Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Virus Hell 4

Status
Not open for further replies.

welshtroll

Programmer
Nov 29, 2001
55
GB
(In this message I'll be using the UK as my example but please feel free to post comments regarding your location.)

"Getting the country online", that's the message delivered by the UK government. But then the support of the online community is completely forgotten. No or little information on Anti-virus or firewall software is given to increase public awareness. In an age where the next email you open could wipe your entire hard drive more information should be given to unsuspecting PC owners.

In the last major outbreaks of computer virus the UK has been the hardest hit, seeing a large if not the largest percentage of infections occurring in the UK (source:messagelabs.com). The reason is simple UK Internet users aren't aware of how to update/upgrade key components of their system to reduce risk of infection.

Sorry for saying but, the standard UK user is very computer illiterate, having little or no knowledge of what Anti-virus software can do or how to use it.
But I hear you say, anti-virus software comes with utilities to allow it you automatically update the software with the user getting involved.

This is often the case but the software that comes pre-installed on most Store bought PCs has a life-span of about 6 - 12 months. What happens when your subscription to these services expires? Will the standard UK user rush out and get the latest version or renew their subscription? I think not. Near useless versions of anti-virus software sit on hundreds of computers throughout the country if not the world.

I fear another problem is the length of time spend online, how many users just pop-online to check there mail. For some this task may take an hour, for some it can be anywhere between 2-10 minutes while your email is download to your offline mailbox. Enough time to download an AntiVirus upgrade?

UK mailboxes have become a haven for electronic viruses, hundreds of unsuspecting ill informed/ ill advised users download new and old virus into there mailbox on a daily basis.


[The ratio of one in every 212 emails containing a virus in 2002 shows a dramatic increase on previous years. In 2001, MessageLabs stopped an average one every 380 emails, while in 2000 the figure was as low as one every 790.]

And finally my questions:
Do you think should there be a national support group for home users to contact, to ask questions regarding online safety?
Perhaps a booklet included with all new store bought PC's?
Could your email provider do more to protect you?
Where will the Virus problem be in 5 years? 1 in 100 emails?


'... and then it wouldn't compile?'
t_avatar.jpg
 
jwenting, CC,

I don't dismiss your argument that the wider audience a platform has the more chances that Virus are aimed at that them.

I also believe that another factor is spread. When a platform is omnipresent a virus can spread much quicker than if there are more than one different platform.

However, to be able to spread a virus first needs to be capable of infecting somehow. Linux is an access-protected OS and even if infected would greatly reduce damage.

Microsoft can use the "we are everywhere" excuse all they want but the word on the street and in experts mouth is that their software is flawed by design.

They have many infection channels that shouldn't be there in the first place. These flaws account for a majority of security problems, virus and worms that only infect MS products.

Take for example the email type viruses that when run reads your entire address book and send out to everyone on your list an email that then does the same. At work I received a similar email that used an unpatched security breach in the HTML email feature that automatically executed a VBS script without even asking me (heck I didn't even realize the thing ran). In my address book I had my home email address where I run Linux. Everyone using Outlook at work got infected and it took two days to install the proper AV software to disinfect everyone.

Once at home I opened up the email with Evolution (an Outlook clone for linux without the security flaws) and wasn't affected by the bug. I read the HTML email and the vbs code and laughed while hitting the delete button. No damage done on my home machine because emails shouldn't have access to my address book and under Linux they don't.

Another virus we see is the MS Office Macro type. They do all kinds of nasty things (delete files, infect other files, send emails...). At work I've seen people receive some infected files from clients but thankfully the expensive AV software took care of the problem so far.

However at home I sometimes get some people send me some infected MS Office files. I use OpenOffice to open these and save the content in a format that deletes all useless macros.

This doesn't mean you cannot write useful macro in a standard OO file. You can do pretty much everything that a Macro should do (read content from other files from the same owner, calculate weekday a date comes on, show a line in red if it needs special attention based on calculated factors, etc...).

But does a Macro in OO have access to my addrress book? Can it email to a ton of people? Unless I answer yes to "A macro wants to send an email to john@doe.org. Is this wanted?". Because an Office document shouldn't be allowed to do stuff behind my back OO doesn't include such a feature. I'm in control of my OO.

Linux instead of attempting to rely on AV software they try to fix a problem radically. MS just excpects you to pay for AV software as of the Windows licence fee wasn't prohibitive enough.

Linux machines occasionaly are hit with buffer overflow worms but that can be expected to happen ocassionaly in any OS. Most viruses (all ten of them) that were created for Linux are laughable jokes. You'd need to be under root to do any real damage.

Under GNU/linux email viruses have never been a problem. OpenOffice macros are not endowed with stealth emailling features and cannot do many of the things that cause MS Office files to be so dangerous (access files that are owned by the same owner as the executing file).

My argument is that MS products have way more infection channels[i/] and therefore are more prone to security issues than its linux counterpart.

I have to admit that there are close to 20 viruses that exist that can potentially infect linux systems. All of which except a few are low-risk. The Winux virus is merely an interesting proof of concept and requires very special measures to infect a Linux box.
Grenage was right with his orginal post. Linux is by design more capable of fending off viral attacks. Access-protection cuts off many of the infection channels we see in Windows and email and macros are in the most case sandboxed to a maximum.

Gary Haran
********************************
 
Of course, most of your argument above is related to weaknesses in applications not to the OS. Outlook is not the OS. Office is not the OS.
 
Strongm,

You are right that applications are a big problem but access-protection is part of the Linux OS by default (assures that user johndoe doesn't access files belonging to janedoe) and this sandboxes infections if they do occur.

