|
HOME TOPICS ABOUT ME Microsoft's products are not designed to be safe from viruses, and in fact the opposite is true: They are designed to be unsafe. |
technofile Al Fasoldt's reviews and commentaries, continuously available online since 1983 Klez Worm mocks Windows weaknesses and our own gullibilityApril 24, 2002 By Al Fasoldt Copyright © 2002, Al Fasoldt Copyright © 2002, The Post-Standard Last week I spoke to two local groups about Internet viruses and security. I could not have timed my talks better. A few days later, the Klez Worm, which sends itself out with ungrammatical greetings and appears to be from people you know, infected PCs all over North America by a flood of tainted e-mail messages. The Klez Worm damages important files on a Windows PC while sending itself out again and again to others. It can spread across home and corporate networks, and it creates fake "From:" addresses to fool you into opening what you believe is a letter from someone you know. (I even received a few angry letters from readers who were tricked into thinking I had sent them the virus.) On one day alone, I got more than 100 infected e-mails. My anti-virus software caught them all, but I'm in a minority. Most Windows users either do not have antivirus software or haven't kept whatever antivirus software they do own up to date. But I can't blame them. I admit that these careless Windows users exasperate me more than I could ever explain, but I can't blame them for trusting the marketplace. Unfortunately, it's the marketplace that is to blame. The marketplace in the PC business is an illegal monopoly, and the company that runs this monopoly makes Swiss cheese and sells it as computer software. Microsoft's products are not designed to be safe from viruses, and in fact the opposite is true: They are designed to be unsafe. Want proof? Microsoft designed Outlook Express and Internet Explorer to work the way they work because it wants them to work that way. It needs to be able to attract you and me and every other Windows user to its new .NET Internet-based operating systems to come, and to do that it needs to be able to control what its Web browsers are doing. It needs to be able to find out what they are doing, and that, of course, means it needs to be able to know what you and I are doing. Sounds like spyware to me. Microsoft put its Passport system into Windows XP in a brazen attempt to track what Windows users are doing when they shop on the Web. Microsoft designed Passport and XP that way. Microsoft designed its Windows Media Player to log the searches you performed when looking for music on the Web and report them back to headquarters. It took this "feature" out of Media Player only when someone stumbled over it by accident. Sounds like spyware to me. But Internet Explorer seems to have been designed with only one main intent -- to let viruses and worms cruise our networks at will. Think I'm exaggerating? Keep reading. Microsoft designed Internet Explorer to handle the display of all HTML mail unless Windows users intentionally install and use software that explicitly avoids this built-in method. (Only The Bat!, a Windows e-mail program I've raved about previously, actually does this effectively. If you're not using The Bat!, you're almost surely allowing Internet Explorer to handle your HTML e-mail even if you don't use Outlook Express.) The problem with this might seem to be the fact that Internet Explorer 5 is dangerously cozy with viruses and worms. By its very design, IE 5 (meaning IE 5.1 and 5.5, the two versions in common use) automatically executes certain commands when you allow the HTML engine in your mail software to show the mail. You don't have to open the mail. All you have to do is let your e-mail program preview it. Internet Explorer's behind-the-scenes design makes sure that all viruses hidden in the mail get activated. But the problem isn't what it seems. Microsoft was embarrassed into patching this behavior in Internet Explorer 5 some time ago. Anyone who went to the Windows Update site and installed all IE patches would have been protected against this virus. But wait a minute. This was a problem with Internet Explorer 5. Didn't Microsoft do the right thing and abandon IE 5 when it created a better browser, IE 6? Welcome to Monopoly 101. Microsoft did something totally inexplicable. It built the same design flaw into Internet Explorer 6. Microsoft put the welcome mat for viruses and worms in IE 6 for everyone who upgraded to Internet Explorer 6. Only the version of IE 6 that comes standard with Windows XP is safe. What can you do? First, get good antivirus software. AVG is what I recommend, and it's free. Get it from www.grisoft.com. Second, apply ALL the Windows security updates. Third, consider an alternative to Windows. There are nearly 70,000 active Windows viruses, and none of them have any effect on an Apple Macintosh or on a Linux PC. Those are the two main alternatives. (And the Mac is easy to use and has its own version of Microsoft Office.) Fourth, never trust mail that has no sense to it, even if it seems to come from your best friend. I looked through all the Klez Worm letters that came in (after their virus payloads had been stripped off, of course), and saw messages such as these: "Hello, This is a very excite game. This game is my first work. I wish you would enjoy it." C'mon, people. Do you know ANYONE who would send you such a message? |