Educause Security Discussion mailing list archives
Re: Future Impact of Viruses on Internet
From: Gene Spafford <spaf () CERIAS PURDUE EDU>
Date: Wed, 28 Jan 2004 20:22:38 -0500
Curmudgeon mode on: I'd like to point out that the majority of the problems we have had have two things in common. In fact, I would say that these are two necessary conditions for every mail-based worm we have seen in the past couple of years, and at least one of the two is necessary for all the others: 1) They include an executable for Windows 2) They are based on an executable encoded using MIME in email Those of us on machines running Solaris, HP/UX, MacOS, BSD, Linux, etc have simply had to deal with all the extra email fallout, but the malware has not established itself on our machines. There are fundamental architectural problems in Windows that makes these kind of things work so well (from the attackers' point of view). I don't believe they are being addressed as part of the MS security push, either. So, one way to protect yourself from these attacks is to consider a switch to another OS, at least for machines that handle email. That's not to say that other operating systems aren't susceptible to viruses -- they are. However, those other systems don't allow general user accounts such unfettered access to structures and resources that make worms so easy to establish, insert deeply into the system, and propagate so quickly. (Well, don't allow -- yet. I fear that the security lessons learned over the last 40 years are not being heeded, and Linux in 10 years will be in a similar state. But that is a different rant.) As to the second point, if we simply start blocking any executable content attachments, we will do a lot to stop these kinds of things (not to mention recover disk space and bandwidth, cut down on trojans, and reduce the number of pranks users play play on each other). I block .(com|cmd|exe|pif|scr|bat) files on general principle. I also bounce .doc files, and I am now bouncing .zip archives. This has never caused me any real difficulty in collaboration with others. If anything, it has cut down on the junk people simply mail because it is easy. Sending around 50K files for a 3 line memo is a waste of resources. ANY executable type routinely sent via email is going to result in a danger. Our community has established that we can't train our users to avoid clicking on attachments. It is also clear that the anti-virus programs, as a rule, don't catch all the new malware. So, let's be proactive and simply shut down the vector -- stop allowing users to send executables in email. I've expressed this before on this list and been mildly flamed for suggesting that people stop exchanging dangerous file types. However, I'm sure that most (if not all) of those who were so quick to criticize my advice have also had to clean up multiple instances of malware since. To me, it's like walking in a 1970s restaurant and suggesting that people stop smoking because it is harmful to everyone there. After being booed out, I've been enjoying the fresh air and watching all the smokers cough and succumb to repeated lung diseases. The addicts are so far gone they can't envision what it is like to be free of the addiction so they argue with anyone who suggests they can. I average over 200 email messages a day (NOT counting spam). In 25 years online, I have never had a computer virus or worm on my personal machines, with the exception of the Morris Worm in 1988. I do not have any anti-virus software scanning my email, either. It's not rocket science: I use a Mac, and I don't open or accept executable attachments unless I have prearranged for them and know what they are. I use a mailer that doesn't auto-open attachments. I don't use Word. So long as people want to put patches on fundamentally unsound software and procedures, problems will continue. If we want to really make a change, it requires actually *changing* things rather than putting new patches in place. Happy worm hunting. --spaf ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
Current thread:
- Future Impact of Viruses on Internet Tim Lane (Jan 28)
- <Possible follow-ups>
- Re: Future Impact of Viruses on Internet Daniel Medina (Jan 28)
- Re: Future Impact of Viruses on Internet Herrera Reyna Omar (Jan 28)
- Re: Future Impact of Viruses on Internet Gene Spafford (Jan 28)
- Re: Future Impact of Viruses on Internet Gary Flynn (Jan 28)
- Re: Future Impact of Viruses on Internet Gary Dobbins (Jan 29)
- Re: Future Impact of Viruses on Internet Marty Hoag (Jan 29)
- Re: Future Impact of Viruses on Internet Gordon D. Wishon (Jan 29)
- Re: Future Impact of Viruses on Internet Cal Frye (Jan 29)
- Re: Future Impact of Viruses on Internet Gary Dobbins (Jan 29)
- Re: Future Impact of Viruses on Internet Cal Frye (Jan 29)
- Re: Future Impact of Viruses on Internet Gene Spafford (Jan 29)
- Re: Future Impact of Viruses on Internet Jim Moore (Feb 03)
- Re: Future Impact of Viruses on Internet Scott Weeks (Feb 03)
(Thread continues...)