[LINK] Ponderings on the effects of computer viruses

Craig Sanders cas@taz.net.au
Wed, 2 Oct 2002 15:03:55 +1000 

On Wed, Oct 02, 2002 at 02:08:22PM +1000, Chirgwin, Richard wrote:
> Sal writes:
> >> http://www.malware.com/lookout.html shows how to infect someone's
> >> machine with the executable of your choice, even if all they do is
> >> *preview* your message
> 
> Hate to correct you Sal, but here's what Malware says:
>
> >Silent delivery and installation of an executable on a target
> >computer. No client input other than opening an email or newsgroup 
>                            ^^^^^^^^^^^^^^^^^^
> >post or web site. 
> 
> There's a difference between "preview" and "open". 
> 
> <intellectual_snob> I'll stick by what I said previously; e-mail
> viruses are IQ tests for users...  </intellectual_snob>

you need to do a bit more research.  there are some viruses/worms which
don't need to be opened, preview is enough.

there was one which exploited a bug in Subject: line handling, and
another which exploited Date: headers (buffer overflow if >80 characters
IIRC).  there are others too, these are just two that i can recall off
the top of my head.


these are still active today even though the bugs are well known and
patches are available (which implies idiocy or at least indifference or
ignorance on the part of the user).  the trouble with saying that ALL
email viruses are IQ tests is that these weren't known bugs when they
first occurred, and there are certainly more stupid bugs in outlook
waiting to be exploited by script kiddies.


> OK, since I was twice pinged, I agree that my remark about Linux
> compilation was hyperbolic. But: for the average consumer, even
> installing an OS is more work than they care for.

yes, that's true - but it's true for all operating systems.  most users
can't install either windows or linux.

personally, i see that as an argument against using windows because
windows needs to be re-installed at least a couple of times per year
(depending on how many stupid frivols you install like dancing sheep
screensavers etc), whereas linux doesn't need to be reinstalled.

craig

-- 
craig sanders <cas@taz.net.au>

Fabricati Diem, PVNC.
 -- motto of the Ankh-Morpork City Watch
----------
For Link list information see http://sunsite.anu.edu.au/link/