Comments on: Who says Mydoom doesn’t exploit security flaws http://mrblog.org/2004/02/05/who-says-mydoom-doesnt-exploit-security-flaws/ Mr Blog. Very technical, or silly, sometimes absurd. Wed, 21 Jul 2010 01:07:07 -0700 http://wordpress.org/?v=abc hourly 1 By: Mcgill http://mrblog.org/2004/02/05/who-says-mydoom-doesnt-exploit-security-flaws/comment-page-1/#comment-249 Mcgill Thu, 02 Feb 2006 20:28:51 +0000 http://mrblog.televolution.net/?p=128#comment-249 Not I. I don't say they don't exploit security laws. They do. And I'm not saying this because I'm commenting on your blog. Not I. I don’t say they don’t exploit security laws. They do. And I’m not saying this because I’m commenting on your blog.

]]> By: MrBlog http://mrblog.org/2004/02/05/who-says-mydoom-doesnt-exploit-security-flaws/comment-page-1/#comment-248 MrBlog Sun, 22 Feb 2004 15:43:49 +0000 http://mrblog.televolution.net/?p=128#comment-248 Good points mrG. We in the open-protocol camp have to take some blame for leaving an opening like this in place for Bill to exploit.<br /> <br /> For my part, I'm working on some projects to attempt to address some of these issues using open (unencumbered) protocols and technologies.<br /> <br /> However, as you say, it is not in Microsoft's best interest (at least from their limited perspective) to adhere to open-standards, and with control of 99.99% of the desktops, Microsoft can make things pretty ugly for all of us (including their own customers and users). Good points mrG. We in the open-protocol camp have to take some blame for leaving an opening like this in place for Bill to exploit.

For my part, I’m working on some projects to attempt to address some of these issues using open (unencumbered) protocols and technologies.

However, as you say, it is not in Microsoft’s best interest (at least from their limited perspective) to adhere to open-standards, and with control of 99.99% of the desktops, Microsoft can make things pretty ugly for all of us (including their own customers and users).

]]> By: mrG http://mrblog.org/2004/02/05/who-says-mydoom-doesnt-exploit-security-flaws/comment-page-1/#comment-247 mrG Sun, 22 Feb 2004 13:22:36 +0000 http://mrblog.televolution.net/?p=128#comment-247 It's obvious that Microsoft does not want to stop the likes of MyDoom; We're told (I don't use Windows, so I don't know) that MyDoom and others of it's genre will install mail-relay agents subsequently used for spam networks. We're told by their own boasts that Organized Crime will sell you time on that network via a front office in Poland.<br /> <br /> Now, the facts: <br /> <br /> If Windows added a simple <em>two layer</em> permissions system, no attachement would be permitted to install system-level software without effectively entering your 'sudo' password. Immediately virii are impotent.<br /> <br /> If Windows added a simple iptables firewall, any mail relay or virii replication port that did get installed would not be able to reach the internet anyway. Immediately the worms and spam-engines are impotent.<br /> <br /> Microsoft mouthpiece Bill Gates recently announce <em>his</em> Plan for Spam as Black Penny, a system which will bind all email transactions to the windows platform and likely <em>require</em> continual challenge-key upgrading much as the way your satellite TV needs new keys periodically download. ie, simple to require you to pay a tithe (or your computer manufacturer to pay a tithe) lest you be excluded from the Black Penny messaging network.<br /> <br /> In 2006, suddenly 90% of all desktops will only run Black Penny messages.<br /> <br /> and the final fact:<br /> <br /> Virii like MyDoom render conventional email undesirable.<br /> <br /> IMHO, it doesn't take a rocket scientist to add up those items. It’s obvious that Microsoft does not want to stop the likes of MyDoom; We’re told (I don’t use Windows, so I don’t know) that MyDoom and others of it’s genre will install mail-relay agents subsequently used for spam networks. We’re told by their own boasts that Organized Crime will sell you time on that network via a front office in Poland.

Now, the facts:

If Windows added a simple two layer permissions system, no attachement would be permitted to install system-level software without effectively entering your ’sudo’ password. Immediately virii are impotent.

If Windows added a simple iptables firewall, any mail relay or virii replication port that did get installed would not be able to reach the internet anyway. Immediately the worms and spam-engines are impotent.

Microsoft mouthpiece Bill Gates recently announce his Plan for Spam as Black Penny, a system which will bind all email transactions to the windows platform and likely require continual challenge-key upgrading much as the way your satellite TV needs new keys periodically download. ie, simple to require you to pay a tithe (or your computer manufacturer to pay a tithe) lest you be excluded from the Black Penny messaging network.

In 2006, suddenly 90% of all desktops will only run Black Penny messages.

and the final fact:

Virii like MyDoom render conventional email undesirable.

IMHO, it doesn’t take a rocket scientist to add up those items.

]]>