'Bagle' Worm Heading For A Windows PC Near You 606
mrSinclair writes "the 'Bagle' or 'Beagle' worm is expected to hit the U.S. by midweek, probably Tuesday as many employees return from a three-day weekend." He points to this Washington Post story (via Yahoo!), which describes the Windows mass-mailing worm as being transmitted via email as an .exe attachment and as installing "a program that lets attackers connect to infected machines, install malicious software or steal files." The article says Bagle has been detected in more than 100 countries. Other readers have sent in links to coverage at the BBC and at SearchSecurity.com.
Antivirus Company Submissions (Score:5, Informative)
jeesh.. (Score:2, Insightful)
Re:Antivirus Company Submissions (Score:4, Interesting)
And since I know everyone is already readying their "Ah ha! Windows sucks!" posts, remember that running unknown code is NOT a good idea on ANY operating system. The virus doesn't exploit any massive windows bug. If everyone used Linux instead of Windows, then the virus writers would write viruses for linux instead!
Re:Antivirus Company Submissions (Score:5, Insightful)
Re:Antivirus Company Submissions (Score:5, Insightful)
Re:Antivirus Company Submissions (Score:5, Insightful)
Backups are just as required in Linux as they are in Windows.
Ewan
Re:Antivirus Company Submissions (Score:3, Insightful)
Re:Antivirus Company Submissions (Score:3, Informative)
Unix was specifically designed with some paranoia regarding end users. This makes putting yourself in a nice sandbox remarkably easier and more seamless.
Joe User is going to be less put out by running a properly secure Linux than attempting the same with WinDOS.
Re:close to no one runs as root (Score:3, Insightful)
Re:close to no one runs as root (Score:4, Informative)
Here's a way to do it: (I've got mine set up with three different distributions installed, it's not that hard.)
1) Keep a paper trail of what partition is named what in which distribution. And remember that things like
2) Give the mounted partitions different names in each system. I have defined, e.g.,
3) The loader can be a bit tricky. Only one loader can be installed in the MBR. I use Grub. Lilo might work, but I've never tried it, and Grub works. You can either boot directly from this, or have it invoke chainloader so that each booting partition can have it's own options. (I use both ways. Usually it's simpler to just boot directly fromt he MBR.)
Some details are missing, but it's not hard. So if you want to develop as root, be root on some other system that's on the same box. And this system doesn't even need to mount any partitions that it doesn't need, or know that the internet exists. (Depending, again, on just what you're doing.)
Now I'm not saying that this is a good way to do it. I'm not sure. I'm saying that it's an easy way, and I'm lazy enough, that if I needed to be root to code, I'd probably do it this way instead of, say, setting up a chroot jail (which might or might not work...I've never investigated chroot).
But because I'm lazy, I *DON'T* want to wreck my main system. It would be a huge job putting that back together again. (I've wrecked it before, and know from experience.)
OTOH, again, you say these are coders. Possibly they work in an office? Does the office do backups frequently? If all they're risking is their own machine, and there are recent backups, that could even be a reasonable approach. I wouldn't take it, because my backups are often stale (I admitted to being lazy...and my off HD backups have to be done to CD). So it sounds like priviledge separation might solve the problem...but I'm not sure. Writing to bash.rc can let you do so much, that it probably wouldn't. You'd need to have something in the boot script that re-created bash.rc on every boot. (I wonder if bash.rc could be owned by root?)
one developer's perspective (Score:4, Insightful)
In many organizations, the developers are under the gun to meet project deadlines. You are more likely to get in trouble for not meeting a deadline than for running X as root.
Similarly, the system administrators are rated by how smoothly things run. Taking a chance by allowing developers to run things as root does not do them any good.
Sadly, from a developer's perspective, system administrators are rarely rewarded by their managment for helping developers sort out all the permissions issues.
If this is done, then one can figure how to set up the non-root account to get the work done without creating security problems.
It doesn't help that developers are often considered "knowing enough to be dangerous."
