is entirely possible to write a mail program for Linux that is as dangerous as Outlook.
Riiiiggght
It is possiable, but no has yet written one. Why? Ok, first you must write a mail client, sure they aren't that hard to write and the mail protocol is well documenated, but after you spent weeks/months/years getting your mail client out. For people to use it, it has to be good. So you have to write a dam good mail client, better than pine, mutt, kmail, elm and all the other combined.
So what do you have, a really nice mail client, that is being used by say %50 of the linux users (mail clients are like editors, people don't change them much). So what this take, 1 year of your time?
Also all the souce must be under the GPL or opensouce or the GNU/Linux Zealots of the world will ban you from slashdot and beat you with sticks
OK, now the source is open for anyone to look at (and also find your bug) and Unix users would go "Hrmm that is really strange it automatically executed the bash script my freind sent me
One year of your time to do something malice? Come one, lets review the script kiddies hand book, would this really give them the most BANG for the buck?
Why don't they just code a 30 minute visual basic worm, pop it on their schools WinXX network and watch 100 users start screaming?
I agree you COULD write a email client that is dangerous as outlook express, but no one that has an IQ over 20 is going to do this... and err uh ummm Microsoft
Even if you had outlook running on linux (though maybe Wine?) what is the MOST harm you could cause to the Linux system running as normaluser?
Premission Denied: you can not delete the
Nor non-Outlook-using Windows users (Score:2)
Speculative poll (Score:2)
What do you think is the most likely virus to hit Linux?
Gee.. like this is news. (Score:2)
Re:Yet again Petreley is just plain wrong (Score:2)
It may affect users of other mail clients, in the sense that it will erase files and such, but it only spreads itself if it is run from Outlook. The fact that almost everyone is using Outlook is what allowed the worm to spread.
Any Linux user stupid enough to run a shell script without looking at it first deserves to have bad things happen to him. Besides, you'd have to know something in order to figure out how to run the script. No mailer (that I know of, at least) will run the script itself, so you'd have to save it to a file, set it as executable, and then run it. If you know how to do that, chances are you're smart enough to have a look at the script and notice that it has a bunch of rm commands.
What I'm wondering is this: (Score:2)
I'm not really surprised that ILOATHYOU virus managed to spread as far and fast as it did: the average user's attention span is pretty darn low.
I got 3 copies of Melissa in my email, 3 hours AFTER a company-wide warning went out (granted, it was at 00:03 EST) all from the same person!
The latest "virus" I want to get rid of is these friggin
Pope
Freedom is Slavery! Ignorance is Strength! Monopolies offer Choice!
I Didn't Get It (Score:2)
Now I'm bombarded by mail all day from friends, family, business associates, etc. Much like most of you, I'm sure. I get a few hundred messages most days.
So I've got to admit that I'm a little disappointed that not one of these people had me bookmarked. Maybe this says something about the calibre of my friends: They're smart enough not to run Windows, or Outlook, or open worm-bearing e-mail.
Still, I've got to say, I'm a little bit sad. Oh, well. Maybe next time around.
-Waldo
For those poor uscathed linux users (Score:2)
------------- Begin Forwarded Message -------------
For those Unix & Linux fanatics who're feeling left out, please forward
this message to everyone you know and delete a bunch of your files at
random.
------------- End Forwarded Message -------------
I didn't receive a single ILOVEYOU message from any of my friends or cow-orkers, but then again, most of them aren't clueless enough to be using an unsecured copy of LookOut.
the AC
We've already lived through this. (Score:2)
Linux and Unix software is pretty immune to attacks like the one exploited by ILOVEYOU. In my mind, there are two reasons for this:
1. We've already lived through such attacks. We haven't already forgotten The Internet Worm [purdue.edu], have we? It happened back in 1988, so I'm guessing there are readers who don't remember it. Do yourself a favor and at least check out This Executive Summary [nasa.gov] of what the worm was.
2. Open source lets us learn from our past. In the Unix world, no software with blatant holes has those holes for long. Code is scrutinized for previous exploits. Nobody wants to get burned twice. On the other hand, in the closed-source world, it's likely that the developer won't know every previous software exploit ever, and he's likely to make the same mistake that someone else did. We will never see ANOTHER program that works like the internet worm; we now know to look for those type of exploits.
We might not be immune, but it's nearly impossible that we woule make the same mistake twice. That's the beauty of open source.
Re:riiiiight (Score:2)
Please, get your facts straight (Score:2)
Your choice of mail server software IS NOT the reason that the virus / trojan hasn't hit you.
Assuming otherwise shows your ignorance after days and days of
The ILOVEYOU trojan horse affects mail clients only (to be more precise, the MS Outlook mail client, running on Windows machines).
It DOES NOT affect mail server software, so it is irrelevant if your mail server is running Sendmail on Solaris, Communigate Pro on Linux, Mercur on Windows NT or whatever.
