> "My computer was infected by the worm "Happy99.exe". This virus
> plays with your e-mail and is self-replicating (places itself in
> the e-mails you send and also interferes with news groups).
> Just make sure you do not open a file by this name."
I guess it is time once again to tell people about a few basic facts of
life on the Internet.
Windows users: you are using an insecure operating system. This
means that there are numerous ways for people on the net to vandalize
your computer. Sending email with executable attachments is just one
way. Yes, many times you can receive good stuff this way, but every
time you execute anything that came from the net -- whether by email,
by FTP, via the Web, _anywhere_ -- you are *trusting* the originator
not to hurt your system. That's because once a program is running
under Windows it can do any damn thing it pleases, from showing pretty
pictures to trashing your hard drive.
This applies to Win95, Win98 and even WinNT. Yes, even the "server OS"
from Microsoft allows users to trash their systems. Because of the way
MS wrote its software, every user requires write access to directories
full of system software. Write access means the ability to destroy.
Unix and Linux Users: these operating systems are much less prone to
security problems. Not immune, but much less prone. However: you
must understand that if you are running as "root" -- that is, as the
superuser -- then you are leaving your system as wide open as any
Windows system is to vandalism. You must have a user account, and use
root _only_ for system maintenance. As root you have write access to
the system directories _- write access means the ability to destroy.
As a regular user, you do not have write access to system directories.
If you execute binaries from the net as root they can destroy your
system. If you execute binaries as a user they can only destroy your
personal area. Your system will live.
I'm sorry to say this, but it's a hostile world out there. You should
NOT trust binaries [e.g., macros and *.exe programs] from anything but
a well known and well-documented source. Windows users should not run
them at all, Unix users should run them from test accounts set up for
the purpose and which contain nothing you care about losing.
For myself, I take this even further, I run nothing but source code
that I compiled myself. Even that is not proof against vandalism --
I restrict myself to known sources for my sources. Yeah, I probably
miss some fun stuff. On the other hand, I have never, ever trashed
my computer, or been forced to reinstall the OS, or lost valuable work.
Such is life.
[ The Macintosh operating system is also "open", and so has the same
[ susceptibility as Windows. Hint: Jody keeps an extra hard disk drive
[ with a Win95 system on it, just for testing suspicious programs.
[ Surely it was a coincidence but, less than an hour after sending out
[ the Digest last night, I got the note from Bette Largent followed
[ immediately by another email with the "Happy99.exe" attached, sent
[ automatically by Bette's computer! It's making the rounds...
[ -- Robbie