[SWLUG] thoughts on mydoom

[Lee Westlake]

By your own admission, the propagation of a virus based upon human
idiosyncrasies, is a matter of education, not OS security.

Choices are:

1) Inhibit software functionality, by removing the users ability to
"deliberately CHOOSE to run attachments arriving in their recent email".
2) Educate users.

Take your pick!

There is little debate here, as this is not a linux specific issue.

Best regards

Lee Westlake

-----Original Message-----
From: discuss-admin at swlug.org.uk [mailto:discuss-admin at swlug.org.uk]On
Behalf Of bascule
Sent: 28 January 2004 18:22
To: discuss at swlug.org.uk
Subject: [SWLUG] thoughts on mydoom


reports today describe the latest windows virus/trojan as the
fastest/biggest
ever; maybe it is but it got me thinking, this trojan relies on no exploit
on
the machine, rather it exploits people, and i'm not aware that human v1.1 is
due any day soon!
now imagine that linux is a mainstream desktop in use by as many people who
use windows, it follows that an awful lot of those users will be the same
folk who deliberately chose to run attachments arriving in their recent
email,
even allowing for education to filter into peoples brains in the time it
would
take for linux to become a mainstream desktop this means that linux <as it
is
now> would be very vulnerable to a mydoom type trojan,
1. if linux is a mainstream desktop then odds are the 'average' user is
using
a mail program and addressbook that can easily be guessed,
2. the goal of most trojans is not to trash the system, who needs root to
set
up a user cronjob or send mail to a users list of contacts?
so how secure is linux really?

bascule
--
"`Credit?' he said. `Aaaargggh...'
These two words are usually coupled together in the Old
Pink Dog Bar."

-- Ford in a spot of bother.


_______________________________________________
SWLUG Discussion List - Discuss at swlug.org.uk
http://list.swlug.org.uk/mailman/listinfo/discuss