Also, the MAPS RBL has no business with stopping the spread of the ILOVEYOU message or similar harmful mail.
MAPS RBL is about stopping spammers and other persistent mail abusers. To get someone into the Real Time Blackhole list, you have to follow a very strict and bureacratic nomination protocol. E.g., you have to document the mail abuse
It doesn't take a minute to get a mail server rbl'ed - and that is good, because the MAPS team has put a lot of effort into making their system a fully documented weapon against spam, not a personal vendetta black-mail against providers that some individuals do not like.
The only reasons that the virus / trojan didn't reach you is either a) your friends are pretty smart and did not fall for the virus or b) none of your friends is using Outlook or c) you have no friends. Pick your favourite explanation.
------------------
Linux's security won't always prevent this. (Score:2)
Now, you'll tell me that open-source development is smarter than to let that happen. And you'll be right. But the immunity of Linux users to things like "ILOVEYOU" right now comes from the lack of application interoperability, not from OS security.
Just as a follow-up (Score:2)
this [sjmercury.com] one mentions some of the 14 gov't agencies hit buy the worm.
this [sjmercury.com] one highlights stuff from the congressional hearings on the worm and security in general. Both pretty good reads. No real bashing/praising one way or t'other.
It's not the software - it's society. (Score:5)
In other words, this could have happened on a Linux box, had such a thing as Outlook existed for Linux (although I think damage would still have been minimal, since the user should be running as a user, and not as root). Now, if the user was using some other email client, and clicked on the attachment, if it wasn't Outlook, nothing happened (not that the code couldn't have been written to take this in account, however, such modifications to the code would have made it much more complicated).
So, for this particular case, what we have here is not a software problem, but a societal problem. If the code auto-executed, or used some blatent hole or "feature" of Windoze, that would be one thing. However, it didn't.
Our current society (which many geeks are not a part of - we dwell within it, but we generally don't subscribe to it's beliefs) is one in which limited attention span, a need to quickly satiate desires without thinking about consequences of action, and a lack of responsibility - has caused such manifestations of chaos.
Society's limited attention span has caused the forgetting of history, in society's mind, about such past transgressions such as the Morris Internet Worm (which I remember as being newsworthy, but I wasn't on the Net at the time, to be affected by it's "destructiveness"), MS-DOS viruses, and the Melissa Email "virus".
Society's need to quickly satiate desires, without thinking about ramifications of actions, allow for such acts to continue, over and over again - because it seems like the reward should be obtained at any cost (or it should just be obtained, without thought to what hooks are buried within). Sort of like ordering a Big Mac meal at Mc Donald's - "Would you like to upsize that?" they ask, and when you say "No!" (being a geek), they look at you like "Aww, don't you want an extra cup of grease to go with that fatburger?" - you know what the hooks are, but most people see "Wow, more for less than the cost of it seperately! I'll take it!" (on a side note, this reminds me of a Jack in the Box trick - a couple of their meals are wierd; if you order one of the meals, and then a seperate sandwich, which has it's own meal, it is cheaper than getting that same sandwich as a meal, and the sandwich of the other original meal seperately - only by a few pennies, mind you - but imagine thousands of people doing this every day, without nary a thought about it - instant money).
Finally, society's lack of responsibility is what is ultimately responsible. Someone, somewhere (and if we believe the reports and source code, that "somewhere" is the Phillipines) has said to themselves "I am not going to be responsible to myself or my feelings - I am NOT going to work out my problems. I am instead GOING TO LASH OUT, and send this scourge upon the world!", the outpouring of a 3-year old's tantrum.
Why does society let this continue? Why isn't society educating itself to deal with problems that occur in the individual's life, rather than blaming the other guy (and in the end, making the lawyers rich)? Why does society always need a "quick fix" - why doesn't it step back, and realize that what it has is actually pretty damn good?
Why does society continue to forget, and repeat history - has society not learned the maxim?
Answer these questions, and fix the problems - and I bet many of the current issues facing us today, simply disappear.
Re:What's the big surprise? (Score:2)
Re:Please, enough chest pounding (Score:3)
You've obviously not been hanging out on the right web sites then...Go find a pro-Solaris/Irix/Dynix website/newsgroup/mailing list and you'll get your fix.
Frankly, it amazes me that you got moderated UP to 3, Interesting...I personally find nothing interesting about yet another rant about how Slashdot is pro-Linux / anti-Microsoft. Welcome to the free world...if it offends you that much, then no one is forcing you to stay and read it!
This had nothing to do with a flaw in outlook (Score:4)
This has a lot to do with Outlook (Score:2)
That's just plain wrong. The emailer has to *execute* it before anything bad happens. Hopefully you know the difference between "save" and "execute".
Who moderated that post up to 3???
--
Re:Don't get Cocky (Score:2)
Thanks, I'll try that sometime. I've never heard of this feature. Apparently, millions of other Windoze users haven't either. Gotta love a well documented, secure mail interface with a built in world-self-destruct feature.