Slashback: Mexico, Ukraine, Oceania 188
... and you'll like it! LupusUF writes: "As everyone knows by now...Kazaa is using top text links Kazaa is using top text. But not only are they using them, they are badmouthing people who complain about them. When someone posted a complaint, a Kazaa moderator (Super_Harris) started out his reply by saying "How Dare You!" and then went on trying to explain why they are using top text. Another moderator makes some more poor excuses in the same thread. The same thread also has some very useful information about the spyware that kazaa has installed with the latest version (cydoor, Onflow, New.Net, WebHancer).
My advice would be to get ad-aware.
I hope Kazaa starts treating its users with more respect, and at least gets moderators that can answer questions without treating their users like idiots."
Sircam Sircam A quivering, cowardly reader wrote to point out that sensitive Ukranian government documents were apparently leaked by the Sircam virus. Even juicier than the steady stream of love notes, recipes, tax information, homework, bids and schedules that keeps flowing into my mailbox.
Don't look for much help from Microsoft on this, either, and hardly any from ISPs. Most of the ISPs I've contacted still claim not to have heard of Sircam, and say "it's not our responsibility." Email from Microsoft (after I cc'd them on a few of my virus alerts) equally disclaims responsibility. Funny how Sircam never made it to the front page of their site. Kudos to Charter Communications for calling customers to let them know they were infected -- and a pox on Prodigy for refusing to.
May the path of least resistance rise to meet you. Alec Muzzy writes: "Wired has a story about a failed plan to install Linux on computers for Mexican Schools in an effort to save money. Instead they have decided to run Windows, because Linux wouldn't run on their hardware. As they say, 'It was easier to go with Windows.'
Here's a perfect example of where the free cost of Linux should have been an advantage, yet they decided to go with Windows instead. Does this mean that the costs of running Linux are higher than the cost to purchase Windows?"
Re:a good worm? (Score:1)
---
I just has a fairly evil thought while reading through securityfocus:
Old address of www.whitehouse.gov
(as attacked by code-red): 198.137.240.91 = C6 89 F0 5B
Address of www.riaa.com: 208.225.90.120 = D0 E1 90 78
[coward@anonymous coward]$ grep "C6 89 F0 5B" codered.hex
FF 00 50 C7 85 80 FE FF FF C6 89 F0 5B 8B F4 6A
Someone please tell me it's not really this simple!! Grab a copy of the worm (netcat listen on port 80, you should have it in less than an hour) replace the whitehouse IP with the RIAA's, and then netcat it back into a bunch of IIS servers?
---
Re:Sorry, kaZaa users (Score:1)
Why do people bitch about add-on packages being spy-ware when all of such add-ons can be opted out, and have UNINSTALL options?
Re:ISPs' responsibility?! (Score:1)
Especially one like SirCam that sends out random bloated MSOffice files, BMP images, etc...
Truly not much we can do, except for call. Cutting off service is usually the last used of our options. It only takes a quick call, or even just a reply to that e-mail I just got with an attached
It's *very* easy to say that it's the Outlook user's responsibility, but most, if not all, Outlook users I know had no choice in their mail client. And easily the majority of them are not as geeky as most of us, and it's easy for us to say they should be aware... How many of them have a part of their job description that they are to stay on top of the latest virus/worm/etc?
Please.
I will, of course, agree that MS is greatly responsible for the whole ease of spread of ILU and SirCam.
This is My Opinion®, not necessary that of my employer, etc, etc...
Randy Carnahan
--
SW::POP Michigan Region
Re:We have a winner!! (Score:1)
You honestly believe DMCA got passed because it was a good idea? Hell no, it got passed because the people who wanted it made a 'generous campaign donation' to the people who could make it happen.
No (Score:2)
Re:*sigh* Look what laziness gets us (Score:2)
"Hi Mom! Whats that, you can't open the word document you were sent by your friend? Oh, O.K, follow my instructions. Open an xterm first. An xterm. Oh your using KDE arn't you? See the little icon at the bottom of the screen that looks like a screen? Yeah, the black one. Click that. O.K, has a window opened? Great. Now, type su and press enter. No, s, and then the letter u. Su, yeah mom. O.K, now type your root password. Thats the one, on the peice of paper I told you keep safe. That one, yeah. You can't find it? Keep looking Mom, you really need that password...you've found it? Good. Type it in, and press enter. No Mom, it won't show you what you're typing. Oh right, you must have typed it wrong. Type su and enter again, then type your password in and press enter. Did it work? Um, how can you tell? Does the bash prompt say "root" or "mom" on it? The bash prompt. The writting on the left of the window, on the line you're on. It says "root"? Good. Now put your disk in the drive. Type mount
So on and so forth. Yeah, Linux for everyone! Wooo!
Re:Linux wouldn't run on their hardware (Score:3)
Kickbacks? Corruption? How much would MS pay to keep latin america from developing into a center of Linux/open source development?
Re:ISPs' responsibility?! (Score:1)
--
Re:ISPs' responsibility?! (Score:2)
--
Re:ISPs' responsibility?! (Score:1)
killall -9 sendmail
Stop 'em at the Server! (Score:2)
Barely related, but another nice mail server addon is "Drac". It hooks into qpopper or cucipop and uses RPC to update a database of IP addresses allowed to use your relay. Successful auth while checking POP gives your IP a half hour relay window. Others are denied.
