Am 05. Aug, 2003 schw=E4tzte Craig White so:
> Just remember that with success, comes problems. Worms/Virii are certain
> to come to Linux as it achieves more success.
Well, I consider viruses to be an email/macro thing. While some project
might adopt the m$ insecurity model I think it will be a long time before
that is the norm on a *NIX platform.
Some applications are starting to use macros. At some point it might be a
problem, but I doubt it will be at the email client.
> The foresight/laziness issue is probably unfair - I think Microsoft had
> a great idea with an email client that could execute code - companies
That might be true, but executing images and plain text are foolish.
Whatever group did that obviously never took security or stability into
account. That wasn't adding functionality, that was only adding security
holes.
Open the file and examine it to find out if it is an image, don't execute i=
t
and see what happens. It's a data file, not an executable, so why do m$
programs execute them? I haven't yet seen anything saying they're fixing
this error. They're just suggesting using filters ( some of which are now i=
n
their code ) to avoid ( some of ) the exploits we know about.
> could distribute e-mails with active content - updates/registrations
> etc. The problem is that there are people who saw that as an
> opportunity.
Yeah, I want someone to be able to send me an email that'll turn my gas on
for an hour before lighting it. Great feature. :(
I agree that being able to send a non-text payload via email might've seeme=
d
like a good idea. It might've even been a good idea. It might, even now,
still be a good idea.
Having files execute before the user has asked them to be executed should'v=
e
been seen as a bad idea long before the products hit the market. That
should've definitely be shut down after the first virus exploiting it was
found. It's been years and they still haven't fixed the underlying problem.
People opening executables is a different matter. I disagree with it being =
a
good feature, but I can see the other side.
Having applications autoexecute stuff, especially randomly received stuff,
is not a good idea. Having applications autoexecute non-executables hoping
they're benign is stupid.
I agree that as GNU/Linux use grows there will be more attacks on its
security. It defintely within the black hat radar, though. The attacks are
already taking place. Exploits are more difficult, though.
cp myexploit.bat nekkid.jpg
mailscript -s 'LOOK!!! n A k E d people!!' --attach nekkid.jpg --addies peo=
ple_using_outlook.txt
:)
ciao,
der.hans
--=20
# https://www.LuftHans.com/ http://www.AZOTO.org/
# Help Jerry Lewis stamp out M$...oops that's MDA - der.hans
%20to%20avoid%20(%20some%20of%20)%20the%20exploits%20we%20know%20about.%0A>%20%0A>%20>%20could%20distribute%20e-mails%20with%20active%20content%20-%20updates/registrations%0A>%20>%20etc.%20The%20problem%20is%20that%20there%20are%20people%20who%20saw%20that%20as%20an%0A>%20>%20opportunity.%0A>%20%0A>%20Yeah,%20I%20want%20someone%20to%20be%20able%20to%20send%20me%20an%20email%20that'll%20turn%20my%20gas%20on%0A>%20for%20an%20hour%20before%20lighting%20it.%20Great%20feature.%20%20:(%0A>%20%0A>%20I%20agree%20that%20being%20able%20to%20send%20a%20non-text%20payload%20via%20email%20might've%20seeme=%0A>%20d%0A>%20like%20a%20good%20idea.%20It%20might've%20even%20been%20a%20good%20idea.%20It%20might,%20even%20now,%0A>%20still%20be%20a%20good%20idea.%0A>%20%0A>%20Having%20files%20execute%20before%20the%20user%20has%20asked%20them%20to%20be%20executed%20should'v=%0A>%20e%0A>%20been%20seen%20as%20a%20bad%20idea%20long%20before%20the%20products%20hit%20the%20market.%20That%0A>%20should've%20definitely%20be%20shut%20down%20after%20the%20first%20virus%20exploiting%20it%20was%0A>%20found.%20It's%20been%20years%20and%20they%20still%20haven't%20fixed%20the%20underlying%20problem.%0A>%20%0A>%20People%20opening%20executables%20is%20a%20different%20matter.%20I%20disagree%20with%20it%20being%20=%0A>%20a%0A>%20good%20feature,%20but%20I%20can%20see%20the%20other%20side.%0A>%20%0A>%20Having%20applications%20autoexecute%20stuff,%20especially%20randomly%20received%20stuff,%0A>%20is%20not%20a%20good%20idea.%20Having%20applications%20autoexecute%20non-executables%20hoping%0A>%20they're%20benign%20is%20stupid.%0A>%20%0A>%20I%20agree%20that%20as%20GNU/Linux%20use%20grows%20there%20will%20be%20more%20attacks%20on%20its%0A>%20security.%20It%20defintely%20within%20the%20black%20hat%20radar,%20though.%20The%20attacks%20are%0A>%20already%20taking%20place.%20Exploits%20are%20more%20difficult,%20though.%0A>%20%0A>%20cp%20myexploit.bat%20nekkid.jpg%0A>%20mailscript%20-s%20'LOOK!!!%20n%20A%20k%20E%20d%20people!!'%20--attach%20nekkid.jpg%20--addies%20peo=%0A>%20ple_using_outlook.txt%0A>%20%0A>%20:)%0A>%20%0A>%20ciao,%0A>%20%0A>%20%0A>%20%0A>%20 "Reply to this message")
(text/plain)