[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Anyone else notice that Swen is slowing down?



On Wed, Oct 01, 2003 at 07:56:07PM -0500, Michael D Schleif wrote:
> "Karsten M. Self" <kmself@ix.netcom.com> [2003:10:02:00:37:35+0100] scribed:
> > 
> > Please share this knowledge.  What executables are you awaree of
> > affecting non-Microsoft systems which are in general circulation and
> > which auto-execute on receipt by arbitrary systems in stock
> > configuration?
> 
> Seriously, I do understand and empathize with what you are saying.
> 
> What I am saying is -- IMHO -- especially in light of the problems that
> I have experienced with Swen, auto-executing virus/worms are only *part*
> of the problem.  Social engineering is often scoffed at as a real
> threat; but, what we see with Swen is so real looking that people I know
> have actually __manually__ clicked on those attachments!

Of course, there's also the fact that since they run Windows, they are
of necessity logged in with admin privileges *all* the time, so it only
takes one click to install an executable that then has full access to
the system, including network devices...

> That kind of executable -- one that entices a user to click on it -- is
> just as real a threat to non-Microsoft userland, that I insist that your
> point is not all inclusive of the threats at hand.  Simply because there
> is not yet a major, far reaching virus/worm propagating primarily from
> Linux boxen, does not rule out the existence of a threat . . .

Most non-MS users are not likely to be logged in as root when they
check the mail, so whether some virus auto-executes or entices them to
click on it, the damage is generally going to be pretty well contained.

It's going to take a _hell_ of a lot of social engineering to convince
me to su, provide my root password, install and run some program that
showed up in my inbox. No matter how pretty a message it's packaged
in. Even assuming that the user getting the infected mail _has_ the
root password.

Besides, everything about MS seems designed to actively encourage
clueless behaviour. The whole system is designed to placate the user,
to deliver a message of "accept, don't try to understand." Given that
starting point, social-engineering the user into blindly running one
_more_ piece of completely mysterious code isn't gonna be too hard.

Finally, given the long, rich history of dangerous code propagating on
Windows boxes, the absence of _any_ example of a widespread,
communicable nasty on _any_ other platform does seem to indicate
something about the success of the different security models.
Does it prove that there can never be a nasty virus for Linux? No. Of
course not.  But it definitely indicates a huge discrepancy in the
_degree_ of exploitability of different systems.

At least, that's how it looks from where I sit.

	Cheers!
-- 
,-------------------------------------------------------------------------.
>   -ScruLoose-   |       If we do not believe in freedom of speech       <
>  Please do not  |                  for those we despise                 <
> reply off-list. |            we do not believe in it at all.            <
>                 |                     - Noam Chomsky                    <
`-------------------------------------------------------------------------'

Attachment: pgphvJi_UKeQK.pgp
Description: PGP signature


Reply to: