Warp wrote:
>   Didn't seem to be such a problem in the unix world. 

No, because most people running UNIX software knew the basics of how 
computers work. They'd recognise this as a scam, rather than just another 
series of opaque rules you have to follow to get something done on this damn 
machine.

 > And even if that
> kind of social engineering caused someone to execute a program they
> received by email, it would still be limited to that user's account.

Except that's why they took "." out of the path, and why setuid files aren't 
allowed to be writable and why writing to them turns off setuid, neither of 
which were security features even as late as V7. Exactly because enough 
people fell for it that they made it inconvenient for developers to keep 
those not paying attention from running a trojan.

> The system itself and other users would be safe. 

Except if there's only one user on the system, like there often is with 
Windows desktop machines, you're still screwed if your web browser starts 
sending your bank passwords to russian mafia guys.

> It's a whole different
> mentality. It's hard to spread viruses like that.

It only takes one hole. How widely do you think the Morris worm could have 
spread if he was being paid a million dollars to make it hibernate on the 
computer?  He'd write an executable somewhere, call it something benign, 
start it up as root, then let it sit and listen for a particular string to 
show up in a spam mail to DDOS some network computer.

I think what you're seeing is more that by the time it was *profitable* to 
write a virus, Windows was already the best vector both in popularity and 
user-naivety. Granted, it was pretty common back in the early days of 
Windows to have a virus or whatever spread, but it was also much more common 
to hear of break-ins of commercial servers to be stealing credit cards and such.

-- 
Darren New, San Diego CA, USA (PST)
   Serving Suggestion:
     "Don't serve this any more. It's awful."

Post a reply to this message