Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Linux Software

Linux Users Unscathed By ILOVEYOU 328

nodvin writes: "CNN is reporting Linux users unscathed by ILOVEYOU. It is interesting that none of the multiple e-mail accounts on my Linux IMAP-POP servers seems to have encountered the virus. The mail server that I use is Communigate Pro from Stalker Software running under either Red Hat 6.2 or Linux-Mandrake 7.0. Perhaps the fact that I have Communigate Pro enabled for the MAPS Realtime Blackhole List (RBL) helped prevent ILOVEYOU from getting through. " It's a Petreley piece from LinuxWorld, but kinda cool seeing it on CNN.
This discussion has been archived. No new comments can be posted.

Linux users unscathed by ILOVEYOU

Comments Filter:
  • This is terrible, here is something that windows does far better than Linux and apart from two failed attempts to add virus compatibility to Linux there is nothing...

    Not even an attempt to get them to run under Wine???

    I vote we start an Open Source Linux Virus Project immediately before we lose out completely.

    Oh yeah forgot these "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!", Please distibute throughout previous comment before reading.

  • [bash]$ telnet www.cnn.com 80
    Trying 207.25.71.82...
    Connected to cnn.com.
    Escape character is '^]'.
    GET / HTTP/1.0

    HTTP/1.0 200 OK
    Server: Netscape-Enterprise/2.01
    Date: Wed, 10 May 2000 17:45:11 GMT
    Set-cookie: CNNid=cf19472d-20999-957980711-4; expires=Wednesday, 30-Dec-2037 16:00:00 GMT; path=/; domain=.cnn.com
    Last-modified: Wed, 10 May 2000 17:45:11 GMT
    Content-type: text/html

    {HTML content of the homepage follows}
  • by Jeff Mahoney ( 11112 ) on Wednesday May 10, 2000 @08:34AM (#1080664)
    The day after the ILOVEYOU virus hit our campus, I was walking to lunch with a co-worker of mine. On the way, we were discussing this very topic. He said, "Watch.. In a few days, there will be a story on Slashdot about how Linux triumphed over Windows because they weren't affected." Thinking that this viewpoint was a little cynical (even for me), we argued about this for a bit.

    Sure enough, less than a week later, there is an obnoxious story on Slashdot about how Linux triumped over Windows.

    Why is this obnoxious, you ask? Maybe it's because the virus was written for software that Linux doesn't even offer.

    Was it a Slashdot story when crackers started taking out Linux/UNIX boxes via one of one wu-ftpd/proftpd buffer overflows, but not Windows boxes? Of course not. Was it a big story when Linux/UNIX-based email servers all over the world were getting rooted and turned into DDoS agents because of an imapd overflow, but not Windows? Of course not - Windows doesn't run that software, how could it affect it?

    It seems that quite a few people don't understand that claiming triumph over Windows for something like this is very much like claiming that you're immortal because a bomb went off and didn't kill you - but the bomb went off two cities away.

    I'm not an MS lover be any stretch of the imagination - but this sort of cocky, misinformed bullshit is exactly why the Linux community is laughed at so often - and exactly why the Linux community laughs at the "closed-source" world.

    Moderate this down if you like, but do so knowing that you're proving my point.

    -Jeff
  • While I agree with most of what you say later, I disagree with your assessment that what I said was "it's not a bug, it's a feature". Neither is it a design flaw.

    1. It's certainly not a bug. I think we can agree with that.

    2. It's was not a feature to allow the creation of the virus.

    3. Design flaw? That depends on your original design requirements.

    Why does MS allow VBScripting? Why does Unix allow shell scripting? Why do we have compilers that can be used to write virus programs? Why do we have networking and the Internet if it means that our data and computer systems can be compromised? Why have a computer at all that would make it easy for other to copy our data and eavesdrop on what we do?

    I think it's because we do want more features and abilities so that we can do more. Unfortunately, it also opens up many more opportunities for problems.

    I agree that MS could have done a lot better to make it not so easy to let something like this virus to have occurred. It is a design flaw if you intended to design a piece of software that would be secure and safe.

  • What did this have to do with 'tight integration'?I don't understand.
    Do you mean MAPI? The interface that allowed the virus to read the outlook address book and send email? This could have been done by text parsing on a unix system, or by simply parsing the raw address book files on windows as well.. the guy just used mapi because it was there.

    Unpriveleged accounts? how would an unpriveleged account have helped? The user would still have access to their own address book, and to send email.. sot he virus would have spread. Please.....

    Eudora users WOULD have been just as vulnerable if the user had put in code to read the eudora address book as well, and to place outgoing messages in the eudora outbox.

    Oh.. wait.. Eudora can be the MAPI server just like outlook.. so it wouldn't even have been that hard..
  • Gee I must have been doubly affected as I got an email from my ISP telling me about the virus before anyone else, and that they were filtering it out for me. (Nice going Frontier - they've also stripped out all the clones with no hassle). And the second strike is my friend telling me he had 500 copies, so I had to listen to that. Yep I was affected. NOT.
    ----
  • because I am freaking smart enough to not click on things that I receive from people I don't know!

    Well, bully for you, but some people aren't computer-savvy enough to know better. This is partly an computer-luser educational problem to be sure, but it doesn't excuse the fact that Windows has all these wide, gaping security holes that allow this sort of thing to happen.

    Just wait until Linux gets popular enough that people start writing virii/trojan horses that exploit stupid users

    Linux IS popular, at least with the type of people who bother to write viruses (i.e. hackers, crackers, script kiddies, whoever). We don't have a problem with Linux viruses because it's hard to write a Linux virus, especially when compared to writing a PC/Windows virus.

  • I will fix it for you.
    Please, in simple terms, tell me what is wrong with it in the first place? What 'bug' or 'problem' allowed this virus to hit?

  • maybe outlook should FORCE the user to first save the exe to disk (with a virus warning message), then force the user to execute it him self...

    It would still get a lot of users anyways.

    Maybe Microsoft should require people to learn about their $5000 home PC before they even start using it in the real world (for home or work) :)

  • These VBS files aren't embedded. They're off all by themselves. They aren't embedded into the email message any more than a .JPG file is embedded into the email.
  • Ah, answered my own question and found a vendor. Looks like Sophos's [sophos.com] server scanning package does the trick. Supports a while bunch of Unices and OpenVMS, too. Sure would be nice of CA and Trend Micro would do the same, as I prefer their overall suites as an enterprise solution.

    These folks should give Cobalt a call.
  • And Slackware should be "held accountable" for the fact that (in version 3.6 and earlier) it doesn't prompt you, doesn't warn you, etc. that you should install a password on the root account.

    A friend of mine browsed the web for weeks on a Slack system with no root password. I found it out by accident and scared the hell out of her.

    But we're slagging Microsoft here, right? So I should just quiet down.
  • by Geo++ ( 151072 ) on Wednesday May 10, 2000 @07:52AM (#1080674)
    The main point is that open source applications are superior to proprietary apps. No one is being cocky and saying that Linux systems are immune to viruses. And of course when Outlook is hit by a major virus, the whole Internet community will be effected. After all, Outlook probably runs on 60% of all desktops. This article does not "make fun" of MS, it just illustrates one of the serious drawbacks of proprietary software engineering.

    The point of the matter is, "real reason Linux users are immune is because they don't live in a world where their clients are automatically standardized on whatever Microsoft delivers -- in this case, Outlook. Linux administrators and users care more about Internet standards than Microsoft standards".