The real Threed's
--Threed
Re:Mexican Linux and KaZaa (Score:1)
No drivers for Winmodems. (Some of us actually read the article...;-)
Re:New Linux User (Score:2)
Linux installs are like Windows installs in that they are much easier after you have done 5 or 6 of them, but that's hardly consolation to the new Linux user. Even worse, Linux is only a little better if you can get it pre-installed. Even then it's not quite like Windows, and there certainly are quite a few things that aren't well supported. On the other hand Linux has some really cool advantages over Windows, especially for power users. I definitely prefer my Linux desktop over my Windows one, but I have learned to use Unixy tools.
There are some tips that make Linux a little easier to use. First of all, join a Linux mailing list, preferrably one for the distribution that you are using, and spend some time lurking. Yes, I know, you have better things to do than reading 100 emails a day about how to get a particular sournd card working. You don't have to actually read all of the email, you just need to get a feel for what sort of questions are being asked, so that you can A) not ask the same question as the last 400 people when you have a question and B) so that you can learn a little bit about how actual Linuxers get their work done.
For example, a new Windows refugee with a fresh install of Linux almost always heads straight for Wine, because they want to run their old familiar software. Now, Wine is certainly useful for those critical pieces of software that don't have Linux equivalents, but that kind of software is getting more and more scarce all of the time. Instead you should (after making sure that it hasn't been asked a million times) ask some actual Linuxers what they use as a replacement for the software that you would like to use. You would be surprised how enlightening this is. I learned about LaTeX that way (long before Linux had a word processor), and I have been grateful since. LaTeX is certainly not as easy to use as a word processor, but for some types of documents it is clearly the "right tool for the job."
Another word of advice is to refrain from building packages from source unless you really have to. Yes, I realize that this sounds contrary to the whole Open Source ethos, but the way to mastery is long and fraught with many perils (sorry I couldn't resist). Chances are good that there is an RPM package of the software you want to use, and since you use RedHat, it's almost certain to work for you. Save the source code for pieces of software that you want to hack (or debug).
If you decide that Linux isn't for you, try back again in six months to a year. You will be amazed at how far along it will have come. Linux isn't for everyone yet, but it is getting there.
I Tried... (Score:1)
Anyway, I put my keyboard where my mouth is (or something like that) and sent Miguel the Wired link. I wonder how many others did? I know I'm not that original. Hope it helps the folks in Mexico.
Re:The Other Miguel from Mexico (Score:1)
Anyway, I put my keyboard where my mouth is (or something like that) and sent Miguel the Wired link. I wonder how many others did? I know I'm not that original. Hope it helps the folks in Mexico.
The Other Miguel from Mexico (Score:2)
"I started an entire Free Software Project while working at the largest University in my Home Country of Mexico, so I'd know a little something about Linux and might know 1 or 2 other people in Mexico who do too!"
or
"Hey! Didn't one of those GNOME guys come from Mexico? Maybe we should call him and see if he knows anyone..."
Just a thought...
Re:Hi! (Score:1)
The thing is, if you want free help and advice from people, you need to show them some courtesy in return. Try putting a nice friendly "ILOVEYOU" in the subject line next time, and I'm sure you'll get a much better response. If that doesn't work, send them a picture of Anna Kournikova too.
Re:But I didn't install KaZaA (Score:2)
AC wrote:
Two questions.
1) Am I clean or is there something else that I need to deinstall?
2) I didn't know what KaZaA was, and have not installed it. Does anybody know what other programs could have installed eZula/TopText?
I cannot answer that. We deselected the TOPtext installation during the KaZaA setup so it never got to my system in the first place. If possible, get a copy of the Norton System Doctor (NSD) and have it inspect your HD. NSD can usually find dangling registry entries, orphan DLLs, and other nasties that may help you troubleshoot what else may be lurking in your system.
I just had an idea: Go to eZula.com and check their list of partners. Perhaps you downloaded something in the past few weeks/months that you missed. Also, since they get along so well with IE, there is a possibility that they used IE or Outlook (is that what you use for e-mail?) to sneak the TOPtext program into your system.
It's late... I'll let my subconscious work on other ideas. If I come up with something else I'll post it in the morning.
Cheers!
EI use KaZaA without intrusions - This is how (Score:4)
I've been using KaZaA for several weeks without intrusions or undesireable software running on my Windoze box.
The latest upgrade for KaZaA, including all the "enhancements" came over the wires either last Sunday or Monday. Neither TOPText, nor any of the other "intrusionware" were installed.
I believe "intrusionware" became a problem for us in 1998 or so with QuickBooks Pro and its desire to install AOL (Corel Draw! also installed some unnecessary crap by default). We realized that most default configurations of shrinkwrapped software tended to install things we didn't want in our (or our customers') systems. Ever since we follow these steps to prevent the introduction of undesirable code:
We found that, 95% of the time, our desktops (and those of our customers still using Windows) were easily rolled back to a known "clean" state by using these tools. The other 5% we had to manually remove one or two registry entries, or DLLs/VxDs loaded during Windows start up. If we absolutely must run a piece of Windows software (i.e. QuickBooks), we can usually pick and choose what to remove and what to leave installed by following this procedure.
About the KaZaA installation
In the case of KaZaA, it drops an upgrade program in its download/share folder. That program gives the option for a "custom install". Deselect (is that a verb?) the options that you don't want such as TOPtext. Watch your registry. No changes to the system.
KaZaA installs some banners and other annoyware under C:/WINDOWS/SYSTEM/adcache. KaZaA's UI is a modified version of Internet Exploiter. It's a web browser with a custom UI. You can disable the annoying ads at the bottom of the screen by:
This process sounds like a lot of work, but in reality it only adds about 2 minutes to every new software installation. It saves us from endless hours of grief at a later time.
Annoyware aside, I really like KaZaA. It's quick, and I've been able to find everything I searched for on it.
(If you see my previous posts, we're a mostly-UNIX shop. We (and several of our customers) run a hybrid UNIX+Samba+Windoze environment. No flames on this, OK? I'm a realist, and business demands that we use Windows under certain circumstances)
Cheers!
ERe:Why I don't use Linux here in Brazil (Score:2)
Buffer exploits in spyware? (Score:2)
Think about it, you've got a bunch of closed source stuff written by some shady companies, can't imagine that is all the best quality code.
But then, it might be a difficult one to exploit, not as easy as, say, a buffer in an index server extension...
Most of this spyware won't have ports listening, they'll be initiating the contact with only certain hosts. Still, the fact that Webhancer patches Winsock leaves some room open for problems.
So is it possible? Can you imagine the consequences? Instead of 300,000 unpatched IIS servers, you might have 6,000,000 targets (number of Kazaa downloads).
Re:ISPs' responsibility?! (Score:1)
Reading SirCam documents? (Score:1)
Any ideas?
Re:ISPs' responsibility?! (Score:2)
Yes, ISPs should be installing Sircam filters, assisting users with installing such filters, or both. It's in their own interest to do so, to cut back on terabytes of unwanted traffic clogging up their pipes.
It's not good enough to tell people not to open attachments, when those attachments are clogging up their pipe and filling up their disk, or using up their disk quota at their ISP.
What do you tell someone who's got SirCam? (Score:3)
If you look at the CERT Advisory [cert.org], the only fix it discusses is installing commercial anti-virus software... While that might be a good idea, I would think that there's got to be some other proceedure, like Delete this or that, reinstall MS Word, go into the Control Panel and click the little box that says "I'm not a complete fool, and I care slightly about system security, so don't run any damn macros without asking me", or whatever.
Has anyone seen cleanup proceedures discussed? I know little about the Windows world these days, but my friends still have me pegged as The Computer Expert.
Re:ISPs' responsibility?! (Score:2)
I don't expect ISPs to handle viruses, but I do expect them to at least let users run procmail (or something similar) on the ISP's machine so that users can filter some things out prior to moving it across the slower ISP-to-user connection.
BTW, anyone got a good procmail rule for recognizing Sircam?
---
Re:idea: strip executable attachments (Score:2)
Time to start using _plain text_ again, isn't it? I've never understood the eagerness of stupid mail clients to use Mime all over the place. Ohwell .
The real solution is a well-designed email client:
Uses cryptography to establish trust.
Only automatically opens/runs attachments via sandboxed methods.
Requires user intervention, and by default displays a warning, for accessing attachments that cannot be sandboxed.
To use your own word. Balderwash!
Cryptography to establish trust? What on earth prevents the virus from using the same crypto? The passphrase? The passphrase that may be sniffed from the keyboard by the virus? Yeahrite.
Sandbox model. Well, sure, but don't you forget something? How should the nice little doc be _saved_ for the cluebie, after he opened it in his nice little sandbox?
Note number 3 is ok. User intervention is OK, but it'll make user just click 'ok' all the time, and have no effect except for the first month or so.
--
Re:ISPs' responsibility?! (Score:2)
--
Re:Hi! (Score:2)
If that doesn't help, you can try here: http://www.microsoft.com/exchange/download/advice
--
Re:Linux wouldn't run on their hardware (Score:2)
Sircam reply (Score:2)
This is a reply I typed up and started sending everytime I received one of these (annoying 200 Kb bandwidth-wasting) Sircam documents:
Hello. Just to let you know, it seems that your Windows-based PC appears to be infected with the "SirCam" virus (details at http://www.zdnet.com/filters/printerfriendly/0,606 1,2801171-2,00.html [zdnet.com], possible anti-virus fix details at http://www.symantec.com/avcenter/venc/data/w32.sir cam.worm@mm.removal.tool.html [symantec.com]). It is likely that you, or somebody else who has used your PC, double-clicked an attachment received from another infected user, which caused your own PC to be infected. (Double clicking on attachments you have received by e-mail, whether from a "trusted" source or not is almost NEVER a good idea.)
What you choose to do about this is your business, but I thought I'd let you know that your private documents are being sent to random Internet users around the world -- and not every one of them deletes them unread like I do.
By the way, you might wish to consider switching to Linux. I have been a happy Linux user since 1995, and I have not had to put up with these kinds of viral infections since giving up Microsoft software so long ago.
Check the tmp files (Score:2)
Minor point about the KaZaa forums (Score:2)
Re:Good Sircam web page? (Score:2)
Now... find a lot of free anonymous webspace somewhere.... hmm...
-Restil
Re:a good worm? (Score:2)
#4 same issue. If the worm can get in, then you need to be playing a little less quake.
A well designed worm will do the following:
Search for one single hole (lets say a named hole). Install a resident program on the system. Patch the hole. Search out, locate, and infect 100 insecure systems. After infecting 100 other systems, remove itself.
This worm will only infect a machine once. There will be a lot of scanning, but only 100 times and once the first 100 have passed, that machine will never scan again for that vulnerability.
A separate worm should be available for every known exploitable security hole. Obviously here I'm thinking of linux systems, but its a start.
Ideally the scanning could be done to specific blocks of IP addresses in such a way that it will minimize repeated attempts.
-Restil
Re:Nonprofit deals abound (Score:2)
Re:KaZaA (Score:2)
Of course the channels that they really want to push are at the bottom of the list and are checked by default, you just can't see them without scrolling down.
That just bothers me.
Re:Sircam - Code Red synergy (Score:2)
-- -- --
To whom it may concern,
You probably know the person who sent this email to you. This person has spread a malicious worm to your computer because they insist on using insecure Microsoft products.
Please take the time to call this person and suggest to them that they switch to another mail client. Here are some links you can point them to:
Pegasus Mail [pmail.com]
Eudora Mail [eudora.com]
By the way, I am attempting to spread this virus from your machine as you are reading this. If you have taken the appropriate precautions, good for you. If not, expect some phone calls.
Have a great day!
-- -- --
cluelessness and computer-centrism (Score:2)
They print papers for school, keep addresses handy on (electronic) sticky notes, click on interesting things they see on the web, draw picures, archive photos, send notes, play music -- all the things AT&T commercials want them to do. That's why they bought a computer.
For them, and for more informed computer users, people who spend hours a day at it, the same thing is true
I'm not that familiar with Windows (though I do use it sometimes) because the guts, even the outer guts, of Windows just aren't all that interesting to me compared to other things I'd like to know about in the world. I don't find the windows interface particularly intuitive, and I enjoy learning its particular brand of not being intuitive much less than I do the non-intuitive interfaces to various Linux environments
I can see a user who installs an app from one dialogue box expect symmetry in its removal -- "Hey, I hit 'install Bingo' to put it on, so I can hit 'uninstall Bingo' to get it off, right?" -- and their expectation I think would be reasonable. It's not fair or reasonable to expect them to understand the assumptions made by a badly labeled, poorly-placed remove option, especially when programs are put on specifically to hide. (Installation puts on 10 programs, de-installation takes off one
For computer jocks (like other enthusiasts in any field) things that are esoteric and obscure to the newbie may be obvious, because they have insider's knowledge, have devoted time and study to it. A lot of them seem to think that only they deserve to use computers.
For *most* users, programs like kazaa's spyware tie-in are sufficiently difficult to detect that the users don't even know they're there.
The esoteric aspect of computers are cool -- it's neat to discover how things work (see Gary Brown's site, and ask him to stop submitting every single thing on it to slashdot;)) and to be interested in the inner workings of electronic things, but there's no good reason to expect people to jump in high on the learning curve of computers, and every reason not to.
Ignorance, not stupidity, is what's being preyed on here, and ignorance is curable, but not by osmosis. Bad interfaces make people feel stupid, so they never care to correct their ignorance in favor of doing other things with their time. So they end up with crud software on their disk, and don't feel like learning how or why it got there, have no idea that it's reporting info to others. ("but it would be trivial to monitor the ports that it might --") No. Again -- Jocks, yes. Most users, No. That's what's so slimy about this stuff.
timothy
idea: strip executable attachments (Score:2)
If an attachment is executable, drop it on the floor. (Be nice and replace it with a message explaining that the executable attachment was stripped and, if this is the 1-in-a-million legitimate occurance the attachment should be retrieved from the sender via FTP or HTTP.) "Executable" means anything with an executable extension (e.g., "vbs") or which starts with a Windows executable prefix.
This takes a little bit of time to perform, but it's far cheaper to automatically scan the first few kilobytes of a message than to needlessly send gigabytes of virus-laden mail. It also takes less customer service time than answering mail from irate customers who lost important messages because the virus filled their mailbox, who have lost hours as their system tried to automatically download megabytes of virus-laden mail, etc.
Is there a term for 'good' virii yet? (Score:2)
Although not strictly "good" - because vaccines are typically (always? I am not a virologist) made from weakened or dead viruses, which basically give the immune system time to build up a resistance as it fights this lesser threat (and yeah, sometimes even a vaccine can cause the illness it tries to prevent).
But I am not sure it would be accurate to describe a virus-killing/patching virus a vaccine or not...
Besides, all the points you made are valid, and are things that really keep this kind of idea on a back burner...
Worldcom [worldcom.com] - Generation Duh!
Re:Linux wouldn't run on their hardware (Score:3)
Worldcom [worldcom.com] - Generation Duh!
Hi! (Score:5)
Goodbye!
Re:Mexican Linux and KaZaa (Score:2)
IANAL either, but there's this new law out that should help you with your prosecution. You may have heard of it...Digital millenium something or other.
Good Sircam web page? (Score:2)
----
Re:Sircam - Code Red synergy (Score:2)
But I have mixed feelings about making life worse for the dumb clod that catches viruses. Yes, they deserve to be LART'ed, but going beyond that is probably stepping from justice into barbarism.
How about a virus that sends an email to the local paper, which can have a weekend insert listing all the community dumbasses?
Re:Linux wouldn't run on their hardware (Score:2)
Linux wouldn't run on their hardware (Score:3)
I Still Want to Know... (Score:2)
Strangely enough, I would not object to client/server software that allowed users connecting to a server to annotate my pages and read the annotations of others if:
1) The software did not install deceptively as part of another product.
2) The annotations don't take the form of advertisements and
3) I was running the server or the person running the server asked my permission before pointing it at my pages.
I suppose one might question the value of the stuff on my web page, but it is valuable to me and I'll not stand for it being modified against my wishes.
Linux in Mexico (Score:2)
I certainly don't blame the teachers. It's, to a large degree, a matter of finance. It's a poor country and they can't afford to hire good teachers and they can't afford to educate good teachers. It's a viscious circle.
I never really had any confidence in the ability of Mexico to deploy Linux in their schools. Just didn't seem likely.
Which brings me to a point of internationalization. How well does Linux internationalize to other languages, like Spanish?
All (or I should say, a great majority) of the computers in Mexico use "Spanish (Traditional)" keyboards (the Windows definition of the keyboards) where the enyay (the n with the squigly line on top) is where our semicolon/colon key is on English keyboards, and most of the non-letter keys are relocated. As well as having the ability to place accent marks above the vowels.
Re:The truth of Linux in Mexico (Score:2)
That said, I don't know exactly where you live, and conditions are different from area to area. As I said in my previous post though, I think it has more to do with a lack of people trained in Linux than with lining a politician's pocket with $$$.
Also, as a democrat, I found your remarks in that area a little offensive. We won't go into the literacy of some of the "great" republicans of recent history cough-cough-Quayle-cough-cough.
Right on...! (Score:2)
I think the slashdot populace (not you, the kind of people whose sentiment was expressed in that line about ISPs) should think their principles through carefully. Most of the time, ISP regulation of your email or access is seen as bad on slashdot. So is government regulation of the internet. I agree. But when there is some annoyance, they want regulation to fix that. Bad idea!!
Annoyances like spam or sircam are not that bad compared to what could happen to the internet if we encourage value-add ISPs like this (or in the case of spam, government regulation). Just press delete or write some damn mail filters. Stuff like the DMCA or the CDA is much, much harder to deal with.
It is true that corporate email systems should have filters for this. Perhaps, if I ask my ISP to block mail with attachments, they should be able to provide that service. But when I am paying for raw internet connection, I do NOT want regulation on that from anyone. Do you?
be careful (Score:2)
It's good to want to warn people, but keep it short and simple. The links are nice. Admonishments about double clicking, trusted sources and "your business" can be percieved as smug and are inefective in anycase. Do you know this thing requires a double click? MS will give a scary warning for the links too... the user may be scared to look at your untrusted email links after that.
Imagine getting something like this from some clueless MS user who had been tricked. Replace Linux references in the above with MS BS and you can see how offensive it is. Also, imagine that the files they referenced were not yours.
The essential information you are sending is that you recieved mail purporting to be from them, their machine is infected (must be if SirCam remembers it? imagine if it had an address harvester!), and news links. A three liner should do.
Surely you're mistaken (Score:2)
Me too (but I made fun of them too) (Score:2)
One last thing (Score:2)
How is it a failure? (Score:5)
Hardware compatibility problems have been solved, and the idea to adopt an open-source platform still stands.
This year, 1,400 schools will be equipped with external modems, and Ibarra plans to install Linux on those computers.
Dosen't sound like they're giving up to me. Also, they already have twenty schools running on GNU/Linux. They have schools already on it and they're planning to add more, it's just not a fast or as wide-spread as they had hoped. Just because a project dosen't go off as well as expected dosen't mean it is a failure.
Was Linux 2.4 a failure because it shipped a year late?
Re:idea: strip executable attachments (Score:2)
Moreover, extensions are not entirely meaningful with MIME. Marking a .txt file as 'content-type: executable' can cause surprising things to happen.
Balderdash. People who use poorly engineered mail clients *deserve* what the get, in the same way that people who drive a car without a spare tire deserve what they get.The real solution is a well-designed email client:
Anything else is just half-assed attempt at a solution that will inevitably break.
Re:If you have the email addres... (Score:2)
Re:idea: strip executable attachments (Score:2)
Or do you really think the bad old days of 'clip here, uudecode, untar' were good? System-agnostic structured messages are a great good.
If the worm can sniff your keyboard, the game is already over. The goal should be to keep that from happening in the first place. Besides which, a good OS can keep anything from ever sniffing your passphrase. There just aren't any good OSes -- yet. Documents don't save themselves, the trusted code of the sandbox saves them, and it does so when and where the user says.There is essentially never a legitimate need to receive an executable as an email attachment. People who really need to can set up crypto and learn how to use it, and the other 99% can live without it and not know the difference.
Besides, if people *want* to hand their computers over to the Black Hats, there's no way to stop them sort of a draconian OS. Home users who do it will pay through the nose to get their machines unfucked, and corporate users will pay with their careers.
Re:If you have the email addres... (Score:2)
The Linux Issue (Score:2)
Here's the deal, in case anyone hasn't figured it out yet: PEOPLE WANT DENIABILITY.
"Well, it doesn't work, and we have a trouble ticket in with Microsoft" (Translation: I don't have to do anything for the rest of the month!)
"Well, the Visual C++ toolset have been upgraded, and we need to upgrade several parts of the server infrastructure, and the vendors are shipping late" (Translation: I don't have to do anything for the next two years!)
"Well, the infrastructure has been upgraded, but now we all need training" (Translation: off to vegas for drinking and whoring!)
"Well, the system just crashes -- Microsoft products aren't the greatest, but it's the only game in town. It'll get better with the next service pack" (Translation: I don't do anything but install the crap!)
Dr. Who refered to these people as "The Tesh" (The techs or technicians). They had little interest in science or engineering, or creating anything new, or even improving what they had, but rather had a kind of cult of knowledge where *they* held the secrets and they rarely let anyone else in. Microsoft is the cult, the MCSE/MCSD is the tesh. They can always throw up the "Microsoft has bugs!" excuse when things go bad.
Contrast this with Linux -- all you need is desire, skill and talent. There is nothing hidden, and it's all free. How far can you go? It's up to you.
The choice seems so simple, but I meet more and more programmers and admins who just want to use access and VB -- no interest in anything that is not just "a few clicks to the next paycheck", or anything that could remove their golden parachute of deniability.
Treatment, not tyranny. End the drug war and free our American POWs.
Re:The Linux Issue (Score:2)
But, with Linux, you could (OH MY GOD HERE IT COMES) actually fix the problem, thereby helping yourself, your company, and others.
Grotesque concept, eh?
Treatment, not tyranny. End the drug war and free our American POWs.
