[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On Tuesday 14 March 2006 9:04 am, Paul Sutton wrote: > Not sure how many of you have received this message on not opening a > message called invitation that opens a virus, (hmm YAWV - Yet > anotherindows virus), aparently alters the zero sector on the hdd, and > therefore destroys all data, There are viruses around, naturally, but these kind of virus warning emails - the ones that threaten the destruction of the universe etc. - are often *spam*. > but it has occured to me that, this should > be jumped on by the OSS community to promote decent software that does > not suffer from this constant virus, spyware, nonsense we have with > WIndows, Unfortunately, using GNU/Linux makes little difference to the amount of type of spam you receive. It just means that dangerous spam is neutralised. "Jumping" on virus warning emails is naive - until you know WHO sent the original warning, IF the warning is genuine and IF the From: address is real. > I have recieved this warning mail twice and smugly replied to > each that I no longer use Microsoft. Oops. 1. Check a reputable anti-virus site first - see if it's a real threat. 2. Check the From: and if it isn't someone you know, consider it spam. 3. NEVER reply to someone you don't know just to appear clever or elitist. > In some cases I say I use Linux, > but I find that that baffles no technical users out there, if they are > curious as to how I can use a computer with out Microsoft I can tell > them or direct them to the lug site. And if, as I suspect, 'they' are bulk marketers, you validate your email address in their database as being a genuine person and you'll get more spam. Spammers like people who reply, they can sell that email address to other spammers for a premium price. > IIRC the zero sector contains a hex identifier byte that relates to the > filesystem being used, so 16 (I think this is hex actually), would mean > DOS - FAT16, in which case would using a hex editor work as a fix?. You've got to boot first. > Also what about if a user has more than one partition, (even for > windows), surely a big hdd, can only be affected if it's one big > partition. would a data drive (D) be affected, if C: was trashed Can The targets of this spam are Windows users who know virtually nothing of the workings of a computer. (Sadly, that covers a lot of "qualified" computer people nowadays who do courses on how to use MS Word XP but not how to use "the universal computer".) As soon as one of these Windows systems refuses to boot, that user is going to think that all their data has been irretrievably lost. They won't understand MBR's and hexadecimal, they just see a blue / black screen and panic. Perfect fodder for these spams. > booting into windows on a dual boot system, opening the virus trash all > sectors in cluding the Linux drive which windows can't even see anyway. Windows cannot see an ext2/ext3 etc. partition - end of story. The majority of viruses are only a programme. Most require a kernel and a basic operating system. There are not many viruses that pack their own kernel - most of those require some kind of rootkit / trojan infection first. BIOS viruses could damage every partition on the hard drive but only at a BIOS level (corrupting the partition table) but these are rare and may also require a second virus to cause the reboot needed to load the BIOS one. Operating system viruses, like the one behind this supposed threat and like all those that can infect a Windows PC via email, websites, IRC or ActiveX, need an operating system first and are limited in what they can do according to the security (or lack of it) inherent in the OS. If Windows prevented arbitrary execution of files and had better protection to prevent escalating permissions from user to admin levels, none of this would matter. > it may screw up the dual booting, but as long as the partitions are > still there, then a trusty bootdisk should allow booting into linux and > the restoration of the mbr. A BIOS virus could re-write the partition table but LILO, Grub and other tools are reasonably proficient at rediscovering the previous table values. > Just a thought. > > I don't however want to sound complacent. > > Of course this is an excellent opportunity to install Linux on infected > computers, or rather trashed computers. Sadly, I think this is an excellent opportunity for someone to sell your email address for a higher price. -- Neil Williams ============= http://www.data-freedom.org/ http://www.nosoftwarepatents.com/ http://www.linux.codehelp.co.uk/
Attachment:
pgpkGSEVsDom3.pgp
Description: PGP signature