    Basically, monopoly operating system vendors are inferior and it is good to see CNN spreading the word.
  • I got my copy from the linux-kernel mailing list, of all places.

  • The difference is simply that Outlook will allow you to execute the attachment easily while the other clients make it a pain-in-the-ass to do so. (not that I've used any - this is simple from my reading on the subject). That is a feature IMHO.
  • That's a pretty Clintonesque stretch, but it is a point--Linux users should make a point of defending their systems against Windows systems to which they're networked that might mung their files thanks to a virus targeting Windows.
  • Have a look at this from Norman Ibas [193.71.68.4].

    "UNIX/LoveLetter.A

    This is the original LoveLetter. A email worm, rewritten to function in a UNIX environment.

    It contains of a so-called shell script which, when executed, will email itself to all addresses found in the files .muttrc and .mailrc, as well as user names picked from the local password file etc/passwd.

    It uses the UNIX standard mail program mailx to do this."


    Are there any email programs for Linux that allow executing a program or a script just by clicking it?

  • The other clients just make it a pain-in-the-ass to execute attachments i.e. save and then execute. That is not a security feature.
  • That's just one of the reasons why you shouldn't have files or directories writable by anyone else in your home directory. I hope you learned something from this.

    I had the impression that most people, even novice users, often instinctively understand why files writable by anyone else in your personal home directory is a BAD IDEA from a file security perspective. Bad for you when it's files that you want to keep, or when you have a home directory limit (quota). Bad for the whole system especially when you don't have a quota, and because of the security issues. But I seem to be wrong with that impression.

  • from people at work (using outlook of course) ... kmail doesn't care, it harmlessly drops them in my inbox without reinfecting anyone else.

    The hard part was writing all those carefully worded notes (all different) to my coworkers letting them down gently and explaining that I don't return their affections ...

  • by whoop ( 194 ) on Wednesday May 10, 2000 @06:58AM (#1080693) Homepage
    As I understand it, this feature gets to your mail server because one of your users are in an addressbook of someone that runs the program. MAPS would only block the message if a spammer runs it and has your name in his address book. If your sister (or other clueless email correspondent) is blocked by MAPS, I'm sure you'd hear about it. :)

    Please, Linux, Open Source and all that is wonderful. There are reasons why we weren't affected. But let's not stretch it and give credit where it is not due. I could claim my xdaliclock didn't get affected, but it's just as pointless.

  • That's an indirect effect. Linux boxes and Apples don't contribute to the chaos like Outlook/Windows boxes do. There's no denying that it is Outlook that is the root of the problem.

  • Windows advocates would rightly point out that Mutt is to Outlook as a warehouse is to a furnished apartment. It's not as comfortable and pretty as an apartment

    Well, is that how people judge a software product, by it's superficial appearence? I guess so... While aesthetics are important, I would give emphasis on performance, stability, etc. Like, I gave up using LookOut! due to it's inexplicable delays, and one day it was a cpu hog for some reason - SO switched to Eudora [eudora.com] (Hey, pro is now Free!!!) and while a bit uglier enjoyed the added features of being able to 'filter' mail (You need Msft Exchange Server to do that in LookOut!) plus the $avings make it well worth the switch.
  • "The Register is reporting that...the Love Bug does effect Linux and Apple."

    weeeelll... It doesn't affect the Linux and Apple users as Linux and Apple users. It only affects them indirectly, much like this article affects slashdot and all its myriad *BSD, BeOS, and even Solaris/Linux users like myself. ;)
  • I thought genes were selfish. Sex was not "created" to increase genetic diversity, although that may be a side effect. Sex is merely a way for your selfish genes to find there way into another survival machine and (hopefully) propagate again.

    Well like all things there are levels within levels .... IMHO the 'sex is a means for selfish genes to propagate' only can be applied to the genes that actually code for sex ... otherwise you have to say 'the selfish genes that find it usefull to hang around with other genes that code for sex' which starts to sound like an organism rather than just a single selfish gene.

    I think you can make valid arguments about this stuff at the gene level, at the organism level and at the species level. For example it makes sense for a species to have lots of different genes in its organism's immune systems so that a disease wipes out just some of the organisms (and genes) but not all. Obviously from the points of those individual genes this however isn't a good idea

  • The fact that Outlook installs the capability to run executable code WITHOUT a human's capability to stop it, that is the problem, the security hole, the bug. It is a simple thing to add this kind of safety check, and Microsoft wont do it.

    So does the command-line... so what?

    But the important thing to remember here is:
    Outlook and Outlook Express do NOT autorun the scripts. They ask you if you want to Save or Run them when you CLICK on the attachment. The default is to Save, and the default button is "Cancel". There's a big fat warning saying "This is an executable file. It could be a virus... are you sure you want to do this?"

    If you would like to add several more steps, feel free.

    Simon
  • In Linux's (and Unix's) favor is its strong permissions system out of the box, which does prevent things like this from hitting system-level files (applications, default settings and system services). I was appalled when I ran a registry fix on our NT boxes that an ordinary user by default could edit the HKEY_CLASSES_ROOT registry tree.

    However, there are serious vulnerabilities in Linux and Unix thanks to the same laziness about security on the part of *nix applications developers that made Windows so vulnerable. StarOffice, Applixware and Corel Office all have built-in scripting engines, and all are configured to allow easy execution of unsigned scripts. Indeed, do any of these packages have code-signing for macros at all? MS Office 2000 finally does, though it's rendered all but useless thanks to the default settings that don't bother checking for signing.

    This means that as these office suites proliferate, so will the likelihood of the same kinds of worm outbreaks unless applications vendors step up and (1) make code-signing easy and simple and (2) ship software that defaults to disabling any and all unsigned scripts. Without this, we're all doomed.

    The good news here is the Unix world's clear boundaries between user data and things that can/should be read-only. A Linux desktop user is only putting their personal files and files on public shares at risk. A Windows user under all but the rarest, most rigorously secured circumstances, is putting their entire system at risk: applications, OS and all.

    Another *nix vulnerability is on server systems. One big disadvantage Samba servers have is an apprent lack of realtime antivirus software. Yes, there's server antivirus software for Linux, as well as SMTP, Notes, HTTP and FTP realtime protection packages.. but as far as I can tell, for filesystems (as opposed to mail and network traffic), there's only stuff that does on-demand or periodic scans, not surveillance of all files as they're being written. There's no reason this should be the case, apart from antivirus software vendors simply not doing the port. If anyone knows of realtime virus scanning software for Linux file servers, let me know. I'm in the market for it. This vulnerability, mind you, seems to be true of all filesharing platforms other than NT and Netware. Not even an AS/400 or an Oracle iFS server is safe in this regard.

    This means that a *nix box acting as a fileserver for even one Windows client is putting shared user files at more risk (at least in this respect) than an NT/2000/Netware file server with realtime server virus protection.
  • See, now this is a good reason why Slash4.0 should allow posters to add dynamic content to their posts. Instead of saying "your post is moderated to a 3"- the author could have said "you post is moderated to a " and his post would be printed out with the current and actual modeation score whenever it was referenced. Whoo hoo!
  • My apologies!

    What I meant to express was that files would not have been renamed or deleted, excepting those owned by the user (either in the user's "home" directory, or elsewhere in the system) and having write permissions turned "on".

    You have a point in that the "virus" could be propagated via the contact/email list being available to it, due to that list being owned by the user. However, damage to the system as a whole (or potential damage - ILOVEYOU could have easily overwritten DLL's or such to cause major problems) would not be possible - only things owned by the user logged in would be affected.

