Learn from the natural world. It is VARIETY that protects life from falling to a single pestilence. Diversity is what protects life.

Microsoft promotes the "One World, One net, One program" philosophy.

What could be more dangerous to national security? world security?

It was 1] the uniformity of of the OS and applications and

2] the faulty default settings and dangerous features added in the MS software that contributed significantly to this.

Could a stronger argument be made for the need to separate the OS from the applications? Please note that the exploits given the widest distribution are those relying on both windows and MS applications, like Word and Outlook Express. Those windows users who opted for alternative applications like eudora for email or WordPerfect for word processing did not favilitate the spreading of this recent ILoveYou exploit.

I have worked as a volunteer in IRC exploit help channels, helping victims clean their computers. For some time now it is clear that the most common means of spreading such exploits is to use the dual extention trick.

The most common exploits we see spreading use filenames like movie.avi.pif, mypicture.bmp.vbs, !!sexypic.jpg.bat and now the infamous LOVE-LETTER-FOR-YOU.TXT.vbs and JUST-KIDDING.TXT.vbs

Microsoft must bear the blame for this for adding a "feature" that hides the 'common known extention' from the user and worse, for setting the systems defaults to hide the final extention. Even experienced users are lulled into as trap by seeing only what appears to be files with known safe extentions like .txt and .jpg.

For those damaged by this latest exploitation, it is time to file a class action lawsuit against Microsoft for their gross dereliction and indifference to the security and functionality needs of the users.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/articles/32/1872#1872