Forgot your password?
typodupeerror
It's funny.  Laugh.

Death To Virus Writers 237

Posted by timothy
from the perhaps-the-buried-head-desert-ants-method dept.
davemie writes: "Looks like everyone is out to get the virus writers now!. But it sure is funny when a friend double-clicks on that latest virus and sends everyone in the company a copy. You get to slag him/her off for the rest of the week :-) 'Virus writers are the lowest form of life. AnchorDesk's David Coursey says we should put them out of their misery with a quick, permanent solution. Why waste time and money with due process?' I spent a total of an hour and forty minutes on hold making two different calls to the ISP which serves my mail. Both times the polite phone reps I eventually reached were shocked to find that there was an Outlook-borne nastiness filling up customers' mailboxes.
This discussion has been archived. No new comments can be posted.

Death To Virus Writers

Comments Filter:
  • by Anonymous Coward on Tuesday July 24, 2001 @10:09AM (#64283)
    What about MSCEs?
  • by ptomblin (1378) <ptomblin@xcski.com> on Tuesday July 24, 2001 @10:31AM (#64286) Homepage Journal
    Put virus writers and spammers into gladiator contests. Once they've whittled down to one surviving spammer or virus writer, shoot him.

    --
  • Office XP goes even further than that. I was thrilled to find that the default installation completely blocks a lot of types of attachments, including exe's, vbscripts, etc. You can't even open them if you want to!

    See that is exactly the wrong thing to do! I know what the hell I'm doing and I want the ability to save attachments if I want, regardless of extension!

    Prevent me from running direct, I don't mind that. But preventing me from saving an attachment because of its extension? Come off it!

  • If you need to send an exe then put it in a zip file, not really that difficult to get around...

    wrong answer. There is no technical reason to require such action. Sure you could do that. You could also avoid the problem by not using outlook. It's not really that difficult to get around...

    The solution lies in either not allowing execution (but saves), proper sandboxing, or doing something like the old Thunderbyte days: heuristics!

    • MAPI functions...check
    • Addressbook access...check
    • Unusual Recycle Bin access...check
    There's enough there to raise a flag that this attachment may be doing something funky. Maybe let the user know that the program is going to access the email subsystem and let them make the choice.
  • Viruses have just lost their mystique. I remember my Dad telling me about Michelangelo back in the 80's. I remember being so impressed that something so devilish and evil could really exist.

    Actually Michelangelo wasn't all that ...evil... just thorough. It started wiping at 0,0,1 and kept going. If you caught it in time you could recover from it. I actually made a bit of money back then with a partition scanner program I wrote (I was 12-ish at the time and way into assembly and viruses).

    Now a virus that intrigued me at the time... Whale.

  • Ah. In other words, "suck it up".

    One *could* hold the view that viruses (virii?) are a sort of public service. They can be considered an attempt to discourage live data (i.e. shipping around executables and expecting the receiver to run it), to promote good backups, to practice safe computing (do I *really* want to click on this link?), and so on and so forth.

    Considering the MicroSoft has, apparently, successfully trained the average user to accept buggy software (that crashes the system, demonstrates many security and privacy holes, etc.), it is reasonable to desire some sort of countermeasure for breaking such habits.

  • a swimming pool without a fence around it, next
    door to a public elementary school...
  • how do they manage to cost *you* time? They don't
    cost me any of mine...
  • The fact that Emacs does this does not mean it is a good idea. Wrong ideas are everywhere, MicroSoft does not have a monopoly there!

    Anybody actually use the imbedded elisp code in Emacs for anything useful?

  • I feel your pain, Mr. Vice President.
  • I can just see it now -- one Navy SEAL to another: "You mean we made it through BUD/S so we can snuff pimply-faced pencil-necked geek kids??"
  • by alumshubby (5517) on Tuesday July 24, 2001 @10:30AM (#64299)
    I can just see it: A "Special Presidential National Security Finding" or some such that gets virus writing equated with more conventionally understood varieties of terrorism. Somewhere, late one evening, four black-clad operators slip silently into a house, shoot the dog with a suppressed .22, and disable the house security system. Down the hall, in a bedroom, a teenage boy is working on uploading his latest bit of MS Word or Outlook hell. The plastic bag full of ether-soaked paper towels descends swiftly and soundlessly over his head. His body is never found...
  • by astrashe (7452) on Tuesday July 24, 2001 @10:39AM (#64300) Journal
    I agree with 90% of what you're saying here. But I believe MS deserves special credit for the virus plagues we've seen.

    Why? Because the vulnerability of MS machines to viruses is a direct result of business considerations colliding with technical/security ones, and the business considerations rolling over the others.

    MS's whole schtick is to leverage dominance in one product to another. That's why they're so into integration. It just doesn't make any sense to have an email program automatically open a file that someone sends you -- at least not for many kinds of files. And it doesn't make sense to have complex vb macros in word processor documents.

    Think about how much pain office macro viruses have caused, and how little benefit the average person gets from them. One user in 10,000 probably writes vb code to manipulate office documents. I'm not saying don't make word scriptable -- let people program it through COM. But that would put Delphi on an even footing with VB.

    Despite the flames you read here, MS has some of the smartest tech people on the planet. Plenty of people inside of MS knew it was stupid to make an email system that would run programs that come in through the email. People outside of MS complained about it from the start. But the business logic won.

    As far as I'm concerned, they don't get nearly enough grief for this stuff. It's different from a buffer overflow in IIS. That's an honest mistake, and you're right, there are plenty of those in Linux.

    MS's decision making process about security is corrupt. You can see it in these macroviruses, and you can see it in their lame explanations for why they're pulling Java out of the OS. The security policy dances to the tune of the business logic people. They don't care about the billions it costs their customers.

    I know they fixed the outlook hole. And I would even say that they have the right to leave java out, as long as OEMs have the freedom to put it in. (Whether or not they really do -- contract aside -- remains to be seen. If I were at Dell, I'd be afraid of po'ing MS, no matter what their press releases say.) They are getting better on security. After years of outlook viruses they plugged the hole -- for the small percentage of users smart enough to dl the patches.

    Let's roast them for their real problems. Because when the press gets bad, they do respond, and that will make the world a better place. As everyone who uses the product knows, the MS-SQL Server story was BS, a cheap shot. This is proof that there are still plenty of fair shots to go around.

  • They do have this, however, you have to upgrade to Office Security Patch 1/1a, and then possibly apply Office Service Pack 2. However, most people never bother doing this, and their website doesn't exactly make it easy to obtain these (let alone figure out what exactly it is that you need).
  • The easiest way to update installations of Office 2000 and Office XP is to go to http://office.microsoft.com/ and click on Product Updates in the upper right hand corner.

    It will scan your machine and tell you what updates you need to install, much like Windows Update does. It's a very handy tool, especially for those of us in IT, when we can't remember exactly what patches were put on which disk images...
    ---
  • Apparently Apple's MacOS 10.1 (due in September) has an option to turn off filename extensions.
    Er... Since 1984 (when the Mac was introduced), the Finder/MacOs already hides the extensions (Macintrash files actually have two 4 character extensions - one for the file type and one for the creator application).

    And those extensions are quite invisible, unless you use a special file utility to see/change them.

    --

  • I always take this time to remember why when you are fighting a big fire you burn little fires to make a fire break.. it uses up all the fuel a big fire could use to cause mass destruction and helps steer it away from the important things. All these little hacks, viruses, and so forth are responsible for most the security improvements made and are offering at least some protection against massive netwar attacks and various other nasties.

    The fact that many companies refuse to protect themselves even after many threats just goes to show how stupid they are and how much they deserve to be the grass that burns to protect the others. I never feel sorry for such idiots.

    In the decade or more I've been online I've only had one machine catch a virus and that is because I had the urge to install a few thousand on one pc and see how they'd effect each other. In all the time I've been running networks only once did I have one get cracked and that was due to the companies refusal to change their method of doing things in order to be more secure.
  • ...it's the Stupid Users.

    Who on earth would believe that in this day and age, after all the big viruses like Melissa and I Love You and Anna Kournikova and Naked Wife and I don't know what all, that got major media coverage . . .

    . . . people would still be stupid enough to open files attached to an ungrammatical message from someone they didn't even know? I mean, what's up with that? Obviously, peole aren't getting the message. If they were getting the message, I would not have gotten at least two dozen random document files in my emailbox in the last few days, all of them asking for my advice. (I always reply, "My advice is to run a virus checker, and not to open any more strange attachments"--so far I haven't heard back from anyone; I wonder if the emails even get through?)

    I mean . . . what can you say? I never got any I Love You emails. I get a new SirCam almost every time I check my email. If I were to draw a conclusion just from strength of numbers, I would have to guess that people are getting more stupid as time goes by!

    Yes, it's easy to blame the virus writers; yes, it's easy to blame Microsoft for the security singularity that is Outlook. But none of these viruses would get very far at all if people would just use a little common sense about what files they opened! I mean, geez, I knew not to open strange files just from BBS days, before I even made it to the Internet. Why don't more people these days?

    Sigh. I suppose I shouldn't be so surprised by this. I see enough rampant stupidity in my part time job as a K-Mart cashier already to realize the truth of that old George Carlin line. But it seems like every time I turn around, someone else is reminding me . . .

    "You know how dumb the average person is? Well, by definition, half the entire population is even dumber than that!"

    --

  • With all due respect, and not wishing to inspire a flamewar, I'd just like to advance my opinion.

    I don't believe hidden extensions are acceptible in a windows environment.

    hanzie

  • Or wear a bullet-proof vest? I'd rather not get shot than try to protect myself during a shooting.

    Why not just stop using Windows and/or (especially) Outlook? Keep trying to protect yourself against MS products, you have a life-long uphill battle ahead of you. Jeez, if you can't give up Windows, use Eudora. It works better than Outlook and it's reasonably safe.

    I can't believe people are still willing to get hit with this kind of crap over and over and over...

    -B

  • by Pope (17780)
    I personally think it's much worse when some group of idiots declare war on abortion-providing doctors in the name of "God" and start killing them.

    Person(s) responsible for virus-writing should be held in jail for an amount of time to make them think twice about it. But actual killing is silly, but makes for humourous articles.

  • > I'm not sure viruses are any different -- we just need to secure our damned software.

    Right. As someone pointed out yesterday, the federal idea about making software more secure is to fund an army of prosecutors. But what the heck do lawyers have to do with software security?

    I suggest the opposite: legalize cracking. The h@x0rz would have a field day for about a month, but after that the world would be running (fairly) secure software, and sysadmins who don't have a clue will be sacking groceries.

    --
  • You would think that MS would have put in something to stop this by now. Maybe a "are you really sure?" "are you really really sure?" type nested dialog boxes...

    Office XP goes even further than that. I was thrilled to find that the default installation completely blocks a lot of types of attachments, including exe's, vbscripts, etc. You can't even open them if you want to! The only way around it is to edit the registry. Now, don't get me wrong, I don't want the junior users editing the registry either, but at least it's a step in the right direction.
  • by delmoi (26744) on Tuesday July 24, 2001 @06:58PM (#64316) Homepage
    Each word doc has a GUID attached with it. The author of the Melisa virus didn't remove his, making him very easy catch (same GUID on documents on his website)

    I've never heard of anyone including an personal email address, though.
  • A corporate organization should have a more extensive virus solution than just protection on the client desktops.

    I can assure you that the Norton AV Corporate Edition plugins for Exchange Server caught and quarantined quite a few messages in our site and those we manage. We've seen no evidence of infection on any of the PCs. I feel that anything less than virus scanning at every level you can afford is irresponsible in a corporate environment. For the example of mail server protection, programs exist for most major mail server software packages to handle this.

    I know you want to say that this doesn't help the home user, and you're right...it doesn't. But, a locked-down corporate setup was your example.

  • AnchorDesk writer David Coursey probably also advocates that Ralph Nader shouldn't have gone after Ford about the Pinto, and instead should have written an article called "Death to Bad Drivers who Rear End People!"

    Give me a break. It's not the virus writers that are the problem -- it's a shortcoming of the infrastructure in place that allows them to happen. We've got to focus on working to fix that, and it'll take time to do.

    If the new Ford Focus has a remote keyless auto-starter that can crash and leave the car unstartable by any kid with an RC car controller, who's at fault then?

    (For that matter, if someone started a chain letter telling people to first mail copies to 10 of their friends and then to pour a bag of sugar into their gas tank to reduce emissions, who's to blame then?)

    "The first fact to face is that UNIX was not developed with security, in any realistic sense, in mind; this fact alone guarantees a vast number of holes. (Actually the same statement can be made with respect to most systems.)"
    -- Dennis Ritchie, 1979
  • It's an official use. You'd be surprised how many .mil people, and contractors, read slashdot. They need to know this.

    That's my story, and I'm sticking to it.

  • It is interesting to note that virii and trojans are a part of cyberwar. So a Presidential Finding sending out the assassins is not that far fetched.
  • by wiredog (43288) on Tuesday July 24, 2001 @10:15AM (#64322) Journal
    This came recently...

    From: NISA CIRT

    Sent: Thursday, July 19, 2001 8:04 PM

    Subject: CIRT ALERT: Web Traffic Limited to Military Sites Only

    ** Unclassified - For Official Use Only **

    As of 1900 hours, 19 July 2001, the Joint Task Force-Computer Network
    Operations (JTF-CNO) has ordered that the DoD gateways be disconnected
    from the Internet on TCP port 80 (protocol http) from now until a time to
    be announced. The reason for this outage is the proliferation of the Code
    Red worm.

    All traffic between military installations will continue without
    interruption. However, access to domains other than *.mil will be
    limited. This restriction means that connections through a commercial
    ISP, such as AOL or Earthlink, will not be available. Your military
    organizations web-based Outlook will not be accessible from a commercial
    ISP. Furthermore, if you are connecting from your office, you will not be
    able to access *.com, *.net or other non-mil domains.

    Any questions regarding this outage should be directed to the agency or
    service CERT or JTFCND.

    ** Unclassified - For Official Use Only **


  • Not even /just/ death for virus writers /and spammers/.

    Instead, death after a year of torture. Recorded on film, and shown to teenagers on the first day we give them access to Visual Basic. Sorta like driver's ed class.

  • by Palshife (60519) on Tuesday July 24, 2001 @10:13AM (#64325) Homepage
    Viruses have just lost their mystique. I remember my Dad telling me about Michelangelo back in the 80's. I remember being so impressed that something so devilish and evil could really exist.

    I suppose that's why I became a programmer.

    No, wait. It was for the babes.

    Freakin script kiddiez.
  • "It's like having a pharmaceutical company releasing a plague so that they can sell you medicine."

    About 15 years ago I worked for a company that
    "fixed" cable TV boxes. One branch of the company modded boxes after exploits where found and the
    other branch made and released exploits into communities. It's a real profitable business
    model.

  • by yellowstone (62484) on Tuesday July 24, 2001 @12:58PM (#64328) Homepage Journal
    What is, of course, the bigger crime, is that more posters are not punished for comments that are undeserving of a Score of 2
    <dr-evil>You can have my +1 score bonus... for one million dollars! </dr-evil>
    --
  • by bwt (68845) on Tuesday July 24, 2001 @10:23AM (#64331) Homepage
    The DMCA bans distribution of TPM circumvention devices absolutely, without regard to knowledge or intent. It treats circumvention devices on par with stolen property in this regard. Since Sircam forwards one file off of your computer it circumvents login and read permissions that control access to a copyrighted work.

    Thus everyone who executes (falls victim) to the sircam virus is guilty of a 1201(b) violation for distributing circumvention devices.

    Obviously anyone who receives the trojan email has a cause of action, but actually anyone who uses the TPM in questions does too. That is, everyone who uses a computer that is susceptible to sircam can sue anyone who fell victim to it (in addition to the person who wrote it).

    Anybody know anyone at the MPAA, RIAA, or Adobe that got hit?
  • > You learn alot about assembler writing a second virus to kill off the first.

    Yeah, right. Make that "your learn alot writing another one which won't be caught as easily as the first, and which does even more fun stuff".

