Mechanical Music Digest  Archives
You Are Not Logged In Login/Get New Account
Please Log In. Accounts are free!
Logged In users are granted additional features including a more current version of the Archives and a simplified process for submitting articles.
Home Archives Calendar Gallery Store Links Info
MMD > Archives > March 1999 > 1999.03.02 > 02Prev  Next


Computer Security
By Larry Smith

> "My computer was infected by the worm "Happy99.exe".  This virus
> plays with your e-mail and is self-replicating (places itself in
> the e-mails you send and also interferes with news groups).
> Just make sure you do not open a file by this name."

I guess it is time once again to tell people about a few basic facts of
life on the Internet.

Windows users: you are using an insecure operating system.  This
means that there are numerous ways for people on the net to vandalize
your computer.  Sending email with executable attachments is just one
way.  Yes, many times you can receive good stuff this way, but every
time you execute anything that came from the net -- whether by email,
by FTP, via the Web, _anywhere_  -- you are *trusting* the originator
not to hurt your system.  That's because once a program is running
under Windows it can do any damn thing it pleases, from showing pretty
pictures to trashing your hard drive.

This applies to Win95, Win98 and even WinNT.  Yes, even the "server OS"
from Microsoft allows users to trash their systems.  Because of the way
MS wrote its software, every user requires write access to directories
full of system software.  Write access means the ability to destroy.

Unix and Linux Users: these operating systems are much less prone to
security problems.  Not immune, but much less prone.  However: you
must understand that if you are running as "root" -- that is, as the
superuser -- then you are leaving your system as wide open as any
Windows system is to vandalism.  You must have a user account, and use
root _only_ for system maintenance.  As root you have write access to
the system directories _- write access means the ability to destroy.
As a regular user, you do not have write access to system directories.
If you execute binaries from the net as root they can destroy your
system.  If you execute binaries as a user they can only destroy your
personal area.  Your system will live.

I'm sorry to say this, but it's a hostile world out there.  You should
NOT trust binaries [e.g., macros and *.exe programs] from anything but
a well known and well-documented source.  Windows users should not run
them at all, Unix users should run them from test accounts set up for
the purpose and which contain nothing you care about losing.

For myself, I take this even further, I run nothing but source code
that I compiled myself.  Even that is not proof against vandalism --
I restrict myself to known sources for my sources.  Yeah, I probably
miss some fun stuff.  On the other hand, I have never, ever trashed
my computer, or been forced to reinstall the OS, or lost valuable work.
Such is life.

Larry Smith

 [ The Macintosh operating system is also "open", and so has the same
 [ susceptibility as Windows.  Hint: Jody keeps an extra hard disk drive
 [ with a Win95 system on it, just for testing suspicious programs.
 [
 [ Surely it was a coincidence but, less than an hour after sending out
 [ the Digest last night, I got the note from Bette Largent followed
 [ immediately by another email with the "Happy99.exe" attached, sent
 [ automatically by Bette's computer!  It's making the rounds...
 [
 [ -- Robbie


(Message sent Tue 2 Mar 1999, 17:47:33 GMT, from time zone GMT-0500.)

Key Words in Subject:  Computer, Security

Home    Archives    Calendar    Gallery    Store    Links    Info   


Enter text below to search the MMD Website with Google



CONTACT FORM: Click HERE to write to the editor, or to post a message about Mechanical Musical Instruments to the MMD

Unless otherwise noted, all opinions are those of the individual authors and may not represent those of the editors. Compilation copyright 1995-2019 by Jody Kravitz.

Please read our Republication Policy before copying information from or creating links to this web site.

Click HERE to contact the webmaster regarding problems with the website.

Please support publication of the MMD by donating online

Pay via PayPal

No PayPal account required

                                     
Translate This Page

. .