Monthly Archives: May 2000

How hard would it be

How hard would it be to convert all my bookmarks to the web?

That way, I can use something like Blogger to add them to a webpage.
The problem is sorting everything and putting the list together.
I’ve got like a 100+K BookMarks file, it’s the main thing that keeps Netscape as
my favorite browser – I live there (although I’m sliding into using IE at work, and at
home when I need to work in Hebrew).

Still contemplating redoing the website. I’m going to brush up my resume, anyway.

My work place was just

My work place was just one of the many sites hit this Thursday by the
“ILOVEYOU” virus.

Contrary to what you may hear, the virus doesn’t really depend on
a specific security flaw in Outlook (except for how easy it is to use it
from an external program to send mail). It doesn’t run when you read the
infected e-mail. It will run once you open (double click) the attachment.
And once you’ve done that,
it doesn’t really matter what mail client you’re using. If the
attachement is a program or a script with an associated interpreter,
it will run.

The point here isn’t the insecurity of a mail client, it’s the
vulnerability of the typical high-tech work place: Everyone running
the same platform (windows), with the same e-mail client (Outlook)
open. Everyone has updated Microsoft products with WScript.exe, and
the whole thing has a permenant connection to the internet.

And as far as opening attachements goes, the work place is the worst offender, with
everyone’s pals sending them kewl pics, animations, screen savers
and whatever. It’s part of the culture there.

It’s Bangkok without condoms, and any high schooler
can cut and paste together a new HIV strain in the span of a lazy afternoon.

ILOVEYOU is a pretty lazy hack, done by a bored high-schooler.
It looks like something put together by someone with little programming
skill from some windows scripting host code samples.
And it burned through my workplace like a brushfire.

If there’s someone who is left looking stupid after this virus it’s
Anitvirus software manufacturers. Their software is still looking
for boot-sector parasites written by smart assembler hackers, but
these are going extinct alongside the floppy disk. Programs that rely on lists of known viruses look ridicilous when the current
windows monoculture let’s script kiddies write killer worms in 10 minutes.

Maybe its time Microsoft started taking security seriously.

When every cell around has the same DNA, new kinds of viruses thrive,
and these drive the development of new solutions. Really big
multi-cellular bodies have immune systems to protect themselves,
which are quite different (and several orders of magnitude more
sophisticated) than the “anti-virus software” single-celled organisms

Maybe Microsoft should get into
the anti-virus business

The existance of MS created hundreds of niches where other software companies thrive.
Once in a while, MS go after one
of these niches and crush their competition like bugs. Once it was
the FAX software people, another time it was people working on 3D
software APIs, and most noticably it was Netscape’s browser niche.
Having MS eat up the anti-virus business will be a development
most users would cheer.

Breaking up Microsoft is brain-surgery with chainsaws, used to
remedy a mental health issue. But MS have been in denial about
an obvious problem. By having their software everywhere, making all
the pieces play nice together, enabling automation, etc. they’ve
done some remarkable things. But they did this while ignoring
the core problem of security. It is time for them to realize the
fundemental problem and do something about it.

I don’t think MS can get around the problem of Security (“developing an immune system”)
with a white paper or “security update”. They can’t just whip up
a security-concious version of WScript.exe, cmd.exe and their other
general interpreters without breaking lots of stuff everywhere, and
they probably aren’t going to really address the problems of users
running unsafe content in any forseeable version of Windows.

How about instead of breaking up MSoft, the US government passes a regulation specifying that no more than 50% of the desktops in any
work place may run an OS from the same manufacturer? There are
stupider regulations, and this will at least hinder the spreading
of viruses a bit, so it’s a bit of a safety regulation. (I say from
the same manufacturer to catch the smart alec who thinks that NT
& Win98 are different OSes – “we play both kinds of music, Country
AND Western”…)

  • This will break the MS monopoly, which is based on business sales.
    It won’t actually damage the company, but it will force it to
    deliver solutions for hetrogeneous environments.

  • Web applications and cross-platform browsers (like the one made by
    whatstheirname) will get a big boost out of this.

  • People will stop sending Word and Powerpoint attachments (or stupider
    things; a publisher I know, a Mac-only shop, once received a logo from
    a client as an image file embedded in a Word document…).