Gary Haran
********************************
 
I've been getting into contact with some people about the booklet idea, I 'll have to see where it leads first but Ive drawn up some starter topics to be included:
[ol]
[li]What is online security?[/li]
[li]What is an anti-virus program?[/li]
[li]What is a Firewall?[/li]
[li]What is Spyware?[/li]

[li]Top Security tips[/li]

[li]How to tell if I have a virus?[/li]
[li]How to i handle a virus outbreak?[/li]
[li]Is my firewall working, how can i tell?[/li]

[li]Online shopping precautions[/li]
[li]Getting information on new virii[/li]
[/ol]

Tell me what you think?
Additional topics to be included? or removed?

t_avatar.jpg

'... and then it wouldn't compile?'
 
I think that sounds good. You should write it up and start giving it out. I bet if you were to hand off to some people here on the forums they would be more than happy to convert it to an HTML document as well, we could send it to some of the large sites out there that to see if they want a copy. You could probably send it to the major computer resellers, they might actually get interested and start spreading the word as well. And if they don't, we aren't any worse off than we were before(ie, now).

-Tarwn

[sub]01010100 01101001 01100101 01110010 01101110 01101111 01101011 00101110 01100011 01101111 01101101 [/sub]
[sup]29 3K 10 3D 3L 3J 3K 10 32 35 10 3E 39 33 35 10 3K 3F 10 38 31 3M 35 10 36 3I 35 35 10 3K 39 3D 35 10 1Q 19[/sup]
Do you know how hot your computer is running at home? I do
 
I'm a Community based Computer Training centre manager and I agree with you WelshTroll about the UK man in the street being computer illiterate.

I think your booklet idea sounds good as well.
I would certainly find it useful for my punters.
 
I've already written a document for my users about being on the internet and keeping themselves secure. If anyone is interested in reading it I could post a copy in here.

-al
 
Albion,

I'd love to see what kind of insight you have on the matter. Could you post it in PDF or RTF format?

Gary Haran
********************************
 

I think someone needs to understand what a virus is.
Hacker attacks and email worms doesn't belong into that category and cannot be blamed on the OS (not completely anyway).

I have met 1 person (one) that knew how a car worked, despite that I have met hundreds with genuine interests in cars and technical stuff and despite the fact that the vast majority of the population own or drive a car daily. Cars has been a part of our society for quite a while so don't expect that more than 1% of the population will ever have a basic understanding of how a computer works. Noone cares!!

Cheers

Henrik Morsing
Certified AIX 4.3 Systems Administration
& p690 Technical Support
 
On the other hand, you sill need to be taught to drive a car and have to take a test to gain a licence to be allowed to drive on public roads...
 
Some very good points, great thread!

Just that Linux/Windows thing. If you had 100 people,more knowledgeble than a power user or junior admin, and said "OK, man 1 to 97, get a virus to crash this Linux Box" and "And the last two, do the same on the Windows NT4/2000/2003 box".

Which would crack first?!

Steve Hewitt
 
If they're all limited to the same technology (assembler and C), and all have the same level of expertise on their platform, I don't think there would be a lot of difference.

While Linux may seem to be so secure it (or more properly many of the applications people run on it often without knowing it) are full of holes and weaknesses that a proficient programmer can easily exploit.
At this time these exploits often don't make the news because their impact is low due to the limited number of machines affected but that doesn't mean they're not there and can't wreak havoc.
 

Again, you're confusing a virus with a hacker attach. Same with you Steve.
A virus can't really do much on Linux and certainly not crash it unless the owner has been very irresponsible.

Cheers

Henrik Morsing
Certified AIX 4.3 Systems Administration
& p690 Technical Support
 
I'm not... A virus on Linux (just as on Windows 2000) needs more than normal user rights to properly infect the system therefore needs to exploit holes that enable it to get root access.
 
From FOLDOC, (Fee On-Line Dictionary Of Compting)...
'virus
<QUOTE>
VIRUS
<security> (By analogy with biological viruses, via SF) A program or piece of code written by a cracker that &quot;infects&quot; one or more other programs by embedding a copy of itself in them, so that they become Trojan horses. When these programs are executed, the embedded virus is executed too, thus propagating the &quot;infection&quot;. This normally happens invisibly to the user.

A virus has an &quot;engine&quot; - code that enables it to propagate and optionally a &quot;payload&quot; - what it does apart from propagating. It needs a &quot;host&quot; - the particular hardware and software environment on which it can run and a &quot;trigger&quot; - the event that starts it running.

Unlike a worm, a virus cannot infect other computers without assistance. It is propagated by vectors such as humans trading programs with their friends (see SEX). The virus may do nothing but propagate itself and then allow the program to run normally. Usually, however, after propagating silently for a while, it starts doing things like writing &quot;cute&quot; messages on the terminal or playing strange tricks with the display (some viruses include display hacks). Viruses written by particularly antisocial crackers may do irreversible damage, like deleting files.

By the 1990s, viruses had become a serious problem, especially among IBM PC and Macintosh users (the lack of security on these machines enables viruses to spread easily, even infecting the operating system). The production of special antivirus software has become an industry, and a number of exaggerated media reports have caused outbreaks of near hysteria among users. Many lusers tend to blame *everything* that doesn't work as they had expected on virus attacks. Accordingly, this sense of &quot;virus&quot; has passed into popular usage where it is often incorrectly used for a worm or Trojan horse.

See boot virus, phage. Compare back door. See also Unix conspiracy.
'
</QUOTE>

Rhys

Will code for food...
 
Source of the term virus...

From Merriam-Dexter Dictionart (On-line)
<QUOTE>
'Main Entry: vi·rus
Pronunciation: 'vI-r&s
Function: noun
Etymology: Latin, venom, poisonous emanation; akin to Greek ios poison, Sanskrit visa; in senses 2 & 4, from New Latin, from Latin
Date: 1599'
</QUOTE>

Rhys

Will code for food...
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top