[pmmail-list] newlines in filters? -- Sircam virus/worm - execute vs. view

Lueko Willms pmmail-list@blueprintsoftwareworks.com
Mon, 30 Jul 2001 20:27:56 +0200 (MES) 

On Sun, 29 Jul 2001 11:12:23 +0200, xavier caballe wrote:

> >  I can't resist to complain that the weak point those worm-viruses
> >attack is that on Microsoft Windows, the OS only offers "open" as an
> >action to view a file, and "open" means both "execute" and "view",
> >without a difference. 
> >  The default action on foreign files should be "view" excluding any
> >execution of code in the file, not "execute". 
> 
> I don't understand your comment. Sircam sends an executable file (.EXE,
> .COM, .BAT, .PIF or .LNK). There's no logic to "view" this kind of files,
> since is very unlikely that they will contain any readable information (at
> least on Windows but also on OS/2). 

   First, I _do_ want to view an executable file first before I
actually execute it. 
 
   I like this feature of UNIX (and, I believe, Novell, too) to make
a distinction between execution rights and opening rights to a file
or directory. 

  Second, I also want this distinction in the actions I can do on any
object. 

  Especially with Microsoft Office Documents, there are a lot of data
files which contain executable code, some being executed OnOpen of
the file. This behaviour should be disabled when I decide to only
VIEW the file; with MS Windows systems, I hardly have a chance. 

  Third, the standard way to show a file name in 32bit MS Windows
systems is to strip the name extension, and to show only the base
name. 

   Now look, the one Sircam infected file I have received had an
attachment with the name "Betriebsausflug.xls.pif". Windows would
probably not show the "PIF" extension, probably not even the XLS, but
the Excel icon. To the regular windows user, this file would look
like a normal data file or office document; the virus writer counts
on the curiousness of the recipient, who is led to believe that he
has gotten a document from someone who has inadvertedly sent it to a
wrong address, and is incited to look into the possibly confidential
information, and bang! the virus takes its place. 

   So I repeat my initial point, where I have very strong opinions
on, that an OS should make a sharp distinction between viewing a
file, and executing it. 

   What are the basic actions on any object? Create it, delete it,
view it, edit it, and .... execute it. 

Yours, 
Lüko Willms 
Frankfurt/Main 
/ Lueko.Willms@T-Online.de 

- pmmail-list - The PMMail Dicussion List ---------------------------
To UNSUBSCRIBE, send a message to mdaemon@bmtmicro.com with the first 
line of the message body being...
UNSUBSCRIBE pmmail-list@blueprintsoftwareworks.com