A Good Start at Eliminating Virus Attacks Against Your Computer.

[fez]

Hello,
           I have (unfortunately) been working with computers running windows based operating systems for around 6 years now. Not long, I'll warrant, but long enough to have a reasonable understanding. I have surfed constanty during that time, I have surfed ALL sites, normal everyday sites, information sites, kids sites for my son, music/mp3 sites, warez sites, Illegal sites, Porn sites, you name it, I've surfed it.
            I have had a permanent internet connection, my PC is online 24 hours a day. I run No Anti virus software and I have NEVER HAD A VIRUS!!! Wanna know why? Its because Ive figured out that most "viruses" are not in fact "viruses". They are merely scripts that have been written to exploit holes in defective software....... Mainly microsoft outlook and outlook express.  It would almost seem that computer Viruses dont even really exist (as such)and that the term "computer virus" is merely a convenient term to cover up a software bug that has been overlooked by microsoft!!!
             Most people dont understand viruses and there is this huge paranoia about them, scan this, scan that. I mean lets scrutinise it, we get a CD with a pc magazine and they recommend we scan it for viruses....
             Why is that?      
             Did they write one and put it on the disc for us to run?
             Or are we supposed to believe that some file from some program like winzip or  photoshop may have suddenly corrupted and became some hiddious file eating monster that will now infect our entire system?...
no .. Folks, if a file corrupted on the disc the program simply would not work! It wouldnt suddenly write itself into a virus program and infect our entire system because viruses do not come from corrupt files, they are codes that are deliberately written BY PEOPLE, to PERFORM SPECIFIC TASKS. and it is a FACT that ordinary files DO NOT CORRUPT AND SUDDENLY BECOME VIRUSES!!!!
     Did you know that when you open certain emails or web pages like those in html coding for example, outlook will automatically enter any restricted areas included on the page and automatically run any executable files that are hidden there BY DEFAULT!!!  It wont tell you ' oh by the way, this page has a macro or hidden java script that may contain a "virus" do you want me to open it?' It will just open it anyway. And now at last (after around 7 years of fuckups) Microsoft has recently released a patch that will (apparently) eliminate these holes (in IE6). But then, hey, its outlook, so virus writers will soon find and invent ways to exploit more holes. But mr gates has dropped any liability with his invention of viruses so when someone writes a code to exploit his defective software he can just say "Oh, it was a "virus".  Now, Is that legal? or is it  just that no-one has really analysed the situation before. We just all took it for granted that viruses were part of pc life. Well, maybe we should be rethinking that attitude. It would seem that virus terminology has been invented and nurtured by mr gates and performs a huge financial service for him.
    So one very simple answer is DONT RUN OUTLOOK!!!! or anything to do with it. Use a web based email server or any number of non-microsoft mail programs and DONT OPEN ANY FORWARDS OR ANYTHING FROM SOMEONE YOU DONT KNOW ! If freinds of yours get a joke or something they want to send you, tell them to send it as a regular email not as a forward because most 'viruses' forward themselves and you DONT OPEN FORWARDS!!!
      I would also like to point out that if you or I bought a car or a house or stereo, blender, chainsaw, toothpick... you name it, ... whatever.... if we bought it and it didnt work, we could take it back to the place of purchase for replacement, repair or refund. Yet if we buy an item of software and it dosent work and we lose all our work of years, our business or our life because of it,  the company is not liable???  How does that work?
      How come these companies are BY LAW  allowed to release buggy software and are not held liable for it?  Is it because computers are so confusing for so many and they just think, oh it must be me or the pc, or is because microsoft has promoted that attitude, and somewhere through it all bill gates somehow learnt to invent terms like "virus" to cover his ass and confuse people. As far as I am concerned he is no more than a criminal. I mean, after the mess we all experience just trying to get a pc to do its tasks, its pretty obvious whats going on.......we are being screwed by a megolmaniacal asshole who, quite obviously has a deal with people in high places so that he can fuck us all and not have to pay.
      Now I admit that there other buggy and insecure software releases, not just from microsoft, and that there are many other ways of being hacked, ICQ, etc (notably, mainly all software released by microsoft and its affiliates) but most of them just use that as an entry point and utimately, attack outlook or some other code in Windows and exploit its holes to access your system.
     So!! if you dont want to get a 'virus', the solution is real simple, realise that bill gates is a corrupt, incompetent asshole and a REAL 'class A' criminal and DONT INSTALL OR RUN OUTLOOK!!! or anything to do with it....
fez

[Master of Reality]

I had windows98 for a long time without running outlook and only using Netscape. I put on Norton and scanned eventually and found only 14 viru (at three different times... 2, 4, and then 8... now i got Linux). I had ZoneAlarm 2.6 and then ZA 3.0 when it came out

[choasmaster]

my dad just had a problem with lookout, it took him and me like 2 hours to figure out that outlook had a problem and didn't want to load my moms acount, i was almost to the point of saying "hmmm, never had anything like that happen to me" for when he said "yeah, linux is so great when you have like no sound support on that thinkpad, if a *real* os was installed like windows it would be fine" what i think some people just don't get is its not linux's fault if it can't support a peice of hardware, its the people that made that hardware for not like realesing info on it. though i think that the outlook problem had him confused and pissed, he just accepts that windows sucks and still uses it, becuase he doens't want to learn anything, and worst of all, my internet connection is routed through that peice of trash windows box.  one day i think i might get him to try linux, or even stop using that bundled windows trash.

[voidmain]

If I were in your position I would run away from home (this is meant to be a joke, standard M$ non-liable disclaimer).

[choasmaster]

its the only thing he knows, and he doens't want to learn, maybe i can pull a nostalga trick, cuase even though he didn't know it, he has worked with unix, like booting mainframes and such, its just that that job didn't tell him anything other then do this this and this and its booted and such, i learned a greap tech support tip from him thouhg, when shit breaks, take the teliphone at your office, and take it off the hook so the 200+ people that are calling to harrase you and ask why there terminals aren't worknig and why the machine doesn't work won't bother you. but that was back in the 70's 80's, but i also think he doens't like windows too much, he just doen't want to learn things, but im gonna try, iv been telling him about opensource and stuff, owell, but today with the lookout problem i think i might be able to tell him about how much of the linux os is based on text config files, cuase we got in a discussion of the windows registry and how that could be a problem, he then told that he hates the windows registry. and that in win3.1 there was alot of textbased config files and such. i think i am going to show him XF86Config, /etc/inittab, and maybe some . files in the /home dirs. and maybe what you can do with then, cuase with linux, youre god (tm) well, sorry to rant too long, not enough caffien today

[Calum]

reading the first post, all the evidence seems to be watertight, however, the author seems to suggest that the solution is to continue running windows as your only operating system, but just spend a shitload of your life jump[ing through hoops. You pay for a computer and then you're not even allowed to open your own email for fear of a "virus"? what?
why not just get an operating system that lets you open attachments and doesn't fuck up?

seriously, anybody that reads any of this stuff and wants to continue with windows under the impression it's safe is banging their head against a wall.

I run windows for some things, but it's due to shitty hardware problems and also, i expect it to break down all the time, which it does.

Don't try and get windows into a working state, you will lose...

[choasmaster]

the longlevity of an idea is proportional to is wrongness/*sorry, was reading the fortune files again*/

[nino]

you'd better open a page

www.hateoutlooklikewindows.com

or

www.gotaproblemwithoutsolution.com

or

www.mainstreamswimmer.com

decide wether you are completely unhappy with windows and change to linux, apple or whatever or like&live windows with all its crappy attributes like outlook and bluescreen.


 

[sunshine]

I look at the forum and I notice a few things.
1. Most of the people who post here are from europe.
2. Most of the people who post here are Linux/*nix users.

I am a Linux user, I'm also a system administrator wo works on a integrated Network. It's hard for people to migrate from OS to OS and harder for people to move from platform to platform. Especially when your economic enviroment is centered around a peice of software that is considered economically viable. The real fault here is with the U.S. Economy, and the U.S. Government. The Feds dropped an anti-trust case against the green monster itself. proof that the Economy is not ready for a swift migration. It's like the oil industry. Oil brings in to much money to just forget about, even if it is killing our children's future. We can't change it swiftly, it must come when it has to. Fortunately the time is very near. With current hardware advancments and economic turnovers (OEM's can't afford to make computers AND license M$ products)

anyway just my two-bits
...

[Calum]

the USA's economy is at least as good as that of most terrestrial countries at the moment, however you make good points.

[Master of Reality]

quote:"outlook not so good", wow that magic 8-ball knows everything. Next I will ask it about exchange.  

taken from undeadlinux.com

[DC]

Though the idea works in today's world, one of the premises ('viruses don't exist, they are outlook bugs' - or something similar) is, ofcourse, completely non-true. For the ignorant, viruses (and, actually, pretty much everything on computer-software-area) originated from BEFORE Outlook. Before Windows even. Before Microsoft, even. These old viruses aren't much of a threat these days, since they do way to little damage compared to outlook-viruses, but they DO exist (in software labs, probably, not in the wild I hope).

And yes, viruses can, and do, infect executables. In Windows (usually), Linux (barely), both (yes, those exist) or other systems. And yes, those can spread to CD's (when they are written, not afterwards, but still).

What IS true, is that there are a lot of viruses specifically for Outlook, which should therefore be called outlook-viruses (not e-mail virusus). Those are the ones haunting the net these days.
But those aren't the only ones - there are other, normal executable-infecting viruses (usually on Windows), and IIS (a MS program...) viruses (Code Red was one. Actually, it was a worm, which is something else, but still).

Plus, on MS-systems, viruses spread like wildfire  automatically. Under Unix (dunno bout Mac), you must be a complete retard to get a virus, since most of your executables will be owned by root, non-writable by normal users, and you'll be running as a normal user. User-writable executables shouldn't be run by root (for those who do not yet know, running a Linux/Unix system as root is BRAINDEAD).That actually does mean there is _some_ virus-problem possible, but it can't infect files not owned by the same user who was stupid enough to get it, nor is it able to harm the system.

But still, thinking you're out of harms way, viruses concerned, just because you don't use Outlook/Windows is as braindead as using Outlook/Windows.

[pkd_lives]

Yes...but.

In todays commercial world, virus as a threat for *nix, is almost pointless. We all know it's damn hard without getting root, so any virus that gets written is going to be written by someone very smart (not a script knowledgable kiddie - I'm sure ex eleven can offer some sage words here). in fact it's at the level that if someone is going to do it, it will probably be a targeted attack, and as such if you are going to be hit by such an attack/hack, then virus software/firewalls are not going to help.

That's primarily the point. It's too fucking easy for some lame, bored, unintelligent kid to write a virus and have it execute through such a highly used e-mail program. Other e-mail proggies don't suffer to this extent. And this here is what most people fail to understand, most viruses are written by people who don't really know that much about computers and software, just look at the profiles of those people arrested for writing this stuff.

Virus exist outside of M$, but the point being made was that it's the easiest start to make in stopping them. M$ are seriously at fault because after all these years it's still too easy to write virus that will execute on M$. With all other software (and I must admit this is secondary evidence about macs), bugs susceptable to virus are announced early, programmers work damn fast to protect their customers by patching the hole, or writting a defence. The shear number of hacks, and virus in existance due to Windows vastly outnumbers it's user database.

Most hacks on servers were big news, until a few years ago. Ask yourself WHY? It's easy, hacks used to be specific, then M$ hit the server scene big time, now it's so fucking common-place I'm scared to release my data unless I know a company is not using windows on it's server (and yes I do check).

No-one with an ounce of intelligence will deny you should watch out for virus, but I want it to be occasional, if I get attacked I want it to be by someone much more fucking smarter than I am, and yes lookout is responsable for more virus that it's market share - by a long fucking way, read through the virus lists published by the security companies (Norton and Co.).

I am aware I used virus and hacking and virus protection and firewall a little interchangeably, but I know the difference, and it's all part of the security issue (Virus as you appear to be aware are only a small part of it all - just the most known).

Ironically at this new job of mine, I have to use outlook, and I have to ask why? I think it's the worst e-mail program I have ever used.

[DC]

quote:Originally posted by pkd:
In todays commercial world, virus as a threat for *nix, is almost pointless.

No it's not. Ignoring stupid sysadmins who infect the system (those probably exist), a virus can spread in a Unix enviroment. The result will be far less devestating, if you look at damage to the system, but if an important manager/accountant or whatever gets his files deleted or scrambled, there *will* be damage.

 

quote:
We all know it's damn hard without getting root, so any virus that gets written is going to be written by someone very smart (not a script knowledgable kiddie - I'm sure ex eleven can offer some sage words here). in fact it's at the level that if someone is going to do it, it will probably be a targeted attack, and as such if you are going to be hit by such an attack/hack, then virus software/firewalls are not going to help.

Partially true. In Unix, someone who wants to seriously damage the entire system, or servers (which are hopefully run by above-room-temperature-IQ-persons) will indeed need skills far above those of the common script kiddie. But that still does not eliminate the thread to normal users.
Really, it isn't that hard to make a 'virus' that mails itself to users it sees on the HD, then scrambles a few files. On Linux. The problem here is executing it (unlike outlook this isn't done automatically), but face it - most lusers are stupid enough to execute files if they're packed nicely enough. And that WILL cause damage.

 

quote:
That's primarily the point. It's too fucking easy for some lame, bored, unintelligent kid to write a virus and have it execute through such a highly used e-mail program. Other e-mail proggies don't suffer to this extent. And this here is what most people fail to understand, most viruses are written by people who don't really know that much about computers and software, just look at the profiles of those people arrested for writing this stuff.

This is true.
 

quote:
Virus exist outside of M$, but the point being made was that it's the easiest start to make in stopping them. M$ are seriously at fault because after all these years it's still too easy to write virus that will execute on M$.

also true.
 

quote:
With all other software (and I must admit this is secondary evidence about macs), bugs susceptable to virus are announced early, programmers work damn fast to protect their customers by patching the hole, or writting a defence.

Not true. Granted, most (big) OS software realeases bugpatches in days, if not hours after discovery. Not all do this. And there is more in the software world besides OS and MS, and MS isn't the only one who uses security through obscurity.
 

quote:
The shear number of hacks, and virus in existance due to Windows vastly outnumbers it's user database.

That is only partially caused by Outlooks flaws. Well, a huge part probably, but not 100% of it.
Since Outlook is - by far - the most used e-mail client, and Windows is - by far - the most used Desktop OS (the target of most viruses - servers aren't targeted by viruses, they have worms and hacks), it is only logical that virtually all viruses are written for these, since the writers want to cause a lot of damage.
 

quote:
Most hacks on servers were big news, until a few years ago. Ask yourself WHY? It's easy, hacks used to be specific, then M$ hit the server scene big time, now it's so fucking common-place I'm scared to release my data unless I know a company is not using windows on it's server (and yes I do check).

Actually, IIS is, while flawed, not as flawed as you guys think (well, most of you). When patched, that is - and most IIS servers weren't at the time those hacks started. Do note that with IIS, it wasn't uncommon that patches were available before the exploits were used - ppl just didn't use the patches. Unpached Apache servers aren't that secure either (more secure than unpatched IIS, but still)
 

quote:
No-one with an ounce of intelligence will deny you should watch out for virus, but I want it to be occasional, if I get attacked I want it to be by someone much more fucking smarter than I am, and yes lookout is responsable for more virus that it's market share - by a long fucking way, read through the virus lists published by the security companies (Norton and Co.).

Ppl who are smarter that the average Linux user won't attack other ppl in most cases - only complete and utter losers do that (if they are smarter - script kiddies are losers too, but should be pitied because of there ignorance). But anyway, script kiddies will always attack you. Ever heard of DoS? Linux can't stop DoS attacks. Syn floods perhaps (with Syn cookies), but not true bandwith-orientated DoS.
I already discussed that next statement of yours a few paragraphs up.

 

quote:
I am aware I used virus and hacking and virus protection and firewall a little interchangeably, but I know the difference, and it's all part of the security issue (Virus as you appear to be aware are only a small part of it all - just the most known).

Allright then.

But anyway, my point is that MS is, maybe, 50% responsible for todays security problems. Maybe. This is actually a lot, but not nearly 100%.
Users - and their ignorance and stubborn refusal to learn even a goddamed tiny bit about security - are the real underlying problem. Without that, there wouldn't be a problem even under Windows. With it, Linux is not safe as well.
I predict that if Linux makes is as a desktop-OS, there will be a huge increase in Linux virusus. I hope, and think, that you will all be spared, but I guarantee you that the common user will not.

[/quote]
Ironically at this new job of mine, I have to use outlook, and I have to ask why? I think it's the worst e-mail program I have ever used.[/QUOTE]
Really? Do they really force you to do that? How? Why?

[voidmain]

Viruses run in Linux as a normal user can *not* scramble system files and executables without root access. Only root has access to the binary executables on a Linux system.  Hence a virus can not propogate itself by the definition of a virus in Linux.  That is, it can not attach itself to other executable files, it has no permissions to do so. Most (not all) of the Oulook problems are actually "worms" or a combination of worms and viruses.

Now, having said that, the new Lindows OS (ick) will be *very* susceptible to viruses because it defaults to having everyone use the system as "root" and the "root" user has no password (duh! duh! duh! duh!).  Lindows will probably be the worst thing that has ever happened to Linux since it began.  Hell, at least Apple was smart enough with OSX not to have normal users log on to the system as root.  Why Lindows and it's brain dead CEO ever had this brain cramp I'll never know.  It completely goes against the most basic security rule of UNIX.