Re: ScanMail Message: To Recipient virus found and action taken.
Tony Crawford@lists.debian-laptop@Mon, 28 Jan 2002 22:16:12 +0100:
> "In other words, users who are taking standard security
> precautions (such as running the current operating system and
> *not running code they don't know about*) won't be infected."
>
*eg* Good one! Reminds me of the following story:
(It's quite a read, but I really do think it's worth it!)
---
The Ultimate Anti-Virus Software: Linux
Solving the Security Issues in Windows: Replace It!
Paul Ferris
Editor's note: In light of the wackiness surrounding the ILOVEYOU virus,
Paul Ferris's look at viruses and Linux seems especially prescient. Enjoy,
knowing that you were invulnerable to the ILOVEYOU virus.
Spring was in the air finally as I rolled back into town and into my
favorite hangout, the Beer & Bytes. For those of you who've never
experienced it, the Beer & Bytes masquerades as a bar, but it's really kind
of a geek coffee house. Computer parts adorn the walls and Monty Python
episodes and movies play on the TVs instead of sports channels. The
experiences there are usually only the kind a geek could love: things like
debates over object-oriented programming and operating-system design. Linux,
BSD, and Unix lovers abound.
But every once and a while a buddy of mine shows up with a tale to tell or a
problem to solve, and it makes for an interesting day from the human
perspective. Once again, my good old buddy Slots Globnick rolled in with--lo
and behold!--a laptop computer running Windows 98. Usually if Slots shows up
the day is guaranteed to take an interesting twist. No one really took
notice at first, until Ratz came over and asked, "Hey Slots, what'll it be?"
Slots was kind of engrossed with something on the screen, but he peered up
for a second and mumbled something about "the usual" and returned to the
screen.
Ratz reached around and turned the laptop to his face momentarily. "Windows
98!" The tone of voice suggested something out of a Western movie, whereby
the next line from the bartender is something along the lines of "We don't
serve your kind here, hombre!" That didn't happen, but someone did turn down
the TV and attentions shifted. I decided to belly up to the bar and see what
was cooking with the laptop.
"Whatcha doing, Slots?" My curiosity, like the rest of the people in the
room, was mounting. "Got a virus, and I'm trying to get rid of it. Plus, I
think somebody hacked into my laptop the other day while I was surfing the
net. I'm not sure, though," he said, still working the mouse pointer and
running some kind of virus utility.
I looked at the laptop and the anti-virus scan. "Hard to tell with some
operating systems," I said, "whether it's a virus or just plain normal
operation." I used the word normal at this point, like what we in the Free
Software community mean as fubarred, but that's beside the point. "What
makes you think you have been hacked?" I asked casually.
Slots turned and shifted around a bit, taking a sip of latte. "Well, for one
thing, all of my personal Web pages now start with the phrase: '1'V3
H4X0RR3D Y0UR S1T3 U L4M3R, 1 0wn U'." Slots looked troubled. I had to admit
at that point that it looked like someone had broken into his computer.
Likely some script kiddie with too much time on his hands. "Man, we've been
working on you for months to switch to Linux." I said. "Why didn't you do
it, and lock your security down. This wouldn't have been a problem."
"Linux?" Slots laughed and shook his head. "Why, Linux is less secure than
Windows. Everybody knows it's by hackers for hackers. The stuff practically
has 'hack-me' written all over it!"
I have to explain at this point that a lot of drinking establishments have
rules, and some of them are unspoken ones. You're free, for example, to
bring a laptop running Windows 98 into the Beer & Bytes--no one will care.
You're even free to turn said laptop on and run some kind of bullet-proof
Windows application, like Solitaire. Again, no one will care.
But you cross the line at repeating marketing ideas that have no basis in
reality, and especially among the people who have spent a good deal of their
days trying to stomp out the real problems. Bad ideas are bad enough, but
wrong and bad ideas? It's hard to be tolerant of them, and the technical
issues at the Beer & Bytes are kind of in the same category as religious
issues would be in a church.
And everyone knows that Linux is high on security--you have the tools to
check and monitor your security and more. We all began explaining this to
Slots, but he would hear none of it. It didn't matter in the slightest that
all the while he was doing this, his infected laptop was churning away
attempting to fix a new virus. It didn't matter that recently his Web pages
had been altered, likely by some teenager with too much time on his hands.
"You got your list of security holes, and I got mine. I've been to some of
the Linux security sites--there are holes found in Linux all the time." He
looked around. No one was arguing this point with him. "I was hoping that
someone here could find something to wipe this virus off my laptop for me,
and that's why I stopped here. I guess that I was mistaken. I'll be on my
way."
At that point, Tiny seemingly appeared out of nowhere. This was a dramatic
moment. Saying that Tiny appeared out of nowhere, well, it's kinda like
saying the Titanic appeared out of nowhere.
Tiny is anything but tiny. He's well over 6 feet tall and he's got this
tattoo on his chest "Born to Code Free." And he's often very helpful in
situations where Slots needs help.
But helpful at this point was using the definition like Bill Gates used in
his trial defense: "We weren't trying to crush Netscape, we were just being
helpful.?"
Slots sat back down. Tiny held out a black CD-ROM by the edges. There was no
writing visible on the CD itself. It looked rather new, and the underside
was a bluish color. It was something that somebody had either copied or
burned. "Here," he said slowly, "Load my anti-virus software on your
computer. That should take care of all of your," he paused tilting his head
ever so slightly and squinting his eyes a bit, "security issues."
Slots looked about for a hole in the crowd. There wasn't one. He looked at
his laptop, where the CD-ROM tray was open--ready for the CD that Tiny was
offering. He looked back at Tiny. "What's on that CD?"
Tiny grinned and spoke slowly in a low voice: "Anti. Virus. Software". There
was a pregnant pause.
Slots looked at the CD with some trepidation. "No," he finally spoke, "I
mean, what kind of anti-virus software is it? I'd like to know what kind of
software I'm loading on my laptop. It's kind of important, see?" The
smallest hint of a grin began to form on Tiny's mouth. "Trust me. It's real
good Anti. Virus. Software." The tone suggested that Tiny had all the faith
in the world that it was good. It also suggested that maybe, possibly, it
was good for Tiny, or it might be good for Slots. No one, not even I at that
point was sure which one. I thought it was odd though, because I knew Tiny
really well, and he's a pretty nice guy. It takes a lot to get him riled up,
and a script kiddie, or cracker, well he's not one. I waited along with
everyone else for some kind of outcome to make it clear what Tiny was up to.
Slots finally relaxed a bit. "Look, I don't know what's on that CD! It could
be anything!" He quickly held up his hands. "Don't take this the wrong way
or anything, Mr. Tiny, but I can't be sure of what you're offering me there!
It could be another virus, it could be some kind of destructive program, it
could be a Trojan horse even. It doesn't have a label on it or anything.
What kind of idiot do you take me for?" Tiny broke into a full grin. "Well,
I hate to be so precise. But I take you to be the kind of idiot that loads
software that has known back doors and privacy compromising mechanism in it.
You'll load software that is essentially an unknown, all the time. Why
you're having a problem with my CD, I can't figure out."
Slots looked at Tiny questionably. "When? I've never loaded anything on here
that I wasn't absolutely sure of! Why, I've got all the latest service packs
installed and I purchased this laptop with a certified version of Windows
98! I don't know what you're talking about." Slots was waving his hands over
the laptop the way a priest might refer to a Bible.
I broke in, because now I knew why and what Tiny was up to. "You mean, you
know all of the backdoors in Windows 98? Why just recently they found what
looks to be another backdoor in Windows NT, which is supposed to be even
more secure than Windows 98. The point Tiny is making, rather has made, and
he's right, is that you've loaded a proprietary operating system, with God
knows what under the hood."
"Look," I said. "Open-source software may be made by a lot of people that
are unknown--but it's used by a lot of people that care about what's under
the hood. There are no back-doors in Linux, because it's an operating system
that bares all for anybody who wants to look."
The gears began to mesh in Slots head. He was finally nodding.
"You have to see what Tiny is saying to you." I said. "His CD could be just
about anything--without you seeing the code itself, you don't know if it's
really secure, or if it's got back doors or anything." I looked at Tiny. He
smiled at me, nodding his head. "That's the point that Tiny is trying to
make. That's the point that you've missed here." Slots looked around, seeing
the room and its occupants now in a different light. I looked at Tiny.
"What's on that CD, anyway?" I asked, smiling. Tiny grinned and put the CD
back in his coat. "It's a copy of Debian. I used it last night on my home
computer. The best anti-virus software that money can't buy!" he said. "But
I wouldn't have installed it, at least, not without your permission man." He
patted Slots on the back and laughed. He wasn't alone; everyone had a good
laugh.
Slots stopped laughing and looked doubtful. "You sure?"
Tiny grinned. "Trust me." he said, nodding.
---
--
*=-+-______________________
|lintux-@t-lintux-d0t-cx: _ Ugh! Nio2f says something: ______
: http://www.lintux.cx/ | / code on a laugh about what re c.. \
~~~~~~~~~~~~~~~~~~~~~~-+-=-+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~+-=*
Reply to: