| Amy Alexander on Sun, 14 May 2000 07:50:01 +0200 (CEST) | 
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
| Re: <nettime> Viruses on the Internet: Monoculture breeds parasites | 
On Fri, 12 May 2000, Menso Heus wrote: > could have been written for Unix or Linux as well, just put the code in a > shell script. > that's true, but then again, on unix/linux it's usually tougher to disguise an executable program as a text or other benign file, which was part of the trick "ILOVEYOU" used. the user has to consciously set the execute permissions on the file and run it as executable (unless there are mailers that do this automatically based on the #!/bin/sh at the top of the script; i hope not - i don't know of any)... even in the GUI window managers, you still see file types and have to set permissions. > The *PROBLEM* is the *USER* Like always, it's the end-luser that goes 'hey > someone loves me clickclickclick' whithout paying attention to what it isz > they are actually opening. true enough, except in mailers that open attachments without asking people... dangerous with executables, word files, etc. i'm not an expert on things microsoft, but it does seem they put hooks into the OS in some strange places - like Word documents. so an attachment doesn't really need to be executable to harbor a virus nowadays. or maybe we just need to rethink our definition of "executable" to include things like Word files. > The reason that this wouldn't work with Unix people is not because the os > doesn't allow it, but because Unix people have more clues about computing > in general... true, both on the surface and on a more fundamental level. microsoft has written some very automated software, in the hopes of making things easy for people, whether computer literate or not. attachments that open themselves, hooks into the OS from word processor docs, etc... and hey, it works -lots of people can get things done with computers fairly easily; they don't have to spend time learning things like how to make their files executable and so on. but there's drawbacks to that, and one of them is the easy spread of viruses. it's a difficult balancing act. and much of the trouble is still the fair amount of geekishness you need to develop to work in linux/unix. (not to mention the absence of some of the more fundamental desktop apps.) fortunately, this has been getting better lately; though there is still much to be desired. (i swapped in a new graphics card in a linux mandrake box the other day - was delighted to have an autoconfigurator come up and offer to configure for the card for me, thus saving me from XFree86-config-torture - but then, the autoconfigurator went on to try to disable the driver for the on-board sound for no apparent reason.) anyway, i think systems like linux need to continue to improve in usability; much of the open source movement has concentrated on the geek-user up until recently, so hopefully things will shift to usability for everyone... but also, when that happens, there needs to be quite a bit of thought put in to doing it without screwing things up, so that users aren't opening themselves up to viruses, etc. btw, i realize i'm ignoring issues of "windows users often running with full privileges on the registry" vs. "running as an unpriveleged unix/linux user"... there are a whole slew of issues one could discuss with respect to 98/NT/2000 user and admin accounts vs. unix and how much damage you can really do to a system, but, in the case of the "ILOVEYOU" virus, i don't believe it would make a difference. -amy # distributed via <nettime>: no commercial use without permission # <nettime> is a moderated mailing list for net criticism, # collaborative text filtering and cultural politics of the nets # more info: majordomo@bbs.thing.net and "info nettime-l" in the msg body # archive: http://www.nettime.org contact: nettime@bbs.thing.net