Hello to a new virus and goodbye from me
Rich Idle
I've just noticed that there's a new virus to delight the MS
enthusiasts: MiniZip.
Only runs on MS machines. Now, where did you want to go today?
Poetic justice, I call it.
--
I'm off in a few days for a long awaited trip that will take me to Tibet
and other exotic ports of call. It's been a lot of fun - thanks
especially to the Winvocates for putting up with so much of my crap
(even though it was mostly true!).
So long, and thanks for all the fish.
--
no .signature : no matches
--
Byron
Rich Idle <ri...@sgcc.net> wrote in message
news:384675EB...@sgcc.net...
> Greetings,
>
> I've just noticed that there's a new virus to delight the MS
> enthusiasts: MiniZip.
> Only runs on MS machines. Now, where did you want to go today?
>
> Poetic justice, I call it.
>
People keep guarding against this virus or that virus with antivirus
software, but
when will people fix the _real_ problem and stop using M$ software that has
known vulnerabilities? The virus-by-virus approach they seem to be taking
is utterly useless, as the number of variants that could be made from any of
these is practically infinite.
This really is a testament to how insecure M$ software is. Note that it is
hitting large corporations the hardest. I don't feel sorry for them one
bit. It is one thing to say, "Well, Joe Desktop User doesn't know any
better..." blah blah. But a large corporation like these? Don't tell me
that they, with the vast resources and money which they possess, could not
afford to use something just a little more secure. All this does is provide
one more example of how running Linux would have been to their advantage,
and a corporation with that much money could afford to hire the necessary
people to get it right and run a Linux desktop that even the suits could
use. Sigh... I digress. At least I get a good laugh, seeing them pay the
price that is associated with choosing the lowest-common-denominator
solution.
Byron
Chad Myers
Perhaps we should start by ignoring moronic FUD/trolls like you,
first, no?
1.) You're just like the rest, confusing Win9x with WinNT/2K
which simply demonstrates your ignorance on the subject, further
lending credence to my "ignoring moronic FUD/trolls like you"
comment
2.) Oh yeah, that's right, Linux has none, or has ever had
security issues that would've/could've/can be exploited by
viruses, right?
--
Chad Myers
--
Have you recompiled your kernel today?
"Byron" <by...@lynchburg.net> wrote in message
news:dBB14.611$%46.3...@monger.newsread.com...
John Saunders
news:dBB14.611$%46.3...@monger.newsread.com...
>
> Rich Idle <ri...@sgcc.net> wrote in message
> news:384675EB...@sgcc.net...
> > Greetings,
> >
> > I've just noticed that there's a new virus to delight the MS
> > enthusiasts: MiniZip.
> > Only runs on MS machines. Now, where did you want to go today?
> >
> > Poetic justice, I call it.
> >
>
> People keep guarding against this virus or that virus with antivirus
> software, but
> when will people fix the _real_ problem and stop using M$ software that
has
> known vulnerabilities? The virus-by-virus approach they seem to be taking
> is utterly useless, as the number of variants that could be made from any
of
> these is practically infinite.
Read the details:
http://news.cnet.com/news/0-1005-200-1475011.html?tag=st.ne.1002. This one
is not a macro virus. It's an executable program, a self-expanding ZIP file
that uncompresses and installs itself, then acts more or less like a normal
virus. The fact that it may use automation is irrelevant - the same thing
could be done with straight MAPI calls.
> It is one thing to say, "Well, Joe Desktop User doesn't know any
> better..." blah blah. But a large corporation like these? Don't tell me
> that they, with the vast resources and money which they possess, could not
> afford to use something just a little more secure.
Yeah, they should use robots, not humans. Humans make stupid mistakes like
running .exe files they get in their email.
An advantage of such viruses is that they provide a record of those
employees who need training on basic network hygiene.
Thanks,
John Saunders
j...@jws.ultranet.com <mailto:j...@jws.ultranet.com>
[ Any opinions expressed are not those of my employer ]
pedro pablo ramirez
I would like to have an antivirus in linux, I recieve lot's of 3 1/2
disks from time to time and I know that a boot sector virus would
certaily infect a Linux OS, so as I'm looking to be MS free I don't want
to switch to Linux everytime I receive a disk.
Where do I get one?
Thanks,
Pedro
In article <384675EB...@sgcc.net>,
Rich Idle <ri...@sgcc.net> wrote:
> Greetings,
>
> I've just noticed that there's a new virus to delight the MS
> enthusiasts: MiniZip.
> Only runs on MS machines. Now, where did you want to go today?
>
> Poetic justice, I call it.
>
> --
>
> I'm off in a few days for a long awaited trip that will take me to
Tibet
> and other exotic ports of call. It's been a lot of fun - thanks
> especially to the Winvocates for putting up with so much of my crap
> (even though it was mostly true!).
>
> So long, and thanks for all the fish.
>
> --
> no .signature : no matches
> --
>
--
pedro pablo ramirez
bogota, colombia
-----------------==
you can e-mail me too at pedro...@yahoo.com
Sent via Deja.com http://www.deja.com/
Before you buy.
Jehsom
> I would like to have an antivirus in linux, I recieve lot's of 3 1/2
> disks from time to time and I know that a boot sector virus would
> certaily infect a Linux OS, so as I'm looking to be MS free I don't want
> to switch to Linux everytime I receive a disk.
If you mount a floppy disk in linux as joe user, there is no way it can
infect anything but your personal files. Linux is not prone to viruses
the way Windows is. Nuff said, it's been driven into the ground.
Moshe
--
Moshe Jacobson - jeh...@REMOVE-MEresnet.gatech.edu
ICQ 1900670 - 350467 GT Station - 6-0985 - HEF 214
Brent Davies
|
| I've just noticed that there's a new virus to delight the MS
| enthusiasts: MiniZip.
| Only runs on MS machines. Now, where did you want to go today?
|
| Poetic justice, I call it.
I'm glad to know there are people like you in
the world who would wish personal hardships
on other simply because of their choice of
product.
Sick and inhuman, I call it.
-B
mlw
> Read the details:
> http://news.cnet.com/news/0-1005-200-1475011.html?tag=st.ne.1002. This one
> is not a macro virus. It's an executable program, a self-expanding ZIP file
> that uncompresses and installs itself, then acts more or less like a normal
> virus. The fact that it may use automation is irrelevant - the same thing
> could be done with straight MAPI calls.
Wrong. The virus writer is using the automation feature of e-mail, to
send a macro and a self-extracting zip.
What this means is that, e-mail is essentially a way to send executable
content in Windows. Anyone even remotely involved with security should
be outraged.
>
> > It is one thing to say, "Well, Joe Desktop User doesn't know any
> > better..." blah blah. But a large corporation like these? Don't tell me
> > that they, with the vast resources and money which they possess, could not
> > afford to use something just a little more secure.
>
> Yeah, they should use robots, not humans. Humans make stupid mistakes like
> running .exe files they get in their email.
The issue is that the virus writer used the automation features, so the
user does not even need to run the .exe. It does it by itself.
>
> An advantage of such viruses is that they provide a record of those
> employees who need training on basic network hygiene.
No, they provide a record of how stupid Microsoft can really be.
--
Mohawk Software
Windows 95, Windows NT, UNIX, Linux. Applications, drivers, support.
Visit http://www.mohawksoft.com
John Saunders
news:3847A9A8...@mohawksoft.com...
> John Saunders wrote:
> > Read the details:
> > http://news.cnet.com/news/0-1005-200-1475011.html?tag=st.ne.1002. This
one
> > is not a macro virus. It's an executable program, a self-expanding ZIP
file
> > that uncompresses and installs itself, then acts more or less like a
normal
> > virus. The fact that it may use automation is irrelevant - the same
thing
> > could be done with straight MAPI calls.
>
> Wrong. The virus writer is using the automation feature of e-mail, to
> send a macro and a self-extracting zip.
Please show me where you saw that in the article I cited above? Where's the
macro? The user has to open the zipped_files.exe first, right?
> What this means is that, e-mail is essentially a way to send executable
> content in Windows. Anyone even remotely involved with security should
> be outraged.
And any such person should know about the security settings in Outlook and
Outlook Express, and should set them appropriately for their environment.
But in this case, it wouldn't have helped, as the naive user opens the .exe
file, shooting themselves in the foot.
>
> >
> > > It is one thing to say, "Well, Joe Desktop User doesn't know any
> > > better..." blah blah. But a large corporation like these? Don't tell
me
> > > that they, with the vast resources and money which they possess, could
not
> > > afford to use something just a little more secure.
> >
> > Yeah, they should use robots, not humans. Humans make stupid mistakes
like
> > running .exe files they get in their email.
>
> The issue is that the virus writer used the automation features, so the
> user does not even need to run the .exe. It does it by itself.
Please get your viruses straight. The user has to open this particular .exe
file.
mlw
There is only so much sympathy one can have for people that know a
product is crap and use it anyway. If you want to buy a yugo, don't feel
persecuted when people laugh at you.
Paul 'Z' EwandeÅ
mlw <ma...@mohawksoft.com> a écrit dans le message :
> There is only so much sympathy one can have for people that know a
> product is crap and use it anyway. If you want to buy a yugo, don't feel
> persecuted when people laugh at you.
Let's assume that Windows is crap.
Do you think that everybody knows it, when that crap allow them to do all
the things they managed to do with it ?
> Mohawk Software
> Windows 95, Windows NT, UNIX, Linux. Applications, drivers, support.
It looks like you may provide applications, drivers and support for crap.
> Visit http://www.mohawksoft.com
Paul 'Z' Ewande
John Saunders
news:3847A9A8...@mohawksoft.com...
> John Saunders wrote:
> > Read the details:
> > http://news.cnet.com/news/0-1005-200-1475011.html?tag=st.ne.1002. This
one
> > is not a macro virus. It's an executable program, a self-expanding ZIP
file
> > that uncompresses and installs itself, then acts more or less like a
normal
> > virus. The fact that it may use automation is irrelevant - the same
thing
> > could be done with straight MAPI calls.
>
> Wrong. The virus writer is using the automation feature of e-mail, to
> send a macro and a self-extracting zip.
>
From Symantec's Norton Anti-Virus web site:
http://www.symantec.com/avcenter/venc/data/worm.explorezip.pack.html. The
virus mails itself out as an attachment named zipped_files.exe. When it is
executed (e.g., opened by the user), it unpacks itself and executes. It puts
up a dialog saying the unzip failed. But the virus is there working.
In addition to trashing your files, it uses MAPI to send copies of itself.
Note that MAPI is not Automation.
If anyone has reason to believe Symantec is wrong, or that I'm reading their
article wrong, please let me know.
Tim Kelley
> Wrong. The virus writer is using the automation feature of e-mail, to
> send a macro and a self-extracting zip.
>
> What this means is that, e-mail is essentially a way to send executable
> content in Windows. Anyone even remotely involved with security should
> be outraged.
Right. Which is why in my workplace I just installed some
procmail filters that simply don't allow any email with
executable attachments in my network at all. Nor do they let
docs in that cross its macro threshold. Case closed, pretty
much.
I still have a few probs with laptop users bringing crap in.
--
Tim Kelley
tpke...@winkinc.com
Eugene O'Neil
Chad Myers <cmy...@austin.rr.com> wrote in message
news:826pm8$bir$1...@news.jump.net...
>
> Perhaps we should start by ignoring moronic FUD/trolls like you,
> first, no?
>
> 1.) You're just like the rest, confusing Win9x with WinNT/2K
> which simply demonstrates your ignorance on the subject, further
> lending credence to my "ignoring moronic FUD/trolls like you"
> comment
Most modern viruses (like Melissa) exploit holes in Microsoft Outlook,
Microsoft Word, and other parts of Microsoft office. The underlying version
of Windows is practically irrelevant.
> 2.) Oh yeah, that's right, Linux has none, or has ever had
> security issues that would've/could've/can be exploited by
> viruses, right?
The fact that Linux can't run Microsoft applications is a big advantage,
from a security standpoint. I have, in fact, never heard of a successful
Linux virus.
-Eugene
Joseph T. Adams
:> There is only so much sympathy one can have for people that know a
:> product is crap and use it anyway. If you want to buy a yugo, don't feel
:> persecuted when people laugh at you.
: Let's assume that Windows is crap.
A fair assumption at least with regard to Win95, which is still the
dominant flavor of Windows on home and corporate desktops.
: Do you think that everybody knows it, when that crap allow them to do all
: the things they managed to do with it ?
In addition to virtually all technical users, most nontechnical users
also realize that consumer grades of Windows are crap.
Most however are not aware that better alternatives exist (Win2000, if
one *must* run Win32 apps, or Linux, FreeBSD, BeOS, Mac, etc. if
functional equivalents will suffice).
:> Mohawk Software
:> Windows 95, Windows NT, UNIX, Linux. Applications, drivers, support.
: It looks like you may provide applications, drivers and support for crap.
I don't know about mlw, but I still do. Not because I want to, but
because where I live the Windows market is still dominant. However,
that is slowly changing. I'm learning as much about Linux, Java,
Python, Tcl/Tk, and other alternative technologies as I can, and am
trying to get my employers and clients accustomed to the idea of using
or at least considering *portable* rather than vendor-specific
solutions wherever possible, especially in the growing markets for
business logic and server-side components, where the dominance of
Windows on the desktop need not preclude the choice of whatever
technologies work best on those levels.
Joe
Eugene O'Neil
pedro pablo ramirez <da...@geocities.com> wrote in message
news:8274d7$65c$1...@nnrp1.deja.com...
> Sorry for my ignorance I'm less than a month newbie.
>
> disks from time to time and I know that a boot sector virus would
> certaily infect a Linux OS, so as I'm looking to be MS free I don't want
> to switch to Linux everytime I receive a disk.
Boot sector viruses only infect your computer if you BOOT off of the floppy.
During normal operation (under ANY operating system), the computer doesn't
even read that sector. Just make sure your floppy drive is empty before you
boot your computer.
If you really want to protect yourself, reboot your computer (without a
floppy of course), and enter your BIOS settings. Depending on your BIOS
manufacturer, you should hopefully have some sort of control over what order
the computer will try to boot off of various devices. Put the floppy drive
after the hard disk, and it will never get that far.
-Eugene
Bones
>> I've just noticed that there's a new virus to delight the MS enthusiasts:
>> MiniZip. Only runs on MS machines. Now, where did you want to go today?
> In article <826pm8$bir$1...@news.jump.net>, Chad Myers wrote:
> 1.) You're just like the rest, confusing Win9x with WinNT/2K which simply
> demonstrates your ignorance on the subject, further lending credence to my
> "ignoring moronic FUD/trolls like you" comment
[snip]
Points of interest:
1) MiniZip is only a slight variant of the ExploreZip worm that's been with us
for (IIRC) almost half a year, so its not new news. It's simply a
compressed version of ExploreZip, hence the name 'Mini'.
2) It's a worm, not a virus.
3) It requires user intervention to work. In other words, the computer user
has to willingly open the attached worm executable in order for the worm
to do its dirty work. I don't see how a particular Linux distribution would
be impervious to this kind of attack... What if it was an ELF binary and
the user was logged in as the superuser?
4) MiniZip *can* effect Win9x *and* WinNT, provided the user has sufficient
rights in NT to allow the worm to do damage. Just like the Linux example
in point #3, someone using an account that has Admin privileges in NT will
really get nailed.
5) Why is this worm spreading? I would think that computer users would have
learned their lesson by now that executing e-mail attachments named
zipped_files.exe is a bad idea! (or any executable for that matter)
6) What a joke... People who send me e-mail with attached executables,
attachments > 100K, or pages of HTML (where a link would do fine) find that
their messages mysteriously disappear before I can read them. Hmmm...
Also, people who send me things in proprietary binary formats, like Word
docs, seem to have their messages lost in transit. (WTF am I supposed to
do with a document in W'd 2K format anyway? Like I run out and plop down
$200+ every time MS comes out with the the format o' th' month in one of
their productivity apps. What if I read my mail on a MacOS, Linux, OS/2
or Windows machine without Office 2K? Duh!)
7) Why do message transfer protocols include methods for transferring binaries
when we have FTP and HTTP protocols that do it faster and more 'securely'?
----
Bones
Manual, n.:
A unit of documentation. There are always three or
more on a given item. One is on the shelf; someone has the
others. The information you need is in the others.
-- Ray Simard
Joseph T. Adams
: What people like you *continually* fail to realize is that if
: "everyone" switched to Linux/Unix/MacOS/insertwhateverOSyouwant then
: *it* would become the "lowest common denominator solution" and all
: virus writers would be targeting it!
Windows allows untrusted code full access to the system and everything
on it. This is BY DESIGN and cannot be fixed.
Network operating systems are designed to protect the network and
everything on it from unauthorized access. This also is by design.
Failure to do so is considered a bug, not a "feature," and any known
place where there is even a *possibility* of a security breach is
quickly plugged with fixes being freely and quickly available to
systems administrators.
The kinds of viruses that plague Windows simply can't happen under
Linux. That doesn't mean other kinds of security exploits couldn't
theoretically occur; holes are found and fixed fairly regularly, but
actual exploits are rare, because crackers realize any holes are
temporary and that they won't be able to exploit them for very long if
at all.
Joe
mlw
> > product is crap and use it anyway. If you want to buy a yugo, don't feel
> > persecuted when people laugh at you.
>
> Let's assume that Windows is crap.
>
> the things they managed to do with it ?
This is true, but I would like to see the general populace to take more
responsibility for their own actions. People read more about cars and
DVD players they wish to buy than a computer. A computer is often used
far more than a car of DVD player.
>
> > Mohawk Software
> > Windows 95, Windows NT, UNIX, Linux. Applications, drivers, support.
>
> It looks like you may provide applications, drivers and support for crap.
Make no mistake dude, if I were rich I'd own a very nice boat. Some
people scrub floors, some people pump cesspools, this does not mean they
like it.
--
Mohawk Software
Windows 95, Windows NT, UNIX, Linux. Applications, drivers, support.
Evan DiBiase
>On 3 Dec 1999 21:20:01 GMT, "Joseph T. Adams" <j...@apk.net> wrote:
>>Network operating systems are designed to protect the network and
>>everything on it from unauthorized access. This also is by design.
>>Failure to do so is considered a bug, not a "feature," and any known
>>place where there is even a *possibility* of a security breach is
>>quickly plugged with fixes being freely and quickly available to
>>systems administrators.
>
>Which is why Linux will never become a "consumer" OS. People don't
>want to become Network Administrators just to get email and play
>games.
And they really don't have to. They just have to put a little thought
into using their OS. The tradeoff is the learning curve; the
advantages have been discussed many times. In the scope of this
thread, I'd say that the advantage is security.
>>The kinds of viruses that plague Windows simply can't happen under
>>Linux. That doesn't mean other kinds of security exploits couldn't
>>theoretically occur; holes are found and fixed fairly regularly, but
>>actual exploits are rare, because crackers realize any holes are
>>temporary and that they won't be able to exploit them for very long if
>>at all.
>
>Uh huh, sure.
IIRC, there was a patch against Teardrop in Linux in 48 hours.
>If Linux use was as widespread as Windows and all the virus writers
>were targeting it, rest assured that holes would be found.
...and those holes would be promptly fixed.
>It's all in the numbers.
Indeed. Since anyone can patch the Linux kernel if they want, anyone
can fix any hole in the Linux kernel. Now, if there are at least 3,000
people who are able to write the code to fix the whole, that's still a
rather large number. I can't imagine that any company selling a
non-open-sourced OS could dedicate 3,000 people to fixing bugs.
-Evan
Joseph T. Adams
:>Windows allows untrusted code full access to the system and everything
:>on it. This is BY DESIGN and cannot be fixed.
: Which is part of the reason that it's so successful.
Design flaw == reason for success??
That's a particularly weird form of "logic" even for a Winvocate.
:>Network operating systems are designed to protect the network and
:>everything on it from unauthorized access. This also is by design.
:>Failure to do so is considered a bug, not a "feature," and any known
:>place where there is even a *possibility* of a security breach is
:>quickly plugged with fixes being freely and quickly available to
:>systems administrators.
: Which is why Linux will never become a "consumer" OS. People don't
: want to become Network Administrators just to get email and play
: games.
They don't have to be. But they do have to have the intelligence not
to run untrusted code. If not, they really need something simpler
than *any* PC OS. I'd suggest either a Mac or some type of Internet
appliance or a gaming console.
:>The kinds of viruses that plague Windows simply can't happen under
:>Linux. That doesn't mean other kinds of security exploits couldn't
:>theoretically occur; holes are found and fixed fairly regularly, but
:>actual exploits are rare, because crackers realize any holes are
:>temporary and that they won't be able to exploit them for very long if
:>at all.
: Uh huh, sure.
: If Linux use was as widespread as Windows and all the virus writers
: were targeting it, rest assured that holes would be found.
And fixed.
I would welcome that.
: It's all in the numbers.
No, it's all in the design.
Linux was designed from the ground up to be a network operating
system. Windows was not.
Joe
Paul 'Z' EwandeÅ
mlw <ma...@mohawksoft.com> a écrit dans le message :
<SNIP> A little bit of stuff <SNIP>
> > Let's assume that Windows is crap.
> >
> > Do you think that everybody knows it, when that crap allow them to do
all
> > the things they managed to do with it ?
>
> This is true, but I would like to see the general populace to take more
> responsibility for their own actions. People read more about cars and
That's something else than knowingly buying crap, isn't it ?
> DVD players they wish to buy than a computer. A computer is often used
> far more than a car of DVD player.
> > > Mohawk Software
> > > Windows 95, Windows NT, UNIX, Linux. Applications, drivers, support.
> >
> > It looks like you may provide applications, drivers and support for
crap.
>
> Make no mistake dude, if I were rich I'd own a very nice boat. Some
> people scrub floors, some people pump cesspools, this does not mean they
> like it.
>
That's a nice analogy again [are you really equating to write apps, drivers
and support Windows to pumping a cesspool ?].
However, those people who do such things generally have very little choice.
I reckon that you have a broader choice of activities wrt computers.
I agree that I was kind of pissed, maybe I read one time too many that
Windows [any flavor] is crap^, not a "real" OS whatever that may mean, while
it nevertheless allows a whole lot of people to enjoy their computing
activities [no matter what they are] relatively easily and minimum hassles,
the opinions about the crappiness and fake OSness of Windows [any flavor]
not withstanding.
Phew, that was a long-winded phrase.
> --
> Mohawk Software
> Windows 95, Windows NT, UNIX, Linux. Applications, drivers, support.
> Visit http://www.mohawksoft.com
Paul 'Z' Ewande
John Saunders
news:829c61$aci$1...@plonk.apk.net...
> : "everyone" switched to Linux/Unix/MacOS/insertwhateverOSyouwant then
> : *it* would become the "lowest common denominator solution" and all
> : virus writers would be targeting it!
>
> on it. This is BY DESIGN and cannot be fixed.
Be more specific. Windows 95 and 98 allow full access. And it _can_ be
fixed - the fix is called Windows NT.
> Network operating systems are designed to protect the network and
> everything on it from unauthorized access. This also is by design.
NFS does this? Real heavy security there. [real heavy sarcasm here]
John Saunders
news:b_V14.8092$gX3.6...@news.easynews.com...
>
> Chad Myers <cmy...@austin.rr.com> wrote in message
> news:826pm8$bir$1...@news.jump.net...
> >
> > Perhaps we should start by ignoring moronic FUD/trolls like you,
> > first, no?
> >
> > which simply demonstrates your ignorance on the subject, further
> > lending credence to my "ignoring moronic FUD/trolls like you"
> > comment
>
> Microsoft Word, and other parts of Microsoft office. The underlying
version
> of Windows is practically irrelevant.
The virus we're discussing does not exploit holes in Microsoft Outlook, etc.
Brent Davies
| Brent Davies wrote:
| >
[snip]
| >
| > I'm glad to know there are people like you in
| > the world who would wish personal hardships
| > on other simply because of their choice of
| > product.
|
| product is crap and use it anyway. If you want to buy a yugo, don't feel
| persecuted when people laugh at you.
There is a large difference between having sympathy for someone's
pain and being glad for it. I don't ask for your sympathy. Quite
frankly, I'm able to make NT do most, if not all, of what I need it
to do.
I was commenting on the state of a particular person's humanity.
Enjoying the fact that someone is having problems is a negative
thing. Not caring is simply passive and not necessarily a bad
thing. But enjoying it IS a bad thing.
-B
Paul 'Z' EwandeÅ
Joseph T. Adams <j...@apk.net> a écrit dans le message :
829an7$9fc$1...@plonk.apk.net...> :> There is only so much sympathy one can have for people that know a
> :> product is crap and use it anyway. If you want to buy a yugo, don't
feel
> :> persecuted when people laugh at you.
>
>
> A fair assumption at least with regard to Win95, which is still the
> dominant flavor of Windows on home and corporate desktops.
>
>
> : Do you think that everybody knows it, when that crap allow them to do
all
> : the things they managed to do with it ?
>
Most nontechnical I've been in contact with and _some_ of "technical" user
can't even make the difference between an application crash and a system
one.
Windows kills a misbehaving program as an OS should do and they go screaming
Windows crashed, because it's Windows and we all know how Windows is crappy,
don't we ?
And they are the same which are using Windows9X at home as their primary or
sole OS, and they go around bashing MS/Windows since it's the cool thing to
do nowadays.
I'm a rebel, I don't. :) Not that I think it's perfect, but it's good enough
for many purposes.
> also realize that consumer grades of Windows are crap.
Sure. I'm sure you and many people who consider it crap can do an OS which
can run DOS, Win16, Win32 with _some modicum_ of multitasking and memory
protection, an GUI, and to be able to boot/run in 4 Megs of RAM [since there
were the designs parameters for Win95 coding team for August 1995]. The rest
is history.
Microsoft could not afford to cut off it's user base, which is the reason of
its success. The present is often shaped by the past.
> Most however are not aware that better alternatives exist (Win2000, if
> one *must* run Win32 apps, or Linux, FreeBSD, BeOS, Mac, etc. if
> functional equivalents will suffice).
What does "better" mean ? Suppose there is something you want to do or a
feature you need that those "better" alternatives don't provide ? You will
go high nosed and say Windows 9X is crap ? Not very pragmatic IMO.
I for one prefer a working "crap" _right know_ to a promising technology
wonder which might allow me to do what I want to do [right now] in an
indisclosed future. You mileage may vary.
Just so you know I use daily Win98/NT, MacOS. I'use from time to time
FreeBSD and have tried Linux and BeOS. I've been exposed to other things.
They all have their strengths and weaknesses.
> :> Mohawk Software
> :> Windows 95, Windows NT, UNIX, Linux. Applications, drivers, support.
>
> : It looks like you may provide applications, drivers and support for
crap.
>
> I don't know about mlw, but I still do. Not because I want to, but
Of course it's because you want to, or else you wouldn't be doing it. Now,
I'm not sure that is something you wish or like. :)
> because where I live the Windows market is still dominant. However,
Crap can be so pervasive and ubiquitous. :)
> that is slowly changing. I'm learning as much about Linux, Java,
> Python, Tcl/Tk, and other alternative technologies as I can, and am
> trying to get my employers and clients accustomed to the idea of using
> or at least considering *portable* rather than vendor-specific
> solutions wherever possible, especially in the growing markets for
> business logic and server-side components, where the dominance of
And it's a good thing. That should not automatically prompt you to dismiss
Windows as crap. There are things that the MacOS, BeOS, Linux and FreeBSD
don't do for me, There are not crap for that reason.