    Btw, Sircam is fun. It indeed succeeds at mailing out interesting stuff: tax filings, business proposals (including pricing/special favors), etc. Does it have a heuristics algorithm to pick out the juicy stuff, or is it just being lucky?

  • It is plus 2 because in the past Mr. Isaacs has either proven himself to be insightful, funny, or a Karma whore. Someday you too may post at plus two as he and I do.

  • Hmm.. senseless crimes? Hah.
    Things like random acts of violence are senseless crimes, right?

    Ever seen a hurricane? tornado? flood? lightning?

    I think our primary target should be nature. Virus writers can come second! :D
  • Don't joke about it. In the UK, virus writing is already defined as terrorism [magnacartaplus.org] because it is an action "designed to interfere with or seriously disrupt an electronic system". Studying viruses is also terrorism [magnacartaplus.org], since "a person commits an offence if he collects or makes a record of information of a kind likely to be useful to a person committing or preparing an act of terrorism, or he possesses a document or record containing information of this kind". By downloading an article about the SirCam virus into your browser's cache, you may have inadvertently committed an act of terrorism. But don't worry, the police won't bother to arrest you unless you do something to piss them off. Better keep your head down from now on, terrorist.

    --
  • by MrKevvy (85565) on Tuesday July 24, 2001 @11:36AM (#64340)
    You would think that Norton AntiVirus 2001 7.0 would filter it as well. After all, that's what it's designed to do.

    Yet, if you have a look at Symantec's Discussion Forums [symantec.com] you will see many NAV2001 users complain that their e-mail scanner does not pick up SirCam attachments. Detaching those same attachments and running a manual scan of them then does find SirCam. Thois has been an issue since day 1 of SirCam (six days now) and Symantec still has yet to acknowledge it.

    So you're a corporate user. You have a locked-down image with hidden extensions. Your NAV templates are up-to-date. E-mail scanning is active. You receive an e-mail from your boss with the title and attachment as a .DOC Word file that you know he's been working on, and he's usually too busy to check his spelling and grammar for every quick note. Your NAV scanner clearly checks it (there is an animated system tray icon that shows it working.) So you open it...

    Sometimes it's not always the user's fault.
  • I don't want to get this thread too off topic but the practise of extension-hiding has come up recently on a lot of Mac boards. Apparently Apple's MacOS 10.1 (due in September) has an option to turn off filename extensions. Why they're doing this I don't know (it has cause so many problems in the Windows world) but if anybody here is all concerned about this you may want to send Apple some feedback [apple.com].

    - j

  • by toupsie (88295) on Tuesday July 24, 2001 @10:31AM (#64342) Homepage
    If it weren't for the shoddy products released by Microsoft and the people that abuse the holes in those products, I wouldn't be able to put food on my table. I never get upset when a new virus/worm or security hole is found in Windows or Outlook. To me its a happy day because I get to hear my favorite sound, "Cha-Ching!".

    The last thing in the world I want is Linux/BSD/Mac OS to become the mainstream operating system of choice. With Microsoft ruling the roost, I will never be poor. Instead of punishing these virus/worm writers and the script kiddies, I would like to erect a monument to praise their work. Without them, I would be destitute.

  • I think virii (I insist that's the plural...)

    Why do you insist that? The plural of "virus" is, and has always been, "viruses". Check any (respectable :)) dictionary or pathology papers that discuss viruses. People think that the plural of "virus" is "virii" only because some clever 12-year old asshole fifteen years ago went, "Hey, radius becomes radii, therefore virus becomes virii!"

    Neglecting, of course, the fact that English is a fucked-up language and we do not always use Latin pluralization for words. Even IF the plural of "virus" was Latinized, it would be "viri", as follows:

    Singular: radi-US
    Plural: radi-I, hence radii

    Singular: vir-US
    plural: vir-I, hence viri

    The "us" becomes an "i", not "ii". However this is irrelevant because the plural of "virus" is "viruses". Claiming that any word that ends in "us" pluralizes to "i" (or "ii" for those who missed my previous point) is disingenuous. "Bus" does not become "bi" or "bii" (it's "buses"); the plurals of "plus" and "minus" are not "pli" or "plii" or "mini" or "minii" (they're "pluses" and "minuses").

    I'm sick to death of people perpetuating this stupid fallacy of language. And don't give me that "common usage" bullshit; the only people who say "virii" are undereducated computer neophytes. </RANT>

  • You're incorrect. The plural of virus is not "viri", even though that would be the correct pluralization if "virus" used Latin pluralization. But it does not. Every dictionary I've looked in that has a plural listed for "virus", listed "viruses" as that plural. Not one listed "virii".

    This page explains, again, all about the plural of "virus", telling us (among other things) that in Latin, "viri" was NOT a proper plural of "virus":

    http://language.perl.com/misc/virus.html

    So, next time you feel like pulling something out of your ass, how about making sure it's shit and not linguistics?

  • At a Microsoft-hosted seminar for Microsoft Solution Providers to help get them ready for the Windows 95 rollout, the opening comment from the speaker was:

    "Folks, we are going to make you a whole lot of money."

    In a past life I worked for an MSP. Woe! The shame!

  • ...I know this is supposed to be funny, but what if that teenager is just working on his open-source MP3 player, and his name was phoned in by one of his classmates who didn't care much for computer geeks.

    Or what if MS tries to convince the public that Linux is a primary hacker tool, and gets it declared illegal. They already have been making noises about it being communist and un-American. If you think the notion of the police breaking in your door to confiscate your Linux system is preposterous, try growing a couple pot plants in your living room.

  • It is plus 2 because in the past Mr. Isaacs has either proven himself to be insightful, funny, or a Karma whore. Someday you too may post at plus two as he and I do.

    What is, of course, the bigger crime, is that more posters are not punished for comments that are undeserving of a Score of 2. Posters that automatically post at the 2 level should be punished by moderators for failing to provide any humor, insight, or whatever, but the moderators are only able to penalize posters for being OFFTOPIC, FLAMEBAIT, or TROLLing.

    Of course, I'll get OFFTOPIC or FLAMEBAIT for this li'l puppy, because it has nothing to do with the larger discussion, namely, "Death to Virus Writers".

  • What? That's like saying... she was wearing a short skirt, she had that rape coming... And the thing of leaving the door open.. you could also say... we'll you didn't have enough security on that door, you only had 5 padlocks on it... that's easy enough for a burgular/hacker to get thru. The thing is this... it isn't their property... so they shouldn't be messing with other people's stuff. Hell, if we went with your logic... I could train a monkey to just go and open unlocked windows... steal everything and it's all fine because the window wasn't locked. Damn... no matter what.. IT ISN'T THEIR PROPERTY... NO IFs ANDs or BUTTs!
  • Wouldnt this mean wed have to Kill Linus? After all, Mundie says that the GPL is a "viral" Liscense. Logically, everyone who writes under the GPL is writing viruses, and therefore, a witch! Throw her into the pond! ::shakes head:: sorry, MP flashback.
  • It's not the virus writers that are the problem -- it's a shortcoming of the infrastructure in place that allows them to happen.

    No, it's both. If I leave my front door unlocked, and someone steals my stuff, I am dumb... but that person is still a thief.

    steveha

  • Moderators can also penalize posters just by calling them OVERRATED, as far as I know. Which covers a multitude of sins.

    'Scuse the off-topicness.

  • by egomaniac (105476) on Tuesday July 24, 2001 @10:17AM (#64356) Homepage
    Tempting as it might be to go after the virus writers when something like this happens, the real problem is the buggy insecure code which lets it happen in the first place.

    I'm not just picking on Microsoft - open-source projects have had their fair share of security holes as well.

    But the fact is that Outlook, ISS, and various other products didn't even have security as an afterthought, it was just no thought at all. The charge shouldn't be "kill the virus writers", it should be "stop buying unsecure software".

    After all, if you left your front door open for a week, and someone made off with your stereo, I'd argue that you had it coming. I'm not sure viruses are any different -- we just need to secure our damned software.
  • That's cuz these outlook things are not really viruses. Coding and examining viruses in the eighties was a good way to learn to code. It took skill and knowledge to fool around with them. You learn alot about assembler writing a second virus to kill off the first.
  • He is preaching for clearing the gene pool and asks for bombing universities and killing hackers instead of retarded adults who even commited some serious crimes. This seems to me like a good contribution to Darwin theory.
  • When the viruses cause so much problems and economic damage, why not punish in first place the company that came with operating system that created the whole anti-virus business and keep most people using their wrecked OS in places where such virus can result in economic harm?

    And why do not kill the admis that deploy such OS anywhere where its infection based on core insecurity of the operating system can cause economic harm?

  • The first thing I thought was "WOW was that really the 1980s? I was NINE when that thing hit?" SO I went and looked it up. That particular virus spread in the "early 1990s" from what I can find -- still a long time ago but maybe I was twelve or something.

    I saw Dan Rather talk about that virus on the news back in the day and got all scared that my Macintosh LC III would get infected. That's literally the day I learned that virii were platform dependant.

    Thank God, because I've gotten like three or four Word docs mailed to me in the past few days from this damn virus, but I have neither Word nor Windows nor do I know the wags the emails come from so I'm not really scared.

    MyopicProwls

  • As was mentioned in another aticle on Slashdot the other day in the comments (forget which article it was attachd to): Let the virus writers stay uncreative.

    Really... you don't want this to turn into a challenge. Let things stay this easy to write; you'll only end up infecting the people silly enough to double-click random binaries from their Outlook client.

    There's no good reason that they can't implement some really creative worm that would work cross-platform and cross-client. Yes, it would be hard but you don't want a worm running out, downloading C compilers for the specific platform, compile worm, link itself, run as a background process, and go on finding hosts around it to infect. Make the bugger look for common Linux services holes, email it self to people in your inbox who run Outlook (Just look at the message headers)... infect an IIS webserver nearby, begin propogating... then unleash some unholy attack to DoS networks everywhere.

    Nope... I'd rather we just left it nice and easy for them to write a trojan that's Win32 only, and requires human intervention to activate it.
  • My my! Our little timothy spent an hour and forty minutes on the phone! SHEESH! That certainly does warrant taking someone's life. I mean, just think- I bet there were people who had to spend *ghasp* 3 HOURS! on the phone! Someone's gotta tell me why this guy isn't dead already! Let me at 'em! Man, I had to wait in line at the store the otherday- anyone want to join me in a mob lynching?!
  • no one has it coming. It may be prudent to lock your house, but it is still your house. All people deserve to live in a place where they don't need locks, the only problem is not all people strive for that goal.
    same thing with computers. No one deserves to get a virus, or have someone trespass into your system.
    Criminals are not there because of locks, locks are there because of criminals. a subtle yet critical point.
  • Actually the penelties can be very high(to high in some cases, but thats foranother time). However getting caught is where the difficulty lies.
  • What a pointless piece. We're all frustrated about how quickly virii can waste time and money, abetted by dumb users, but death? Silly and obnoxious. It's not like many virus writers are that different from your average hacker: they are not gang raping babies, or beating up old ladies for their social security cheques. They are writing code! Granted, it's the code equivalent of spray painting obscenities on public buildings, or slashing people's tires in the parking lot, but I seriously doubt a computer virus , trojan or worm has ever caused a death or serious bodily injury (I don't count bruised fists from pounding on desks, or pulled-out hair here). It's vandalism, just of a type that's very hard to police and prosecute.
  • Why has no one done this before? Viral Spam. Send a piece of spam to one person and in hours it is all over the internet.

    No need to gather mail addresses.
    No need to pay for bandwidth.

    Excuse me while I get scripting....
  • Nah, it would say:

    "We are ordering free pizza tomorrow in the break room. Click on the link to confirm."

    Nothing gets folks like free pizza...


    mrgoat
  • Funny how this article comes up with a wonderfully informative popup for an X10 camera. I vote death to popup hosters!
  • Dude, the ISS is the International Space Station.

    I think you meant IIS - Internet Information Server. In fact, I'm sure that's what you meant, er, uh, ... right?

    RUN FOR THE HILLS! THE SPACE STATION IS CRASHING WITH MUTANT VIRUSES ON BOARD!

    AAAARAARRRRGGGGGGHHHHH!

  • The file type/creator codes are certainly NOT stored in the filename. They are part of the resource fork.
  • start using a hosts file that routes ad servers to 127.0.0.1. I've been doing it for a while and it really helps. Got started with hosts files from some web sites, added new servers as I found them.

    Here is my current hosts [wrongcrowd.com] file. Mac users, you need to reformat the info... Apple just HAD TO BE DIFFERENT.

    Anyway, this is no cure-all but it does bust a lot of ads. I've been lazy about keeping it updated but it should help a bit.

  • That's only funny because it's so true.

    I need to get some worthless certifications and cash in on this MS thing as well!
  • Ignoring the controversial subject on whether blocking executable attachments is a good idea, I have to say the way that they implemented the "Object Guard" on the Outlook API is pretty lame.

    You get this message that "Some unspecified program is trying access your address book" prompt, whether it's a VBScript virus or you are trying to use routing features from MS Excel etc. Meaning there is no way to have trusted code which actualy does office automation features without annoying the users to hell and just giving them another prompt to ignore. I figure the Virus Writer club will be back to their old tricks of sending Word or Excel-based viruses pretty quickly.

    Not that it really matters -- The only think that "Melissa" and ilk prove is that a 12 year old can write a mail worm without warezing a copy of VisualBasic. It's not like reading the address book off disk or sending mail directly using MAPI or even the winsock is too difficult for the advanced 14 year old.
  • how do they manage to cost *you* time? They don't cost me any of mine...

    The first few cost me time because I hadn't heard about the worm, and was trying to figure out why friends were sending me these large random attachments which my virus scanner didn't like.

    The next few dozen cost me time as I got alerted that an email had arrived, went to check it, and deleted it.

    Then I had to spend five minutes or so adding a procmail rule to dump sircam mail into a holding pen folder. Since then, I've had to spend a few additional minutes making sure the filter wasn't accidentally eating 'real' mail, and bulk-deleting the holding pen emails now and then.

    In addition to all that, I administer a couple of mailing lists, and I had to respond to user inquiries about sircam both on- and offlist.

    All told, the sircam worm has probably cost me half an hour. No huge thing on the cosmic scale, of course. But still, it's half an hour that was stolen from me, during which I would have prefered to work on something else. Multiply that by all the techies out there dealing with the effects of sircam, and it gets pretty significant.

    --

  • by isomeme (177414) <cdberry@gmail.com> on Tuesday July 24, 2001 @10:22AM (#64414) Homepage Journal
    I can understand where Coursey is coming from, certainly. Virus (and worm) writing is a blatantly antisocial activity with huge costs and light (if any) penalties, and it would be viscerally satisfying to shoot a few of the perpetrators.

    Oddly, though, with this SirCam outbreak, I find more of my wrath landing on those who help spread the stupid thing. Every single one of the hundreds of emails I have received thanks to SirCam resulted from some otherwise intelligent person being incredibly negligent about network security. I have spent significant amounts of my own time paying for their lack of caution.

    I have taken to sending a standard reply to each person from whom I receive SirCam, pointing out that connecting to the net without proper precautions in place is both silly and rude. I'm hoping to trigger a shame response that will motivate people to think about security enough to avoid being so rude again.

    If we can foster a culture in which abetting the spread of a virus or worm though lax security is considered a serious social faux pas, we may have be able to contain them better. People are motivated by considerations of power, prestige, and group acceptance; push those buttons properly, and you can sculpt behavior as you will.

    --

  • That doesn't make them suffer, we should force virus writers (at least those that release them) to work tech support at AOL!
  • by Alien54 (180860) on Tuesday July 24, 2001 @10:30AM (#64420) Journal
    y'know, between viruses and bad software, Microsoft has made many consultants very well off.

    Which is part of the problem. People who sell folks on bad solutions because it also spells job security

    ;-)

    Check out the Vinny the Vampire [eplugz.com] comic strip

  • One user in 10,000 probably writes vb code to manipulate office documents.

    You're wrong about that. Ever used Outlook to automagically arrange a meeting? It does that by sending VBA macros with the notification messages so that if the recipients click "I Accept" (or whatever the button label is), their calendar is automatically updated and a confirmation message is sent with more VBA code to update your calendar to show that they're coming.

