RE: [Asrg] Viruses
Barry Shein <bzs@world.std.com> Tue, 01 July 2003 17:49 UTC
Received: from www1.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA09133 for <asrg-archive@odin.ietf.org>; Tue, 1 Jul 2003 13:49:14 -0400 (EDT)
Received: (from exim@localhost) by www1.ietf.org (8.11.6/8.11.6) id h5PNRAu04682 for asrg-archive@odin.ietf.org; Wed, 25 Jun 2003 19:27:10 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19VJfS-0001DR-Ro for asrg-web-archive@optimus.ietf.org; Wed, 25 Jun 2003 19:27:10 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id TAA11185; Wed, 25 Jun 2003 19:27:06 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19VJfQ-0002AU-00; Wed, 25 Jun 2003 19:27:09 -0400
Received: from ietf.org ([132.151.1.19] helo=optimus.ietf.org) by ietf-mx with esmtp (Exim 4.12) id 19VJfL-0002AO-00; Wed, 25 Jun 2003 19:27:03 -0400
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19VJfJ-00017Q-CU; Wed, 25 Jun 2003 19:27:01 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19VJeM-00013q-W9 for asrg@optimus.ietf.org; Wed, 25 Jun 2003 19:26:03 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id TAA10948 for <asrg@ietf.org>; Wed, 25 Jun 2003 19:21:30 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19VJa0-00026o-00 for asrg@ietf.org; Wed, 25 Jun 2003 19:21:32 -0400
Received: from pcls2.std.com ([199.172.62.104] helo=TheWorld.com) by ietf-mx with esmtp (Exim 4.12) id 19VJZp-00026l-00 for asrg@ietf.org; Wed, 25 Jun 2003 19:21:21 -0400
Received: from world.std.com (root@world-f.std.com [199.172.62.5]) by TheWorld.com (8.12.8p1/8.12.8) with ESMTP id h5PNLG87009996 for <asrg@ietf.org>; Wed, 25 Jun 2003 19:21:16 -0400
Received: (from bzs@localhost) by world.std.com (8.9.3/8.9.3) id TAA17728; Wed, 25 Jun 2003 19:21:16 -0400 (EDT)
From: Barry Shein <bzs@world.std.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Message-ID: <16122.11883.895518.586214@world.std.com>
To: asrg@ietf.org
Subject: RE: [Asrg] Viruses
In-Reply-To: <2A1D4C86842EE14CA9BC80474919782E0D228C@mou1wnexm02.verisign.com>
References: <2A1D4C86842EE14CA9BC80474919782E0D228C@mou1wnexm02.verisign.com>
X-Mailer: VM 7.07 under Emacs 21.2.2
Content-Transfer-Encoding: 7bit
Sender: asrg-admin@ietf.org
Errors-To: asrg-admin@ietf.org
X-BeenThere: asrg@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
List-Id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-Post: <mailto:asrg@ietf.org>
List-Help: <mailto:asrg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
List-Archive: <https://www1.ietf.org/pipermail/asrg/>
Date: Wed, 25 Jun 2003 19:21:15 -0400
Content-Transfer-Encoding: 7bit
Content-Transfer-Encoding: 7bit
On June 25, 2003 at 12:49 pbaker@verisign.com (Hallam-Baker, Phillip) wrote: > > I guess you can claim that if you dismiss any vulnerability > > as an "odd serious > > bug". To my mind there's a difference between, say, a sendmail vulnerability which is discovered and a patch issued within hours and a virus which can infect Windows95/98/NT/XP/2000/ME and probably other versions which are releases spanning several years. See: http://www.symantec.com/avcenter/venc/data/pf/backdoor.jeem.html I realize you want to defend MS for some reason and just launch into this sports-team bar babble retort like we're arguing about who was the best pitcher. But I maintain with complete professional objectivity that there are serious flaws inherent in Windows OS design which allow a virus such as Jeem to infect several generations of Windows OS at a deep, system level. Jeem, as a case in point: Copies itself to the system directory Adds a new registry key causing it to auto-start on boot and seems to do all this without any special system privileges. Now, without invoking how "some other OS is worse in your opinion", and accepting that this sort of thing (and exactly this also) seems to be a major vector in the spam problem, tell me how this happens across at least six major releases. I mean I want to know what technical flaws it exploits and why those flaws are present and available across all six OS releases (by "why" I don't mean philosophical "why", I mean what purpose this flaw serves or why it hasn't been fixed or has it?) For example, is it a FEATURE of all mentioned windows OS's that any non-privileged program can add new .EXE files to the system directory and modify the registry such that those newly added programs autostart on boot? Or is it a BUG which was exploited? And if it's a BUG is it odd that the same bug exists across all those releases, has it been known previously, why hasn't it been fixed in, apparently, over 7 years (Windows95 ... XP.) Try to remain technical and on point, and please try to avoid sophistry. I really believe we are nearing the actual heart of the spam problem. -- -Barry Shein Software Tool & Die | bzs@TheWorld.com | http://www.TheWorld.com Purveyors to the Trade | Voice: 617-739-0202 | Login: 617-739-WRLD The World | Public Access Internet | Since 1989 *oo* _______________________________________________ Asrg mailing list Asrg@ietf.org https://www1.ietf.org/mailman/listinfo/asrg
- RE: [Asrg] Viruses Tom Thomson
- [Asrg] Viruses gep2
- Re: [Asrg] Viruses Vernon Schryver
- [Asrg] Re: Viruses wayne
- Re: [Asrg] Re: Viruses Steven F Siirila
- RE: [Asrg] Viruses Hallam-Baker, Phillip
- RE: [Asrg] Viruses Bob Wyman
- RE: [Asrg] Viruses Vernon Schryver
- RE: [Asrg] Viruses Barry Shein
- Re: [Asrg] Viruses Barry Shein
- [Asrg] Re: Viruses Bruce Stephens
- Re: [Asrg] Viruses gep2
- RE: [Asrg] Viruses Bob Wyman
- Re: [Asrg] Viruses Walter Dnes
- Re: [Asrg] Viruses Mark McCarron
- RE: [Asrg] Viruses Barry Shein
- RE: [Asrg] Viruses Barry Shein