> Windows on the desktop need not preclude the choice of whatever
> technologies work best on those levels.
>
>
> Joe
Paul 'Z' Ewande
Joseph T. Adams
:> : Do you think that everybody knows it, when that crap allow them to do all
:> : the things they managed to do with it ?
:>
:> In addition to virtually all technical users, most nontechnical users
: Most nontechnical I've been in contact with and _some_ of "technical" user
: can't even make the difference between an application crash and a system
: one.
That's 'cuz with 95 and 98 which is what most people are familiar
with, there isn't a lot of difference, because the although the OS
makes an attempt to protect other apps from the errant behavior of
other apps, it cannot, for backward compatibility reasons, adequately
protect itself. By the time it's detected an access violation, a
number of previous access violations, most likely affecting the
kernel, have probably already occurred, leaving the system in an
unstable and dangerous condition, best corrected, as all consumer
grade users of Windows learn, by the Three Fingered Salute.
NT is better and Linux like any Unix is *much* better in this regard.
: Windows kills a misbehaving program as an OS should do and they go screaming
: Windows crashed, because it's Windows and we all know how Windows is crappy,
: don't we ?
What people are objecting to is not the OS killing the app, but the
app killing the OS.
: And they are the same which are using Windows9X at home as their primary or
: sole OS, and they go around bashing MS/Windows since it's the cool thing to
: do nowadays.
I wonder if there's a reason for that. :)
: I'm a rebel, I don't. :) Not that I think it's perfect, but it's good enough
: for many purposes.
For a few purposes it's "good enough" because it's the only choice,
but for anything for which NT or Linux could be used instead, they
should be.
There are very few legitimate reasons to run 95/98 in a business
environment. Even if one insists on running Windows-only software, NT
or W2K are much better, and if not, then many better alternatives
exist.
:> also realize that consumer grades of Windows are crap.
: Sure. I'm sure you and many people who consider it crap can do an OS which
: can run DOS, Win16, Win32 with _some modicum_ of multitasking and memory
: protection, an GUI, and to be able to boot/run in 4 Megs of RAM [since there
: were the designs parameters for Win95 coding team for August 1995]. The rest
: is history.
You've given some valid and even justifiable reasons *why* consumer
grades of Windows aren't crap. That doesn't change the fact that they
are crap.
: Microsoft could not afford to cut off it's user base, which is the reason of
: its success. The present is often shaped by the past.
Well, yes, and that of course *does* explain some of the design
tradeoffs made that make consumer-grade versions of Windows crap.
Many important legacy apps would have broken had Microsoft not allowed
unsafe behavior such as direct access to hardware on the part of apps.
Emulating DOS and Win16 in a protected environment would have been
possible given unlimited resources, but not inside 4MB RAM.
NT did not have these constraints and thus should have been much
better. It *is* much better, but still is not quite good enough to be
in the same league with even the flakiest Unices, because MS chose to
repeat some of the same design mistakes it made with Win95 (for
instance moving video code into the kernel, trading stability for
performance). The nice thing about NT is that it has a semi-modular
design. If W2K chooses to eliminate some "features" that reduce
system stability, and provides a compatibility or emulation
environment instead, it can potentially be almost as compatible with
legacy apps as NT, but will then become a lot more stable, and might,
finally, be in a position to be useful in environments where stability
is important (including server work).
:> Most however are not aware that better alternatives exist (Win2000, if
:> one *must* run Win32 apps, or Linux, FreeBSD, BeOS, Mac, etc. if
:> functional equivalents will suffice).
: What does "better" mean ? Suppose there is something you want to do or a
: feature you need that those "better" alternatives don't provide ? You will
: go high nosed and say Windows 9X is crap ? Not very pragmatic IMO.
There are times when even I must use Win95 (testing apps that will be
deployed there). It still is crap. Many games and most hardware
devices are compatible with 98 only, not NT and not even 95. To use
these one must use 95. It still is crap. It always will be crap.
Yes, of course even crap has its uses. But they're not glamorous. :)
: I for one prefer a working "crap" _right know_ to a promising technology
: wonder which might allow me to do what I want to do [right now] in an
: indisclosed future. You mileage may vary.
As most of the other Winvocates will tell you, NT4, SP5, is here right
now, has been for the better part of a year, will run most Win32 apps,
and will save you enough time in reboots alone to more than justify
its slightly higher cost over the consumer grades of Windows.
The other alternatives you've mentioned below are here right now as
well.
: Just so you know I use daily Win98/NT, MacOS. I'use from time to time
: FreeBSD and have tried Linux and BeOS. I've been exposed to other things.
: They all have their strengths and weaknesses.
Agreed.
[snip]
:> because where I live the Windows market is still dominant. However,
: Crap can be so pervasive and ubiquitous. :)
Yep. Look at any major political party.
:> that is slowly changing. I'm learning as much about Linux, Java,
:> Python, Tcl/Tk, and other alternative technologies as I can, and am
:> trying to get my employers and clients accustomed to the idea of using
:> or at least considering *portable* rather than vendor-specific
:> solutions wherever possible, especially in the growing markets for
:> business logic and server-side components, where the dominance of
: And it's a good thing. That should not automatically prompt you to dismiss
: Windows as crap. There are things that the MacOS, BeOS, Linux and FreeBSD
: don't do for me, There are not crap for that reason.
Consumer grades of Windows don't in my experience do *anything*
consistently or reliably. That's what makes them, IMNSHO, crap.
While I have a lot of problems with NT - interoperability and its
closed-source nature being among them - I have to concede that it is
useful, because it *usually* doesn't crash every day.
98 is barely useful and 95 is not useful at all (to me at least)
because they extract a HUGE cost in terms of my time, which is not
cheap, and do nothing in return that some other OS available to me
(usually Linux or NT) won't do much better. Now, if I were a gamer or
if I depended on some piece of obscure hardware that was designed to
work only with 95 and/or 98, well, I'd curse, bear it, and write to
the game and/or hardware company explaining in exquisite and colorful
detail why its most hated competitor will be getting all of my
business for the foreseeable future. :) But that would not change my
opinion that consumer grade versions of Windows are crap. Nothing can
change that opinion other than Microsoft releasing a consumer grade
version of Windows that isn't crap.
Joe
Aaron Sherman
> Perhaps we should start by ignoring moronic FUD/trolls like you,
> first, no?
The post was legitimate. The question begs to be answered: after so
many years of MS products being plagued by viruses, why has it not
implemented basic partitioning of authorities with the ability to
increase privileges for particular tasks? sudo has existed under UNIX
variants for 15 years or more, and yet on an NT box I either have to
give my account privs (the way most people end up going on personal
systems) or log out/in as administrator. We'll ignore the non-security
conscious who log in as administrator all the time, as they're no
better or worse than those who log in as root to UNIX/Linux systems.
> 1.) You're just like the rest, confusing Win9x with WinNT/2K
> which simply demonstrates your ignorance on the subject, further
> lending credence to my "ignoring moronic FUD/trolls like you"
> comment
Nope, this is a Microsoft problem. Remember Melissa? Was that 9x
specific? Nope. MS just does not design security into their
products. Their software is specified and motivated by marketoids who
do not have the first inkling that interpreting random documents from
the 'Net as code would be a Bad Thing.
> 2.) Oh yeah, that's right, Linux has none, or has ever had
> security issues that would've/could've/can be exploited by
> viruses, right?
Oh, certainly it does. Nowhere near the number of holes as your
average MS system (as an example, it actually makes sense to talk
about a Linux security problem that results in a local user being able
to get administrative privileges, but for NT it's pretty much a given
that those who don't exercise admin privs are being polite).
Most Linux security exploits these days center around buffer overflows
(the legacy of C programming). There is, in fact an entire Linux
distribution (based on an older version of Red Hat) that includes
software that will guard against any buffer-overflow, creating the
risk of DoS attacks, but stopping intrusions. But these holes are
increasingly rare as software becomes more popular (e.g. glib) which
abstracts strings (the usual culprit) away into non-overflowable
objects.
Security is a multi-faceted beast, and fighting that war is ongoing.
However, NT doesn't even play in the same league as UNIX and UNIX-like
OSes.
I laughed recently at the "NT C2" evaluation. I remember back
when Sun implimented C2 security, and it failed misserably. Basically,
they had to add all of this junk to meet the auditing criteria of C2,
and that meant that they introduced a slew of security holes. I hope
NT does not go the same way.
Remember, C2 is a measure of security-related capabilities. It is not
a measure of security. This, not to mention the fact that C2 is
obsolete, and was in the mid-to-late 80s.
The only true measure of security is a full source code security
audit, and that requires source code....
--
Aaron Sherman
a...@ajs.com finger ajs...@lorien.ajs.com for GPG info. Fingerprint:
www.ajs.com/~ajs BF8E 8987 1D58 E01E E0B8 4BB6 B388 2F80 97AE A001
"Do you come from a land downunder, where bitters flow and the
men chunder?" -Men at Work
Aaron Sherman
> Uh huh, sure.
>
> If Linux use was as widespread as Windows and all the virus writers
> were targeting it, rest assured that holes would be found.