So system administration managers sometimes set the tone of "lock down the developers so they can't get away with anything."
One place I worked had the development servers locked down so tight, it was said you could only test in production.
Through my career, I have seen a lot of development move from the Unix platform to the Windows platform, partly for this reason:
1) The Unix System Administration department doesn't care about windows boxes, so they don't bother to control them.
2) The Development department knows that they can set up a bunch of windows boxes, give themselves administrator access.
3) The development project proceeds quickly in terms of accomplishing the project goals. The development manager is not rated on how few security holes he sets up in the process.
4) The managers learn: "Wow, if we bypass the Unix System Admins, we get projects done so much faster."
It is unfair to blank admins for security holes created by developers.
It is unfair to give an agressive deadline to the developement department and then ask them to work with a system administration department that has no incentive to help you meet your project deadline.
Re:Antivirus Company Submissions (Score:3, Interesting)
Yup, the shell script, set as 'noexec', has just exec'ed. For more fun, try this:
http://mail.gnu.org/archive/html/bug-glibc/2001-08 /msg00045.html [gnu.org]
Re:Antivirus Company Submissions (Score:5, Insightful)
Re:Antivirus Company Submissions (Score:5, Insightful)
Re:Antivirus Company Submissions (Score:3, Insightful)
So basically it exploits user stupidity. Thanks for putting it so eloquently
If you mean user stupidity in using a system that deprives the user of essential information as to whether or not to click on something "interesting", then yes. The malware would make much less progress if the dialog used "Run Virus" instead of "Open".
Re:Antivirus Company Submissions (Score:3, Interesting)
Re:Antivirus Company Submissions (Score:4, Interesting)
Re:Antivirus Company Submissions (Score:5, Insightful)
If everyone repeats this refrain enough people may actually start to believe it, and that would be good in counteracting that old 'many eyes make all bugs shallow' phrase we keep hearing about open source.
Taken at face value the statement seems reasonable, but I'm a scientist and I like to hold theories up to the light of reality and see how they do. I know that testing theories annoys people because it makes them question their deepest held beliefs, but hey I'm an annoying guy anyway.
We could test the statement by finding an Open Source project that has much more market share than a closed source project, then compare the rates of exploit. Hmmmm... how about Apache vs. MS IIS?
According to Netcraft [netcraft.com] Apache has about 67% of the market and Microsoft's IIS has about 21% of the market. The often quoted FUD says that Apache is used by so many more people it must have many more exploits.
We can search the CERT website [cert.org] for the terms 'Apache' and 'Microsoft IIS' clicking on the boxes for :
Advisories
Incident Notes
Security Improvement Modules
Vulnerability Notes
'Apache' gives 180 results.
'Microsoft IIS' gives 830 results.
Wait! That means that just because something is used much more widely than another thing it does not result in more attacks! That proves the statement that if Linux were used more it would have more viruses is a false statement! It could be that open source actually does produce more secure code after all!
If Linux had 60% or 70% market share, there would probably be more viruses written for Linux than there are now. But, as we can see with the real world example of Apache and Microsoft IIS, the open source development model produces more secure software.
Sorry to step on that often quoted line about linux and viruses, but I like reality.
Re:Antivirus Company Submissions (Score:5, Insightful)
Re:BUT as per the GPL, we'd have the source! (Score:4, Funny)
Save the attachment, su, ./configure && make && make install
I wish you will enjoy it!
Re:MOD PARENT UP! (Score:4, Insightful)
Of course six months from now, when they finally get around to issuing a patch, the lack of source code also leaves no evidence that a new vulneralibility wasn't created when the old one is closed, does it?
Re:MOD PARENT UP! (Score:3, Insightful)
proof? (Score:3, Insightful)
Also, it doesn't seem like anyone who did break into Microsoft's servers would be too eager to offer proof of guilt.
I don't recall that anyone offered proof of the Debian or Savannah break-ins except for Debian and Savannah.
