Screaming Penguin - Source Does Matter

Another LWV: Lame Windows Virus

My quote over the last few days has been the "LOVE" bug is not a virus at all, its a Microsoft feature (and while I probably heard this and adopted it from some other lame windows virus in the past, I did not steal it from CNET, although that is the first thing they mention as well.)

This new "LOVE" bug is not really much different from a number of MS "virii" in the recent past. The use of the Outlook address book and MAPI to propogate is not a new thing, and not one Microsoft is concenrned about. SpeedRacer (a frequent but recently absent ToTSP contributor) in a past ToTSP article, MS Virus Hypocrisy, very aptly pointed out the Microsoft position on such security issues. MS considers this to be a non issue. Microsoft calls the perpetrators "technololgy terrorists" and insists the products it produces are not to blame. I call that irresponsible. Read the previous article about the exact feelings of Microsoft on this matter, and note the keen perception of SpeedRacer when mentions that this is a wakeup call for system adminsitrators and managers NOT to employ Microsoft products (especially email, if you need to use WinX OS, then you could still employ a free POP or IMAP client and skip Exchange and Outlook.)

That having been said, and said, and said, this is still just another lame Windoze virus in a long line of such macros and scripts that can run privileged on any enabled Windows machine. Consider Mailissa, worm.explore.zip (which came out about 1 year ago, and is very similar to LOVE) and others. You can also bet there will be a thousand remnant variations of LOVE in the coming days and months. What this all illustrates to me is not the power of the virus "terrorist" or the complexity of the exploit, it demonstrates the weakness and gullibility of the worlds major software vendor and the worlds typical user.

Consider that governments, institutions, banks and even countries were so called "crippled" by this "virus." How scary and pathetic is that? Is the prevailing technology of the world so vulnerable? If the vendor of the software that most of the world uses claims it is not an issue, what would the result be if a truly malicious exploit was written that WAS more sophisticated and did REAL damage?

Why do people continue to employ Windows products in situations that must consider security? I personally have been involved in several security audits and operations where Windows was specifically removed from tasks that demanded a reasonable or high level of security, say a DNS server, or a web server (there are a myriad of exploits for server products such as MS DNS and IIS, not just for Outlook, beware.) There are so many exploits, configuration issues and flat out bugs or holes in much of Microsoft software that it should NOT be employed for tasks that require security (yes that is a generalization, but it has proven accurate for Microsoft backoffice and client products alike.). Also, why are users so dumb? IF you get 32 messages from people you never talk to that state "I LOVE YOU" in the subject and have an attachment you dont know anything about, why would you open it?

I think these are both valid questions and points. Why do we continue to employ Windows and other MS software for tasks that demand security, and why are users so naive or ignorant about security issues? This could be a REAL problem if a serious exploit comes along. I am appalled that governments and banks are so easily crippled, it is truly a major problem.

Check the links for more commentary from many major players and sites on this same topic. Be wary of any product you use in a area or task that requires security and it should be stated that configuration is normally the biggest factor (even in MS products, in fact especially in MS products.) A good sysadmin who configurs a product correctly can prevent most of the major exploits, that is always a key regardless of what technologies you employ.

On a lighter note, check out the fantastic new features of Office 2000, the Macro VIrus Wizard among them to aid the millions of malicious VBA code writers everywhere!
  Miscrosoft Security Criticized (again): CNET