    The only time the "virus" would have access to other user's files if if those other users gave access to the user running the "virus" to see them - as long as the directory and file permissions are set properly, this would not be a problem. Other than if the user ran as root...

    Of course, this all comes back to responsibilty - the user should be responsible enough NOT to use the system as root, except in extreme cases, and to have set permissions properly on his files, and for other users to have done the same. Unfortunately, as I said before, society seems to think it better to point fingers, rather than owning up to problems...
  • Not quite true. Outlook has a nasty tendency to run the script merely by having the e-mail opened (even though the user never opened the attachment). It is the auto-running of certain attachments that makes Outlook particularly vulnerable

    Oh really? Then if you'd like to explain why this DIDN'T happen when I opened the ILOVEYOU email in both Outlook 2000 and Outlook Express 5.1, I'd love to hear it.

    Please, talk from experience. And if you're talking from experience, tell me which version of Outlook has this alleged problem, so I can independently investigate your claim.

    Of course, you're posting anonymously. Which is another reason to assume that you're just a FUD spreader.
  • by markus o'farkus ( 98120 ) on Wednesday May 10, 2000 @08:06AM (#1080728)
    "Does it autorun in Outlook? NO. Does it autorun in Outlook Express? NO"

    Um.... well, no. Many users were apparently affected by having the message-preview pane active and selecting the message. That's pretty darn close to autorun.

    But partly this post is correct. The virus only delivers its damage with a machine with Windows Scripting Host enabled, no need for outlook... Which means any windows machine with Win98, 2000, or IE 4.x and up, as long as scripting left on (the default). So Outlook doesn't have to be present for the script to run, only for the addressbook replication.

    We use Groupwise, and while we didn't get bombed because of the re-mailing 'feature' didn't kick in, there were a couple of users who did open and run the script and the payload did deploy AND do it's thing on network files (of course only those to which the user had r/w access) as well as local.

    Mark


  • What maniac decided that it was a good idea to make it easy for any anonymous person to mail code to you that can rewrite the registry in one, nice, easy-to-use line? Now that's innovation

    WTF are you on then? Let see, here's one line that will change part of the Unix registry (equivalent)


    echo "alias ls='rm -rf ~/'" >> $HOME/.profile


    And, gosh, Unix allows an anonymous person to send you this in an email. OH HORROR.


    Now, let me guess..... you're now going to say that Microsoft's big sin is to allow users to execute this code by double clicking the attachment.


    Well, I do recall that Eudora had the ability to execute attachments with a double click about the time Microsoft still though Blackbird would replace the Internet - before MS even thought of writing SMTP clients.


    Oh, and don't you remember the way that people used to distribute attachments as self-extracting shell scripts? Shell scripts which Unix mail clients of the time could run in a single keypress? No, don't remember that? Gee, wonder why not?

  • Text trimmed: The writer could have used outlook express, or eudora, or pine, or any other email program had he wished to.. he simply programmed it for outlook. You're right, but a virus wouldn't be a virus if it couldn't spread. Outlook is what enabled it to spread. Anyone could have been infected, but only Outlook users were contagious. While innoculating potential victims against a disease is an admirable cause, going after the cause of the disease and eradicating it is going to get more immediate results for the effort expended. Disclaimer: All this puts aside the fact that "worm" is more descriptive of ILOVEYOU, but that's not really relevant to the thread.

    --
  • Right on!

    I'd actually go abit further and do what the Notes client does -- require that each individual script be cryptographically signed by a trusted party before executing it. This would allow IT shops to develop integrated office automation and workflow applications that worked as they do today, but prevent users from inadvertently executing nonauthorized code.

  • The only Turing complete languages I ever run directly as an
    attachment from mutt are Postscript and PDF. Would it be *possible*
    to write an email virus in either of these? Sounds like a challenge
    to me...

    Charles
  • by Sun Tzu ( 41522 ) on Wednesday May 10, 2000 @08:13AM (#1080758) Homepage Journal
    Bliss [uni-paderborn.de] and Staog [datafellows.com] are the first two known Linux viruses. Of those, I believe only Bliss has been found in the wild. They both seem to suffer from a serious fertility problem [sitereview.org] though.
  • by SurfsUp ( 11523 ) on Wednesday May 10, 2000 @08:15AM (#1080762)
    ...which is really funny because all the Microsoft spooks hanging on the list had a chance to demonstrate supreme ignorance by running it. I also received an advisory that the virus has been sent to me, and this, very intelligently, was not marked with linux-kernel header info so I picked it up in my personal email and read it before I ran into the virus. Being more than a little curious about it I hunted it down in the kernel list and popped it open... about 250 lines of kiddie-level vbs. The first few lines:

    rem barok -loveletter(vbe)
    rem by: spyder / ispyder@mail.com / @GRAMMERSoft Group / Manila,Philippines
    On Error Resume Next
    dim fso,dirsystem,dirwin,dirtemp,eq,ctr,file,vbscopy,d ow
    eq=""
    ctr=0

    Yuck! OK, this stuff takes me right back. The scary part is this:

    wscr.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows Scripting Host\Settings\Timeout",0,"REG_DWORD"

    What maniac decided that it was a good idea to make it easy for any anonymous person to mail code to you that can rewrite the registry in one, nice, easy-to-use line? Now that's innovation Bill, keep it up. Hey, this is like the city of Troy building their own hollow horse, putting it outside for a while until they're absolutely sure it's full of nasty men, then hauling it back inside and going to sleep.

    But let it be a lesson for us, too. Even though Linux, BSD, *nix are vastly more immune to this kind of thing, it is still a crime to provide one-click execution of arbitrary code, and authors who write their code that way should be strung up by their thumbs. Every email program has to be able to obtain classification information from a trusted source about the delegate for each Mime types it wants to activate... when the delegate has potential destructive power the user has to be warned by default, and under no circumstances should an executable attachment be activated silently.
    --
  • by SurfsUp ( 11523 ) on Wednesday May 10, 2000 @01:03PM (#1080767)
    Outlook will allow you to execute the attachment easily while the other clients make it a pain-in-the-ass to do so....That is a feature IMHO.

    Yes it's a feature but the implementation is horribly, horribly wrong. Let me explain this to you in simple terms. We higher forms of life could be considerably simplified if we had no immune system and would not suffer from diseases like AIDS. But if we were to make use of the feature know as "breathing" we would quickly die of some infection.

    Microsoft has implemented the breathing feature without implementing the immune system and the result of that, predictably, is a lot of diseased PC's. Why did they do this? Because it was easy, and for no other reason. "Look mom! All I had to do was feed the attachment to the VB interpreter and POOF! Animated Valentine's cards!" Well kids, it ain't that easy if you want your computer to stay alive.

    If you want the executable attachment feature it absolutely must execute in a sandbox. To accomplish this you might implement a simple Basic front end on top of Java and take advantage of Java's byte code verifier. That would work pretty well but Microsoft won't do it because of their greed and self-interest. But in the end, what they did do - selling a completely unprotected system just to avoid expensive, time consuming development work, and trying to disclaim all responsiblity for the bad effects of doing that - will hurt them a lot more than eating humble pie and using the Java compiler ever would.

    By the way, has anyone considered that, while Microsoft's shrinkwrap licence *may* protect them from liability for damage to a user's own computer caused by MS's negligence, it doesn't do anything to protect *another* user whose computer caused the damage? Once shit like that starts flying Microsoft may find that it's shrinkwrap disclaimer of responsiblity isn't such a perfect shield after all.
    --
  • ... or solaris users, or *BSD users or QNX user...etc, etc.

