One thing a lot of Linux and Mac users don't know about the latest Sobig virus is that it didn't use any exploits whatsoever. It was just a plain old exe attached to an email, asking the recipient to run it.
So I thought I'd do an experiment. On a Linux machine, in order to send an application to someone you have to tar it up, and then they have to untar it, and then run it manually. But Apple used an idea from NEXT - the app bundle - to save you a lot of hassle shipping apps around. Apple Mac OS X can run these .app bundles as though they were plain applications.
My experiment was to mail myself an app. I'm using a Panther Beta right now, so I don't know if this works the same on Jaguar.
The app came back to me as AppName.app.zip in the email. I double clicked it. Mail.app put up the following alert:
WarningThis seems pretty much verbatim what Windows (Outlook) says.
The attachment ââ¬ÅAppNameââ¬Â is an application. Since applications can contain viruses or be harmful to your computer, be sure this attachment is from a trustworthy sender before saving or opening it.
Re:Not an issue! Can you read?
jmason on 2003-09-04T16:08:09
I think I agree with Matt -- SoBig's spread has made it clear that simply asking to run it, still makes it too easy for viruses to spread.
Adding a "save, then navigate to file, then execute" step at least imposes a technical ability barrier.;)
I can see the Apple POV too -- usability -- but these are arbitrary executable files that could contain any code whatsoever -- including the Apple equivalent of "format c:".Re:Not an issue! Can you read?
Matts on 2003-09-04T19:22:42
Yes thanks, I can read.
Sobig made it big because users could run apps straight from their email client. Not because Windows is inherently insecure. If the Mac ever got as big as Windows then Sobig would be equally as likely to occur on that platform.
We should learn from the past, not ignore it.Re:Not an issue! Can you read?
pudge on 2003-09-10T23:56:08
I don't get it. You think these people will be less likely to open it if they have to save it first?
Really?
All the virus has to do is call itself porn and it won't matter if the email client won't open it.Re:Not an issue! Can you read?
Matts on 2003-09-11T07:51:48
Absolutely.
These things spread because it's easy, not because it's possible.
Most total computer newbies I know wouldn't even be able to find it if they saved it to disk first. This gives the AV companies (the ones who use signatures at least - not MessageLabs) the window they need to distribute a signature for the virus.Re:Not an issue! Can you read?
chrimble on 2003-09-04T21:45:29
SoBig assumes you don't read/don't care about the warning. You have to skip the "this might be bad" message in order to spread it. Ultimately, it's a human problem that is exacerbated by the email client's ability to run an executable without you having to particularly think about it. If Outlook (or mail.app for that matter) refused to give you the immediate option of running the program, then (simply put) the virus wouldn't spread anywhere nearly as rapidly, and wouldn't be nearly as much of a nuisance than it already is.
Re:This has all been triggered manually?
Matts on 2003-09-08T17:17:12
Yes. Sorry - were you assuming Windows users were smarter than that?:-) Re:This has all been triggered manually?
Elian on 2003-09-08T17:26:02
No matter how low my opinion of computer users and the programmers who provide them with their electronic crack goes, it's nice to know I'm still an optimist.
I think...
