Forum Archive Index - September 2003

["Gavin Treadgold" <gav@rediguana.co.nz>]

Not overlooked, just not mentioned ;)

> Gav you missed some alternative strategy's
>
> 1. Use a non Microsoft email program. Alternatives include
> Pegasus & Mozilla.
> This way a worm or virus is normally unable to extract address's
> from your address book as they are in a different format.

Yes, however many email viruses will still work by encouraging you to open
an executable file and it doesn't matter what email client you use if it
allows you to open executables. Admittedly Outlook does have more security
holes that enable Outlook specific worms to propagate and other email
clients will be immune. But other windows clients are not automatically
immume from all viruses. The secret is not to open any attachments that can
be executed... *.scr, *.exe, *.com, *.pif etc. I really think ISP's should
be removing all of these attachments before they enter peoples mailboxes.

Additionally, not all malicious software uses outlook/windows address books
to scrape for email addresses. Smarter ones will attempt to search for any
email addresses on the hard drive by performing a low level scan for @ (ie
*@*.* and *@*.*.* etc). There have been cases where individuals who have had
email addresses distributed my Microsoft in help files have received large
numbers of viruses from this method. Changing your email client will not
protect against this.

Of course I fully support people moving away from Microsoft software... alas
I can't ween myself off of Outlook yet - it is too nicely integrated with my
Palm :(

> 2. Change operating systems. Apple while expensive is an excellent
> alternative. Linux is also excellent but is a little harder to
> configure (but
> improving all the time). Both operating systems were immune to the recent
> worms and are better secured.

Also an option, but a big commitment and change for most people. The
alternative OS's OSX (Apple), and the Linux derivatives are getting more
useable. I have a linux box at home, and will be moving more to linux as
Open Office matures. It saves on the AV licences :)

Additionally, I regularly receive security updates for my RedHat
(http://redhat.com) box - probably more frequently that Microsoft - one of
the benefits of open source. But don't expect to not have to maintain your
box at all. I believe OSX is the same, it has reasonably frequent updates.

They were immune in recent attacks, but I would question the statement about
them being better secured. The more recent operating system you are using,
the more likely it is to be more secure, this includes Windows - somewhat ;)

Linux still has worms, but not as many. The first worm released by Morris in
1987 was a Unix worm. The reason Linux is hard to attack is because there
are so many different varients and a worm needs to take them into
consideration when attacking. Windows systems are much more homogenous in
nature - if you can attack one, you can use the same technique to attack
most.

Also Linux users tended in the past to be more advanced and able to lock
down their systems, but with more non-technical users moving to Linux, it is
likely that more insecure Linux boxes are finding their way onto the
Internet. And in time malicious code will target these boxes too.

Despite what I've said, changing OS is beneficial when looking at malicious
code. Here is the main reason...

Imagine operating systems as humans. Each similar operating system
represents humans with a different genetic basis. If the gene pool were like
the current state in IT, there would be a large number of humans with very
similar genetic code (Microsoft) - call them A's, and a small number with
more diverse genetic code (Linux, BSD, Apple etc) - call them B, C etc. Any
virus that comes along only affects a certain gene pool. Because of the vast
number of A's it is more likely that the virus will survive, spread and
mutate. We've seen this again and again in the natural environment. Give a
virus limited options and it is a lot simpler to halt its spread, mutation,
and even affect its very survival.

This is the key reason that malicious code is affecting people so much.
Microsoft has created a monoculture. And that monoculture is very easy to
attack because it is so dominant. The key to survival therefore is to create
more diversity in computer systems. More operating systems, and there will
be less dominance, and less ability for malicious code to spread from one
gene pool to another.

This is why I have all my important data stored on Linux, because it is near
impossible for malicious windows code to jump from one operating system to
another. However, I still have to protect against the linux system facing
malicious code, so at some stage I'll put a seperate system in to duplicate
business information - probably in another office in another city, and
running a different operating system. If one falls over because of malicious
code, the other is very unlikely to because they have different operating
systems and applications. Just a little risk management ;)

Here are some links for those interested.

NZ Govt Centre for Critical Infrastructure Protection - provides a
monitoring and alert capability for IT threats. They review threats and sent
out emails for threats they see as critical. A handy local resource and if
you're inclined sign up for their alert emails - they'll let you know when
the next major vulnerability is found, and also when patches are released
that you should install. For the heads-up on the next worm or virus...
http://ccip.govt.nz

Info on Linux
http://linux.org

Alternative Applications for Windows and other operating systems
http://openoffice.org (free and open source Office suite for a number of
operating systems)
http://mozilla.org (free and open source Internet applications, Mozilla
browser, Mozilla Firebird Browser (my current browser), Mozilla Mail,
Mozilla Thunderbird (also a Mail app))

AV
http://my-etrust.com - if you want affordable AV software that doesn't bloat
your system like Symantec/Nortons, check Computer Associates product out. I
use it for my business, after the initial purchase (USD$25 for first year),
the licence is USD$12 a year which is quite reasonable - esp. with recent
gains in the USD/NZD ;) . Purchase with credit card over the Internet and
download the software. Disc - I have no relation whatsoever with them. Just
a content user :)

Cheers Gav



----------------------------------------------------------------------------
To remove yourself from this list, please use the form at
http://www.sharechat.co.nz/chat/forum/