Re: Viruses on Windows
Originally posted by crenz
Seems that people like to conveniently ignore that Windows offers a nice infrastructure to viruses. Apple's Mail won't execute attachments just like that, for example.
Whatever. Lookout hasn't auto launched attachments since Office 97. Introduced in 2000 after SP2 you need to open the actual attachment to run it. Here is the gotcha though. The HTML rendering engine for Lookout is based on Internet Exploder and we all know how secure IE is
I've used Lookout 97, 98, 2000, and XP and I've never gotten a virus. 99.9997% of the time virus propagation through Lookout is done because someone runs an EXE without thinking. Now since a virus is nothing more then a program can someone tell me if someone writes a program to delete all system files on a Mac and a user actually runs it from on the Mac would this not f-up a system? A program is a program is a program. If someone runs a program on the desktop that program has free range to f-up the system. What makes these windows "programs" special is the unbelievable ease at which you can scrip EVERYTHING in windows. So while running a program in Windows and OS X might be the same. The difference is the ease of further virus propagation on windows. (Thank you VB script.
) I no next to, check that I know NOTHING about applescript so I dont know how much free reign you have with that but I have to imagine there is a sandbox keeping program from reading your contacts list and creating new e-mails from that and sending them out to all your contacts. Even if you do have this Sandbox around your e-mail system a virus has the ability to bring its own tools with it.
I actually stand in awe of the W32.Sobig.F@mm worm that has recently shown up.. It really is a work of art. Heres how it works. First and foremost it brings its own SMTP engine with it allowing your system to act as a mail server in a way. Secondly it reads from your address book and, this is beautiful, from any dbx, eml, hlp, htm, html, mht, wab, or txt file that resides on your system (Yep folks it can read html so if you have a cached web page with an e-mail address think web admins address it can send itself to that person.) and picks a user from random to spoof a user name. So even though its coming from
johndoe@comcast.net the e-mail and its attachments are being forged with
janedoe@hotmail.com this keeps the person who receives this e-mail from contacting the actual infected party and causes havoc by sending an e-mail to janedoe saying her system is infected when it really isnt. This caused some panics here in my company because we were scrambling to figure out why some of our users were getting e-mails from people they dont even know stating they have an infected system. Next this worm is also locally network aware and can use the RPC vulnerability found. This means its actively looks for other systems on your network to infect and since this RPC vulnerability requires no skills at all to exploit once it finds an open system its got ya.
Whats really cool is that the worm self terminates on Sept 10th. Basically this worm will be extinct after the 10th because the virus writer wasnt looking to take down the net. Just level a gun at the head of MS saying fix these damn problem.
Seriously this is a beautiful virus in a sort of twisted way
Anyways back on topic. I actually I fear for Mac users. If such a virus like this ever does appear its going to infect 90% of all Macs within a matter of hours. The reason? Mac users have been lulled into a false sense of security about how viruses dont mess with the Mac which leads to clicking and running attachments without question.
Many windows users had to learn the hard way.
