nanog mailing list archives
RE: in case nobody else noticed it, there was a mail worm released today
From: "Vivien M." <vivienm () dyndns org>
Date: Wed, 28 Jan 2004 23:51:03 -0500
-----Original Message----- From: owner-nanog () merit edu [mailto:owner-nanog () merit edu] On Behalf Of Roger Marquis Sent: January 28, 2004 11:31 PM To: nanog () merit edu Subject: RE: in case nobody else noticed it, there was a mail worm released todayThe reason they don't do it isbecause there isn't a critical mass ofEvolution/GNU/Linux/glibcX.Y to make a big stink... Andthere is sucha critical mass for MS.No, sorry, false analogy though it does account for some portion of MS' mess. The larger reason is that viruses are substantially easier to write for Outlook, Exchange, et al. For another example look at Unix Apache's market share (>75%) and it's vulnerability share (<1%).
And look at the people who administer/use these things. MS' problem, if you ask me, isn't poor engineering (though I'll grant you I'm sure there stuff could be designed WAY better). The problem is that, as would seem logical for a publicly-traded company out to maximize profits for its shareholders, it designed its stuff to be used/administered by the broadest range of people. Hence, they make it easy to setup (at the cost of security, absolutely), and easy to forget about (especially as it crashes less than it used to)... And then, people don't install the security patches and have no idea about what proper security practices are. So when they find out about the new cool screensaver... Oops. Open source projects aren't out to maximize profits, generally... And they don't generally aim at ease of setup. Whoever sets up Apache using vi to edit httpd.conf needs to have at least a fractional degree of clue. Not enough clue, no doubt... But some clue. Setting up the MS equivalent can probably be done by the random guy on the street wearing a blindfold and with one hand tied to the chair with a Cat 5 UTP cable. That's the problem. Someone made the argument to me privately that the problem is that MS lets you run attachments from Outlook, while other clients would require you to save the files to disk. That's not a solution: if these people are like my parents used to be, they'd dutifully save the attachment, open up a file manager, and open it up to see the "cool new screensaver" their best friend sent them ("hey, even if it's a virus, I have an antivirus" is the usual excuse). Sure, that's three steps instead of one, but for as long as the HUMAN behind the keyboard wants to open the attachments, whether it takes two clicks or fifty keystrokes, that attachment will get open. Why doesn't this happen to Evolution users? My guess is, if you a) know what Linux is, b) know how to set it up, and c) know what Evolution is, you have enough CLUE to know that executable attachments from your friends that come with a gramatically-incorrect email body are trouble. MS has made a business of putting computers into the hands of people who do not have that clue, and do not want to acquire that clue. The fact that they've been INCREDIBLY successful at doing it is the problem. Sure, they could put a few more hoops to slow the viruses down... but for as long as the person behind the keyboard wants to run the attachment, a way will be found (and ISTR one patch for Outlook 2000 that blocked your ability to save executables was released), and whoever tries to stop them will be seen as the mean party here. Vivien -- Vivien M. vivienm () dyndns org Assistant System Administrator Dynamic Network Services, Inc. http://www.dyndns.org/
Current thread:
- Re: in case nobody else noticed it, there was a mail worm released today, (continued)
- Re: in case nobody else noticed it, there was a mail worm released today jon bennett (Jan 28)
- RE: in case nobody else noticed it, there was a mail worm released today Wojtek Zlobicki (Jan 26)
- Message not available
- RE: in case nobody else noticed it, there was a mail worm released today Timo Janhunen (Jan 26)
- RE: in case nobody else noticed it, there was a mail worm released today David Luyer (Jan 27)
- RE: in case nobody else noticed it, there was a mail worm released today Timo Janhunen (Jan 26)
- Re: in case nobody else noticed it, there was a mail worm released today Brent_OKeeffe (Jan 28)
- Re: in case nobody else noticed it, there was a mail worm released today David Lesher (Jan 28)
- Re: in case nobody else noticed it, there was a mail worm released today Roger Marquis (Jan 28)
- RE: in case nobody else noticed it, there was a mail worm released today Vivien M. (Jan 28)
- RE: in case nobody else noticed it, there was a mail worm released today jon bennett (Jan 28)
- RE: in case nobody else noticed it, there was a mail worm released today Roger Marquis (Jan 28)
- RE: in case nobody else noticed it, there was a mail worm released today Vivien M. (Jan 28)
- MS is vulnerable doug (Jan 29)
- Re: MS is vulnerable Jason Lixfeld (Jan 29)
- RE: MS is vulnerable Vivien M. (Jan 29)
- Re: MS is vulnerable Jason Lixfeld (Jan 29)
- Re: MS is vulnerable Martin Hepworth (Jan 29)
- Re: MS is vulnerable Jason Lixfeld (Jan 29)
- RE: MS is vulnerable Vivien M. (Jan 29)
- Re: MS is vulnerable Laurence F. Sheldon, Jr. (Jan 29)
- RE: MS is vulnerable Vivien M. (Jan 29)
- RE: in case nobody else noticed it, there was a mail worm released today Vivien M. (Jan 28)
- Re: MS is vulnerable just me (Jan 29)