    This is actually a Neat Idea, BUT the implementation is lousy. You can argue it should be hard-coded, but that restricts organizations' capacity to customize their setup. Instead, the problem is simply that the security model hasn't been thought through. There's no reason why, if you're using Outlook to automagically schedule meetings, you should allow messages from outside your internal network to automatically run their attached VBA code. And why should any mail message you receive have the ability to zap your files? It's also quite difficult to centrally administer the configuration to make sure some luser doesn't fat-finger his/her own config and open up a gaping hole in your security. This is what prevents this Neat Idea from becoming a Good Thing.

    That, and the fact that you have to have an all-Outlook shop for the whole thing to work.

  • I think the funniest thing is when people on the same LAN feel they have to attach files to email rather than sending a link to where the file is on a public drive.

    Seriously, I like the notion. But I think it is mildly impractical to try and figure out an FTP scheme that is as flexible and user-friendly that would be ultimately any more secure than using email with attachments. You know the first thing every user would want is an "autofetch attachments" or "single click attachment fetch" option, and they'd all be downloading and opening the virus/worm/trojan anyway.

    I'd say give general computer education time for the public to get to a basic, solid bedrock of how this stuff all works and the next generation coming up will make things like not opening attachments from strangers seem like second nature.
  • The only program that deserves instant death is mass mailers anyways I would rather deal with a nasty virus every once in awhile than spam every god damn day...
  • by dfenstrate (202098) <dfenstrate&gmail,com> on Tuesday July 24, 2001 @10:17AM (#64431)
    is the same punishment strong enough for first posters?
  • by platos_beard (213740) on Tuesday July 24, 2001 @11:17AM (#64433)
    IMHO, a really effective e-mail virus would have text something like
    Yo jerk. You sent me a virus. Please run the attached program to remove it
    Anybody done it already?
  • by BigumD (219816) on Tuesday July 24, 2001 @10:13AM (#64436) Homepage
    Don't bother killing the writers. Just the people who work in your company who really think that their friends would write them mail with " Hi Friend I need you help" as a subject line.
  • I think the funniest thing is when people on the same LAN feel they have to attach files to email rather than sending a link to where the file is on a public drive.

    Like when someone attaches a 113MB PowerPoint Slide show from a pppppublic drive and sends it to half the company, all of witch have access to the original file. Then 47 people save the file to their user folders. Then the person that sent the E-Mail bitches about E-Mail running slowly!!!!

    No what is funny is a month later when every version is diffrent and every one thinks the server isn't saving files anymore.....

  • It's been said by many many times: Linux makes an excellent antivirus tool. Why? Well, because...it's Linux. But really, because of it's immunity to viruses in the first place. (Let's ignore the spread of things like ramen as they work differently than Outlook Transmitted Diseases (OTDs))

    Linux as you mail server? Check out Enhancing E-Mail Security With Procmail [impsec.org] to send this nasty crap to /dev/null automatically. If the user can't run it in the first place...

    How about taking it a step further and having you Linux box scan all incoming e-mail for virisus? See Amavis [amavis.org] and others [freshmeat.net]

    If you're using Linux as your file server, invest in some linux based antivirus software. Let linux scan away at your uses Windows files and keep them virus free using an OS they can't infect in the first place.

    If you're a network admin, and you don't take counter measures from preventing your users from infecting themselves and others, your a part of the problem as the virus writer. Educate your users, use counter measure that prevent your users from getting the virus in the first place, etc. etc. etc.
  • by tim_maroney (239442) on Tuesday July 24, 2001 @10:13AM (#64447) Homepage
    If we'd killed Rich Skrenta [skrenta.com], we'd never have had the Open Directory Project [dmoz.org].

    How many virus writers go on to live normal, productive lives? How many never write another virus?

    (Ah, to heck with it. Kill 'em all and let DoS sort 'em out!)

    Tim

  • by Bonker (243350) on Tuesday July 24, 2001 @10:28AM (#64450)
    From the article:

    Perhaps if we let a certain former Texas governor order the killing of virus writers, he might refrain from killing retarded adults, people who committed their crimes as juveniles...

    The real kicker here is that most of the viruses out there have been created by... you guessed it... juveniles.

    They're juvenile in mind if not in body at least...

    There's a reason we call these people 'script kiddies'. Steve Gibson, of grc.org fame beleives that the k1dd3s DOS'ing his site are no older than 12 or 13. I would imagine that most of the people who downloaded this virus creation kit are just about as old.
  • by shyster (245228) <brackettNO@SPAMufl.edu> on Tuesday July 24, 2001 @10:51AM (#64451) Homepage
    Sadly though, I have co-workers who
    whould write a sentence similiar to that line.

    I'm not surprised.

  • by H310iSe (249662) on Tuesday July 24, 2001 @10:37AM (#64453)
    no, really, they can be funny. I think virii (I insist that's the plural...) have a couple useful and worthwhile reasons for being. First, a friend in UChicago law school was in a large lecture with the 9th fed circuit judge as prof., big, somber lecture hall. One person on their legal-eagle laptop had apparently been checking email ... in the middle of class their laptop volume was turned up full blast and a recording started looping

    'hey everybody, I'm looking at porn!'

    I think that kind of virus is a high form of human pathos and should be encouraged, always.