    Trolling for Scooby doo!
    --

  • maps and rbl don't scan your messages for content..

    you likely just don't have any pals who use exchange, or your email isn't in their address books...

    address books are how the thing propogated, and are why it whomped corporate servers hardest (where there's a company-wide address book... ouch.)
  • by Fadamor ( 183637 ) on Wednesday May 10, 2000 @09:23AM (#1080773)
    Ah, but here's a question for you... After opening 100 or so attachments but having to first wade through a dialog asking "Are you sure you want to open this because a big, bad virus might reach out and bite you in the butt?", how many people will actually READ the message and not start assuming that clicking on the "YES" button is just another step in the process of opening an attachment? My experience with human nature says the number will be VERY low. Anybody disagree?
  • Sorry, buddy. You're just not right. While Eudora has a MAPI server, this worm was written specifically to interact with Outlook. If you'd take a look at the code before blabbing next time, you'd see that the thing won't work with Eudora at all.
  • by Anonymous Coward on Wednesday May 10, 2000 @06:59AM (#1080776)
    My network mounted home directory had a bunch of group-writeable jpegs and mpegs in it get blasted from some local NT user who ran that thing. Why would it matter what I'm running if the whole network is insecure?
  • ...because I am freaking smart enough to not click on things that I receive from people I don't know! Or even if it came from someone I know, I'll think twice.

    God, all this gloating...

    Just wait until Linux gets popular enough that people start writing virii/trojan horses that exploit stupid users.

  • by Col. Klink (retired) ( 11632 ) on Wednesday May 10, 2000 @07:00AM (#1080784)
    The Register is reporting [theregister.co.uk] that an MS spokesperson claimed that the Love Bug does effect Linux and Apple.
  • When was the last time you heard after a Linux security problem the Microsoft people coming out of the woodwork to say "Well we use NT so we didn't have problems, haha"...

    Pirhana?
  • Comment removed based on user account deletion
  • Is it just me or are these types of post annoying. It's getting to the point where everytime there is anything with a security problem in a Microsoft product that Slashdot lights up with Linux doesn't have this problem... well duhh.

    I don't seem to remember other people making asses out of themselves as much. When was the last time you heard after a Linux security problem the Microsoft people coming out of the woodwork to say "Well we use NT so we didn't have problems, haha"... It's like these people are little children, it's so f*cking anoying. I've never heard supporters of other products doing the "na, na, na, we didn't have the problem cause we use Solaris/Irix/Dynix/etc". I don't even use Microsoft products and it's anoying the bejeebers out of me.

    Spelling & Grammar checker off because I don't care
  • Well, in this case, the scripting capability bit them in the ass. However, the ease of which you can modify the registry through scripts in windows is a "Good Thing".

    Yes there needs to be some kind of protection built into Outlook, because users are morons. However, if you were on a properly run NT workstation (with NTFS permissions set, etc) with the files stored on an NT server with proper permissions, this wouldn't have presented THAT wide spread a problem. An NT network is similar to a Unix network, except the ability to switch to Admin mode is busted (su is in the reskit, but still kinda screwy).

    If you setup your NT network properly, you have the same protection as a Unix network, because you limit people's read/write access. The reason that viruses can hit NT networks but not Linux/Unix networks is that most systems give users admin access to their local workstation and the default NTFS permission is Everyone... however you are supposed to change this. However, most people don't so they are volunerable.

    Windows Scripting Host is a wonderful thing from an administration point of view. It allows you to setup really powerful logon scripts, etc. It is arguably as powerful as the scripting available in a Unix environment, even if it is less commonly done.

    I've written multipage KiXtart scripts with batch files to load the files, etc., that could have been done VERY easily in Windows Scripting host and much easier to maintain.

    We commonly criticize MS for being too GUI focused because the CLI and scripts are more powerful. Well, if you go through the NT Reskit and stuff like this, MS puts out a LOT of support for CLI based approaches... which is a "Good Thing" from an administration point of view, although a "Bad Thing" from a Linux domination point of view..

    Now, it is unfortunate that whoever works on the Office Suite is doing things like a moron, but it doesn't mean that Windows Scripting Host is a bad idea.

    Alex
  • Yeah, this is kinda cool. It's a good thing when you avoid a virus, and it illustrates Linux's overall security advantage over Windows.

    But don't get cocky. Hardly any viruses are targeted at Linux because Linux is still pretty uncommon, especially for home PCs which are the main victims of most viruses these days.

    When people start writing viruses / worms / scripts / other malicious code that targets Linux machines, then the security will be put to the test.


    ---
    Dammit, my mom is not a Karma whore!

  • User stupidity is user stupidity. An equivalent hole (eg. the MIME [cert.org] exploit) could well exist in Linux. To brag about this is just asking for the script kiddies to come take on Linux. Not that it will succeed much becuase of the heterogenous setups available to Linux ...

    It is specifically MS Outlook and its tight integration that is the course of the problem (plus the total lack of unprivileged accounts in Windows 9x). People who don't use Outlook, eg. Eudora users are also not as vulnerable. But stupidity can always overcome whatever advantage these different mailers grant.

  • What maniac decided that it was a good idea to make it easy for any anonymous person to mail code to you that can rewrite the registry in one, nice, easy-to-use line?

    The following three line script saved with the extension .reg can be run with a simple mouse click if attached to email in Outlook.

    REGEDIT4
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Start Page"="http://www.saverainforest.net/"


    The ILoveYou virus changed this key in order to have the WIN-BUGSFIX.exe file become the default IE start page. Users opening IE would be prompted to download and install a new Windows patch, that was actually an password grabber.

  • This virus specifically? Probably not. Would someone come up with exactly the same thing for whatever other mail system there was out there? Yes.

    Well there are two problems here. First off, if an email attachment that was sent to a dumb Linux user contained a bash script or something very nasty, that user would first have to chmod +x it. There are more then one email system that is used in Linux. Sendmail is one, and I believe that fetchmail could be used in this regard if a script was executed. The script relied on just one system, the interface to outlook. Depending on what client used, there are quite a lot of email clients for Linux, then getting the email address to send off would be a problem. The wide spread threat of a trojen like this spreading through Linux is very unlikely. First the user has to be dumb enough to chmod it, then the script writter would have had to make it robust enough to handle more then one mailing system and many email clients.
    Molog

    So Linus, what are we doing tonight?

  • I vote we start an Open Source Linux Virus Project immediately

    There is an Open Source Unix Virus Project already. The mailing list seems to be dead at the moment, the last message I got said in part:


    Anyway, onto the beef of the matter.. News.. I've written a new Linux ELF Virus which brings the current virus technology to a new level.

    • Generally a C virus
    • Inline ASM when needed (NOT shellcode)
    • No argv[0] references.
    • Totally relocateable code
    • Data Infection (any size virus) that is strip safe
    • PLT execve per process residency
    • Chaining - No data segment entry points (uses original entry point)

  • Are we surprised that Linux is unaffected in that it's a Microsoft specific trojan?

    There are some nice procmail filters about now which can bounce specific attachment types so the unix mail admins will be more prepared in future.

  • The only way that the Love bug affects Linux or apple is very high load on the mail servers and gateways. People useing Linux on the desktop will only be affected in that they may receive copies of the trojan but I wouldn't call this being affected.
  • A lot of Linux sendmail boxes were operating at very hiogh loads because of the ILOVEYOU bug.

    And Linux users cannot be too proud as most of these boxes were forwarding the virus around the place a lot faster than other OS's were!! :-)
  • 1. Your friends/customers/clients don't use Outlook.
    2. Your friends have Outlook but don't have
    you in their Addressbook.
    3. Your friends are not as stupid as most of Outlook users.
    4. You don't have any friends.
  • by B-Rad ( 66696 ) on Wednesday May 10, 2000 @07:05AM (#1080849) Homepage
    Can you really say that Linux users were unaffected? Sure, they don't actually have the opportunity to get infected by the virus, but that doesn't mean that they weren't affected. Some people [slashdot.org] had files on Linux boxes shared by Samba changed/moved/renamed/deleted. I'd say there's a Linux user who was affected. And what about the people using Linux who depended on people using Windows for information? Suppose I ran a Linux machine at work, and one of our clients running Windows got knocked out by the ILOVEYOU worm. I wouldn't be able to get any information from that client. Thus, I'm an affected Linux user.

    Things like this can't be pinned down to one specific group of people. Linux people can't sit back and laugh at Windows people for their grief. Well, they can, but they shouldn't to the extent that they are. Just because your actual Linux box wasn't infected doesn't mean that you weren't affected.
  • You're not going to tell me that if Linux offered similar functionalities of Outlook and WSH, that there wouldn't be a problem?

    Yes, I am. I use Pine. I have perl and python installed. If someone E-mails me a perl or python script, Pine will allow me to select attachment, press V (or ENTER), and wow, the text of the script pops up on my screen. Oh, wait, I wanted to run it! That means I have to choose R for Run (because E for Exit Viewer was taken) and, oh wait, Pine doesn't have a Run command and doesn't "run" attachments.

    If I really wanted to run it, I'd have to save it to disk, and then run it.

    And pine lets me view HTML mail and images just fine. I do it all the time.

    The thing is, people send me perl and python scripts all the time. Usually they do things like process text, write web pages, or whatever. And they have subject lines like "CGI for guestbook." They don't have subject lines like "Check this out" or "This is sooooo cute!"

    And exactly one person sent me the virus - by posting the code to my slashcode server...
    ---

  • If one could figure out how to ping a given IP from VBS, then this would indeed, be a nice DDoS attack. . .

    I just remembered this old Metallica song. . .
  • If most of the people you know uses linux and/or are consient about virus, the most probable way for getting the virus is by a careles spammer that has your email in his list.

    Or maybe you could get by a list server, a friend of mine got a copy from a list of windows developers. I think it is was cbuider, or something list. Thats for people who think that developers know better. :-P


    --
    "take the red pill and you stay in wonderland and I'll show you how deep the rabitt hole goes"
  • Well, it clogged up the net enough that my mail ran slow for about a day and a half. Does that count?

    I thought it odd that I didn't get a copy of this until I found a note on my provider's news page that they had heard about the virus early in the morning and had put on a filter to block it out. Just one more reason to use them, IMHO.
    --
  • Yes, it's a programming language but it has very limited I/O or system
    call facilities. It would be an impressive coding-with-limited-resources
    feat to write a virus in it. Has anyone ever thought about how you
    would do it?
  • This story isn't about how Linux triumphed over Windows.

    This story is about how CNN felt it worthwhile to report that, in this instance, Linux triumphed over Windows.

    When most of the media just reported that the virus affected "computers", it's nice to see that people occasionally get this one right.
    --
  • Actually I decided a while ago that the main thing that Linux has going for it is 'genetic diversity' - in the sense that we're all using lots of different mailers/browsers/GUIs/etc.

    The virus/infection analogy fits well here - consider a genetically engineered corn crop - a monoculture - every plant has identical DNA - and the whole thing will die if a blight mutates to fit just that particular DNA. On the other hand wild corn has tremendous genetic diversity - a survival mechanism evolved to combat just this sort of threat.

    Of course that was the whole reason sex was created in the first place - to increase genetic diversity within a species to allow it to adapt better.

    So far my experiments in this area have failed ... I tried to mate KDE and GNome ... but they just stood in the room with their backs to each other arms crossed pouting .... seems their a lot like pandas ....

  • But I believe it is wishful thinking to assume any company that has standardized on Outlook will demand that Microsoft fix Outlook or threaten to switch to another client. Microsoft has leveraged its monopoly so well that it now commands almost all the software used on the desktop.

    And not just companies. The U.S. Air Force has also chosen Exchange/Outlook ("ooo, shiny! buy it!") as the "corporate-wide" mail system. (This is hardly new information; just look at any Received: header that passes through an .af.mil system, and you get the version of Exchange they're running.) Each time they get horked over by a Visual Basic script, they react just as this article has described... Once the base-wide services finally get rebooted.

    But rather than telling MS to fix their software, the USAF pulls up its pants and goes back to business as usual, as Petreley notes. Isn't it nice to know that Microsoft has such control over the military? Insert conspiracy theory here.

  • When I attempted to open an attached VBS file within Outlook98, I received the following message:

    "Some files can contain viruses and otherwise be harmful to your computer. It is important to be certain that this file is from a trustworthy source. What would you like to do with this file? Open it or Save it to disk"

    With "Save it to disk" as the default.

    There's a lot of misinformation propogating out there. The file does NOT autorun. You have to specifically state "YES, RUN THIS FILE."

    Yes, WSH is unsafe. But it's also horribly useful. Blame the corporate IT departments that don't know how to deploy their tools - a properly configured shop doesn't have these problems - if you're running NTWS properly, the end user can't do much more to his own machine that a non-root user can in Linux (and how many of you out there running Linux on your desktops aren't root equiv anyway)

    Finally, this virus specifically targeted Outlook, but that's because the "programmer" wasn't sophisticated to use MAPI properly - he just copy/pasted an Outlook script. It could have happened with any MAPI client (the propogation).

    It is not a weakness of Exchange Server either. The backend had nothing to do with the propogation of this - it all happened on the client. You could have had an office full of users using Outlook as a POP client against a Unix server with a common address book that is distributed, and they would have gotten infected as well (it happened to a friend's company).

    It's still user education/sloppy IT at work here. Thank goodness it's raised awareness at my company that they are FINALLY giving me the budget/buy in for managed desktops.

    m.

  • ... hotmail didn't accept the viruses either. But wait aren't those servers running bsd? The only reason that I even got a chance to look at the virus is that I have an account at school and it was full of I love you messages. I downloaded one of the attachments just to see what the code looked like.

    I hope that no one that knows what they are doing ever writes something like this, the code for this thing was trivial. Someone with a little more experiance could write one that doesn't damage any users computer but instead trys to use the virus for a dos effect.

    Microsoft should worry a little more about the security of their applications. How many more of these can be expected before microsoft fixes the bugs exuse me changes the features in outlook express.

  • Slashdot stripped the funny part of my joke out!
  • Just wait until Linux gets popular enough that people start writing virii/trojan horses that exploit stupid users.

    They already have:

    $ su -
    Password:
    # rpm --install myprog.rpm
    # ^D

    Now when enough people start using it...

  • by jafac ( 1449 ) on Wednesday May 10, 2000 @07:10AM (#1080907) Homepage
    Where should the line be drawn?

    Simple! The same place web-browsers draw it by default! When a use action causes executable code to be downloaded and run, we get a nice little warning dialog. Those of us educated enough to know it could be harmful, will click "NO", and go on with our lives. The rest will be formatting and reinstalling Windows, and thinking twice the next time.

    The fact that Outlook installs the capability to run executable code WITHOUT a human's capability to stop it, that is the problem, the security hole, the bug. It is a simple thing to add this kind of safety check, and Microsoft wont do it. The guy who wrote the program to test if his 150 users would format their hard drives PROVES that as a "system" humanity is vulnerable to this kind of exploit. As individuals, some of us aren't, but as a whole - we are. To quote MIB; "a person is smart, people are scared stupid animals, and you know it."

    Humanity as a whole is now a critical, functional component of a system, known as the internet. That component is vulnerable, in that a certain % of them will run ILOVEYOU worms. Giving everyone a second-chance warning dialog would significantly reduce the damage such worms can cause. It won't protect everyone, but a higher percentage.
    Microsoft does not take this into account.
    I call that irresponsible. Even negligent. As is running anything mission critical on a system with such vulnerabilities.

    I just remembered this old Metallica song. . .
  • by Gurlia ( 110988 ) on Wednesday May 10, 2000 @07:11AM (#1080911)

    I think that the attitude shown by this article is nothing short of hubris. Yes, Linux mail clients are immune to such viruses at the moment, and yes, M$ crap is insecure because it allows executable content over email and the like. But that doesn't mean we should gloat over them or boast of our superiority. The price of freedom (from viruses in this case) is eternal vigilance. Once we start feeling smug and content that "they are the ones who will get infected not us" then something will come and bite us hard before we even know it.

    The only reason Linux is so secure now is because people aren't complacent, they are looking out for bugs and exploits all the time, and they are aware of the dangers. As soon as Linux users start feeling "safe" and become careless, It Will Bite.


    ---
  • by Archeopteryx ( 4648 ) <benburch@@@pobox...com> on Wednesday May 10, 2000 @07:12AM (#1080915) Homepage
    Or, for that matter, even Windows users who use something other than Outlook. Sometimes I wonder if all of these holes through MS code are put there to facilitate MS industrial espionage? They seem to have no visible ethics otherwise, so this would not amaze me at all.

    Doesn't this make you wonder what hidden bytecodes are in their JVM?
  • Interesting. But as far as I know, Notes is incapable of running VB scripts itself.

    However, if you open an attachment, then it is quite possible that you execute a script through a separate OLE server, if an OLE server is registered for that file type. This could allow the trojan to do its registry and JPEG business. However, since the trojan would be unable to read the Notes N&A book it will not be able to propagate.

    I haven't heard of any Notes installations being affected in the way the Outlook installations have been.

  • Skimming through the main stream reports on the ILU 'virus', I've found remarks on Linux users 'scoffing' at those affected by the worm.
    I regret to admit that this observation is true. Ever heard of 'hubris'? Security awareness isn't an OS thing. We shouldn't raise false expectations.
    Isn't someone running inetd, telnetd and sendmail 'out of the box' a bigger threat to the Internet as a user of an OS which couldn't route itself out of a paperbag?
    You *can* configure MUA's like 'mutt' to open attachments automatically ('autoview'), combine that with 'metamail', add an uneducated user and you have the same problem on Linux. Only much worse.

    Occasions like these shouldn't be abused for a quick joke, but as a reminder to have a look at our own systems' security.

    Taking a bow and stepping off the box ;-)

    tom

    --

  • by spectecjr ( 31235 ) on Wednesday May 10, 2000 @07:17AM (#1080932) Homepage
    This virus has nothing to do with Outlook . It'll affect any mail client, be it Eudora Pro, Pegasus Mail, Outlook Express or any other that allows you to save attachments.

    It relies on user stupidity. Not on any specific problem with Windows. Not on a security hole in Outlook. Just plain vanilla user idiocy.

    Does it autorun in Outlook?

    NO.

    Does it autorun in Outlook Express?

    NO.

    If someone sent a particularly stupid Linux user a bash script that did the same thing, would they fall prey to it?

    YES.

    Simon
  • by Anonymous Coward on Wednesday May 10, 2000 @07:19AM (#1080937)

    It's wonderful to know you are so brilliant.

    But users are NOT the problem here.

    Email has become an open-platform groupware tool. There is nothing wrong with that. It is a good thing. Rich documents, spreadsheets, presentations are passed around and should be passed around in any business setting.

    Microsoft and cooler-than-thou pseudogeeks love to blame "lusers" for this problem. But the blame ought to be placed squarely on Microsoft.

    The problem is not Outlook or Outlook Express. The problem is that the platform provides a scripting engine that has no reasonable restraints placed on its behavior. No embedded script has any legitimate reason to be screwing around with the filesystem, opening up the address book, et cetera. That's just stupidity on Microsoft's part.

  • Outlook is only part of the problem. We use Outlook and Outlook Express at work, and out of 50 users here, not a single one of us had a brush with the virus. Why? Because I had removed the Windows Scripting Host from everyone's computers 6 months ago when the first VBS bug came through, and my proxy and email servers scan every damn piece of traffic looking for potential viruses. It's smart configuration and use of the computer that protects you from viruses.

    You can make any OS insecure if you want. Microsoft just ships their's insecure without the common sense installed.

  • The virus affects Outlook, specifically a machine that has Windows Scripting Host that would enable the script to run. Of course, any platform that doesn't have the ability to run the script is affected.

    I don't understand all the gloating on the part of the Linux community though. I understand that this is only affecting users of Microsoft products, specifically Outlook, but so what?

    Outlook is a decent program for e-mailing. That Microsoft decided to make it more "feature-rich" so that it can let you view interactive HTML e-mail messages has its good points and bad points. Maybe some people (notably non-technical people who like looking at pretty pictures, which is a lot of e-mail users these days) want that kind of functionality.

    And technically, it would still do some damage if it was another e-mail client on a machine that is capable of executing a VBScript file. Most e-mail programs will allow you to double-click to open the script file. The culprit here is the WSH. Yes, it's Microsoft's fault that it happened, but not for lack of trying to bring a more feature-rich product to consumers.

    You're not going to tell me that if Linux offered similar functionalities of Outlook and WSH, that there wouldn't be a problem? You could always program around it at fix it, but then again, so could Microsoft, if they'd just be a little bit more careful, things like this wouldn't happen.

  • All it says is that Microsoft users are unlucky, and that's a given.

    "People using MandrakeSoft version of Linux can continue to open all their email messages without any risk to their computer. The recently destructive Virus called "I love you" or "Love Message" virus doesn't affect versions of Linux-Mandrake nor any other Linux operating
    systems.

    Software viruses are programs that can infect poorly-secured computer operating systems and applications. Machines running the Linux operating system have never been infected by a virus yet.

    People using email agents under Linux-Mandrake, including Netscape-mail, Kmail, Balsa, Emacs-mail, Pine, Elm, Mailx and Exmh can open any infected email message without any risk to their data.

    Additionally people using their Linux-Mandrake system as a smtp server (with Sendmail or Postfix) to the unlucky Windows(tm) users can easily stop the spread of the Love virus.

    - If you use Sendmail as a smtp server, follow the instructions
    provided on the official Sendmail website on
    http://sendmail.net/?feed=lovefix. They also have issued a patch that
    can be used to prevent the Love worm mutations on
    http://sendmail.net/?feed=lovemorph

    - If you use Postfix as a smtp server, here's a quick fix:

    In /etc/postfix/main.cf put the following line:

    header_checks = regexp:/etc/postfix/header_checks

    In /etc/postfix/header_checks add this following line:

    /^Subject: ILOVEYOU/ REJECT

    This rejects any message with "ILOVEYOU" in the subject. Depending on
    the new mutations, you'll have to adapt the last line according to new
    subject.

