IETF Logo Mail Archive

RE: [Asrg] Viruses

Barry Shein <bzs@world.std.com> Wed, 02 July 2003 19:59 UTC

Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA10191 for <asrg-archive@odin.ietf.org>; Wed, 2 Jul 2003 15:59:13 -0400 (EDT)
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19Xnkc-00087j-NM for asrg-archive@odin.ietf.org; Wed, 02 Jul 2003 15:58:47 -0400
Received: (from exim@localhost) by www1.ietf.org (8.12.8/8.12.8/Submit) id h62JwkQB031220 for asrg-archive@odin.ietf.org; Wed, 2 Jul 2003 15:58:46 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19Xnkc-00087T-K3 for asrg-web-archive@optimus.ietf.org; Wed, 02 Jul 2003 15:58:46 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA10180; Wed, 2 Jul 2003 15:58:41 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19XnkZ-0006do-00; Wed, 02 Jul 2003 15:58:43 -0400
Received: from ietf.org ([132.151.1.19] helo=optimus.ietf.org) by ietf-mx with esmtp (Exim 4.12) id 19XnkY-0006dl-00; Wed, 02 Jul 2003 15:58:42 -0400
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19Xnjt-00080a-O9; Wed, 02 Jul 2003 15:58:01 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19XnjE-000801-Ts for asrg@optimus.ietf.org; Wed, 02 Jul 2003 15:57:20 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA10154 for <asrg@ietf.org>; Wed, 2 Jul 2003 15:57:16 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19XnjB-0006bA-00 for asrg@ietf.org; Wed, 02 Jul 2003 15:57:17 -0400
Received: from pcls1.std.com ([199.172.62.103] helo=TheWorld.com) by ietf-mx with esmtp (Exim 4.12) id 19XnjA-0006b6-00 for asrg@ietf.org; Wed, 02 Jul 2003 15:57:17 -0400
Received: from world.std.com (root@world-f.std.com [199.172.62.5]) by TheWorld.com (8.12.8p1/8.12.8) with ESMTP id h62JvFBG002810; Wed, 2 Jul 2003 15:57:15 -0400
Received: (from bzs@localhost) by world.std.com (8.9.3/8.9.3) id PAA27479; Wed, 2 Jul 2003 15:57:15 -0400 (EDT)
From: Barry Shein <bzs@world.std.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Message-ID: <16131.14618.897344.185084@world.std.com>
To: Tom Thomson <tthomson@neosinteractive.com>
Cc: asrg@ietf.org
Subject: RE: [Asrg] Viruses
In-Reply-To: <IOEPKAPPDKHPENCKFNNGKECICHAA.tthomson@neosinteractive.com>
References: <16122.11883.895518.586214@world.std.com> <IOEPKAPPDKHPENCKFNNGKECICHAA.tthomson@neosinteractive.com>
X-Mailer: VM 7.07 under Emacs 21.2.2
Content-Transfer-Encoding: 7bit
Sender: asrg-admin@ietf.org
Errors-To: asrg-admin@ietf.org
X-BeenThere: asrg@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
List-Id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-Post: <mailto:asrg@ietf.org>
List-Help: <mailto:asrg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
List-Archive: <https://www1.ietf.org/pipermail/asrg/>
Date: Wed, 02 Jul 2003 15:57:14 -0400
Content-Transfer-Encoding: 7bit
Content-Transfer-Encoding: 7bit

On July 2, 2003 at 17:55 tthomson@neosinteractive.com (Tom Thomson) wrote:
 > Jeem was first detected Nov 15 2002. So you can't measure a span of years
 > from discovery. *nix buffer overruns were first detected long before that
 > and many remained unfixed for years.

Buffer overruns have been rampant over the years in all vendors'
software (and freeware, etc.) MS is also forever releasing patches,
particularly in IIS, to fix buffer-overrun coding bugs.

It's a vague and broad description of a generalized problem in coding
quality, a true bug, not an architecture or design strategy such as
allowing any mail macro to add system software and update the
registry.

The problem is finding them all in millions and millions of lines of
code. Occasionally they sneak in somewhat subtly. No one (here anyhow)
is complaining about a true oversight or bug.

Unfortunately for your puff piece, this is not comparable to
tolerating a set of very specific viruses/trojans/worms exploiting the
same (mis-)feature in a family of operating systems released over a
period of several years.

That's just refusing to fix a problem.

Anyhow, you do your cause no good, maybe you should let Microsoft
defend Microsoft, I doubt they need cheerleaders defending them in a
technical forum.

-- 
        -Barry Shein

Software Tool & Die    | bzs@TheWorld.com           | http://www.TheWorld.com
Purveyors to the Trade | Voice: 617-739-0202        | Login: 617-739-WRLD
The World              | Public Access Internet     | Since 1989     *oo*

_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg

v2.23.0 | Report a Bug | By Email