Menso Heus on Sun, 14 May 2000 07:50:10 +0200 (CEST)


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: <nettime> Viruses on the Internet: Monoculture breeds parasites


On Sat, 13 May 2000, Benjamin Geer wrote:

> I know very well what VBS is; I've written rather a lot of software in
> it.  You don't seem to have understood my sentence above.
> 
> Let's suppose I write the following two-line shell script:
> 
> #!/bin/sh
> rm -rf /*
> 
> If you run this script with root permissions on a Unix system, it will
> delete the entire contents of your hard drive.  If I email this script
> to people, is it a virus?  No.  All that will happen is that the
> people who receive it will see the two lines above.  The script will
> not execute.  A virus must exploit flaws in the receiving system in
> order to cause itself to be executed, without the user's knowledge or
> permission.
> 
> > Outlook does NOT automatically open attachments, the user still has
> > to click on them....
> 
> As I said, there is (or should be) a difference between 'opening'
> (i.e. viewing) an attachment and executing it as a program.  When I
> click on an attachment in a mail agent, it should *not* execute it as
> a program.  The idea that it might do so is completely absurd.  It
> should simply show me the contents of the attachment.

This is again a matter of taste I'm afraid. I quite like it when outlook
opens attachments like jpgs for me etc. It basically opens files with the
associated program. The default action of a scriptfile is 'execute' not
view, users *can* rightclick and choose view however, so again it is the
luser that's the problem imho.
Since many people were complaining about this, they just didn't get it or
didn't want to educate the users they had to deal with, MS made a patch
for this years ago. The patch then causes the same behaviour as you
describe: you first have to save before you can do anything with the
attachment (though you will find most windows users saving and then
running anyway... )

> Of course, if people insist on running a program without knowing what
> it is or where it came from, and the program turns out to be a virus,
> then the only solution is to educate the user.  But I don't think most
> users are as naive as you seem to think. Viruses are often talked
> about in the news; people know that it's dangerous to run a program
> that you receive in the mail.  

I worked as an operator for a year, it seems almost *impossible* to
explain stuff like this too people. Ofcourse I was dealing with accouting
and marketing people... never had any trouble with the development
department ;) 

> They simply aren't expecting Outlook to
> run a message attachment as a program when they click on it.  Nor
> should they.

As I said before: this is a matter of taste. I like the fact that, as soon
as I click on an attachment it is opened by Outlook. If I would need to
save every Word attachment, Excel sheet, JPG file etc I receive first it'd
drive me mad. (Ofcourse you get a lot less of these in Unix environments
;) The option can be turned of as I already mentioned....
People shouldn't 'expect' anything from a program, they should RTFM.

Menso
--------------------------------------------------------------------------
Be a better bastard.  -- Josh Brandt 
...and the world will beat a luser to death at your door.  -- Carl Jacobs 
--------------------------------------------------------------------------

#  distributed via <nettime>: no commercial use without permission
#  <nettime> is a moderated mailing list for net criticism,
#  collaborative text filtering and cultural politics of the nets
#  more info: majordomo@bbs.thing.net and "info nettime-l" in the msg body
#  archive: http://www.nettime.org contact: nettime@bbs.thing.net