Re:The Linux Issue (Score:2)
> value in me to fixing it.
My interpretation: "Fixing bugs in, or adding features to, Linux, will not increase my personal worth".
This is true, but only if you have a personal philosphy along the lines of "My life is better when I make more money and work less". If you have that belief, this discussion is basically over.
I reject that philosphy for myself. I think it is great to make more money, but it is certainly not my life's goal or focus. To me, everyone is better served when quality, service, freedom and justice are the goals.
When an individual has these goals...the payoff comes naturally. Cheaters (like the federally convicted Microsoft) tend to ruin it for everyone.
> I could most likely fix the problem even quicker
> by calling the non-linux vendor and getting them
> to fix it. Or just wating. And I would be
> participating in a much better society in this
> case. A society that allows its productive
> member to afford the houses in their
> neighborhoods.
An odd way of saying "In case of problems, it is best to wait or do nothing. I will then be considered a productive member of my society. As such, I will have earned a nice home".
And perhaps a "Harem of Bitches" to go with that home? Strange days, indeed.
Treatment, not tyranny. End the drug war and free our American POWs.
Re:Why I don't use Linux here in Brazil (Score:2)
Maybe, since you already have the machines networked, you could install RH 7.1 (it is free) on a machine with a cdrom, then install on the rest via boot floppies and NFS.
My own experience is that Linux runs on more hardware as time goes by, not less.
Treatment, not tyranny. End the drug war and free our American POWs.
Re:How is it a failure? (Score:2)
Artwork, if they have Macs.
Re:ISPs' responsibility?! (Score:2)
Well, telling people not to click on attachments will help at least somewhat. The viruses propagate by social engineering, so it's important to break the cycle of infection by teaching people not to open the attachments uncritically. That won't do anything to keep current infections from sending out messages, but it will cut down on the next generation of infections and may (ha, ha, ha) prevent the next virus from propagating at all. It's certainly better than just ignoring the problem completely, and there's always the risk of deleting a legitimate attachment accidentally if you scan transmitted email for viruses. Just think about the damage that could be done if some cracker inserted a bogus entry that recognized MS Word headers into the virus definitions for the on-server virus scan used by a major ISP. Then you'd have a really nasty lawsuit on your hands.
--
Karma down to 50 again. Thanks Karma Kap.
Re:idea: strip executable attachments (Score:2)
Thanks for proving the truth of your sig. Auto-dropping executable attachments is not a good idea. Your contention that they're incredibly rare is less true than you think. I know someone who wound up with a big hassle just the other day because our email system does drop executable attachments and somebody was trying to send him one that he needed for his work. As an alternative to your suggestion, might I suggest the following:
IMO any of these alternatives would be preferable to what you suggest.
--
Karma down to 50 again. Thanks Karma Kap.
Re:I use KaZaA without intrusions - This is how (Score:2)
Of course an alternative to this approach is for businesses to behave decently and not try to screw their customers by installing a bunch of unwanted junk. Maybe I'm a naive idealist, but I think that users should be allowed to deal with software under the assumption that the default install will only include components that are significant for the nominal function of the program. Extra packages should be clearly marked as extra and require a separate installation. Any company that doesn't follow this simple principle is behaving obnoxiously and customers have a reasonable right to complain, even if they could have prevented the problem by installing defensively. I understand that this isn' the case, but the rule should not be caveat installor, and companies that behave as though it is should be smacked.
--
Karma down to 50 again. Thanks Karma Kap.
Re:How is it a failure? (Score:2)
More power to these guys, but they have a tough road to fight.
Of course, if it's all the same too the administration one thing they could use is the QVWM/Abiword/Gnumeric/Mozilla combination and with proper themes most end users probably would be able to adjust fairly quickly, if they even notice at all. After all, what do most kids use computers in schools for, besides web browsing, word processing, email and the odd spreadsheet?
After the next major virus outbreak the government could be taking a look around, see the Open source systems standing and the Windows machines dead, and make some intelligent decisions about their future. It is still early enough for that.
Re:The truth of Linux in Mexico (Score:2)
With the world economy slowing down, there is a chance Mexico might be able to hire some Linux folks at lower prices, especially if they can find some who really care about this issue and are willing to price themselves competitively with the Windows folks in this case.
The next step is to have Microsoft audit all of Mexico's public institutions for license compilance. American corporations are getting that treatment - what makes you think Microsoft won't stoop to grabbing cash from Mexico? Then Mexico audits to find out where all the cash went and a few people who have been skimming the cream get it in the shorts...
The third is to get American corporations to donate their old hardware to causes like this. Linux can do fairly well on older hardware, and if they can be convinced that a bunch of educated Mexican computer nerds are just what they need to solve the eternal shortage of qualified computer people, they may just make a dent. (Plus if they can get a tax credit they like that too.)
A crutical factor is how much autonomy the schools have in something like this. If all schools must meet a national standard, and that standard is windows, we are So Outta Luck. (And so are they.)
I'm actually surprised that the politicians are interested in the details of the software to be installed at all. Are they actively in favor of Windows, or was it indifference that killed (or slowed, at least) the Linux effort? If it was indifference that might be a good sign, actually. Namely, if they don't care and we do, we might still make something happen. Does anyone have a feeling for this one?
Recommended tools for older computers in education (Score:3)
Desktop Shell:
Midnight Commander - command line mode
http://www.gnome.org/projects/mc/
Flash - An altered version of this might prove extremely useful for schools in setting up a basic, intuitive interface:
http://www.netsoc.ucd.ie/flash/
Typing:
Gtypist - includes a spanish mode
http://www.gnu.org/software/gtypist/
Editors:
nano - The standard easy text editor.
http://www.nano-editor.org/
emacs - Scary but powerful - for advanced students
http://www.gnu.org/software/emacs/emacs.html
Typesetting:
teTex - fairly complete distribution of the TeX typesetting system; probably not necessary for most levels of education, but if formatted text is desirable this is definitely the none graphical way to make it.
http://www.tug.org/teTeX/
Development Environments:
Rhide - Borland like environment for use with gcc
http://home.lanet.lv/~pavenis/rhide.html
Mathematics:
I do not recommend the use of mathematical programs for educational purposes until there is no other reasonable way to solve the problem. However, a powerful and free computer algebra system does exist, and can be run from the command line, so if research projects or some such effort require it:
Maxima
http://www.ma.utexas.edu/maxima.html
Web Browser:
links - ncurses based browser. A nice piece of work. It will not do graphics, but will handle tables and frames.
http://links.sourceforge.net
Email:
mutt - mutt is very powerful. It can be configured to act similar to the pine email system in order to be slightly more friendly to new users.
http://www.mutt.org/
Re:Mod up! (Score:2)
If MS was really smart they'd offer free Windows licenses to all K-12 education. Not that they are having a problem keeping users, but that would probably insure vast amounts of Users for Life.
Re: (Score:2)
For want of a nail (Score:2)
reminds me of the old rhyme, "For want of a nail, a shoe was lost, for want of a shoe a horse was lost, for want of a horse a skirmish was lost, etc etc etc, all for want of a nail"
The murder of Georgy Gongadze (Score:3)
It has been pointed out however, that Kuchma would hardly have anything to fear from an e-zine like Ukrajinska Pravda, since very few have access to the Internet in Ukrain, and that it was unlikely that he had even heard of Georgy Gongadze.
It is, nevertheless, an issue to be alarmed by.
ISPs could help with viruses (Score:2)
For the price of a stinking Network Associates Webshield [mcafeeb2b.com] operating in transparent mode at the router of each ISP, they could filter out most viruses. They could route port 25 traffic through one of these babies and things might be rosier. I chalk that up to lazy/overworked/ignorant admins not caring/able/knowing to put such a system in place. We have a webshield and the only time we saw SirCam was because we had to take it out of the loop for some quick maintenance; the one guy that go it knew not to open it and deleted it.
Of course, security is a process so no amount of filtering is going to keep 100% out. If you still get that one virus headed for the guy in the company with Outlook and who blindly opens every message that comes at him, then you've still got a cultural problem to cure.
Re:ISPs could help with viruses (Score:2)
Support? You priced it with support? What is support? Seriously, though, as a customer of an ISP, I expect them to spend the money I give them on quality services. The fact that you came up with a much cheaper solution makes it even more shameful that they don't provide that extra level of protection.
The Webshield you priced covers both sparc hardware and the software, and support is on both. Trend Viruswall [antivirus.com] is just a software product ($1k for 50 users) that you still have to purchase a dedicated machine for in order to do the job properly. Luckily it is available for Linux, so the hardware portion can be cheaper in both initial cost and support.
We purchased our Webshield a year or two back when there were no solutions like this readily available. Now, Norton has Antivirus for Gateways [symantec.com], and more are coming out. As a small 200 person company, it's not a big deal to get support on our Webshield, but given a choice today, we would probably go for a Linux solution involving the Trend product. Heck, just thinking about the couple of bugs that we've seen in the Webshield, maybe we should consider the Trend product anyway.
ISPs' responsibility?! (Score:5)
Outlook viruses are, in my opinion, the responsibility of (1) Mictosoft, and (2) the Outlook user, who should be trained not to open crap that comes from random people with attachments! I really don't see how an ISP can help. (Of course, helpdesk people need to know about it, etc.)
Mexican Linux Deployment: (Score:2)
So when you boil it down, is it cheaper to pay for training the 100's or 1000's that would need it in the ways of linuxy goodness, or simply purchase windows and click yes when asked until the systems are deployed? I think the Mexican School Boards have realized that it is the former, though I suspect it was with the assistance of MS marketting and sales that made it clear to them. PS, Brian Farina can bite my ass!
Re:The truth of Linux in Mexico (Score:3)
Re:BsA? (Score:2)
A company I worked at in Mexico got caught in a BSA audit. They found lots of pirate copies because that's what companies in Mexico do software-wise.
So at the end of the day the deal was a certain NUMBER of computers were identified as having pirated software. The company was allowed to choose which ones. Those computers were "secured" with a legal sticker over the power buttons that could not be legally broken until the requisite number of software licenses were purchased.
So, the company just "chose" to have them secure all their old 386 machines that they were going to get rid of anyway. They then stuck them in storage in the basement and purchased the new computers they were going to buy anyway... but they never broke the stickers on the "secured" computers--and never purchased the "required" licenses. Problem solved.
The truth of Linux in Mexico (Score:5)
Organizations in Mexico, for some reason, would rather spend $5 on hardware/software than $1 on human resources. Perhaps it's because there's so much corruption everywhere that no-one trusts their employees to do their job and to do it honestly. Then again, can you blame them when a CS graduate might earn US$1000/month...
Believe me, the reason they went with Windows is because they'd rather pay Windows people US$800/month rather than paying Linux people US$1000/month, even if it means having to spend millions of dollars on Windows license. And, of course, some politicians will probably be taking a good part of that $124 million to their personal bank accounts.
Mexico is a wonderful country, but it's very frustrating to live here and see the incompetence and corruption in decision-making. Believe me, it makes American politics and decision-making seem PURE and reasonable in comparison. Heck, even Democrats sound coherent after witnessing the absurdities and abuses that go on down here--and for a Democrat to sound coherent ought to give you an idea of how bad things are down here.
Anyway, this isn't a blow against Linux. It's about par for the course in terms of Mexican political decision-making.
PS--For what it's worth, I can't really see the government actually paying for all the licenses anyway. They'll probably set aside $20 million for licenses, buy one license, and the politicians will keep the rest.
Re:How is it a failure? (Score:2)
My other problem with Windows 2000 is that there isn't enough stuff to tinker around with. I like the fact that I can configure Sawfish to perform a merry jig for me. I won't be satisfied with any version of Windows until I am provided with a means of making it do a merry jig and other such silly things.
Au pays de L'Emperereur Tomato-Ketchup
Les Enfants sont les rois et ils font la loi!
KaZaA and Ad-aware (Score:4)
The punchline was that it wouldn't even uninstall from Add/Remove Programs. I had to reinstall it just to uninstall it nicely.
I've installed Morpheus from musiccity.com, and I'm running Ad-Aware again. Wonder if this'll turn out any differently...
(Side note, damn if Morpheus doesn't look almost exactly like Kazaa.)
Re:Sorry, kaZaa users (Score:2)
As for the checkboxes option, how many pieces of software (any commercial word processing app, for example) have you installed which had such a checkbox window with about ten options, some of which you didn't know too much about, and you accepted because that's the default install. Face it, it should be a reasonable expectation that when you install a piece of software advertised to perform a given task, that software isn't going to do a number of completely unrelated tasks which have the further effect of telling a complete stranger what websites you choose to browse?
Kill Smart Tags:
kAzaA quicky (Score:3)
Kill Smart Tags:
Sorry, kaZaa users (Score:4)
Kill Smart Tags:
Why my company doesnt use linux (Score:2)
Anyways, after some discussion, linux turns out to be more expensive for us to use than windows. Why? Because we're a small company. The tech guys there (myself included) double as both programmers and system administrators. All of us know windows inside and out just by using it for years. For upgrades, windows is trivial to upgrade.
Linux is a different story. We all also know how to use linux - but none of us are expert admins at it. We would need to hire a linux sysadmin to be safe and ensure it was configured correctly (yes kids, linux is easily hacked too if not configured right) I've never known a linux sysadmin who worked for cheap. So we spent a couple grand going for a windows machine and setup, and saved ourselves several thousand dollars in the salary we would need to pay someone to maintain and secure the linux setup.
it was among other reasons... (Score:2)
Re:Why my company doesnt use linux (Score:2)
Also, we were not interested in buying lots of systems. Rather one quite large server at the time. Windows was simply more sensible. Even the resident linux fanatic (who knows alot more than anyone else, but not enough) admitted that windows suited our best interests.
Linux in Mexico...It's coming. (Score:2)
Mexican Linux and KaZaa (Score:2)
On the KaZaa thread, the first email which I get saying that my site had links which I did not put up myself will send me to an attorney to discuss what I can do to them along the lines of changing my content, including copyright infringment (I know that I'll have to put notices on the pages) and to see if defacing a website charges can be arranged along the lines of prosecuting them like the Code Red Worm writers could be prosecuted. The fact that things were done on the client side instead of the server side should not be relevant (IANAL).
Re:ISPs' responsibility?! (Score:2)
Re:ISPs' responsibility?! (Score:2)
Help (Score:2)
But I'm still a bit confused, and need some help. What exactly are the files that ad-aware installed along with itself? They're in c:\windows and they're called 'make_money_fast.exe' 'enlarge_your_penis.dll' 'lose_weight.vxd' 'herbal_viagra.com' 'send_all_your_data_to_our_company.vbs' and 'popup_x10.js', and they're set to run on startup...
Outlook virus???? (Score:2)
Check out the following for more info on this really impressive... um I mean dangerous worm. http://sarc.com/avcenter/venc/data/w32.sircam.wor
Parasite Software (Score:4)
Why I don't use Linux here in Brazil (Score:2)
I run a small non-profit project [truepath.com] for at-risk kids in a slum area in Rio de Janeiro state. We have a small Novell 3.11 network (legally licensed, even though the server does think we're in 1901) and running on a variety of ancient, often rebuilt hardware, ranging from 386-SX-16s to a 486-DX-120. The reason for such low-end hardware is very simple: money (or rather the lack of it).
I have been unable to find a Linux version with a GUI that runs on such low end boxes. Windows 3.1 runs on some, I have OS/2 2.1 on a 386 and Windows 98 on the 486-DX. I'm also using FreeGEM and homewritten VB/DOS software on most machines.
Does anybody know of a low-end Linux distribution (that will ideally install without needing a CD drive) with some sort of GUI and some useful application software that could be used for teaching purposes on such ancient hardware?
Maybe Linux couldn't be installed on some of the existing hardware in some Mexican schools for the reasons?
Comments anyone?
It's easy .. (Score:2)
Just imagine a 486-100, 16MB ram, 300MB disk.
I can happily install Win95(the very first ones) plus Off97 (Word - main app) on it, with netscape and pegasus for some web and mail access. Sure, the performance won't be high, but it will work. No way you can get an X-Windows based office suite on that, and with p-200/32mb the difference in performance would be even more dramatic.
This is real, some schools _are_ that poorly equipped. I still have to setup such a system from time to time, and I work for an university .. (Bratislava, Slovakia, Eastern Europe).
While we have some 10-15% of such crappy machines and it's getting better all the time, I can imagine there are schools where such junk is 80-100% of their equippement.