Linux-Advocacy Digest #386, Volume #26 Fri, 5 May 00 22:13:04 EDT
Contents:
Re: This is Bullsh&^%T!!! (Tesla Coil)
Re: This is Bullsh&^%T!!! (mlw)
Re: This is Bullsh&^%T!!! ("Christopher Smith")
Re: This is Bullsh&^%T!!! ("Christopher Smith")
Re: This is Bullsh&^%T!!! (mlw)
Re: which OS is best? ("Christopher Smith")
Re: This is Bullsh&^%T!!! (CAguy)
Re: This is Bullsh&^%T!!! (mlw)
Re: Virus on the net? (abraxas)
Re: This is Bullsh&^%T!!! (abraxas)
Re: This is Bullsh&^%T!!! (abraxas)
Re: This is Bullsh&^%T!!! (mlw)
Re: This is Bullsh&^%T!!! (abraxas)
Re: This is Bullsh&^%T!!! (CAguy)
Re: Dinosaur Eat Blue Penguin? ([EMAIL PROTECTED])
----------------------------------------------------------------------------
From: Tesla Coil <[EMAIL PROTECTED]>
Crossposted-To: comp.os.ms-windows.nt.advocacy
Subject: Re: This is Bullsh&^%T!!!
Date: Fri, 05 May 2000 19:21:47 -0500
On 5 May 2000, abraxas replied to Seán Ó Donnchadha:
>>>> This virus type could be written to work just as well in UNIX
>>>> if attachments can be executed from email, is that not possible
>>>> with Netscape on LINUX?
>>>
>>>Then do it. I'll happily test it for you [...]
>>
>> If I send you an email with an attached "rm -rf $HOME/*"
>> script and you run it, your files will be deleted.
>
> No, they wont. Not the important ones at least.
More critically, that script **doesn't propagate itself**.
------------------------------
From: mlw <[EMAIL PROTECTED]>
Crossposted-To: comp.os.ms-windows.nt.advocacy
Subject: Re: This is Bullsh&^%T!!!
Date: Fri, 05 May 2000 21:10:51 -0400
JEDIDIAH wrote:
>
> On Fri, 05 May 2000 22:54:32 GMT, Mike Marion <[EMAIL PROTECTED]> wrote:
> >Christopher Smith wrote:
> >
> >> So your solution is that every user who has important files they're working
> >> on has them set +i and harasses root whenever they want to make some changes
> >> ?
> >
> >Well, sudo comes to mind.
> >
> >Although it's still not an elegant solution.
>
> It's far more sensible to bring back the distinction between data
> and programs and make it difficult for the end user to casually
> shoot themselves in the foot.
>
> It needs to be functional.
> It needs to be easy.
> It needs to be safe.
>
> Microsoft can't quite manage #3.
>
> Also, a standard commandline flag for desktop applications might be
> in order. Such apps would likely be the last big hole to plug. So,
> it would be useful to be able to tell them in a standard fashion to
> NOT execute parts of documents, or just have an option available
> regardless of the syntax.
>
> "applix --no-script-exec iloveyou.doc"
I would, and have, argue that script execution should be an active user
interface action. What I mean is that to run anything from a document,
the user, by default, MUST be warned. To do anything else would, and is,
irresponsible.
>
> --
>
> |||
> / | \
>
> Need sane PPP docs? Try penguin.lvcm.com.
--
Mohawk Software
Windows 9x, Windows NT, UNIX, Linux. Applications, drivers, support.
Visit http://www.mohawksoft.com
"We've got a blind date with destiny, and it looks like she ordered the
lobster"
------------------------------
From: "Christopher Smith" <[EMAIL PROTECTED]>
Crossposted-To: comp.os.ms-windows.nt.advocacy
Subject: Re: This is Bullsh&^%T!!!
Date: Sat, 6 May 2000 11:20:21 +1000
"mlw" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Christopher Smith wrote:
> >
> > "abraxas" <[EMAIL PROTECTED]> wrote in message
> > news:8evl0m$iu5$[EMAIL PROTECTED]...
> > > In comp.os.linux.advocacy Christopher Smith <[EMAIL PROTECTED]> wrote:
> > >
> > > >> standard, way of keeping data secure. Though 1000 page theses
> > > >> really should be backed up to CDR on a regular basis while
> > > >> changes are still underway.
> > >
> > > > So how are you supposed to work on your thesis if you can't modify
it ?
> > > > Harass root whenever you want to add a reference or write a
paragraph ?
> > >
> > > You're an idiot. We're talking about linux and windows WORKSTATIONS,
> > > dolt. You ARE root.
> >
> > So a script is just as lethal as it is on Windows, then.
>
> Yes, but a script will not know your root password. On regular WIndows,
> it does not need one, on NT people usually have "Power User" and thus
> have sufficient rights to change.
No more "usually" than they run with such high priveleges on a *nix system,
assuming competent admins.
> > Glad you agree.
> No, not really.
------------------------------
From: "Christopher Smith" <[EMAIL PROTECTED]>
Crossposted-To: comp.os.ms-windows.nt.advocacy
Subject: Re: This is Bullsh&^%T!!!
Date: Sat, 6 May 2000 11:21:53 +1000
"mlw" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Erik Funkenbusch wrote:
> >
> > abraxas <[EMAIL PROTECTED]> wrote in message
> > news:8ev7qr$90j$[EMAIL PROTECTED]...
> > > If I kept a 1000 page thesis on my linux box, it also wouldnt be able
to
> > be
> > > deleted by am 'rm'. You see, linux is unix-like. And unix has alot
of
> > > very useful features that some people conveniently forget about. One
of
> > > these nifty features is 'file and directory attributes' which can be
> > > altered with the 'chattr' command.
> > >
> > > Though admittedly somewhat more effective under UFS, chattr is still
very
> > > usable under linux. a 'i' attribute on a file or directory will
prevent
> > it
> > > from being deleted by ANY action.
> >
> > Except the execution of another chattr command removing it. Something a
> > script could do, could it not?
>
> One needs to run "su" to set the 'i' attribute, one needs root access to
> remove it. It is a very unlikely that a UNIX user would run an e-mail
> package as root, so even if the e-mail package did run a script, it
> would not be able to affect the attribute bit.
Why is it any less likely a stupid Unix user would run a mail program as
root as opposed to a stupid Windows user running a mail program as
Administrator ?
------------------------------
From: mlw <[EMAIL PROTECTED]>
Crossposted-To: comp.os.ms-windows.nt.advocacy
Subject: Re: This is Bullsh&^%T!!!
Date: Fri, 05 May 2000 21:14:06 -0400
Christopher Smith wrote:
>
> "Craig Kelley" <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]...
> > > In any case, blaming Outlook, VBScript, or WSH is idiotic. Actually,
> > > it's the very essence of FUD, and as such it's misleading and
> > > destructive.
> >
> > Outlook makes it *too* easy to fsck up your computer.
> >
> > All those handy APIs and friendly double-clicks lead to disaster.
>
> Damn straight. We should all go back to flicking switches on a control
> panel to get anywhere. Bah, not even that. Vacuum tubes all the way, baby
> !
Hey, toggling in the start address, entering the initial register value,
and pressing the run button, is what made computers fun in the '70s. I
could boot up the PDP 8 in no time.
--
Mohawk Software
Windows 9x, Windows NT, UNIX, Linux. Applications, drivers, support.
Visit http://www.mohawksoft.com
"We've got a blind date with destiny, and it looks like she ordered the
lobster"
------------------------------
From: "Christopher Smith" <[EMAIL PROTECTED]>
Crossposted-To:
comp.os.ms-windows.advocacy,comp.sys.mac.advocacy,comp.os.ms-windows.nt.advocacy
Subject: Re: which OS is best?
Date: Sat, 6 May 2000 11:24:48 +1000
"Karl Knechtel" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Jim Richardson ([EMAIL PROTECTED]) wrote:
> <snip cause of rant of the day>
> : <rant of the day>
>
> : So can someone explain why it is I have to open a pdf file in windows in
> : order to print it? I mean, under linux, dragging the file to the printer
> : icon, or typing lpr file.pdf prints it just fine. Why does windows feel
> : it is neccessary to open it up with adobe acrobat first? It takes a long
> : time compared to simply dragging it to the printer icon in KDE. I mean,
>
> Perhaps the Windows printer driver doesn't process pdf directly?
The Windows printer driver shouldn't have anything to do with it. The PDF
should be being processed by Acrobat (or equivalent) and *then* being spat
out to the printer driver.
If Adobe have written Acrobat in such a manner that it cannot be silently
called to process the PDF file to print then, well, you'll have to talk to
Adobe about it.
------------------------------
From: [EMAIL PROTECTED] (CAguy)
Crossposted-To: comp.os.ms-windows.nt.advocacy
Subject: Re: This is Bullsh&^%T!!!
Date: Sat, 06 May 2000 01:19:45 GMT
>Even if someone sent a perl script to me, it would not be run. If any
>vendor implemented, and this is the important aspect, an e-mail client
>that would allow virtually anyone to send you executable content and run
>it without so much as a dialog box, no one using Linux would use it.
>It would actually be fairly easy to do, but doing so would raise quite a
>few warning signals to any developer.
>
>So yes, if your mail client, saved the script, modified the protection
>bits so that it can run, and then run it, and did this without asking
>the user, that would be a very BAD program indeed.
>
>Now, this gets us back to Microsoft. Microsoft has had more than ample
>warning that this is a HUGE problem in its mail program. Any other
>vendor would take this vulnerability seriously and fix it the first time
>they see it. Which was, by the way, several years before malissa in
>Microsoft Word documents. At the point it was hailed as the first virus
>of its kind, the first "Macro virus." Right then and there Microsoft
>should have been serious about e-mail security.
[SNIP]
When you receive an attachment in Outlook...you get an icon that you
double click to open..then a dialog box opens up TELLING you that
what you are about to open COULD be a virus. The dialog box gives
you two options..save to disk (default) or... open it now. Seems
pretty safe to me. The problem is, people thought the email was
sent from a friend or business associate...so, they ignored the
warnings and simply opened it. HOW is this Microsofts fault?
James
------------------------------
From: mlw <[EMAIL PROTECTED]>
Crossposted-To: comp.os.ms-windows.nt.advocacy
Subject: Re: This is Bullsh&^%T!!!
Date: Fri, 05 May 2000 21:19:27 -0400
Christopher Smith wrote:
>
> "mlw" <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]...
> > Erik Funkenbusch wrote:
> > >
> > > abraxas <[EMAIL PROTECTED]> wrote in message
> > > news:8ev7qr$90j$[EMAIL PROTECTED]...
> > > > If I kept a 1000 page thesis on my linux box, it also wouldnt be able
> to
> > > be
> > > > deleted by am 'rm'. You see, linux is unix-like. And unix has alot
> of
> > > > very useful features that some people conveniently forget about. One
> of
> > > > these nifty features is 'file and directory attributes' which can be
> > > > altered with the 'chattr' command.
> > > >
> > > > Though admittedly somewhat more effective under UFS, chattr is still
> very
> > > > usable under linux. a 'i' attribute on a file or directory will
> prevent
> > > it
> > > > from being deleted by ANY action.
> > >
> > > Except the execution of another chattr command removing it. Something a
> > > script could do, could it not?
> >
> > One needs to run "su" to set the 'i' attribute, one needs root access to
> > remove it. It is a very unlikely that a UNIX user would run an e-mail
> > package as root, so even if the e-mail package did run a script, it
> > would not be able to affect the attribute bit.
>
> Why is it any less likely a stupid Unix user would run a mail program as
> root as opposed to a stupid Windows user running a mail program as
> Administrator ?
Because all the NT users I know run as, at least, power user. You can't
install most programs as "Administrator" and switch back to normal user
and find it in the start menu. So, most NT users give themselves admin
privilages.
--
Mohawk Software
Windows 9x, Windows NT, UNIX, Linux. Applications, drivers, support.
Visit http://www.mohawksoft.com
"We've got a blind date with destiny, and it looks like she ordered the
lobster"
------------------------------
From: [EMAIL PROTECTED] (abraxas)
Subject: Re: Virus on the net?
Date: 6 May 2000 01:28:56 GMT
Erik Funkenbusch <[EMAIL PROTECTED]> wrote:
> Current practice is for the shell to examine the first line of a data file,
> looking for a comment such as
> # /usr/bin/sh
That line wont actually do anything.
> and executing that program
Wrong. The next thing that happens is that it finds the next un-commented
line and does what it tells it to do. This is a shell SCRIPT, not a
program.
=====yttrx
------------------------------
From: [EMAIL PROTECTED] (abraxas)
Crossposted-To: comp.os.ms-windows.nt.advocacy
Subject: Re: This is Bullsh&^%T!!!
Date: 6 May 2000 01:30:19 GMT
In comp.os.linux.advocacy Christopher Smith <[EMAIL PROTECTED]> wrote:
> "abraxas" <[EMAIL PROTECTED]> wrote in message
> news:8evl0m$iu5$[EMAIL PROTECTED]...
>> In comp.os.linux.advocacy Christopher Smith <[EMAIL PROTECTED]> wrote:
>>
>> >> standard, way of keeping data secure. Though 1000 page theses
>> >> really should be backed up to CDR on a regular basis while
>> >> changes are still underway.
>>
>> > So how are you supposed to work on your thesis if you can't modify it ?
>> > Harass root whenever you want to add a reference or write a paragraph ?
>>
>> You're an idiot. We're talking about linux and windows WORKSTATIONS,
>> dolt. You ARE root.
> So a script is just as lethal as it is on Windows, then.
Youve managed to miss the point entirely. I shall not explain it again,
because you are clearly too incredibly dim to understand it.
=====yttrx
------------------------------
From: [EMAIL PROTECTED] (abraxas)
Crossposted-To: comp.os.ms-windows.nt.advocacy
Subject: Re: This is Bullsh&^%T!!!
Date: 6 May 2000 01:31:22 GMT
In comp.os.linux.advocacy Christopher Smith <[EMAIL PROTECTED]> wrote:
> "abraxas" <[EMAIL PROTECTED]> wrote in message
> news:8evl5a$iu5$[EMAIL PROTECTED]...
>> In comp.os.linux.advocacy Christopher Smith <[EMAIL PROTECTED]> wrote:
>>
>> > From *deletion* ? ACLs in NT will do exactly that - allow writes but
> not
>> > deletion.
>>
>> > The whole point here is that Unix is no more inherently resistant than
> NT,
>>
>> Yet there are almost no viruses that work on UNIX, and buttloads that work
>> on NT. Why is that again?
> For the same reason there's bugger all viruses for the Mac, or for BeOS -
> no-one writes viruses for OSes less than 5% of people are ever going to use.
Spoken exactly as someone with very little experience with beos or macos.
=====yttrx
------------------------------
From: mlw <[EMAIL PROTECTED]>
Crossposted-To: comp.os.ms-windows.nt.advocacy
Subject: Re: This is Bullsh&^%T!!!
Date: Fri, 05 May 2000 21:26:53 -0400
CAguy wrote:
>
> >Even if someone sent a perl script to me, it would not be run. If any
> >vendor implemented, and this is the important aspect, an e-mail client
> >that would allow virtually anyone to send you executable content and run
> >it without so much as a dialog box, no one using Linux would use it.
>
> >It would actually be fairly easy to do, but doing so would raise quite a
> >few warning signals to any developer.
> >
> >So yes, if your mail client, saved the script, modified the protection
> >bits so that it can run, and then run it, and did this without asking
> >the user, that would be a very BAD program indeed.
> >
> >Now, this gets us back to Microsoft. Microsoft has had more than ample
> >warning that this is a HUGE problem in its mail program. Any other
> >vendor would take this vulnerability seriously and fix it the first time
> >they see it. Which was, by the way, several years before malissa in
> >Microsoft Word documents. At the point it was hailed as the first virus
> >of its kind, the first "Macro virus." Right then and there Microsoft
> >should have been serious about e-mail security.
>
> [SNIP]
>
> When you receive an attachment in Outlook...you get an icon that you
> double click to open..then a dialog box opens up TELLING you that
> what you are about to open COULD be a virus. The dialog box gives
> you two options..save to disk (default) or... open it now. Seems
> pretty safe to me. The problem is, people thought the email was
> sent from a friend or business associate...so, they ignored the
> warnings and simply opened it. HOW is this Microsofts fault?
>
> James
That is not the default behavior of outlook. Outlook, out of the box,
does not ask.
Insufficinet user level security exists. ALL Windows 9x users
effectively run as root. Most NT users need to run with admin privilages
to be able to run most Windows software.
--
Mohawk Software
Windows 9x, Windows NT, UNIX, Linux. Applications, drivers, support.
Visit http://www.mohawksoft.com
"We've got a blind date with destiny, and it looks like she ordered the
lobster"
------------------------------
From: [EMAIL PROTECTED] (abraxas)
Crossposted-To: comp.os.ms-windows.nt.advocacy
Subject: Re: This is Bullsh&^%T!!!
Date: 6 May 2000 01:32:52 GMT
In comp.os.linux.advocacy Christopher Smith <[EMAIL PROTECTED]> wrote:
> "mlw" <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]...
>> Erik Funkenbusch wrote:
>> >
>> > abraxas <[EMAIL PROTECTED]> wrote in message
>> > news:8ev7qr$90j$[EMAIL PROTECTED]...
>> > > If I kept a 1000 page thesis on my linux box, it also wouldnt be able
> to
>> > be
>> > > deleted by am 'rm'. You see, linux is unix-like. And unix has alot
> of
>> > > very useful features that some people conveniently forget about. One
> of
>> > > these nifty features is 'file and directory attributes' which can be
>> > > altered with the 'chattr' command.
>> > >
>> > > Though admittedly somewhat more effective under UFS, chattr is still
> very
>> > > usable under linux. a 'i' attribute on a file or directory will
> prevent
>> > it
>> > > from being deleted by ANY action.
>> >
>> > Except the execution of another chattr command removing it. Something a
>> > script could do, could it not?
>>
>> One needs to run "su" to set the 'i' attribute, one needs root access to
>> remove it. It is a very unlikely that a UNIX user would run an e-mail
>> package as root, so even if the e-mail package did run a script, it
>> would not be able to affect the attribute bit.
> Why is it any less likely a stupid Unix user would run a mail program as
> root as opposed to a stupid Windows user running a mail program as
> Administrator ?
Because unix users are consistently FAR less stupid than windows users.
Oddly, the only people who do not buy this rule are windows users.
QED.
=====yttrx
------------------------------
From: [EMAIL PROTECTED] (CAguy)
Crossposted-To: comp.os.ms-windows.nt.advocacy
Subject: Re: This is Bullsh&^%T!!!
Date: Sat, 06 May 2000 01:53:57 GMT
On Fri, 05 May 2000 21:26:53 -0400, mlw <[EMAIL PROTECTED]> wrote:
>>
>> [SNIP]
>>
>> When you receive an attachment in Outlook...you get an icon that you
>> double click to open..then a dialog box opens up TELLING you that
>> what you are about to open COULD be a virus. The dialog box gives
>> you two options..save to disk (default) or... open it now. Seems
>> pretty safe to me. The problem is, people thought the email was
>> sent from a friend or business associate...so, they ignored the
>> warnings and simply opened it. HOW is this Microsofts fault?
>>
>> James
>
>That is not the default behavior of outlook. Outlook, out of the box,
>does not ask.
That's not correct. The default setting in Outlook is 'medium' which
means you get a warning before running any potentially damaging
content (like vba scripts).
>Insufficinet user level security exists. ALL Windows 9x users
>effectively run as root. Most NT users need to run with admin privilages
>to be able to run most Windows software.
Agreed
James
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Dinosaur Eat Blue Penguin?
Date: Sat, 06 May 2000 01:51:20 GMT
Yeah. Ain't it fun? Its like getting to watch the whole PC revolution
all over again. Companies being born and going to the grave in weeks.
More different software than you can count. Most of it crap, but there
will be a few roses sprout in the manure. Its...its...its competition!
Oh, how I've missed that these past few years.
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and comp.os.linux.advocacy) via:
Internet: [EMAIL PROTECTED]
Linux may be obtained via one of these FTP sites:
ftp.funet.fi pub/Linux
tsx-11.mit.edu pub/linux
sunsite.unc.edu pub/Linux
End of Linux-Advocacy Digest
******************************
