Linux & Open Source - eWeek


Is the Smart Grid a Dumb Idea?
Surgical Adhesive Offers Smarter Way to Mend Bones
Get Smarter Technology on Your Mobile!
  Linux & Open Source


MyDoom, Windows and Linux



 By: Steven Vaughan-Nichols
2004-02-03
Article Rating:starstarstarstarstar / 7


There are 1 user comments on this Linux & Open Source story.


  Table of Contents:
  1. MyDoom, Windows and Linux
  2. ' The Root of the '

Rate This Article:
Poor Best
MyDoom, Windows and Linux
( Page 1 of 2 )

eWEEK.com Linux & Open-Source Center Editor Steven Vaughan-Nichols has gotten awful tired of the shopworn argument that if Linux were as popular as Windows it would be in just as much security hot water as Windows. Wrong!

In MyDooms aftermath, once more Im confronted with the old lie that if Linux were only as popular as Windows, it too would have Windows-sized security problems. What nonsense!

Yes, Linux has security problems too. Yes, by sheer count of security problems patched, Linux (not Windows) has more holes. But thats not important.

Whats really important is how serious those problems are. With Linux, the problems tend to be small and fixed quickly. With Windows, the problems tend to be larger and not fixed quickly enough. Take, for example, the Internet Explorer phishing bug, which everyone knew about by early December but wasnt fixed until Feb. 2.

Or, more to the point, take MyDoom itself. According to mi2g Intelligence Unit Ltd., a digital risk firm, MyDoom has done at least $22.6 billion of economic damage in terms of loss of business, bandwidth clogging, productivity erosion, management-time reallocation and cost of recovery.

Resource Library:

I believe mi2gs numbers. Companies hate to talk about security problems, but off the record I know of at least five Fortune 500 companies that had to shut down their e-mail systems and desktops for hours to clean out the worm, which had clogged their e-mail systems worse than any spam blitz.

I wouldnt be surprised if most of the Fortune 500 were significantly damaged. Despite the lessons of SoBig and Blaster, security continues to be an afterthought in most companies and far too many companies rely on Windows for their desktop operating system and Outlook for their e-mail reader.

Desktop Windows built-in problems come from its history as a stand-alone PC operating system. Unfortunately, today its a networked world. Windows applications have interprocess communications (DLLs, OCXs, ActiveX) that can be activated by user-level scripts (Word macros, for example) or programs (Outlooks view window), which can then run programs or make fundamental changes to the operating system. Microsoft included this because it makes IPC very easy for Windows programs, and it does do exactly that. This is fine in a stand-alone PC where you may want to have your Word documents financial chart to change depending upon the information set in an Excel spreadsheet, but its a fatal security flaw in a networked computer.

Now, the security of Outlook—which is by far the most vulnerable of Windows applications—has improved significantly since the day in 2000 when ILOVEYOU was the worm of the hour and I said Outlook was a "security hole that happens to be an e-mail client." Todays versions of Outlook come with proper security settings so that a user cant start a worm simply by reading or using the view pane to look at a file. But that still leaves other problems.

Next page: Getting to the "root" of the problem.





  Reader Comments: MyDoom, Windows and Linux
>>> Post your comment now!
English, motherfucker!
Jesus Christ, man. Learn to use apostrophes. Your article looks like it was written by a fifth grader. It wouldn't be so bad if you only did it...
Posted At: 01-19-09
By: anon
>>> Post your comment now!
 


 
 
>>> More Linux & Open Source Articles          >>> More By Steven Vaughan-Nichols
 


xkw8 }NzcH9%ǚؖRIR"$M?_ot%_ҞgBP(~ 'I"n\8ܢd;|9|@D%SjNA]k3g{l es`p,mg h{9Dm@~5; s!&~=KE!eG$oqX}؁䛿S=2t3ݛ6BT Kd/B(?csC=z'?=i@a5w0vK]K_nCUVekV6^;s9Fȹ3z$nPr&N7w#25ARZB[4HeCc7`wXS.PVf̴;gu[gc=ױ}ǣ!&$fF=~0[QM9$7 V\jyaO,ӇqtRpce[7G0ml_j| sqHfjd1KU ozcnk txz`:v8,2踞þʲn gmdۼMydijTӪrT5X;ߋWm8e&2͏Q}޹RV5MQjU0> n0tp;܀RrLEess^_ad}+1UJ Z. G$_6ttXOB^ $9@FI?j;jkMюR=%Y̮g fVҘ 'UUjH,ǝq%?Zڗu&u}X&ZhCA+t19zqsںy\7=rڽ&Iř{Ά0pgs Zʿy['^=z,rG=jZ-$5VMusBr,Ndo/ !}O}nr2GrI/o"KŗG)H7#ǚMmdƱ(|ǺrN~}M'Zf-Mn "dh|]w P3Z$923=Pru&Sk~$M cb.L2o2|)m̗U/d`(AK/g- 5t*軤(If0;A0<^f/_\@ 1 p1S{n2.sd>U<8vwܬu"*մޙ-~4ҢKsInH{⧋vǫ #KEHYf7-wI09ꨦUʵt ?J jGExQo+& rO f[Ԗ-ò˄A ~}?f NQ}5>m;4d}t>჎(>hƋMri>I70i\+Gݺ~NnXŞ* Q߭Dm|&>ld(4(sɹw[P&w& zrtcPDE}vCρY' #}S(|` 39;ݴiǀxԘ(_]jÐx?k1 %@H hI#r B1,`@n!` P􎄰R1iJLO:Tv{B#ܙ8TZ*kR1eb -x[b~ILg2+Iɴh4Z*ȉ#m"09X -'Z X%ּ fiZ\OG4MhȄ%Gn]ռs2H`w?a!1q WQe@s's<4ğN'=ǺdmA 9g߃)兏u5dMjE3ӆMI|Ehs 2!jԹǦZ&5\'ݒn86h{Ͱ&QoTM?>yBOM\naDP$7:O̗HږiESRoBo+څP!_.dI_fMblȌu>I!VB!7OH wf@nmHݤ|r%eR{`MLE2a==%nQ/0}ԙQĠ3BZSOs\| g:[6[7˦EI8Jەi]jk-T8W7Bɶ/²xcP66R(kυ5Ӳ =2P" Cx EZ҆Ss m &TYgӟBtX)Z%a5sV@d@7h` DlVCax5Zz' As,\OT.n9 G p6H%2ĂN?ATSt ˀQU5R>ka@_ƅ/Љc`{:[ CZ\Saﴽ.JM.jh>n GC= 0ɉV*a0؋TMk <ݝvmļZB_@iXԗKJAUc/`kLĽf2,rƎe9وAF CQ>-D.L{ jpj Zqqf~~~0,Ly.J>:F}`'|\sgIF}OДa˘34|q6L,*IH砉bAQ OkMf٧7_g>Ѐ!ak"A4b6>\PXt> r+b$[8:T:$f߂RI:,C$=tǜ}h3ʫ2 yYZ J alheU-UjRAfsϏyO="1tc81оz,LH0Gv=3hTa6uUԪ}VW{%|h#R @ `! Kx{ZCAk1۩Dw\܁c2P>H(Tg7gME]ac6U{zn&)Z-MӓU;4 OcIۛgoj-rF釛Lks0j(Y|;` rfVȍZtNd_&F}G ϣGjZ)1ߗ,09DW|)3PWi21󓫻Z+U c ׃nc>GsWn~UmЯ|m,Ln1yc%[Ŵw)n<0{L3gF> io4rd2y6PZMm"Y;"N_ ̽~jL-}TJJ\ӳ (J+H@:erȗG3~a,0t&n\#A`|l'8oy U8e3 S`e3˕2~g^`. JU-~ tɝxAcEi\khkc򑤏}NJBDuATn UbPQKJBЛ'aC.FqimEBSkOps)p B0_ \PF.^ʵhD]R.)3na/ ~egm S?PGF˔[ā0W4$NbVpDMc? h)렙2Ti/6/:_u_u{~{yHDмGp֏ Ւu_+Kx4Wsj㐔Z>~~lI6?NeB&{fB, '8oHzq!s'^Y{{l:km}#8.odhq^8K%y;"˶u ߽<rDp'Bjw>\$'d0 srn^'7b7L`jX&IEyD#Sk!F4 H0 BX׭5' ^t%V}Xq!q6(FG<]?ּSB&T ˓$-I^O eqj ieʒ~(i'1ۡ ҡۓ]5/G8 (OLkrwisy/a)-*VZRZ-V6yʏhqz])LU9$gy/uϏZEbݙms==vc%vd:Gw*b9,_빿=hrrӅ[ey$smCgLرD}4%zv`蚳 o. L[ıp߆؉ ?O*yr osל8{JnL<:U3b]yE<.ď%㇆3M!.I߾&/3 #AI=g7omT>eNx?IАߙ=p9!M[_:ܓ9HwNI}i^wl'LUzyZ P>?G$c:I"I^U֭UdU)I=YEG㳑)G8GxL_/o臥4LZY>]bwP;_z͞YiIu9/s\-"n'ZZ⽸|>W90.=y$/Av} ,D>?GkoD:*p&޸ Ot8/`-=GT82O-2F]-/>,ѵTO_Я+%c5G.sL{+N 瘙**^!g}x0ς,q \)ᱞKTam*C'e~#]o"-xߜpJiӄ#D>k8, d'Wz0!؀mP 7G, ,A.ʛy7J9l h-1qSiћO&G'͒ pEXq`y(j9 ҏJIwJ '&[̌,&,s˰<&j Մ@G[6c8NymXi첎|Fap(#x; ъأwZBs}VľdA؜Av wRJY,졉Lɒ+voWHJCyc"a[V!p9bVS7Έi1g6lcHnna/_a kp˺E``]{J,f8\*J4Z)1Z_d^̓t1YRsۓRXPKI~.M S! E$ic*> $3gӛKݝ+(P">kD/_ޞ i_mɥKMV'g,UbDV(kT,JB%+ V;VV5HhC2 ~tM٩|*\ijV̠AD@6aaW@'Z^! ֞OY_ʫ<b^e֗ R m7Ӆ7gRJ.ԉ[-<DZ8cuZVf/'t9|̈'+K$N ؋jn"e[±RiG^3*^^^^R^X6=ѯ|)&a|BӞ9h=8T jtxXgs=8 g}"=okB6OW $gsw~@BT ~Mr WB1ی*l]Ĩ=RßNXp/wn* N+Gl݀kn9YfNFbbq /|+f$L,ϼE+{$+2a\Պچ j-a $j #+cY@S9lIVKz /JxAG#O΄ug.] /LK"tVU1j7A aM#Dp2CD;Jo<kK:}6w w,dO>I&^邗SΠ y O#pN$  O8|%ILsoQcB{&5 ԖtZymnoHMU7,07a2yaf$NX" a3hvJQmrnnnnW,_42S*%UбSע+4C_,̞e.U1~(Ya!o!v{c7;2BJyكB@!#o}܊֪l& @d\!cX~M>~Ua>īI}s|a `NOm۹';0@r= HX2@$AR^YDNѯ~k7mrfFֻt®=@[='2آXp[)C ¡B aP K?w4 O*bʠxߦNI B+FVǃk)$;1aLHj~ж}A˽=V4C mY[`cXE0m-mYޣ3玮{UZZJLnfiw>Sl}=͢oH@85Q/NlTD(&w 8c[[s@)f 5HV z@//cc^Rpx@QkW=K'R=[l_U6kZrw2$M E3(hMVÙBtsa!̇i] #[\GG'ٿgg^;P`nEƵVxrZLvwxy@g8A&+upy뽰>;PAft~GD> K#M፪)*a ?D~7긯L7~.F[sN\.MYXc̰8U?Ew搟̙xnG?ꤟRM:_E~-=Vq:dۈ'|s]㞈keevךS|l:K*ju:)? D*X\= !kjb`!O4#|nIAwy4,~D?S9E=1+>0V8ET 9,96iaT ܕĤAI҂B4얮ĨW\n"9HßXWԖk%yk#{"Z"'"KIH^X0+FpD]dbɠ#;^P_7`;LVf \sj61^R>&sjx%VQjz~zr_ZJӂ,w)]do=?5֘0HtL'fdg99/0۱px6-Rý<&HPjߙc#/Vkў`$2,9)i\d3+nіTm}yVң]%F bd .șn붩aґ`߷b~m9\G6يbM\ѱӑ0JZm,xi)_1DfDU<11t+P̲jNT]֏pY=XCE3 _\}­BVU%r&*3;mo$m[KӁCb :I c OErt&7\9P[[Z8@`m¼ϴ@BSxq ؛ḁ7f?= N9j joEֹIz# ,@e슍\a rB p47Gf\oz~}C@™6g$ɖàzEQt#ߛ3,ȏKlݜ(8&Sj9It!CK/HzNsZacdFCa]N͑/``p3W VjE)OBӁR:C KDU8|.OOnY,f/c\iBR. ?$-G쌆xɺxu0 }a3B};1h^]!k$6}:\w%9nwooė;urҽrڹl_]w.Ʃ&hT/湾xQ(;OFYyfvʜT'\ «XgrxixɎ>+bh,.6#Qw`JT/!jbTű4 Pl SF=Vi؊km9j8ٙEKN#CEGM{a6zQc p!>E'}ҽlIJ/6ρ3?Bnj_׌k(\~JmfwQ\'P~s ?m.?gVieC:CL2^Qʿl.?/.Ō_d_d^ds E/>/2">G/3?gAYFߠoP~Q{1?s w1]7]? ͐/W@Wq_e sA?=/c=/c}~\ S}}Y0 (*ɠh& K:ICP.Np3Kq /ޯ?e4@yJ͠2,c2\.2Kܿw2~2A\t[u CFWT=k ϼdmth8VҮaq_l _zi k{yHGW4<< X1rnmŚ/JYy8* t!=}}Z-(s#h603.Ñp[{?|[2Fs?`fE~@' @8pmঠϻH^w-Ak0.: 7W=M\ڎvڝGfmzumePcvdmo߆rI'<+?u>xPxZLԸRGpoQV" #<@o107=Qއ^V_p3nc&Hy>j~h|V/O*8uߜ:H4l?R+$A^,~u)Bcعkjz,jpO4pm ~ܛ8?x~:ɹT.jxQ$V˕R;qO+F$ô"Bȣ*R%}a`R++ QPफ़h[vRbo膖' yV8an%[zQ?"z%~@NL<6"s/cFA6of))^(GսD<'M~ m

.X">m?'.}Fu+J'"@2xԴu{$/;v4f S*4$SxsEzV? 3& *6bfUpY ѫr!|x@NoMއ.1|ee|n4~Uf2{{:з57d(Q|ӽE^Fq:h/ASl+6[ !ۂˌJ-ˬ>sV¹"UX Hٍ ,~:3_[mrΦ(@PPOWt:y@tz-E{cuݍ2ZWtmk]+l 1C>`]R>E+ ]'[ۧ3й?-{7/e;׾,{QAbf]s:#vAѺ v7" a^n1n-/ـ9@r;=֏*.uf94mBTFE®,:u` {];={&*kW؁nl`TLxq;s[_08V0|6,lp/>CwϏq`2[u~Z[8K cd.XI@ qk,Ma4,Lb5"[]QI(VvX3e3},@a)5\dBO SoO80Ux|-h\};}r,s0#ŸEr b2GjV0U9s, j7Wx/yc|>[zwD5bb&(G=zLk|XKx3sq-MSga+ecPXVc.GT{&Lǫ6 92lv* X*!KŬ"&D0H'R:tsh{h۟XsT*D%L0MÄr"+poq=y[יHpg8g0N^XpTT/D4;NB}aEt@'W3.rWĊKNš|]弽r'^e_:m^tοJzn`ggɳ^vXvQJ=Vju.?$+=={`osg|oUAtMjez'14ɋmEg,(3lW'5X-lu; o]jm٦d U4s_jjBJ6