I remember the first Linux virus. I heard that it existed only because
a friend of mine who runs FreeBSD was crowing about how the Linux
emulation environment for FreeBSD could run it ;-)
It never went anywhere, and never got into any distributions.
Windows viruses spread because the system is fundamentally insecure,
and the company that makes it has no interest in making it secure
(that's not their bottom line).
Finding holes in a system to which thousands of developers all over
the world have source is a little harder. Oh sure, you can sometimes
find a small hole that lets you get into this or that application. But
as soon as you start exploiting it, security lists will buzz to life
and every major vendor will have updates available in under a week
(usually in under 3 days). After all, being more secure *is* the
bottom line to these vendors, as is being faster, as is being easier
to develop for, etc.
Aaron Sherman
> > In article <826pm8$bir$1...@news.jump.net>, Chad Myers wrote:
> > 1.) You're just like the rest, confusing Win9x with WinNT/2K which simply
> > demonstrates your ignorance on the subject, further lending credence to my
> > "ignoring moronic FUD/trolls like you" comment
> [snip]
> 3) It requires user intervention to work. In other words, the computer user
> has to willingly open the attached worm executable in order for the worm
> to do its dirty work. I don't see how a particular Linux distribution would
> be impervious to this kind of attack... What if it was an ELF binary and
> the user was logged in as the superuser?
Yes, exactly. What *if* the user was logged in as superuser. Well
then, the question begs to be asked: why on earth would anyone read
mail as root? And, assuming they found some bizzare reason, why with a
mail reader capable of executing binaries sent via mail?
> 4) MiniZip *can* effect Win9x *and* WinNT, provided the user has sufficient
> rights in NT to allow the worm to do damage. Just like the Linux example
> in point #3, someone using an account that has Admin privileges in NT will
> really get nailed.
However, since it's so hard to switch levels of privs under NT (you
have to log out/in) many users have their personal accounts setup with
the required privs. This is a fundamental failing in NT.
> 5) Why is this worm spreading? I would think that computer users would have
> learned their lesson by now that executing e-mail attachments named
> zipped_files.exe is a bad idea! (or any executable for that matter)
I have to admit you have a strong point here. I think the fault rests
squarely on the shoulders of people like MSN, AOL and the companies
that don't educate their users. There is a feeling that people, on
average, are too stupid to understand, so it's not worth educating
them. This is, sadly, self-fulfilling.
> 7) Why do message transfer protocols include methods for transferring binaries
> when we have FTP and HTTP protocols that do it faster and more 'securely'?
Because sometimes email is the only reasonable way to get something
through. Users need to be educated enough to ignore this kind of
crap. Having a mail reader that was smart enough to warn you about
suspect mail attachments would be nice, though. However, MS will never
release a version of the outlook client that warns "there is a
Microsoft word attachment on this document. It is not recommended that
you view this as it could present a security risk." ;-)
Aaron Sherman
> > Network operating systems are designed to protect the network and
> > everything on it from unauthorized access. This also is by design.
>
> NFS does this? Real heavy security there. [real heavy sarcasm here]
Yep. NFS has several very important security features:
1. Superuser privs do not work over NFS, unless you requst it.
2. Access rights can be granted on a per machine or per network
basis (e.g. admin machines might have the ability to act as
root over NFS).
3. Various features (e.g. running binaries, following symbolic
links, etc) can be shut off for a given NFS mount.
4. TCP and/or encrypted versions of NFS provide even more
security features.
Of course, if you prefer the way that Windows does file sharing, you
can always run Samba on your Linux box.... It's faster and more
secure.
Buddy Smith
: "John Saunders" <j...@jws.ultranet.com> writes:
<snip>
: 3. Various features (e.g. running binaries, following symbolic
This is not intended as a security feature. not being able to run binaries
over an NFS mount is intended to prevent users from accidentally running
binaries compiled for a different architecture. Try /lib/ld-linux.so.2
/some/noexec/nfs/mount.
Or try copying the binaries to your home dir and chmod +x'ing them :)
--buddy
Paul 'Z' EwandeÅ
Joseph T. Adams <j...@apk.net> a écrit dans le message : 82b3sp$p50>
<SNIP> A little bit of snippage </SNIP>
> : Most nontechnical I've been in contact with and _some_ of "technical"
user
> : can't even make the difference between an application crash and a system
> : one.
>
> That's 'cuz with 95 and 98 which is what most people are familiar
> with, there isn't a lot of difference, because the although the OS
> makes an attempt to protect other apps from the errant behavior of
> other apps, it cannot, for backward compatibility reasons, adequately
> protect itself. By the time it's detected an access violation, a
All the time or sometimes. I've been able to clean kill "unresponding" apps
many, many times or the OS terminated the apps and displayed an error
message box and I could still do stuff.
> number of previous access violations, most likely affecting the
> kernel, have probably already occurred, leaving the system in an
> unstable and dangerous condition, best corrected, as all consumer
> grade users of Windows learn, by the Three Fingered Salute.
Well, just my experience, but generally when Windows kills an application, I
can still, if I want to, close my other application and reboot the computer
cleanly by Start -> Shutdown -> Reboot. If I decide to kill the application
myself, I'm free to do whatever I want.
> NT is better and Linux like any Unix is *much* better in this regard.
>
Sure.
>
> : Windows kills a misbehaving program as an OS should do and they go
screaming
> : Windows crashed, because it's Windows and we all know how Windows is
crappy,
> : don't we ?
>
> What people are objecting to is not the OS killing the app, but the
> app killing the OS.
Even when it was an application crash handled by the OS ? Please.
> : And they are the same which are using Windows9X at home as their primary
or
> : sole OS, and they go around bashing MS/Windows since it's the cool thing
to
> : do nowadays.
>
> I wonder if there's a reason for that. :)
Probably many, that doesn't validate the fact people don't even try to look
for the real cause of problem, it's automatically MS/Windows. That's
bandwagon jumping IMO.
> : I'm a rebel, I don't. :) Not that I think it's perfect, but it's good
enough
> : for many purposes.
>
> For a few purposes it's "good enough" because it's the only choice,
There's the MacOS.
> but for anything for which NT or Linux could be used instead, they
> should be.
Of course. But AFAICT Windows9X is a consumer OS like the MacOS, not a
server/workstation OS like Linux or NT.
> There are very few legitimate reasons to run 95/98 in a business
Agreed.
> environment. Even if one insists on running Windows-only software, NT
> or W2K are much better, and if not, then many better alternatives
> exist.
>
>
> :> also realize that consumer grades of Windows are crap.
>
> : Sure. I'm sure you and many people who consider it crap can do an OS
which
> : can run DOS, Win16, Win32 with _some modicum_ of multitasking and memory
> : protection, an GUI, and to be able to boot/run in 4 Megs of RAM [since
there
> : were the designs parameters for Win95 coding team for August 1995]. The
rest
> : is history.
>
> You've given some valid and even justifiable reasons *why* consumer
> grades of Windows aren't crap. That doesn't change the fact that they
> are crap.
If you compare it the the other consumer OS [MacOS], it holds its own. I the
MacOS was stomping all over Windows9X in their intended use, you could call
it crap. Is a small city car is crap because it can haul as much as 18
wheeler truck ?
> : Microsoft could not afford to cut off it's user base, which is the
reason of
> : its success. The present is often shaped by the past.
<SNIP> some agreed upon stuff </SNIP>
> :> Most however are not aware that better alternatives exist (Win2000, if
> :> one *must* run Win32 apps, or Linux, FreeBSD, BeOS, Mac, etc. if
> :> functional equivalents will suffice).
>
> : What does "better" mean ? Suppose there is something you want to do or a
> : feature you need that those "better" alternatives don't provide ? You
will
> : go high nosed and say Windows 9X is crap ? Not very pragmatic IMO.
>
> There are times when even I must use Win95 (testing apps that will be
> deployed there). It still is crap. Many games and most hardware
I disagree, but all we say here are still opinion, aren't they ?
> devices are compatible with 98 only, not NT and not even 95. To use
> these one must use 95. It still is crap. It always will be crap.
>
> Yes, of course even crap has its uses. But they're not glamorous. :)
>
>
> : I for one prefer a working "crap" _right know_ to a promising technology
> : wonder which might allow me to do what I want to do [right now] in an
> : indisclosed future. You mileage may vary.
>
> As most of the other Winvocates will tell you, NT4, SP5, is here right
> now, has been for the better part of a year, will run most Win32 apps,
You said it _most_.
> and will save you enough time in reboots alone to more than justify
> its slightly higher cost over the consumer grades of Windows.
I almost never reboot my Windows98 box. I boot it when I want to use it.
When i'm done, I shut it down. I pay electricty bills and I don't see the
point of keeping it powered up while sitting here doing nothing. I might
shock you, but plenty of people use it like so.
> The other alternatives you've mentioned below are here right now as
> well.
As consummer grade OS, I only see the Macintosh. Linux might be up here, but
I doubt it.
> : Just so you know I use daily Win98/NT, MacOS. I'use from time to time
> : FreeBSD and have tried Linux and BeOS. I've been exposed to other
things.
> : They all have their strengths and weaknesses.
>
> Agreed.
>
> [snip]
>
> :> because where I live the Windows market is still dominant. However,
>
> : Crap can be so pervasive and ubiquitous. :)
>
> Yep. Look at any major political party.
>
>
> :> that is slowly changing. I'm learning as much about Linux, Java,
> :> Python, Tcl/Tk, and other alternative technologies as I can, and am
> :> trying to get my employers and clients accustomed to the idea of using
> :> or at least considering *portable* rather than vendor-specific
> :> solutions wherever possible, especially in the growing markets for
> :> business logic and server-side components, where the dominance of
>
> : And it's a good thing. That should not automatically prompt you to
dismiss
> : Windows as crap. There are things that the MacOS, BeOS, Linux and
FreeBSD
> : don't do for me, There are not crap for that reason.
>
> Consumer grades of Windows don't in my experience do *anything*
> consistently or reliably. That's what makes them, IMNSHO, crap.
My experience is different of couse, not that I believe it's perfect, I just
don't believe that it's as crappy as it's made out to be. :)
> While I have a lot of problems with NT - interoperability and its
> closed-source nature being among them - I have to concede that it is
> useful, because it *usually* doesn't crash every day.
>
> 98 is barely useful and 95 is not useful at all (to me at least)
> because they extract a HUGE cost in terms of my time, which is not
> cheap, and do nothing in return that some other OS available to me
> (usually Linux or NT) won't do much better. Now, if I were a gamer or
> if I depended on some piece of obscure hardware that was designed to
> work only with 95 and/or 98, well, I'd curse, bear it, and write to
> the game and/or hardware company explaining in exquisite and colorful
> detail why its most hated competitor will be getting all of my
> business for the foreseeable future. :) But that would not change my
> opinion that consumer grade versions of Windows are crap. Nothing can
> change that opinion other than Microsoft releasing a consumer grade
> version of Windows that isn't crap.
I'm sure many Joe and Jane Average will think that Linux is crap because of
the learning curve since they are used to the MacOS or Windows9X. Does it
make it crap ?
What do you think of the Macintosh the other consummer grade OS ? You'll
have to judge according to the competition.
Do you also say that a lightweight boxer is crappy because he can't stand
against a heavy weight ?
> Joe
Paul 'Z' Ewande
Rob S. Wolfram
>
>Boot sector viruses only infect your computer if you BOOT off of the floppy.
>During normal operation (under ANY operating system), the computer doesn't
>even read that sector.
It does, at least on FAT based floppies. The boot sector has more data
on it besides boot code (like the type and number of FATs). I'm not sure
about ext2 or minix floppies.
>If you really want to protect yourself, reboot your computer (without a
>floppy of course), and enter your BIOS settings. Depending on your BIOS
>manufacturer, you should hopefully have some sort of control over what order
>the computer will try to boot off of various devices. Put the floppy drive
>after the hard disk, and it will never get that far.
Agreed. Add the CDROM to the list for cd-boot capable bioses.
Cheers,
Rob
--
Rob S. Wolfram <qwe...@hamal.xs4all.nl> PGP 0x07606049 GPG 0xD61A655D
"Only two things are infinite, the universe and human stupidity,
and I'm not sure about the former."
-- Albert Einstein
Aaron Sherman
> In comp.os.linux.advocacy Aaron Sherman <a...@ajs.com> wrote:
> : "John Saunders" <j...@jws.ultranet.com> writes:
> : 3. Various features (e.g. running binaries, following symbolic
> : links, etc) can be shut off for a given NFS mount.
> This is not intended as a security feature. not being able to run binaries
> over an NFS mount is intended to prevent users from accidentally running
> binaries compiled for a different architecture. Try /lib/ld-linux.so.2
> /some/noexec/nfs/mount.
Um, sorry, I meant the nosuid option. That is it can be told to not
obey the extra tags that cause the local host to give a program
superuser (or other) status.
You are correct the binary execution thing is not a security feature.
Al Magesti
>
> Yes, exactly. What *if* the user was logged in as superuser. Well
> then, the question begs to be asked: why on earth would anyone read
> mail as root?
The root user often gets mail from the system. However, the root user
can us 'mail' (or elm or pine ...) to read this mail, not a GUI
mailreader. Thus, the GUI mailreader can be configured to point to a
dedicated mail server POP or whatever for users.
The root account should not get mail from offsite anyway, should it?
> And, assuming they found some bizzare reason, why with a
> mail reader capable of executing binaries sent via mail?
This is a more important issue, and one which I would very much like to
see answered.
> I have to admit you have a strong point here. I think the fault rests
> squarely on the shoulders of people like MSN, AOL and the companies
> that don't educate their users.
Ah, isn't this the more fundamental issue - people use MSware so that
they don't have to be educated on its workings?
Isn't that the whole idea of computing for the common person? Ease of
use and all that?
> However, MS will never
> release a version of the outlook client that warns "there is a
> Microsoft word attachment on this document. It is not recommended that
> you view this as it could present a security risk." ;-)
Of course not, and therein lies the rub. Virus writers will continue to
exploit the security holes which MS will not (or cannot) plug.
--
Un nuovo mezzo di comunicazione è ora disponibile per i
numerosi Amici della Redazione di Socrates.
Aaron Sherman
> Aaron Sherman wrote:
> >
> > Yes, exactly. What *if* the user was logged in as superuser. Well
> > then, the question begs to be asked: why on earth would anyone read
> > mail as root?
>
> The root user often gets mail from the system. However, the root user
> can us 'mail' (or elm or pine ...) to read this mail, not a GUI
> mailreader. Thus, the GUI mailreader can be configured to point to a
> dedicated mail server POP or whatever for users.
Reading mail as root is a bad idea, IMHO. Why? Well, it comes down to
what you "mean" by reading mail. I think of it as recieving a
package. If a package is sent to our infrastructure admin, I open
it. I'm not "infrastructure admin" I'm Aaron Sherman, but the mail was
sent to me because I fill that role.
In the same way, mail for root should go to the person who is filling
that role (either via an alias or some more complex /root/.procmailrc
type of setup). This way replies come from a real person, etc.
The other way to go is to have a moderated mailing list that root mail
goes to, and I can see some advantage of this (e.g. threads being
tracked, etc).
> The root account should not get mail from offsite anyway, should it?
Oh, of course. Lots of people send mail to "ro...@mumble.org" in order
to bring something to the attention of the admins at mumble.org.
> > And, assuming they found some bizzare reason, why with a
> > mail reader capable of executing binaries sent via mail?
>
> This is a more important issue, and one which I would very much like to
> see answered.
There's no real answer. The bottom line is that you should never do
this. The easiest way to never do this is to just forward the root
mail to some un-privved user account.
> > I have to admit you have a strong point here. I think the fault rests
> > squarely on the shoulders of people like MSN, AOL and the companies
> > that don't educate their users.
>
> Ah, isn't this the more fundamental issue - people use MSware so that
> they don't have to be educated on its workings?
>
> Isn't that the whole idea of computing for the common person? Ease of
> use and all that?
Yes, but the idea here is incorrect. The software does not, to my
knowledge, exist that is a) easy to use for the layman and b) attempts
to educate them in further subtleties. everyone stops at ease of
use. Much as people make fun of the MS paperclip (and it does deserve
it in some respects)it does represent a key feature that software
needs to start developing: the ability to assess the level of skill
that its user has, and attempt to move that level up as far as it can
go. MS just did it poorly, but that does not invalidate the idea.
Of course, at some point it becomes the Young Hacker's Illustrated
Primer ;-)
CG
<ze...@nospam.club-internet.fr> wrote:
>
>Joseph T. Adams <j...@apk.net> a ecrit dans le message :
>829an7$9fc$1...@plonk.apk.net...
>> In comp.os.linux.advocacy "Paul 'Z' Ewande" <ze...@nospam.club-internet.fr>
>wrote:
>>
>> :> There is only so much sympathy one can have for people that know a
>> :> product is crap and use it anyway. If you want to buy a yugo, don't
>feel
>> :> persecuted when people laugh at you.
>>
>> : Let's assume that Windows is crap.
>>
>> A fair assumption at least with regard to Win95, which is still the
>> dominant flavor of Windows on home and corporate desktops.
>>
>Your and others opinion, nothing much anyway.
>>
>> : Do you think that everybody knows it, when that crap allow them to do
>all
>> : the things they managed to do with it ?
>>
>> In addition to virtually all technical users, most nontechnical users
>
>Most nontechnical I've been in contact with and _some_ of "technical" user
>can't even make the difference between an application crash and a system
>one.
>
Well, to tell you the truth, the distinction in W9x is hard to know
most of the time, since so many application crashes bring the system
down with them.
>Windows kills a misbehaving program as an OS should do and they go screaming
would that it did.
>Windows crashed, because it's Windows and we all know how Windows is crappy,
>don't we ?
>
here's a question to the group as a whole -- for those using W9x, how
many times do you restart each day? I average about two or three
reboots, and it's a must after using Agent in the newsgroups because
for some reason my system slows to a crawl and will eventually hang if
I don't. Why, I don't know, it feels like a memory leak, which is the
application's fault... it's a shame, because I really like the Agent
interface.
on the other hand, it didn't always happen. windows is full of little
mysteries like this. about two or three months ago, windows and Agent
decided they didn't get along, so now, if I use Agent for more than
ten or fifteen minutes, I have to restart windows to make it "work"
right again. I would love to know why, but I probably never will.
maybe it was an upgrade to some program somewhere along the line,
maybe it was one of those spectacular windows crashes that takes three
or four reboots to recover from, and after which you find all sorts of
new and strange things going on.
it seems to have started at about the same time that I changed my
CDROM.
but why does it have to happen at all? why can't windows reclaim all
the memory and system resources from the application when it
terminates? why do I have to reboot?
every week or every month it's something new with windows. recently,
it's been the .dll disease. it went something like this.
about three weeks ago, I started loosing a toolbar in Word. at first,
it happened just once in a while, but it got progressively worse.
(has anyone else noticed how M$ applications just seem to "break down"
after a while?? maybe it's time for an "upgrade??") of course, I
posted my problem in the relevant newsgroup and got no responses (I
learn more about windows in the linux groups than in the windows
groups). I checked out the WOPR web site, and sure enough, others
have reported the same problem, and there were three or four different
solutions, the most likely one involved editing the registry file,
something I admit I don't know how to do, haven't spent the time to
learn, and of course, windows doesn't tell you how to do it because
you're not really supposed to anyway.
so I decided the best thing to do was uninstall Word and reinstall.
that's when the fun starts.
first, to uninstall Word, you have to have the original installation
CD. Ok, I have it, that's not a problem, but it strikes me as
absurdly stupid. I uninstall word, and then try to reinstall it.
oops, I'm now missing Access. Whatdya know?
to make a long story short, I had to uninstall all of Office and
reinstall it again just to get Word working right again. now about
the .dlls. When you uninstall a program in windows, it asks finds a
bunch of shared .dll files that aren't being used by other programs
and asks you if you want to take them out too, cautioning you that if
other programs are using them it might cause problems. Wait a minute,
it just told me other programs DON'T use these .dll's, so what's the
problem? well, hating to think of all these unused programs
cluttering up my hard drive I took them out too, and of course half my
applications woudn't work afterwords. what a nightmare. all because
word broke down for no apparent reason.
tell me this doesn't bite the big one.
>And they are the same which are using Windows9X at home as their primary or
>sole OS, and they go around bashing MS/Windows since it's the cool thing to
>do nowadays.
>
actually, I have linux and only linux on my home machine, and it
doesn't crash. runs on an ancient gateway P-60 with a big drive and
lots of ram, and KDE knocks the socks off one of my newer office
machines running W98 with a celeron 300, 5 gig hdd and 32 megs of ram.
yes, I know, bashing W9x is just too easy but that's the point.
scott reid
I think it's sad that MS is in such a hurry to get rid of dos...but when my
xwindows crashes(usually my fault) I can always <ctrl><alt><backspace> without
having to reboot and wait for the filechecker to tell me all's well. Besides,
there is something inherently beautiful about being able to exam the system you
are working on (the source code, but especially the config files...as most REAL
problems are the extra software we pile on these things).
As usual, JMO.
Jeff Szarka
:Greetings,
:
:I've just noticed that there's a new virus to delight the MS
:enthusiasts: MiniZip.
:Only runs on MS machines. Now, where did you want to go today?
:
:Poetic justice, I call it.
:
:--
:
:
:I'm off in a few days for a long awaited trip that will take me to Tibet
:and other exotic ports of call. It's been a lot of fun - thanks
:especially to the Winvocates for putting up with so much of my crap
:(even though it was mostly true!).
:
:
:So long, and thanks for all the fish.
:
:
:--
: no .signature : no matches
You would think at this point MS would simply make OE unable to read
HTML e-mail or at very least present a warning.
Jim Ross
Dave <Nu...@Business.net> wrote in message
news:hd5NOIaUP5CTlZ...@4ax.com...
> On 4 Dec 1999 02:34:05 GMT, "Joseph T. Adams" <j...@apk.net> wrote:
>
> >No, it's all in the design.
> >
> >Linux was designed from the ground up to be a network operating
> >system. Windows was not.
>
>
> Dave
Neither NT nor Win2000 are "Windows".
Those are from the NT codebase.
Jim
Joseph T. Adams
:>No, it's all in the design.
:>
:>Linux was designed from the ground up to be a network operating
:>system. Windows was not.
: Really? NT? Win2000?
Well, network support is kludged in, sure, but the primary and
effectively only useful interface to NT is Win32, most of which was
developed in the early to mid-1990s, before Microsoft saw the Internet
as anything more than a fad.
Win32 is not without its nice points, but it badly needs an overhaul
and a "cleaned-up" subset that is 64-bit clean, fully reentrant,
fully-thread-safe, uses Unicode throughout (the kernel already does
IIRC), doesn't depend on 32 bit implementations (much less 16 bit), is
network-aware, and does not depend on the registry. The existing
Win32 implementation should be capable of being built on top of it,
for backward compatibility. It would be a daunting task, but
Microsoft's survival could very well depend on doing something like
this.
Windows advocates: am I behind the curve here? Is Microsoft already
doing anything similar to this? How is Win64 going?
Joe
John Saunders
news:82lap0$ml7$1...@plonk.apk.net...
> Windows advocates: am I behind the curve here? Is Microsoft already
> doing anything similar to this? How is Win64 going?
You're only ten years or more out of date. Please see msdn.microsoft.com and
find out for yourself.
When you say "Network Operating System" are you referring to things like
shared files and printers? Maybe even machine-to-machine IPC? If so, Windows
NT had it from day 1. It was present in Windows for Workgroups as well, and
could be managed in Windows 3.1 before that.
If you mean to equate "the Internet" and "Networking", then please say so.
Jim Ross
Dave <Nu...@Business.net> wrote in message
> On Wed, 8 Dec 1999 02:15:34 -0500, "Jim Ross"
> <jkt...@cw-f1.umd.umich.edu> wrote:
>
> >
> >Dave <Nu...@Business.net> wrote in message
> >news:hd5NOIaUP5CTlZ...@4ax.com...
> >>
> >> >No, it's all in the design.
> >> >
> >> >Linux was designed from the ground up to be a network operating
> >> >system. Windows was not.
> >>
> >> Really? NT? Win2000?
> >>
> >
> >Neither NT nor Win2000 are "Windows".
> >Those are from the NT codebase.
>
> comes from the Linux code base"! It is in fact Unix, it just can't
> *legally* be called that.
Not the same thing.
Posix is an open standard which Unix, Linux can use.
Unix and Linux offer similiar features and act a certain way and they are
simple in design.
However, Win9X was built in layers from dos.
NT was started more from scratch (or OS/2)
NT not only is different code from Win9X, MS had a different direction and
goals they had for it.
Like Win9X running dos apps well and games well, NT couldn't. By it's
different design, HAL provides
more security and portability, but blocked much game development.
Also apps that run on one don't necessarily run on another.
And no you can't recompile it either to make it work.
So Win9X and NT are different just from a marketing viewpoint, they are
different animals.
They don't work the same. Like drivers, etc.
>
> Have you ever used either? They are both "Windows" - hence the names
> Windows NT and Windows 2000. I use Win2000 daily here, it is Windows.
> In fact, it is the best version of Windows I've ever used.
Yes I've used both.
Names are meanless when talking about if two OSes are the same.
Are Windows 3.0 and Windows 2000 therefore the same?
You can't run most Windows 3.0 apps on Windows 2000.
You can't run any Windows 2000 apps on Windows 3.0
I have a feeling some/many Windows 2000 apps won't even run Win95 due to
different code base, features such as the Windows 2000 built-in installer.
How about running Win98 apps on Win 3.1?
How about a defragger from any version of Windows on another?
Can I run Word 97 (a Windows app) on WinCE? WinCE is Windows after all.
Can I run a Winmodem on WinCE?? I thought WinCE was Windows??
Further I don't know how you can say Win2000 is the best Windows you've ever
used.
It's not the best I've seen.
It's bigger, it feels even clunkier than NT (that's unbelievable).
Over-automates everything.
Now has the cheap fade-in effect (nice for Win9X users, annoying for anyone
who actually uses their computer alot)
Now with more restrictions (web-connections)
Now with less platform support (Alpha)
NT, Windows 2000 act differently.
They can call it whatever.
The fact remains. Between Windows versions, app support changes, driver
models change, hardward support differs, costs change, security changes. NT
and Win2000 are different. Period. And not always changed for the good.
NT, new technology can't even do what Win95 did in 1995. Like PnP.
Jim
>
> Although that can be construed as "damning with faint praise", it is,
> nonetheless, true!
>
> Dave
>
Christopher Smith
Hash: SHA1
"Joseph T. Adams" <j...@apk.net> wrote in message
news:82lap0$ml7$1...@plonk.apk.net...
> In comp.os.linux.advocacy Dave <Nu...@business.net> wrote:
> : On 4 Dec 1999 02:34:05 GMT, "Joseph T. Adams" <j...@apk.net>
> wrote:
>
> :>No, it's all in the design.
> :>
> :>Linux was designed from the ground up to be a network operating
> :>system. Windows was not.
>
> : Really? NT? Win2000?
>
> Well, network support is kludged in, sure, but the primary and
> effectively only useful interface to NT is Win32, most of which was
> developed in the early to mid-1990s, before Microsoft saw the
> Internet as anything more than a fad.
Networking support "kludged in" to an OS designed from day one to be
a NOS competing with Novell and Unix ? Who gave you an idea like
that ?
