[plug] Bugbear/B (Kai/Ben)

Craig Ringer craig at postnewspapers.com.au
Tue Jun 10 17:02:19 WST 2003 

> It's not fair to blame the user. The user shouldn't have to know. When 
> we get around to (fingers down throat) Internet-enabled refrigerators 
> and stuff, do you expect Jane Housewife to put "check appliance 
> antivirus updates" on her shopping list?

Fair... but given the realities of computer systems at present, that's 
/exactly/ what the user will need to do. This will continue to be the 
case unless some big changes are made, changes with the potential to 
mess with a lot of other things. Look at what MS is trying with 
Palladium (OK, trying to justify Palladium with).

W.R.T to current consumer systems, I'd like to think that MS would ship 
an integrated AV product, or license one from one of the vendors. Heck, 
on first boot have it say "You have 2 years free A/V subscription as 
part of your expensive OS license - please click on which vendor's 
product you'd like to install".

It'd be nice - but there are a lot of practial issues (like, if its 
shipped with the OS there's the implied burden of support ; also, 
getting vendors to agree to such a scheme could be hard).

Otherwise ... well, all current OSs are vulnerable to viri to some 
extent. Not all, admittedly, to embarrasingly frequent mail worms ;-)

Linux can potentially get hit by viri/trojans like any other OS - but 
due to the present lack of mail client exploits, they'll have to be 
manually executed by the user. Including, with most mail clients, saving 
the file then running a "chmod a+x; ./runme". To mass mail, it'd then 
have to /find/ the user's mail spool -
	~/mbox
	~/Mail
	~/.netscape
	~/.mozilla
	~/.mbox
and parse it. Not as simple as "read the user's LookOut address book and 
mail spool, then send mail to everybody in it."

Current 'doze worms/virus hybrids are more than capable of this sort of 
thing though. Handily, nobody has actually written one for Linux yet - 
probably in the expectation that too few people would be dumb enough to 
run a trojan. This /will/ change.

> "Q: What do I do if my 'fridge crashes and the door turns blue?"

Get an axe. It's the ideal solution to so many tech problems....

More information about the plug mailing list