Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Show me the Virrii!

From: "Exibar" <exibar () thelair com>
Date: Wed, 7 Jan 2004 13:20:15 -0500
The vulnerability is the direct results of poor coding, or overlooked
coding.  The people that write, and release, malicious exploits are directly
responsible for causing other people grief.  If they spent their time
helping to fix the problem and not write something malicious, well, most of
us would be out of jobs actually.... Hmmmm, I kinda like what I do for a
living.... :-)

  I guess it's kinda like the old thief's plea to a judge.  "But the door
was unlocked , I just opened it up, walked in and took what I wanted."
That's not a justification for writing malicious code, or turning PoC code
into something malicious intended to infect other files, networks, etc.

  My point was just that if the roles of Windows and Linux (just for two
examples, it could be Apple DOS and Atari DOS for all it matters) were
reversed, all we'd hear is how tough it is to patch 30,000 Linux boxes in a
timely fashion.  And that it sucks to have to re-compile the kernel every
week due to a new threat.  etc etc etc


Exibar


----- Original Message ----- 
From: <John.Airey () rnib org uk>
To: <full-disclosure () lists netsys com>
Sent: Wednesday, January 07, 2004 10:47 AM
Subject: RE: [Full-disclosure] Show me the Virrii!



-----Original Message-----
From: Exibar [mailto:exibar () thelair com]
Sent: 07 January 2004 15:12
To: John.Airey () rnib org uk; full-disclosure () lists netsys com
Subject: Re: [Full-disclosure] Show me the Virrii!


Although I agree with your other points, I have this comment:

Why do you ultimately blame Windows/DOS for the virus
problem?  This is
simply not true.  Are there not SQL worms?  Was it not a SQL
worm that was
the fastest to spread in history?  Are there not many Linux worms and
viruses, and more being written each day?  Are there not
viruses and/or
worms that exploit Cisco products?  Hell there are even worms
that exploit
FTP and IRC!  I can go on.

   It is not Windows that is the problem.  It is the people
that write the
damned things that is the problem.  Ok, perhaps it's the lack
of laws that
will make a programmer think twice about becoming a Vx'r.

   If Linux had the marketshare that Windows does right now,
and it just
might one day it's hard to compete with free, and the
majority of viruses
are being written for Linux, would you then blame Linux as
the cause of the
problem?

  Saying Windows is to blame for the mess that we're in is
like saying the
gun is what causes a murder and not the person that pulled
the trigger.

  Exibar


I hadn't even mentioned worms. In fact, if we take worms into account,

then

the proposed solution becomes even more difficult to implement. After all,
if you trust any program, be it httpd or sqlservr.exe to use the

processor,

a worm can always exploit this.

My original point about viruses (not worms or trojans) still stands. The
majority exist because Windows will execute a huge number of files just
because of its filename.

Going back to worms, the SQL slammer worm caused damage far out of
proportion to its installed base. It's a matter of public record that
Microsoft hadn't even patched its own servers against it. How does that
compare to the rapid patching of Apache servers? (Actually, I've said it
before on this list that Microsoft did not have proper firewalling in

place,

so I won't go back over that one).

Your answer to a hypothetical question about Linux having a similar market
share does not make sense. First, it's conjecture and second, Linux (and

all

other UNIX based systems) do have reasonably sensible privileges (compared
to Windows 98 which is still being used by many many organisations).

Note that I said "mostly responsible". I don't blame Microsoft for all

worms

and viruses, but Bill Gates is directly responsible for a flawed (with
hindsight) design decision. Now if we did all switch to Linux/BSD

whatever,

that flaw would go away.

In fairness, he isn't the only person to make mistakes in design. Until a
few years ago, nearly everyone had "open mail relays". In fact, if you

don't

have an open relay, you are breaking RFC 822. Of course, this particular
requirement should now be ignored (It may be obsoleted already. I haven't
looked for ages).

Can you please bottom post? I use evil Outlook (I have no choice), but

even

I remember to bottom post to mailing lists.

Thank you.

-
John Airey, BSc (Jt Hons), CNA, RHCE
Internet systems support officer, ITCSD, Royal National Institute of the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 John.Airey () rnib org uk

Even if you win the rat race, that will still only make you a rat.

-
DISCLAIMER:

NOTICE: The information contained in this email and any attachments is
confidential and may be privileged. If you are not the intended
recipient you should not use, disclose, distribute or copy any of the
content of it or of any attachment; you are requested to notify the
sender immediately of your receipt of the email and then to delete it
and any attachments from your system.

RNIB endeavours to ensure that emails and any attachments generated by
its staff are free from viruses or other contaminants. However, it
cannot accept any responsibility for any  such which are transmitted.
We therefore recommend you scan all attachments.

Please note that the statements and views expressed in this email and
any attachments are those of the author and do not necessarily represent
those of RNIB.

RNIB Registered Charity Number: 226227

Website: http://www.rnib.org.uk

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html




_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: