Re: Microsoft to Blame for 'Love Bug'? (fwd)

[William Knowles <wk () C4I ORG>]

Forwarded by: Craig Williams <craig.williams () hookrise com>

my 2c -

I think this is a lame attempt to pass blame. The virus didn't have to
be a script - it could have been a simple exe - users would still have
opened it and the same result would have occured.

Are we supposed to now disable the running of exe files, I think not ;)

-C

> -----Original Message-----
> From: William Knowles [mailto:wk () C4I ORG]
> Sent: 12 May 2000 05:51
> To: ISN () SECURITYFOCUS COM
> Subject: [ISN] Microsoft to Blame for 'Love Bug'?
>
> http://www.thestandard.com/article/display/0,1151,15019,00.html
>
> Microsoft to Blame for 'Love Bug'?
>
> Security experts say automation features in Windows make it a
> potential breeding ground for viruses.
>
> By Elinor Abreu
>
> Who is to blame for the "Love Bug" virus and its 25 or so nasty
> variants that ripped through an estimated 600,000 computers and caused
> computer-system shutdowns at corporations and government offices
> worldwide? As law enforcement authorities homed in on a cadre of
> technical-college students inManila, Philippines, security experts
> pointed out that Microsoft's operating system creates an environment
> that is vulnerable, if not virus-friendly.
>
> The "Love Bug" took advantage of a feature in Windows called Windows
> Scripting Host, which allows users to automate routine tasks. The
> virus' author created a Visual Basic script that was directed to send
> itself to all recipients in a user's Microsoft Outlook address book
> and then delete image files and hide audio files.
>
> The Scripting Host is not the only Windows feature that invites
> hackers. Other flaws include Outlook's automation feature, which
> allows external programs to command the application remotely. Security
> experts say such features should be disabled by default.

ISN is sponsored by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".