Date: Tue, 3 Jan 2006 21:48:35 -0500 (EST) From: "Keith F. Lynch" <kfl at KeithLynch.net> To: WSFA members <WSFAlist at KeithLynch.net> Subject: [WSFA] Re: Crash, thud Reply-To: WSFA members <WSFAlist at KeithLynch.net> "Mike B." <omni at omniphile.com> wrote: > "Keith F. Lynch" <kfl at KeithLynch.net> wrote: >> The way I use the net my chances of getting a virus or worm are zero, >> no matter how careless I am. But I know not everyone has that luxury. > That's a pretty strong claim. Can you give some details? I know > you don't run Windoze, don't do graphics, don't do ActiveX or > whatever, and stick to plain text e-mail so it's all just data, > not programs that are coming into your systems, Right. > but don't you have a net connection? With at least some ports open? No computer in my apartment is ever connected directly to the net. I dial into Panix using one of my three DEC VT420 terminals. I do almost everything on Panix or my other two ISPs. The VT420s each have two terminal sessions. By pressing one of the function keys I can switch from my session on my ISP to my session on my home PC (running NetBSD 1.5.3). I can cut and paste up to a screenful of text between those sessions, which otherwise do not interact in any way. Once a week, or less often, I connect my PC rather than my VT420 to my modem, and run a Kermit session to download various text files (email, etc.) to my PC for archival purposes. This session seldom lasts more than an hour. The Kermit on my PC will not do anything except receive files and save them to disk, even if some malicious person were to somehow break into the phone line and send arbitrary sequences of characters into my PC. The worst such a person could do would be to cause a file to be saved with incorrect contents. And they could only do that if they were able to mimic a Kermit session. And even then, I'd soon notice and correct the problem, since I always compare the CRC of the original file with that of the downloaded file. Even one bit of difference would stand out like a sore thumb. Once a month, or less often, I boot up the DEC Alpha running OpenVMS, and copy files from the PC onto it, via ethernet and FTP. Neither machine is connected to the Internet or even to a modem at the time. (I regularly make backups of both machines, onto CDROMS and 8 mm tapes, and store them in a variety of offsite locations, including buried in the woods.) Placing my home machine directly on the net has always struck me as being like moving into a Metro station. Sure, it will make my commute faster and more convenient, but will my furniture still be there when I get home? My work situation is more problematic. My current job is the first one in 26 years that has used any Microsoft product. (My workplace 26 years ago briefly used Microsoft Fortran, but soon replaced it since it was a piece of crap. That was my first exposure to Microsoft.) Each employee has a PC at their desk running XP, connected to the net. A few months ago, the boss said she would be prohibiting all non-work-related use of the net, since it risked spreading viruses. Of course there's nothing to keep websites I might visit for work reasons from also spreading viruses, so what I did was made sure the only "website" I have since visited was "telnet://panix.com/". I then have a text-only session into my ISP connected the whole workday. Any work-related Google searches I do, I then do only through that telnet session. This doesn't quite eliminate, but does greatly reduce the chances of virus infection. (There could be a flaw in the telnet program, but even if so, it's very unlikely that I would happen to hit on a website that would display in the lynx browser in just such a way that it somehow activated that exploit.) I haven't actually discussed this with the boss, since she's clueless and is likely to prohibit it just because it's different. She has been trying for months to lock down everyone's PC in various ways, but mostly just ends up interfering with everyone's ability to get any work done. > Windows is a bug nest (both by design and implementation), ... Right. One of the biggest problems with Windows is the anti-concept of "opening a file". (An "anti-concept" is like a concept, except that by grouping together dissimilar things as if they were similar, it causes reduced understanding of the world, rather than increased understanding.) It means one thing to treat a file as text and display it on the screen as ASCII characters. It means something quite different to treat a file as a graphic, and display it on a screen as a color image. It means yet a third thing to treat a file as a representation of sounds, and play it through speakers or headphones. It means yet a fourth thing to save a file to disk. And it means yet a fifth thing to treat a file as executable code and run it. By conflating all of these under the term "open," Windows causes people who intend to view a file on their screen to instead run it as a program. I gather that the current exploit isn't in that category, but is a bug in the in-built code that's supposed to display graphical images on the screen. Somebody in Redmond screwed up their array-bounds checking, and nobody caught this error until recently. As a result, an attempt to put an image into screen memory so as to display it on the screen may write in a very different part of memory, the part that holds the code that's currently running. Failure to check array bounds is the sort of thing that gets high school kids an "F" in their computer programming class. There are ten-year-olds who know better. Please note that I'm not saying that any user should have to know this stuff, unless they want to work as a programmer or as a program tester. The fault is Microsoft's for hiring such incompetents as programmers and testers. But it's not surprising that they do so, since they can get away with it, and since it's obviously cheaper to hire incompetents. For reasons I won't claim to understand, they weren't sued into the poorhouse the first time they screwed up, or the second, or the hundredth. Neither, for reasons I also won't claim to understand, did outraged customers all stop buying their crappy products. It's as if the Edsel had become the most popular car, instead of one of the least popular.