> This is not quite true. Among the security problems typical
> of MSFT programsis the fact that the default settings are generally to
open
> attachments, run executables etc automatically. This makes things
> marginally easier for unsophisticated users, who would otherwise have to
take extra
> steps to see that picture of aunt ethel, but it makes the software easier
> a much easier target for malicious code.
I don't think this is correct. I just tested it, and setting attachment
security to "none" just means that it doesn't _warn_ me if I try and open an
executable that someone's sent me; setting it to high it says "this is an
executable, do you want to do this?" It still won't open it unless I
explicitly click on it to launch.
Now, setting security to none means it's easier to disguise executables as
images, certainly.
> Also not true. Although a mail program such as pine (or heavens, even elm)
> can easily be scripted, its default configurations (not to blindly
run/open
> anything that comes in) and the default configurations of the systems it
> typically runs on (not to let any random piece of code have access to any
> file it wants) make virus/worm propagation much more difficult. (Those
> default settings have been honed by 20 years of experience, most of which
> our big brother in bellevue has ignored.)
Again, Outlook doesn't launch attachments unless you tell it to. I'd also
argue that the fact that unix has decent security is something of a red
herring here -- the Outlook worms that have been running around recently can
do their work entirely in user space. There's nothing to stop me writing a
worm that hacks .login/.bashrc to do nasty things; those are owned by me,
when I login bad things happen. Sure, I can't hack /lib/libc.so, but all
that would gain me is infection of other people on the same system. Typical
Win9x systems are single-user -- and writing code to
HKCU\Software\Microsoft\RunOnce is in hkey_current_user, ie the bit of the
registry I can write to, ie stuff that'll affect _me_, ie the same as
hacking .login.
Now, I'm not trying to claim that Windows/Outlook doesn't have problems, I
just think that the reason we're seeing so many Outlook worms is mostly
because it's easy to write worm functionality to exploit Outlook, and there
are a lot of people using Outlook.
You're right, it doesn't help that a typical single-user Windows system is
basically wide open -- but a typical single-user Linux box with a lazy user
that always logs in as root is the same thing. Linux makes security easier
to impose, but that's because it's not an end-user OS. If I'm using a unix
system where I log into a central server that the admin has administered
properly, no problem.
(though, of course, if I'm using Outlook to log into a central Exchange
server that the admin has set up properly and patched clients properly, I
also won't have any security problems -- it's just that most people haven't
applied the requisite patches yet..)
And it's not as if Unix systems are immune either; sadmind used holes in
Solaris, and there are plenty of rootkits out there to let script kiddies
grab root on unsafe linux boxes. There's Mac viruses, there's been Linux
worms, etc. They don't get mainstream coverage because they don't affect
many people, and because people using Unix boxes are (hopefully) more aware
of the issues that might hit them.
-- dan
< This message was delivered via the Olympus Mailing List >
< For questions, mailto:owner-olympus@xxxxxxxxxxxxxxx >
< Web Page: http://Zuiko.sls.bc.ca/swright/olympuslist.html >
|