Re: A Very Dangerous Worm in Windows Metafile Images (WMF)

On Tue, 03 Jan 2006 19:13:19 +0000, Rich Grise, but drunk wrote:

> On Mon, 02 Jan 2006 13:40:03 -0800, Bob Monsen wrote:
>> On Mon, 02 Jan 2006 15:43:30 +0000, Rich Grise wrote:
>>> On Mon, 02 Jan 2006 03:40:50 -0800, Mike Monett wrote:
>>>
>>>> The IM worm that was released yesterday was "http://[snip]/xmas-2006
>>>> FUNNY.jpg".
>>>
>>> Aww, c'mon! Post the whole URL, with warnings, so I can go look at it -
>>> I'm running Linux, so I don't get worms. ;-P
>>
>> Nautilus whines if you try to open a WMF which has the wrong extension. It
>> only lets you do it by selecting the application, and the warning
>> indicates that the file can do damage.
>>
>> I wouldn't trust linux to protect you on on this one, particularly if you
>> like to run as root.
>
> Actually, I think one of the major problems with Windoze is that they
> don't tell their customers _not_ to run as "ADMINISTRATOR". I know not to
> run as root, but take a moment to consider - even if I did decide to
> download a wmf file, and it had executable code, that code would only
> execute on a Windoze box. In the first place, it doesn't have execute
> permission. In the second place, it was written to interface to Windoze,
> so its first system call would give a segment violation, and Linux would
> let you know, and quietly shut it down and unload it from memory. (well,
> 'free()' the memory.) In the third place, even if it got through all of
> those hoops, it wouldn't have write permission on system files, so it
> wouldn't be able to do anything malicious even if it _could_ execute on a
> Linux box.
>

Unfortunately, some win programs can't execute as anything but
administrator. I've tried to set the user accounts on my kids' windows
machine to something other than administrator, but 1 out of 3 programs
they use on a daily basis seem to fail. Sadly, it appears that application
writers assume they can have their evil way with c:\windows.

Regarding linux, you sure that the code is not some pseudocode? I know
these files can do things like access the internet.... perhaps they can
select which bits of nasty goo they download. If so, it might be possible
to have them determine the OS first. Sure was nice when you didn't need
armor plating on your computer.

> So, of course, I stand behind my assertion that Bill Gates
should clue
> up, download a Linux, have his codemonkeys port the eye candy, drivers,
> and easy install scripts (but smarten them up a bit - I'm available for
> that task, BTW), and sell it as ***Microsoft Linux***! It's totally
> legal! If I had his resources, I'd do it myself!
>

That is what Apple did (more or less) for OSX. By all accounts, it is
great to use. Sadly, they still are too stupid to a) figure out that their
stuff is better than windows, b) port it to intel, and c) price it in a
predatory way to eat Windows' market share. They are afraid of retribution
from the Word/Excel team, I'm guessing. I can't think of any other reason
why they wouldn't do this.

> As it is, the best we can do today is support, for example, Patrick
> Volkerding, who put together the Slackware distribution. It was my first
> Linux, back in the late 1990's, and I picked it because of the name.
> http://www.slackware.com . I don't work for him or anything, I'm just a
> satisfied customer. :-)
>

Slacker. I like Fedora Core 4, which appears to work, and has pretty much
everything you want available.

> There's only about two things I still need windows for, and I'm kind of
> working on narrowing that down if I can. ;-)
>

Wine keeps me going most of the time (hiccup!). Unfortunately, it doesn't
like graphics intensive games or the flying model simulator, so I have to
boot into windows for my fix of flying and pseudo-death. Also, sadly, the
Zilog C compiler doesn't run under wine. MPASM also fails, but I've got
linux tools for both d*** and the midrange series.

--
Regards,
Bob Monsen

"we can allow satellites, planets, suns, universe, nay whole systems
of universe[s,] to be governed by laws, but the smallest insect, we
wish to be created at once by special act"
-- Charles Darwin
.

Loading