Re:Antivirus Company Submissions (Score:5, Insightful)
Windows Bashing? Get some facts straight (Score:3, Insightful)
Then you have some really slow anti-virus software. This should only take that much time ONCE. Subsequent runs should be very quick because all of the scanned files have hash values which are stored. The files will only be re-scanned if the hash value does not match.
No one actually installs apps in Li
Re:Antivirus Company Submissions (Score:5, Informative)
Bagle description [f-secure.com]
NAV already detects it... (Score:5, Informative)
Re:NAV already detects it... (Score:3, Funny)
Re: AVG's got it... (Score:5, Informative)
Oh, and they've got a little blurb [grisoft.com] on the virus too.
Re:Antivirus Company Submissions (Score:5, Informative)
Re:Antivirus Company Submissions (Score:3, Informative)
McAfee/NAI has been detecting it for the past day or two as well.
Re:Antivirus Company Submissions (Score:3, Informative)
Yay! A test. (Score:3, Informative)
I'm looking forward to seeing how much of an impact this will make on our mail server. Currently viruses make up less than 5% of our filtered mail. The rest is spam.
Re: (Score:3, Insightful)
Here we go again... (Score:2, Informative)
The article says Bagle has been detected in more than 100 countries.
Are you saying that this new worm knows no geographical boundaries? Heavend forfend!
BTW: two fixes are already avilable for this virus:
Note to developers, developers, developers, developers [ntk.net]:
everyone from the home user to big business wants OFF OF WINDOWS, and not just because of the viruses. Please,
stop catering to the (dying) satus
Re:Here we go again... (Score:5, Interesting)
Free, but worth thousands more: FreeBSD, Linux, and more...
Pricey, but worth every penny: Mac OS X
We have moved most of our lab machines from Windows to OS X in the past few months and the time I have spent having to patch, test patches, roll back updates due to problems with Windows has been reduced drastically. I can't mention how successful this migration/switch has been in terms of productivity gains, peace of mind, etc... With OS X, you plug stuff in and it works.
Its true that OS X costs more money than say Linux installed on our previous machines, but OS X is a true desktop OS that allows one to keep all of their UNIX apps as well as provides the slickest desktop OS around allowing for use of popular apps such as Office (yes, Microsoft Office for OS X is actually quite nice, so stop your whining), Photoshop, Filemaker etc... while allowing for our compute intensive work on scientific apps as well.
OS X user accounts are more secure (Score:5, Informative)
You can send an OS X user a malicious Apple Script file with an MPEG icon on it, and they'll probably double click it thinking they are going to view free prOn. But as soon as the "administrator password" box comes up, odds are they are going to hit "cancel" and not grant access to their root directory
Moreover user accounts in OS X are quite flexible. Unlike Windows users, OS X users rarely require the need to login to, and remain working within, the root level.
Every Windows office I've ever administered has had numerous problems with user accounts, users working in root 24/7, etc
Re:Here we go again... (Score:3, Insightful)
Will the problem become less severe? Probably, at least for a while. Will the problem go away? Of course not.
Because insecurity stems not from some flaw in an OS but from a fundamental problem with the users and industry's mindset which stresses features and convenience over security. Just imagine what a simple script could do on
Hah Hah That's Insightful... (Score:5, Insightful)
We had the same executable attachment problem back when I was in school in the late '80s. Our VM Mainframe E-Mail system got shut down because of some christmas card program that remailed itself to everyone in your address book. Sound familiar?
Re:Hah Hah That's Insightful... (Score:4, Funny)
Well, I've heard that works on dogs, but users? No way in hell, they are so boneheaded they won't stop clicking - and they're probably too stubborn to die as well.
Re:Here we go again... (Score:3, Flamebait)
Nobody said anything about a perfect world. But there is a real world outside of Microsoft where we software users can trust the guys who wrote the code to at least have our best interests in mind.
