|Editions | myCNN | Video | Audio | Headline News Brief | Feedback||
Linux users unscathed by ILOVEYOU
(IDG) -- Hey, Windows administrators, how are you and your users doing with that ILOVEYOU mail virus and the spin-off viruses that seem to be appearing? I couldn't decide which adaptation of a James Bond movie title best described the situation. "From Redmond with Love" seems appropriate here. Or perhaps Linux users might prefer "Live and Let Die," as in Long Live Linux while Windows Systems Die.
I got a close look at the ILOVEYOU virus, because I received a number of messages containing the offending code. The virus appears in my Linux Mutt client as a text file of the Visual Basic script. Mutt makes it pretty easy to read through the virus code and see what it would do if executed on a Windows system.
It's pretty nasty. It looks like the script downloads a potentially destructive executable file and schedules that executable to run by changing your registry settings to make your copy of Windows load and run new programs when it starts up. I'm not quite sure of the details because I didn't spend much time analyzing the code. I don't have to.
The Outlook on the problem
If you are at all savvy about such things, you know that this is not really a case of Windows versus Linux. Linux has no special immunity to mail viruses or viruses of any other nature (although it could be argued that Linux is built on a better foundation for fighting such things).
Microsoft Outlook is the biggest culprit in this scandal, not Windows. And if Linux users are honest, they'll admit it is entirely possible to write a mail program for Linux that is as dangerous as Outlook. I suspect it is even possible to use the Netscape mail client to damage a Linux system if that Linux system is poorly configured, although I haven't seen anyone succeed or even try.
The real reason Linux users are immune is because they don't live in a world where their clients are automatically standardized on whatever Microsoft delivers -- in this case, Outlook. Linux administrators and users care more about Internet standards than Microsoft standards. And since people who use Linux as a client OS are generally geeks, they tend to use one of the ugly, unfriendly default mail programs that ship with Linux distributions.
Windows advocates see this as a bad thing, and they have a point. As I said, I personally use a program called Mutt. Windows advocates would rightly point out that Mutt is to Outlook as a warehouse is to a furnished apartment. It's not as comfortable and pretty as an apartment, but you can get a lot more done.
Windows users can justify their use of Windows because of a lack of mail programs for Linux that are as friendly or feature-rich as Outlook -- but only for the time being. (Linux users who avoided the ILOVEYOU virus may be thankful that Linux lacks such clients at the moment, but the Windows users are right to complain.) Linux needs a friendly, powerful mail program. Fortunately, there are some Outlook-killer programs in the works for Linux. One such project is called Magellan. (See the Resources section for more information about Magellan.)
Open source and competition
But here's the point: Linux users are likely to remain immune to such things as the ILOVEYOU virus, even when there are feature-rich clients such as Magellan. They are likely to remain immune due to the fact that Linux is open source, and because Linux promotes competition.
Linux and much of its application software is written and distributed by people who understand the value of open source. Put bluntly, most developers in the Linux community would not be stupid enough to create a program as insecure and dangerous as Outlook. And if anyone were foolish enough to do so in the open source community, such a design would not be likely to survive the peer review it would receive.
If any private company designed such a product for Linux, that company would not be in a position to cram that program down the throat of the Linux user community. Linux distributors have no interest in forcing Linux standards on the IT community by tying applications to the operating systems without regard for the safety of their customers. Therefore, commercial software is subject to a dynamic that doesn't exist in the world of Windows: competition.
If competition existed in the world of Windows, people would stop using Outlook and switch to another client. But I'm betting that IT administrators will react the same way to the damage and costs caused by ILOVEYOU that they did to the havoc that followed Melissa. They'll fix the damage, ask for a bigger budget, and then continue with business as usual.
I'd bet Linux administrators would demand that the mail client be fixed, or switch. It's impossible to prove that I'm right, because Linux is not a standard desktop. But I believe it is wishful thinking to assume any company that has standardized on Outlook will demand that Microsoft fix Outlook or threaten to switch to another client. Microsoft has leveraged its monopoly so well that it now commands almost all the software used on the desktop. That means Microsoft customers will generally react to damage to their systems and bottom line with a grin-and-bear-it attitude, because it's easier to stick with what you have than rip out the works and start over.
Getting my gloat
I apologize if anyone is offended because this sounds like I am gloating about being immune to such things. I don't mean to thumb my nose at Windows users because they have to tolerate this kind of disaster. I have sympathy for the Windows users, but I simply do not shed a tear over the trouble this means for the IT administrators who support them.
IT administrators who standardized on Windows are getting what they deserve. The IT administrators who standardized on Microsoft software out of ignorance have no excuse. They shouldn't have been put in their jobs to begin with.
The intelligent IT administrators out there are even more guilty. They helped create this abominable situation by patronizing Microsoft in spite of the mountains of evidence that Microsoft disregards the safety of its users in favor of pursuing and protecting its monopoly. They knew better but weren't willing to put in the effort required to support multiple platforms or vendors. They simply took whatever Microsoft had to offer. They should make some serious changes or lose their jobs, as well.
On the other hand, perhaps you are an IT manager who is flexible, wants to be on the cutting edge, and wants to save your company millions of dollars in wasted expenses on software and disaster recovery. Perhaps you're considering Linux, network computing, or one of the other superior alternatives to Windows. Perhaps that is why you read LinuxWorld. In that case, there's hope for your network after you recover from this trauma. And maybe you should have a second chance -- but only one. In that case, perhaps this story should be called "You Only Live Twice."
Security firm warns of Red Hat Piranha 'back door'
RELATED IDG.net STORIES:
Practice safe computing
Symantec Security Center
|Back to the top||
© 2001 Cable News Network. All Rights Reserved.|
Terms under which this service is provided to you.
Read our privacy guidelines.