[linux-elitists] WashPost article (was Re: sobig.f: Microsoft Windows virus, not computer virus)

Karsten M. Self kmself@ix.netcom.com
Sun Aug 24 14:13:48 PDT 2003


on Sat, Aug 23, 2003 at 09:12:16PM +0000, Michael Shields (shields@msrl.com) wrote:
> In message <20030823042100.GA7595@ix.netcom.com>,
> "Karsten M. Self" <kmself@ix.netcom.com> wrote:
> > A correction on the Sobig.F email virus.
> >
> > This is an email virus infecting *only* computers running the Microsoft
> > Windows family of operating systems.
> 
> If you feel like writing to the media, you might also write to the
> New York Times and thank them for specifically pointing out that
> Mac OS and Linux are unaffected.
> http://www.nytimes.com/2003/08/23/technology/23VIRU.html


Add The Washington Post to this list (registration bypassable via lynx
or lynx user-agent header):

    http://www.washingtonpost.com/ac2/wp-dyn/A34978-2003Aug23?language=printer

    Microsoft Windows: Insecure by Design

    By Rob Pegoraro
    Sunday, August 24, 2003; Page F07

    Between the Blaster worm and the Sobig virus, it's been a long two
    weeks for Windows users. But nobody with a Mac or a Linux PC has had
    to lose a moment of sleep over these outbreaks -- just like in earlier
    "malware" epidemics.

    This is not a coincidence.

    The usual theory has been that Windows gets all the attacks because
    almost everybody uses it. But millions of people do use Mac OS X and
    Linux, a sufficiently big market for plenty of legitimate software
    developers -- so why do the authors of viruses and worms rarely take
    aim at either system?

    Even if that changed, Windows would still be an easier target. In its
    default setup, Windows XP on the Internet amounts to a car parked in a
    bad part of town, with the doors unlocked, the key in the ignition and
    a Post-It note on the dashboard saying, "Please don't steal this."

    Not opening strange e-mail attachments helps to keep Windows secure
    (not to mention it's plain common sense), but it isn't enough.

    The vulnerabilities built in: Security starts with closing doors that
    don't need to be open. On a PC, these doors are called "ports" --
    channels to the Internet reserved for specific tasks, such as
    publishing a Web page.

    These ports are what network worms like Blaster crawl in through,
    exploiting bugs in an operating system to implant themselves. (Viruses
    can't move on their own and need other mechanisms, such as e-mail or
    floppy disks, to spread.) It's canonical among security experts that
    unneeded ports should be closed.

    Windows XP Home Edition, however, ships with five ports open, behind
    which run "services" that serve no purpose except on a [local]
    computer network.

They're starting to Get It.

Well, seeing as Microsoft have taken down the Internet three times this
year, twice last week, I think it's about time for a Congressional
investigation.

Peace.

-- 
Karsten M. Self <kmself@ix.netcom.com>        http://kmself.home.netcom.com/
 What Part of "Gestalt" don't you understand?
   Verio webhosting?  Guaranteed downtime:
     http://www.wired.com/news/politics/0,1283,57011,00.html
     http://www.dowethics.com/r/environment/freedom.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://allium.zgp.org/pipermail/linux-elitists/attachments/20030824/64c0e086/attachment.pgp 


More information about the linux-elitists mailing list