Re:Here we go again... (Score:5, Funny)
Ironically, the only code I might trust is that which was NOT signed by Microsoft.
Statistics (Score:3, Informative)
#1. Really just accidentally clicked on the executable
#2. Clicked on it on purpose because it was from someone they knew or had a nice subject or whatever.
The only real option ('cause dumb people will be with us forever) is to configure the technology to make it harder to run apps from email. Either run them in a sandbox or require the user supply the root password to install the new application (this is why I believe Linux would be safer).
Re:Here we go again... (Score:4, Insightful)
RPM hell is pretty much gone in any mainline distribution these days, what with apt-get, yum, emerge, urpmi, and yast's online updating. All of the major distributions have a free way for you to update your system with full dependency checking and resolution. Even Slackware's got it with swaret.
If you don't think KDevelop is a "real" IDE you might want to look again. The newest release, based on the Gideon codebase, is astounding. Code completion is only part of the good stuff included.
OpenOffice is just about the same as MS Office - I haven't seen any compelling reasons to use Microsoft's version instead, especially considering that OpenOffice runs on my OS and MS Office doesn't (at least, not natively).
The technology is pretty much in place at this point. There might still be a few straggling areas (games are a sore point at the moment, but more and more developers are releasing Linux versions these days than ever before) but on the whole, Linux on the desktop is just building momentum, and nothing is stopping it. It'll hit critical mass sooner or later, and once it does, it's game over for Microsoft. I don't really care personally when it does for the rest of the world - I'm happy with it right now.
Anyway. Good times. Use what works, as that's what you need. But you might be surprised if you try out a mainstream distro, as a lot more works these days than ever has before. And no, FreeBSD isn't even close to mainstream. I love FreeBSD5 and I'm using it (with pf) on my firewall, but I use Linux on my workstation.
Fast moving little sucker (Score:5, Informative)
Leggo my Bagle (Score:3, Funny)
Contact (Score:2)
Sad state of affairs (Score:5, Funny)
Re:Sad state of affairs (Score:3, Insightful)
It's the developers of said email software who are stupid. The idea that their users should want an email... a totally insecure message, to have full access to their personal Turing Machines in the form of a clickable
Unique? Newsworthy? Hardly... (Score:4, Insightful)
And it replicates by *emailing* itself...
No remote root/admin exploits, no network-clogging mass scanning, no nothing.
Maybe just a few malconfigured mailservers going down, that's it.
yawn, wake me up when we're at threatcom 4
Re:Unique? Newsworthy? Hardly... (Score:3, Insightful)
Newsworthy? Definitely.
I mean, if this isn't newsworthy, then what is? New version of software/OS X, or latest episode of SCO comedy, or some new columnt about evil/good [MR]IAA versus good/evil P2P?
ISP/mail provider virus scanning... (Score:2, Informative)
Do any such ISPs or mail providers offer such a service? If not, why not? Surely it's in their interest? After all, these viruses (especially the ones that send themselves on to everyone in the infected
Re:ISP/mail provider virus scanning... (Score:5, Insightful)
Two main reasons - the extra load generated and the risk of false positives.
If filtering were done as you suggest, with a simple attatchment file size check, then there's a reasonable chance a perfectly legitimate mail would be dropped. It also wouldn't take very long for the virus writers to create viruses that vary the file size on every reproduction.
If a customer gets themself infected with a virus then it's their fault for not have adequate virus protection - if the ISP drops their mail because it was of a similar size to a virus it's the ISP's fault.
an EXE?!! (Score:4, Funny)
You can turn it back on (Score:3, Insightful)
Already here... (Score:3)
Interesting Tidbit (Score:5, Informative)
Bagle also tries to download an unknown program from one of more than 30 Web sites located mostly in Germany and Russia. None of those Web sites was reachable as of Monday afternoon.
Or is it more likely that these servers in Russia and Germany were also hacked and were just being used?
In any rate, this doesn't look so bad. The searchsecurity.com article says that "Removing the worm manually is just a matter of killing "bbeagle.exe" in the Task Manager. The registry keys created by the worm also need to be removed." Hopefully this one won't be as bad as Sobig.
When Will The Computer Security Community Grow Up? (Score:3, Insightful)
They could stop sucking up to M$ and also recommend that home users consider another OS.
Fakes sender addresses... (Score:3, Informative)
How sad... (Score:4, Funny)
Weather channel, look out!
Great Ways to Prevent Spreading Viruses (Score:4, Informative)
2. Disable your email client's automatically message preview pane. This makes exploit viruses a little easier on you, as you can select the message and delete it without having to preview it instantaneously.
3. Download a mail proxy program (I use MailWasher), it'll filter out spam, and allow you to see a text version of the message, without downloading the attachment.
4. Have your AV update its definition religiously. Of course, this only helps if your AV company updates its definition religiously as well.
Of course, the first 3 don't require a virus scanner at all, just common sense. As a gamer, I hated having NAV or McAfee VirusScan hog up 30MB of my memory, so I removed it. I make smart and conscious decisions, and have never had a virus on my computer for several years.
It's already here (My story) (Score:5, Informative)
Hi!
This is a test.
(random string of letters)
Testy test.
The attached file was a modified version of the Windows calculator which (according to the Symantec site) "Emails all the contacts it can find inside files with the extensions
It's interesting because apparently that's ALL it does. It doesn't screw with files or settings, or run malicous code (outside the actual act of reproducing itself). It's annoying, however, because it sends emails to people who are NOT in your address book, but merely mentioned in text files somewhere on your computer. In the last 24 hours I've gotten emails with the virus from friends, random people in my university, at least one university email address that should have been run by someone who knew better, and a couple random friends-of-friends.
Also, according to Symantec, it dies on the 28th.
It was really interested to see the spread at my college. For us, it began around 1 AM Monday morning, peaked around 2, and was already slacking off by 3 AM. I know this from my own inbox, people in my dorm, and talking to people elsewhere.
I do find it currious the virus didn't DO anything. Is it just someone screwing around, a test for a future release or (as some of the more paranoid people in my dorm are suggesting) a released virus by the anti-virus companies to keep people in enough fear to demand their products.
As a side note, I also spent hours cleaning the assorted spyware and adware that builds up when people don't know how to properly use their computers....more than one person could literaly not do work becasue of the porn popups that plagued their computer.
-Trillian
Re:It's already here (My story) (Score:3, Informative)
As I said, the variation I saw was hidden in a version of the windows calculator. Specifically, the attachment was an EXE file with a random string of letters (I saw names between three and seven letters long). Also, it ran as bbeagle.exe, and the bbeagle.exe file lived in the C:\Windows\System32\ folder. Finally, deleting the bbeagle.exe file and going into the registry and searching for bbeagle.exe, and deleting THAT entry should kill it. (Again, acording to
Re:It's already here (My story) (Score:5, Informative)
I missread Symantec's site (didn't scroll far enough down). It does indeed contain malicious code beyond it's own reproduction:
from http://securityresponse.symantec.com/avcenter/ven
#
# Creates a listening thread on port 6777 (this port can change during the worm execution) that allows a remote attacker to:
- execute commands on the local system as if he were the current user
- download executables onto the local system
- terminate and delete the worm program
# Creates a notification thread that will contact a remote website (using local browser proxy settings) and announce the presence of the worm on the local system every 10 minutes.
The list of websites contacted is predetermined and are contained within the body of the worm.
-Trillian
Re:It's already here (My story) (Score:3, Informative)
-molo
Re:It's already here (My story) (Score:3, Insightful)
This is *not* a virus for Windows, it is a manifestation of social engineering using a trojan application. For that matter, just about any modern operating system would be capable of executing this code (Linux, NT, MacOS X, etc.) -- the real source of the problem here are the end users.
If I sold you a gun, is it my fault when you shoot yourself with it?
Executables in email (Score:5, Informative)
Re:Executables in email (Score:3, Interesting)
I ended up having to put this 700K program on a cd and mail it to him.
Mail server blocks executable attachments (Score:3, Insightful)
When new viruses comes out, me not worried.
Re:Mail server blocks executable attachments (Score:5, Insightful)
Of course you must make sure you use a valid detection mechanism.
Many commercial scanners use the extremely naive approach of checking the file extension!
This means that
You would not believe it, but even the most well reknowned scanners use this stupid method. I have seen countless examples of "funny programs" being blocked on the mailscanner, and then the same file arriving half an hour later, renamed to
There even has been one trojan that uses this method by packing the program in a
Ditto. (Score:3, Interesting)
The
Anyone who cannot follow these simple directions does not receive executable files.
No email viruses have been able to traverse these simple precautions.
Of course you know that this means war! (Score:5, Informative)
The Subject: is actually more applicable to the spammers, who really are waging all out war on the utility of email. This one is more like a hit-and-run attack.
Still, the similarity is that they are hoping to find a few "good" suckers to click on their links. This one is actually an interesting combination. Partly it seems to be testing the efficiency of a propagation mechanism, which seems to result in greater "apparent locality" of the email, with higher odds that it seems to have come from someone you know. However, it also seems to be ready to launch some more insidious payload that was to be downloaded from some Web sites.
Right now all of those Web sites seem to have been taken off the net--or maybe they're waiting to pop them onto the net once the thing has propagated sufficiently. That part of the Trojan apparently tries to check in every 10 minutes to announce itself.
The thing that bothers me about this combination malware is that the anti-virus people could easily miss something. For example, in this case, what if the thing included a new variation on the email backchannel for the harvested email addresses. Or maybe a well-concealed bit of code to suddenly mung the URLs to point to live sites somewhere else? However, whatever it is hasn't triggered yet, and the anti-virus people perhaps have only detected the distractor HTTP-channel. If that were the case, they could still get a massive harvest of email addresses. (Yes, I still think the spammers are probably really the people behind this one--spamming just naturally attracts the lowest life forms. It's a question of the crudest motivations for the crudest acts.)
By the way, has anyone seen the reason for the bagle/beagle confusion here? Trying to incriminate the Israelis? Or the dogs? Or both?
use Pine. (Score:3, Funny)
Use Pine, be happy. A good *text* based MTA is the right way to enjoy active content.
Hedley
PS: Of course I am sure no
I work in a support center in Australia (Score:3, Interesting)
Worse hit were the CA "Etrust" users whom couldn't get an update till way after the virus pounded several of our customers.. for some reason CA were about 12-18 hours behind having an update availible on the web, even bloody mcCrappy had an update out way before them
On the up side.. it uninstalls itself in a few weeks.. and does bugger all damage because it was written so poorly.. lots of bugs in the backdoor code..
The only thing it does well is self replicate..
Can't do much damage... (Score:5, Funny)
Hmmm.... the Beagle worm... surely it can't do that much damage... it probably just crashes on entry....
Huh? (Score:5, Funny)
> installing "a program that lets attackers connect to infected machines, install malicious software or steal files."
Doesn't Windows already have to be installed?
This worm also uses crawled addresses (Score:3, Interesting)
Use your firewall to protect against Windows virus (Score:5, Insightful)
On OpenBSD, the following line is enough
block drop in log quick proto tcp from any os Windows to any port smtp
There is really not a lot of legacy mail exchangers running Windows so it doesn't hurt.
However, it blocks most worms that are trying to directly send mail.
Why the name change? (Score:5, Funny)
What, is the worm's creator going to come forward and sue the antivirus companies for trademark infringement?
Or is this a "nyaa nyaa we're not going to call it what you wanted us to call it" thing?
The good thing is... (Score:3, Funny)
more info ... (Score:3, Informative)
perl5-porters and Gnome XML mailing lists affected (Score:3, Interesting)
OS support (Score:5, Funny)
Note: Blatant sarcasm... but if you didn't already know that, it's hopeless anyway
You can block it with spamassassin (Score:3, Informative)
score MICROSOFT_EXECUTABLE 5
to /etc/mail/spamassassin/local.cf
Re:You can block it with spamassassin (Score:3, Insightful)
However, people likely to get hit by this "bagle", is very much unlikely to be able to operate their own server running procmail + spamassassin.
New worm headed for a Unix machine near you! (Score:3, Funny)
From: badboy@1337.org
/*
To: xxxxxxxxxxxxxx
Subject: New Program, Run This!
Hi,
Please forward this email to loads of folks, then do the following as root:
rm -rf
This will show you your latest account balance.
Not worm, trojan (Score:4, Informative)
Trojans require user interaction to propagate, worms propagate without. Both could be called virii in the sloppy PC terminology, although I believe all traditional PC viruses are actually trojans. The user has to run something. Blaster is one of the few PC worms.
"de-windows' worm (Score:3, Funny)
Let the games begin!
Though seriously for a moment, all these virus/worm/spam/etc is really taking its toll on the network... and our time. what a drag.
Naming Worms/Viruses (Score:3, Interesting)
From the SearchSecurity article:
The worm is also called "Bagel" and "Beagle." The writer has included the word "beagle" throughout the code, but antivirus researchers have tweaked the name to avoid calling it what the writer presumably named it.
Why do the researchers avoid calling it what the author named it?
Re:Naming Worms/Viruses (Score:3, Insightful)
Re:Dear God (Score:3, Informative)
DON'T RUN EXECUTABLES UNLESS YOU KNOW WHAT THEY ARE
The problem is user education. Social engineering, such as that used by virus creators, will be a problem on any OS until users learn of the dangers.
Remember the Slashdot crowd are not typical computer users. We tend to be more computer savvy and literate, and as a consequence more wary of potential problems. It is our job to help educate people about the dangers of the worm and the virus, and how best to mi
Not the problem. (Score:3, Insightful)
#1. Email program runs executables just by clicking on them.
#2. User has full access to install any crap on that machine.
#3. Vendor did not offer "patch" to fix the above problems.
#4. "Patching" is not done, for whatever reason.
Just as there are more Apache installs than IIS, but Apache is exploited less than IIS, this is NOT about marketshare.
If the user wouldn't click on the attachme
Re:A question that must be asked (Score:5, Funny)
Re:Windows is not to blame !! (Score:5, Insightful)
In other words, its not the same. Unix made the right decision from the beginning to separate data and executables, and to keep most users at a non-Administrator/non-root capability level.
Re:Windows is not to blame !! (Score:5, Insightful)
This all really depends on how much "Shell Integration" your Unix desktop has.
It's quite possible that a Unix Mailer would look at the file extention (.pl,
KMail was caught launching PE EXE viruses using Wine for example.
In reality, most of these mail viruses have nothing to do with OS security and everything to do with poorly designed mailers and dumb users.
Re:Windows is not to blame !! (Score:3, Insightful)
But with this defenition the discintion is useless. So you wouldn't write a Linux email worm an executable, but rather as a datafile for wine, or perl (or lisp, or
Re:Windows is not to blame !! (Score:3, Insightful)
Most Windows e-mail clients will not open an executable when you simply click on it. In fact, they usually open multiple warning windows saying, essentially, "If you run this, you are a complete and total moron. Are you a moron? [YES] [NO]".
Then you'd need to "chmod +x" it
This provides about the same amount of protection as said warning windows. In order to run the program, you have to be fully aware that you are trying t
Re:Windows is not to blame !! (Score:5, Insightful)
(Also of note is that most people sending these worms unbeknownst to them are home users, not corporate users on multiuser systems.)
Re:Windows is not to blame !! (Score:3, Insightful)
Re:Wait a minute? (Score:3, Informative)