In a message dated: Wed, 10 May 2000 00:49:13 EDT
Derek Martin said:
>Yesterday, Steven W. Orr gleaned this insight:
>> I betcha we'd be in just as much doodoo as all those WinBloze weenies.>
>Nope. Because:
>
>1) By default, Netscape does not ship with this stuff enabled. This is
>the correct behavior. You've got to actively go define the stuff.
Currently this is true, at least for Netscape. What happens in the future
when the current Windows App development companies start shipping their
prodicts for Windows? What happens when MS is forcibly broken up, and they
start shipping Office/Outlook for Linux?
>2) you'd have to not only define them, but specifically configure them to
>run automatically. The vast majority of current Linux users realizes this
>is a bad thing.
>
>3) The worst the thing could do is delete all that user's files, unless
>the recipient were dumb enough to have their mail delivered to root and
>read it that way.
Not true. The devastating aspect of ILOVEYOU and Melissa was that it
replicated itself via e-mail and mailed itself to everyone in a persons
addressbook or corporate LDAP directory. A simple perl script, auto executed
could have severely damaging consequences. True, the most it could do is
delete the users own files, but what if the user owns files across a wide
array of NFS mounted partitions? Consider a perl or shell script which
figures out the where the home directory of the user is, backs up to the
parent directory, performs a "find ./ -iregex '.*address.*' -print"
and then starts mailing itself to every e-mail address contained within any of
those found files.
Or, just starts scouring the system for files with common file extensions and
mails that stuff off to the writer of the virus?
Granted, this is currently tough to do under Unix, but wait a couple of years
until more commercial apps are available, and common sense and security take
second seat to time to market and generating revenue. It could easily happen.
>Added all up, that's a whole lot of dumbness that someone would have to
>ACTIVELY CHOSE before major damage could be done. Now, it could easily
>find ways to send itself to other people, but unless they're all stupid
>too, that's where it would end.
You're only considering Netscape here, let's not forget that IE *HAS* been
ported to Unix! Just wait. Linux/Unix will get hit with something like this,
and then MS's PR machine is going to be all over it.
--
Seeya,
Paul
----
"I always explain our company via interpretive dance.
I meet lots of interesting people that way."
Niall Kavanagh, 10 April, 2000
If you're not having fun, you're not doing it right!
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
