SLUG Mailing List Archives
Re: [SLUG] "Anna Kournikova" email worm - disinfection
- To: Mike Holland <myk@xxxxxxxxxxxxxxxxxxx>
- Subject: Re: [SLUG] "Anna Kournikova" email worm - disinfection
- From: Martin <writeme@xxxxxxxxxxxxxx>
- Date: Wed Feb 14 09:17:02 2001
- Cc: Sydney Linux UG <slug@xxxxxxxxxxx>
On Tue, 13 Feb 2001, Mike Holland wrote:
> > begin "tom burkart" wrote on Tue, 13 Feb 2001
> > > To clean the virus:
> > > 1. Search and destroy all emails with the subject line:
> > > " Here you have, ;o) "
> > > 2. Delete the registry key mentioned in item 1 above.
> > > 3. Search and destroy all copies of AnnaKournikova.jpg.vbs
> All that is a complete waste of time, since the trojan ('virus' if you
> insist) has already done its work, and is self-limiting. (yes?)
> Worse, such instructions a a distraction from the real problem, which is
> to educate users on basic computer hygiene. The next version might not be
> so benign!
> And anti-microsoft rants dont help. It could just as easily be a perl
> script targeting Linux. The weak link is the user, not the OS.
That's just not true, and blaming the user is a poor response. There
will always be some users who are newer or more ignorant than others,
and intelligent programmers understand that. Microsoft, as part of their
UI for mail (something they insist they pay very careful attention to)
have chosen to blur the lines between running executable code and
opening images, etc. This is an easy UI for beginners if you never get
sent a worm or virus, but leads inevitably to infection in a networked
environment. Even a proportion of skilled users click without thinking at
times, as we saw on this list. It's simply a poor choice in UI design.
You can probably find an email program for Linux that runs Perl scripts
in one click with the same user actions as opening an image, but IMO,
that would be a mail program with an appallingly badly designed UI, and
near non-existent security. One action (opening the image) has only
trivial implications for security, the other is an act of complete trust
in a possibly unknown user. They should be actions that present as
fundamentally different things to the user, and if they don't, you'll
always be fighting an uphill battle to convince users that they are
different, because the sameness of them is self evident.
So there is a lot of scope here to blame microsoft, not because they
have bugs that lead to security holes (don't we all, can anyone say
bind), but because here the UI carefully designs in a security problem,
and they have declined to fix it. The nasty thing about it is that this
well understood problem affects everyone on the net, who is subjected to
the worm generated traffic, M$ user or not. BTW, if you can find other
companies who have similar problems with their email clients, this
criticism applies equally to them, but that does not absolve M$ from
it. And I haven't even discussed issues like running as user giving
protection from the actions of a potentially more hostile version of
Sorry about the rant, but it really annoys me when people look at a UI
designed for beginners, and then criticise the beginners for the flaws
in the UI. Even if you train this lot of beginners, there will always be
new ones coming through.