Text written by [EMAIL PROTECTED] at 09:30 PM 3/29/99 -0000:
>
>Yup, looks easy enough to change. I don't recognize the language
>(something akin to Basic, perhaps)
It's Visual Basic for Applications, aka VBA. It's a Visual Basic variant
that Microsoft uses as their macro language for all Office apps.
>since users of Microsoft Word already *have* viruses on their system --
>W95, W98, Word, Office, etc. :)
I see the smiley, but just have to point out: they're not viruses, because
they don't replicate themselves. Maybe they'd qualify as trojan horses?
>So, indeed, the problem is just that some people stupidly use MUA's
>that, when you "open" an email (aka "read it"), they decide to execute
>whatever code they can determine is included (via attachment, whatever),
>without restricting the environment for such code.
>
>Or am I missing someting?
Sort of. The problem isn't really the MUAs so much as the user behaviors:
the user has to explicitly activate the virus-attachment. I don't know of
any Windows MUAs that *automatically* run any attachment they receive --
even Windows users would consider that a security risk. In general in the
Windows world, when you open an attachment, the MUA tells the OS to load
the appropriate app for viewing files of that type (where "type" is
determined solely by filename extension, of course, rather than something
sane like header info). It's not considered to be the MUA's job to sanitize
the execution environment for another application, and it may even be
impossible on Windows' architecture.
So the problem is twofold: the OS this virus affects sucks rocks, and we
have users activating attachments whose contents they're not sure of. To
give the users some credit though, the attachments are coming from *known*
sources: Melissa sends herself to addresses found in Outlook's address
book, which are presumably people the infected address normally corresponds
with.
Of course, if the recipient users were smart, they might think "what
important information I asked you for?"
-----------------------------------------------------------------
Kai MacTane
System Administrator
Online Partners.com, Inc.
-----------------------------------------------------------------
>From the Jargon File: (v4.0.0, 25 Jul 1996)
scram switch /n./
[from the nuclear power industry] An emergency-power-off switch (see
Big Red Switch), esp. one positioned to be easily hit by evacuating
personnel. In general, this is *not* something you frob lightly;
these often initiate expensive events (such as Halon dumps) and are
installed in a dinosaur pen for use in case of electrical fire or
in case some luckless field servoid should put 120 volts across
himself while Easter egging.