    - You can also block the virus with Procmail by adding the following
    to your .procmailrc:

    :0 D
    * ^Subject:[[tab] ]+ILOVEYOU
    /dev/null

    This erases any message with "ILOVEYOU" in the subject. You can
    adapt it to new forms taken by the virus.

    For more information about the Love virus, there is a complete
    advisory available on CERT's site on
    http://www.cert.org/advisories/CA-2000-04.html"


    "What do I care, if life ain't fair,
    If you look at me real sore.
    I've paid my dues and you should too,
    as a son-of-a-bitch to the core"

  • And if Linux users are honest, they'll admit it is entirely possible to write a mail program for Linux that is as dangerous as Outlook.

    Riiiiggght

    It is possiable, but no has yet written one. Why? Ok, first you must write a mail client, sure they aren't that hard to write and the mail protocol is well documenated, but after you spent weeks/months/years getting your mail client out. For people to use it, it has to be good. So you have to write a dam good mail client, better than pine, mutt, kmail, elm and all the other combined.

    So what do you have, a really nice mail client, that is being used by say %50 of the linux users (mail clients are like editors, people don't change them much). So what this take, 1 year of your time?

    Also all the souce must be under the GPL or opensouce or the GNU/Linux Zealots of the world will ban you from slashdot and beat you with sticks

    OK, now the source is open for anyone to look at (and also find your bug) and Unix users would go "Hrmm that is really strange it automatically executed the bash script my freind sent me ... ... ... I have see this somewhere before, like a dream, more like a nightmare of hellishOUTLOOK EXPRESS!! DAM YOU!" and within minutes Cert, Distro Inc, Slashdot, Securtiy Focus would all post this "fearture". Then on or two things would happen, either they take it out of the source or no one will ever use your program again... and how many people did you infect? 2-3?

    One year of your time to do something malice? Come one, lets review the script kiddies hand book, would this really give them the most BANG for the buck?

    Why don't they just code a 30 minute visual basic worm, pop it on their schools WinXX network and watch 100 users start screaming?

    I agree you COULD write a email client that is dangerous as outlook express, but no one that has an IQ over 20 is going to do this... and err uh ummm Microsoft

    Even if you had outlook running on linux (though maybe Wine?) what is the MOST harm you could cause to the Linux system running as normaluser?

    Premission Denied: you can not delete the /etc directory ... ... ... ... ... punk, don't bring that shXt in here.
  • I use Notes on my Win95-based ThinkPad at work, and had no problems in a certain big, blue company.
  • What do you think is the most likely virus to hit Linux?

    1. A Morris-style Internet worm
    2. Stack overflow, race condition (eg. /tmp files, symlinks, etc.) exploiters
    3. A Perl attachment (I dread the day executable content becomes a "normal" part of stuff like email)
    4. A Linux "advisory" message that goes "For blah-blah-blahh reason, you really should fix up your mail client... If you're using Mutt, type |bash" ... (who says Mutt is immune to viruses?!)
    5. Chain letters (they are a kind of virus too :-)
    6. A VBS script (haha)
    7. GPL :-)
    8. Dumb users
  • Give me a break. Solaris wasn't effected either. Neither was BE Or VM Or VMS Or HPUX Or MacOS Or DOS Or HP printers Or Palm pilots Or Linux Seriously. It's a VBSCRIPT virus, that only knew how to use MS OUTLOOK to spread mail. So in order to affect a system, you need three things: 1) A VBScript interpreter, that supports all functions and objects used by the virus. 2) MS Outlook, and corresponding MAPI interface. 3) Users who are retarded enough to run the thing in the first place.
  • This virus has nothing to do with Outlook. It'll affect any mail client, be it Eudora Pro, Pegasus Mail, Outlook Express or any other that allows you to save attachments.

    It may affect users of other mail clients, in the sense that it will erase files and such, but it only spreads itself if it is run from Outlook. The fact that almost everyone is using Outlook is what allowed the worm to spread.

    If someone sent a particularly stupid Linux user a bash script that did the same thing, would they fall prey to it?

    Any Linux user stupid enough to run a shell script without looking at it first deserves to have bad things happen to him. Besides, you'd have to know something in order to figure out how to run the script. No mailer (that I know of, at least) will run the script itself, so you'd have to save it to a file, set it as executable, and then run it. If you know how to do that, chances are you're smart enough to have a look at the script and notice that it has a bunch of rm commands.

  • What happened to all the panic over Melissa way back when? Remeber when we all became suddenly guarded over received email attachments with generic messages, and told not to open said attachments? Remember?????!

    I'm not really surprised that ILOATHYOU virus managed to spread as far and fast as it did: the average user's attention span is pretty darn low.
    I got 3 copies of Melissa in my email, 3 hours AFTER a company-wide warning went out (granted, it was at 00:03 EST) all from the same person!
    The latest "virus" I want to get rid of is these friggin .URL attachments from my Windez-using friends. Goddamn those piss me off!


    Pope

    Freedom is Slavery! Ignorance is Strength! Monopolies offer Choice!
  • I didn't get a single copy of ILOVEYOU, and I'm disappointed. I set up filtering, based on that subject line, but I didn't get to see the filter in action, beyond my test messages: nobody ever sent it to me.

    Now I'm bombarded by mail all day from friends, family, business associates, etc. Much like most of you, I'm sure. I get a few hundred messages most days.

    So I've got to admit that I'm a little disappointed that not one of these people had me bookmarked. Maybe this says something about the calibre of my friends: They're smart enough not to run Windows, or Outlook, or open worm-bearing e-mail.

    Still, I've got to say, I'm a little bit sad. Oh, well. Maybe next time around.

    -Waldo
  • This is making the rounds of some *nix mailing lists today. Rather than spam all the people I know, I'm posting it here for you to twitter at.

    ------------- Begin Forwarded Message -------------
    For those Unix & Linux fanatics who're feeling left out, please forward
    this message to everyone you know and delete a bunch of your files at
    random.
    ------------- End Forwarded Message -------------

    I didn't receive a single ILOVEYOU message from any of my friends or cow-orkers, but then again, most of them aren't clueless enough to be using an unsecured copy of LookOut.

    the AC
  • Linux and Unix software is pretty immune to attacks like the one exploited by ILOVEYOU. In my mind, there are two reasons for this:

    1. We've already lived through such attacks. We haven't already forgotten The Internet Worm [purdue.edu], have we? It happened back in 1988, so I'm guessing there are readers who don't remember it. Do yourself a favor and at least check out This Executive Summary [nasa.gov] of what the worm was.

    2. Open source lets us learn from our past. In the Unix world, no software with blatant holes has those holes for long. Code is scrutinized for previous exploits. Nobody wants to get burned twice. On the other hand, in the closed-source world, it's likely that the developer won't know every previous software exploit ever, and he's likely to make the same mistake that someone else did. We will never see ANOTHER program that works like the internet worm; we now know to look for those type of exploits.

    We might not be immune, but it's nearly impossible that we woule make the same mistake twice. That's the beauty of open source.

  • good rant, but your argument is all based on the idea that outlook autoruns the attachment. The reports I hear from actual Windows users are that it doesn't, that people clicked on the thing. Now, even knowing that, I *still* think that it's largely Outlook's fault; running a non-sandboxed script (or executable) from an attachment is so dangerous that no MUA should do that on behalf of the user on the basis of a click or two.
  • Your article is about the same logic as saying "I did not get sunburn today. The reason must be that I ate fish today. Go visit our local fish restaurant, they make a great dish of fish."