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.2 for non-commercial use <http://www.pgp.com>
iQA/AwUBOE9r3tIiOnIFzdsOEQLboACfTR4He6rCFf/mQ8HoDPlSbniYNKoAoOat
sx1w9sWs0OwzMYdqln4JO0lR
=0ccI
-----END PGP SIGNATURE-----
Donovan Rebbechi
>>Also apps that run on one don't necessarily run on another.
>>And no you can't recompile it either to make it work.
>
>Just like all *nixes have binary compatibility, I suppose?
He was also talking about source compatibility, which most UNIXs more
or less have.
>>So Win9X and NT are different just from a marketing viewpoint, they are
>>different animals.
>>They don't work the same. Like drivers, etc.
>
>But both are still "Windows".
And the "Windows" on my house are still "Windows", but they have little
more to do with Win9x than NT has to do with 9x.
>>Names are meanless when talking about if two OSes are the same.
>>Are Windows 3.0 and Windows 2000 therefore the same?
>
>Who cares? Both are *still* Windows - just different versions. You
>understand the concept of different versions, right?
Wrong. They are entirely different codebases. They are not
"different versions" in any reasonable sense. "Different versions"
in the context of software implies different releases of the same
codebase.
If I write a tetris game and call it "Windows 5.0" ( preferably in a
country with weak trademark legislation ), that doesn't make
it a "different version" of win95.
>Can you run Netscape 4.7 on Linux 1.0? It's still Linux, right?
Yes, it's still linux because it has the same codebase.
--
Donovan
Donovan Rebbechi
>If Windows 2010 is based on Linux or Unix or BeOS (Plan 9 for that
>matter) as long as it contains the Windows GUI and API and driver
>model and runs existing Windows apps (binaries) natively - then it's a
>new version of Windows, not just a "different version" of Win2000!
THis is at best a gross abuise of terminology. Here's an excerpt
of a dictionary:
/version/ <<"v3:S(@)n>> n.
2. a book or work etc. in a particular edition or translation ("Authorized
Version").
3. a form or variant of a thing as performed, adapted, etc.
Sure, (3) isn't really *wrong* in a literal sense. However, in the
context of a software package, "version" is usually understood to
mean (2)
--
Donovan
Jim Richardson
brought forth the following words...:
>On Thu, 9 Dec 1999 15:37:36 -0500, "Jim Ross"
><jkt...@cw-f1.umd.umich.edu> wrote:
>
>
>>Not the same thing.
>>Posix is an open standard which Unix, Linux can use.
>>Unix and Linux offer similiar features and act a certain way and they are
>>simple in design.
>>
>>However, Win9X was built in layers from dos.
>>NT was started more from scratch (or OS/2)
>>NT not only is different code from Win9X, MS had a different direction and
>>goals they had for it.
>>Like Win9X running dos apps well and games well, NT couldn't. By it's
>>different design, HAL provides
>>more security and portability, but blocked much game development.
>>Also apps that run on one don't necessarily run on another.
>>And no you can't recompile it either to make it work.
>
>Just like all *nixes have binary compatibility, I suppose?
the *nixes are from different companies, makes a bit of
difference.
>
>>So Win9X and NT are different just from a marketing viewpoint, they are
>>different animals.
>>They don't work the same. Like drivers, etc.
>
>But both are still "Windows".
>
>>>
>>> Have you ever used either? They are both "Windows" - hence the names
>>> Windows NT and Windows 2000. I use Win2000 daily here, it is Windows.
>>> In fact, it is the best version of Windows I've ever used.
>>
>>Yes I've used both.
>>Names are meanless when talking about if two OSes are the same.
>>Are Windows 3.0 and Windows 2000 therefore the same?
>
>Who cares? Both are *still* Windows - just different versions. You
>understand the concept of different versions, right?
And yet the winvocates claim that W2K is all new code, on top of
a bit of NT4, so how can it be just a different version of win 3.0?
>Which is easily turned off.
>
>>Now with more restrictions (web-connections)
>>Now with less platform support (Alpha)
>
>Since no one was buying Alphas to run Windows, who cares?
>
why would they" WinNT didn't even run full 64 bit clean on the
alpha.
>>
>>NT, Windows 2000 act differently.
>>They can call it whatever.
>>The fact remains. Between Windows versions, app support changes, driver
>>models change, hardward support differs, costs change, security changes. NT
>>and Win2000 are different. Period. And not always changed for the good.
>>NT, new technology can't even do what Win95 did in 1995. Like PnP.
>
>Win2000 has better PNP than Win95 ever did.
And the amiga had it better than both... 10 years ago.
>Of course "versions, app support changes, driver
>models change, hardward support differs, costs change, security
>changes" have never occurred in Unix over the last 20 years, right?
>UnixLand is just one big happy family where everyone gets along just
>fine with everyone else, right?
>
><giggle>
I probably won't be the first to point this out, but you do know
that the various unix companies are, well, different companies
don't you?
--
Jim Richardson
Anarchist, pagan and proud of it
WWW.eskimo.com/~warlock
Linux, because life's too short for a buggy OS.
Eugene O'Neil
Rob S. Wolfram <qwe...@rigel.island.nl> wrote in message
news:slrn84lngs...@rigel.island.nl...
> Eugene O'Neil <eug...@cs.umb.edu> wrote:
> >
> >Boot sector viruses only infect your computer if you BOOT off of the
floppy.
> >During normal operation (under ANY operating system), the computer
doesn't
> >even read that sector.
>
> It does, at least on FAT based floppies. The boot sector has more data
> on it besides boot code (like the type and number of FATs). I'm not sure
> about ext2 or minix floppies.
Well, okay. I suppose it might "read the sector", but it doesn't execute the
boot code, which is the potentially dangerous part. You can't get infected
by reading the type and number of FATs.
-Eugene
Truckasaurus
<Ding>
"This version of OE will not allow anybody to do anything, in
order to keep your computer virus-free.
Press 'OK' to NOT to continue."
"Warning! Using OE is hazardous because of the existence of computer
vira. Press 'OK' if your computer does not contain data and programs of
any use, in order to continue. Press 'Cancel' to abort."
Gee, this OE sounds like fun! Can I run it on my Linux box?
--
"Hey, if you don't like it, go to Russia!" - Homer Simpson
Martin A. Boegelund.
Sent via Deja.com http://www.deja.com/
Before you buy.
Truckasaurus
"Chad Myers" <cmy...@austin.rr.com> wrote:
>
> Perhaps we should start by ignoring moronic FUD/trolls like you,
> first, no?
>
> which simply demonstrates your ignorance on the subject, further
> lending credence to my "ignoring moronic FUD/trolls like you"
> comment
Wow! WinNT can't get infected with virus? I better go tell that to my
boss, so that we don't have to waste any more time and money on virus
checking our NT's.
Thanks Chad, you saved my company a lot of bucks! Where should I send
the check (and the bill, if NT turns out to be vulnerable to vira).
(...)
> > People keep guarding against this virus or that virus with antivirus
> > software, but
> > when will people fix the _real_ problem and stop using M$ software
that has
> > known vulnerabilities? The virus-by-virus approach they seem to be
taking
> > is utterly useless, as the number of variants that could be made
from any of
> > these is practically infinite.
> >
> > This really is a testament to how insecure M$ software is. Note
that it is
> > hitting large corporations the hardest. I don't feel sorry for
them one
> > bit. It is one thing to say, "Well, Joe Desktop User doesn't know
any
> > better..." blah blah. But a large corporation like these? Don't
tell me
> > that they, with the vast resources and money which they possess,
could not
> > afford to use something just a little more secure. All this does
is provide
> > one more example of how running Linux would have been to their
advantage,
> > and a corporation with that much money could afford to hire the
necessary
> > people to get it right and run a Linux desktop that even the suits
could
> > use. Sigh... I digress. At least I get a good laugh, seeing them
pay the
> > price that is associated with choosing the lowest-common-denominator
> > solution.
> >
> >
> > Byron
> >
> >
> > > --
> > >
> > >
> > > I'm off in a few days for a long awaited trip that will take me
to Tibet
> > > and other exotic ports of call. It's been a lot of fun - thanks
> > > especially to the Winvocates for putting up with so much of my
crap
> > > (even though it was mostly true!).
> > >
> > >
> > > So long, and thanks for all the fish.
> > >
> > >
> > > --
> > > no .signature : no matches
> > > --
jdu...@my-deja.com
Tim Kelley <tpke...@winkinc.com> wrote:
> mlw wrote:
>
> > Wrong. The virus writer is using the automation feature of e-mail,
to
> > send a macro and a self-extracting zip.
> >
> > What this means is that, e-mail is essentially a way to send
executable
> > content in Windows. Anyone even remotely involved with security
should
> > be outraged.
>
> Right. Which is why in my workplace I just installed some
> procmail filters that simply don't allow any email with
> executable attachments in my network at all. Nor do they let
> docs in that cross its macro threshold. Case closed, pretty
> much.
>
Well I think you should quit treating the syptoms of your problem
and elminate the root cause, That being Microsoft Office.
StarOffice is available for windows, Becuase by limiting what people
can do at work just impeades the Business.
> I still have a few probs with laptop users bringing crap in.
> --
> Tim Kelley
> tpke...@winkinc.com