    Now I've had to deal with weeks and weeks worth of anti virus and anti anti virus (yea, McAfee is worse than the virii sometimes) crap but virii remind all of us that computers are, well computers and we're, well, the people. Do you understand? They reinforce the roles so often blurred or ignored, we must be the responsible, semi-cognizant ones in the relationship, we can't rely on them to think for us, etc. Basic hacker ethos. Virii are like big snow storms (or rolling blackouts), they shut things down, disrupt the normal clean flow of days and power and make people look around their momentarily decontextualized surroundings and maybe, think with some perspective.

    Besides, with out the Anna virus we'd never know how many top executives are *eager* to look at tennis porn. Right?

    I'm actually serious. Yes, they suck and yes they're mostly written my morons and yes PE infectors at least require a modicum of computer knowledge and yes destructive and yes. But I'd rather have them, at this stage in the game.

  • I'd mod you up. I wish more discussion of the modding system would come up. Whenver I try to complain about it it get's modded down. The same happens to anyone else. Tis a viscious cycle. Moderation is a hrash mistress. Yada Yada.

    BTW, I posted @ 1 for you. I'd always do that, but it takes effort (you need to click a box that says "No Score +1 Bonus". You should have to click to post @ 2, not 1.

  • FOUO - please.

    ABC News reported on this yesterday [go.com] (I submitted it to /. but of course was rejected)

    Key quote from a military spokesperson:

    "To protect our DoD [Department of Defense] Web sites from being compromised, DoD organizations have been told to review the status of the Internet information servers ⦠to make sure that all the patches that were previously installed had been installed"

    The last part of that statement makes me feel REAL warm and fuzzy about the technical readiness of our military - even if he is just a spokesperson.

  • Yeah, I read somewhere that most virus writers stop and become more civilized when they discover girls....
  • I guess I'm not the only one who noticed the correlation between McAffee's IPO and the proliferation of virii.
  • let people program it through COM. But that would put Delphi on an even footing with VB.

    It is a COM object; I've programmed Word, Excel, and Outlook through the COM interface. But you still need some kind of record-and-playback keystroke macro system for eend users. Those things have been around since the DOS/WordPerfect/Lotus 1-2-3 days

    MS has some of the smartest tech people on the planet

    I need to see some proof of that one. Their top people have been 'retiring' in droves, and the major incentive to working at Microsoft has always been the stock options. Now that the stock isn't doubling every year, and the pay is still way below industry average, I wonder how many really bright people are left.

    the MS-SQL Server story was BS, a cheap shot

    Read the supporting documents, look at the code samples and the responses from the Microsoft tech support person, then come back here and say that. They screwed up, big time.

  • by xeeno (313431) on Tuesday July 24, 2001 @11:19AM (#64480) Homepage
    funny, most people think that about journalists....
  • s/pizza/beer

    It's the only way to be sure.


    --
    Have crack, will moderate.
  • Tempting as it might be to go after the virus writers when something like this happens, the real problem is the buggy insecure code which lets it happen in the first place.

    Right! Attack the problem at its source, and kill all programmers. That'll solve both problems, since virus authors are programmers by definition.

    The charge shouldn't be "kill the virus writers", it should be "stop buying unsecure software".

    So since (as you yourself argued) all software is prone to security holes, we should stop using all software. Then destroy all computers and return the world to an agrarian utopia. Then I'll solve all my security problems with the customs devised under the feudal system -- with a mace to the head.
  • by Opusnbill7 (442087) on Tuesday July 24, 2001 @10:08AM (#64488)
    You would think that MS would have put in something to stop this by now. Maybe a "are you really sure?" "are you really really sure?" type nested dialog boxes... :-D
  • I'll stop writing viruses, okay? Just don't yell at me any more. Alex
  • by kypper (446750) on Tuesday July 24, 2001 @10:11AM (#64492)
    many virus writers are dumb enough to put their e-mail in the stupid code.

    Screw 3...
  • "The first fact to face is that UNIX was not developed with security, in any realistic sense, in mind; this fact alone guarantees a vast number of holes. (Actually the same statement can be made with respect to most systems.)"
    -- Dennis Ritchie, 1979

    That's the big difference between all non-MS operating systems and MS. The whole damn world knows that systems are insecure, and that safeguards must be taken, not only to avoid known exploits, but to be prepared for future exploits. MS shows no remorse or shame every time they're caught with their pants down. Microsoft attitude to security is the same as their attitude to bugs in general. If it sells, why bother fixing it?

    I can guarantee you all that Microsoft will continue to ignore security. Untill the day when the computer security industry (antivirus software, firewalls, etc.) is so big that Microsoft decides to corner that market. What a sweet deal that will be for them. It's like having a pharmaceutical company releasing a plague so that they can sell you medicine.

  • Wrong. It spreads because people are dumb enough to write email clients that autorun attachments, and because people are dumb enough to buy software from a company that makes such dumb software.

    So, we're talking about the CTO's and the IS departments. THEY are the ones supposed to be smart and educated about computers and security. They need to assume that their USERs are like 3 year olds when it comes to computer security, or educate the users to be as smart as they are.

    By purchasing and using such inherently insecure software, the IS departments and CTO's are doing the same as a parents handing loaded guns to their infants.

  • I know this is a humor piece, but still...

    There is a large tendency to over-regulate computers as it is (DMCA, etc.). The last thing anyone (sane) would want to do is give the over-regulation MORE power. Think of all the recent cases (DeCSS, Dmitry Sklyarov, etc.)... you do NOT want the people who thought stuff like this illegal to have the power of the death penalty in their hands.


    ______________________________________
  • This must make Code Red about the most effective DoS attacke ever.

A penny saved is a penny to squander. -- Ambrose Bierce

Working...