Michael Gurstein <[EMAIL PROTECTED]> quoted:
>From: Dave Farber [mailto:[EMAIL PROTECTED]]
>Subject: IP: Stratfor: "I Love You" and the Problem of Cyberwarfare
>
>
>
>>From: [EMAIL PROTECTED]
>>Date: Mon, 15 May 2000 16:09:06 EDT
>>
>>An interesting article to share....
>>
>>From: "Bill" <[EMAIL PROTECTED]>
>>To: <[EMAIL PROTECTED]>
>>Subject: Stratfor: "I Love You" and the Problem of Cyberwarfare
>>Date: Mon, 15 May 2000 15:15:29 -040
>>
>>Stratfor.com's Global Intelligence Update - 15 May 2000
>>
>>"I Love You" and the Problem of Cyberwarfare
[...]
>>the foundation of modern computing, the operating system, has been
>>in rapid, forced development since the success of MS-DOS. It was
>>designed for one user who would treat it right. The hyper-
>>connectivity of the Internet exposes it to code delivered by
>>others. The Windows operating system was simply not built with this
>>in mind. It has served brilliantly as a tool for exchanging
>>information.
>
This is absurd. Outlook Express is an email program. It is built
specifically for communication among computers. The nature of
communications with the world at large is that you cannot expect
all interactions to be benign. To design an email program with
a macro instruction set that allows access to system commands like
"send mail to everyone you know" and "format c:\", etc., without
even offering the user the option of limiting this capacity, is
not an innocent oversight of unexpected future applications of
the computer system. It is a prime instance of braindead programming,
of the kind we've come to expect from the strange distracted gnomes
of Redmond. As to the issue of opening executable email attachments
even from known and trusted respondents, it would be a simple
enough process to include a security wrapper around such routines
which would monitor for security issues as writes to boot sectors,
existing system files, and new hidden files, and accesses to sendmail
processes. Not providing this sort of control in a mail program
written for an installed machine base in the order of a hundred
million is irresponsible to the point of being as much a perpetrator
of the resulting mayhem as the actual virus writers.
-Pete Vincent