    Your choice of mail server software IS NOT the reason that the virus / trojan hasn't hit you.
    Assuming otherwise shows your ignorance after days and days of /incredibly/ well-done and accurate reporting by the mass media about how this virus works and how it spreads. I'm amazed that even the regional yellow press explained the technical details of the virus / trojan by 90% correct here. That's a first for technology reporting.

    The ILOVEYOU trojan horse affects mail clients only (to be more precise, the MS Outlook mail client, running on Windows machines).

    It DOES NOT affect mail server software, so it is irrelevant if your mail server is running Sendmail on Solaris, Communigate Pro on Linux, Mercur on Windows NT or whatever.

    Also, the MAPS RBL has no business with stopping the spread of the ILOVEYOU message or similar harmful mail.

    MAPS RBL is about stopping spammers and other persistent mail abusers. To get someone into the Real Time Blackhole list, you have to follow a very strict and bureacratic nomination protocol. E.g., you have to document the mail abuse /and/ that you contacted the abuser's provider personally /and/ that they declined your request to stop the abuser.

    It doesn't take a minute to get a mail server rbl'ed - and that is good, because the MAPS team has put a lot of effort into making their system a fully documented weapon against spam, not a personal vendetta black-mail against providers that some individuals do not like.

    The only reasons that the virus / trojan didn't reach you is either a) your friends are pretty smart and did not fall for the virus or b) none of your friends is using Outlook or c) you have no friends. Pick your favourite explanation. :-)

    ------------------
  • This is not a case of OS security at all. It's a case of the client. If Linux ever dominates the desktop, there's a good chance we'll see an office suite with integrated email, where attachments can be easily opened by the suite. And if the word processor has macros....
    Now, you'll tell me that open-source development is smarter than to let that happen. And you'll be right. But the immunity of Linux users to things like "ILOVEYOU" right now comes from the lack of application interoperability, not from OS security.
  • to this discussion, I found a couple of related articles in the SJMerc News.
    this [sjmercury.com] one mentions some of the 14 gov't agencies hit buy the worm.

    this [sjmercury.com] one highlights stuff from the congressional hearings on the worm and security in general. Both pretty good reads. No real bashing/praising one way or t'other.
  • by cr0sh ( 43134 ) on Wednesday May 10, 2000 @08:26AM (#1080976) Homepage
    In the past several days, I have read many accounts as to why this virus spread, as well as for/against reasons as to whether or not this could happen on the Linux platform. Everything I have read seems to indicate that this "virus" (I would prefer the term "trojan" as being more accurate) relied on two seperate things existing in order to propagate: 1) That of the user clicking on the attachment to "run" it, and 2) Outlook being installed (for the sake of the address book).

    In other words, this could have happened on a Linux box, had such a thing as Outlook existed for Linux (although I think damage would still have been minimal, since the user should be running as a user, and not as root). Now, if the user was using some other email client, and clicked on the attachment, if it wasn't Outlook, nothing happened (not that the code couldn't have been written to take this in account, however, such modifications to the code would have made it much more complicated).

    So, for this particular case, what we have here is not a software problem, but a societal problem. If the code auto-executed, or used some blatent hole or "feature" of Windoze, that would be one thing. However, it didn't.

    Our current society (which many geeks are not a part of - we dwell within it, but we generally don't subscribe to it's beliefs) is one in which limited attention span, a need to quickly satiate desires without thinking about consequences of action, and a lack of responsibility - has caused such manifestations of chaos.

    Society's limited attention span has caused the forgetting of history, in society's mind, about such past transgressions such as the Morris Internet Worm (which I remember as being newsworthy, but I wasn't on the Net at the time, to be affected by it's "destructiveness"), MS-DOS viruses, and the Melissa Email "virus".

    Society's need to quickly satiate desires, without thinking about ramifications of actions, allow for such acts to continue, over and over again - because it seems like the reward should be obtained at any cost (or it should just be obtained, without thought to what hooks are buried within). Sort of like ordering a Big Mac meal at Mc Donald's - "Would you like to upsize that?" they ask, and when you say "No!" (being a geek), they look at you like "Aww, don't you want an extra cup of grease to go with that fatburger?" - you know what the hooks are, but most people see "Wow, more for less than the cost of it seperately! I'll take it!" (on a side note, this reminds me of a Jack in the Box trick - a couple of their meals are wierd; if you order one of the meals, and then a seperate sandwich, which has it's own meal, it is cheaper than getting that same sandwich as a meal, and the sandwich of the other original meal seperately - only by a few pennies, mind you - but imagine thousands of people doing this every day, without nary a thought about it - instant money).

    Finally, society's lack of responsibility is what is ultimately responsible. Someone, somewhere (and if we believe the reports and source code, that "somewhere" is the Phillipines) has said to themselves "I am not going to be responsible to myself or my feelings - I am NOT going to work out my problems. I am instead GOING TO LASH OUT, and send this scourge upon the world!", the outpouring of a 3-year old's tantrum.

    Why does society let this continue? Why isn't society educating itself to deal with problems that occur in the individual's life, rather than blaming the other guy (and in the end, making the lawyers rich)? Why does society always need a "quick fix" - why doesn't it step back, and realize that what it has is actually pretty damn good?

    Why does society continue to forget, and repeat history - has society not learned the maxim?

    Answer these questions, and fix the problems - and I bet many of the current issues facing us today, simply disappear.
  • by Anonymous Coward
    An abacus is not virus proof. Someone could come over and play with your balls when you are not looking.
  • I've never heard supporters of other products doing the "na, na, na, we didn't have the problem cause we use Solaris/Irix/Dynix/etc".

    You've obviously not been hanging out on the right web sites then...Go find a pro-Solaris/Irix/Dynix website/newsgroup/mailing list and you'll get your fix.

    Frankly, it amazes me that you got moderated UP to 3, Interesting...I personally find nothing interesting about yet another rant about how Slashdot is pro-Linux / anti-Microsoft. Welcome to the free world...if it offends you that much, then no one is forcing you to stay and read it!

  • by mindstrm ( 20013 ) on Wednesday May 10, 2000 @07:44AM (#1080986)
    The only thing about this virus that was outlook specific was the fact that it used outlook's MAPI facilities to get addresses and send copies of itself around. The writer could have used outlook express, or eudora, or pine, or any other email program had he wished to.. he simply programmed it for outlook. Contrary to what so many people seem to wrongly assume, the virus did NOT run automatically due to some bug in outlook.. dumb users simply RAN the attachment, which was a pure vbscript (no different than a unix user running a perl script). There was no 'embedded' scripting, or 'hidden' scripting, or 'security hole'.
  • This virus has nothing to do with Outlook . It'll affect any mail client, be it Eudora Pro, Pegasus Mail, Outlook Express or any other that allows you to save attachments.

    That's just plain wrong. The emailer has to *execute* it before anything bad happens. Hopefully you know the difference between "save" and "execute".

    Who moderated that post up to 3???
    --
  • Open the attachment while holding down shift will force the VB script NOT to execute.

    Thanks, I'll try that sometime. I've never heard of this feature. Apparently, millions of other Windoze users haven't either. Gotta love a well documented, secure mail interface with a built in world-self-destruct feature.

Time is the most valuable thing a man can spend. -- Theophrastus

Working...