"The Desktop Global Marketer" (tm)
A free on-line newsletter of Sidereal Designs, Inc.,
for Internet Entrepreneurs, and those who are
considering becoming one.
_____________________________________________________
May 5th, 2000
In this issue: "Are my web pages in danger from a
computer virus?"
_____________________________________________________
"The Desktop Global Marketer" is free, and may be
re-published freely with permission. We encourage
you to give it to your friends.
For subscription (or un-subscription) details,
and other information, please see the end of the
newsletter.
For any other purpose, please write to:
jamie(at)siderealdesigns.com
Or visit us at:
http://siderealdesigns.com
_____________________________________________________
Is my web site in danger from viruses?
Short answer: No if it is hosted on a Unix system.
(All Sidereal's clients are.)
Longer answer: (For those interested in how a virus works
and how it relates to web pages.)
A virus in the original sense is a piece of program code
embedded in some other program. When that program is run the
viral code is also executed and may do damage and/or
replicate copies of itself. A "worm" is similar except that
it is just a program in its own right, it does not hide in
another "infected" program. In common use, both may be
called "viruses."
From this it is clear that in either case a virus is just a
kind of computer program and like any other program can only
do damage if it is executed (run) on the computer. This is
why the initial viruses were hidden in infected copies of
regular programs; else no one would have run one.
For this reason, it was initially true that a virus or worm
could not be spread by e-mail. An e-mail message was just a
piece of text that couldn't run on a computer, and if you did
mail someone a program they would have had to go to some
trouble to install it and run it. You had to find some way
to trick someone into running your virus.
Then Microsoft did a bad thing. They created a computer
language for handling formatted e-mail messages and gave
mail reading programs the ability to execute mail messages
that contained "scripts" written in these languages. Worse,
the commands they implemented could access and write other
files elsewhere in your computer. This gave the bad guys the
ability to send destructive e-mail viruses. Because of
Microsoft's monopoly, other makers of e-mail readers had
to follow suit.
At this point a person running Microsoft-compatible e-mail
readers had as their only defense the precaution of never
opening any suspicious attachment. Needless to say the bad
guys - as in the case of the recent "Love Bug" virus - went
to lengths to find ways to induce people to do just that.
Worst of all, Microsoft built into it's later Windows
systems the capability to allow these e-mail "scripts" to
execute, on their own, from the body of an e-mail message
without even opening an attachment (Microsoft has never
been strong on forethought about security issues.) The only
defense against this is to disable the relevant capability in
the Windows operating system or not read the suspicious mail
at all.
Unix is an entirely differently-built operating system. It
is not proof against hackers by any means, but there are no
Unix viruses because it walls off each account from the
other so that if I did load and run a destructive program
that wiped out all my files it would not be able to touch
anyone else's. Moreover, the kinds of e-mail scripting
issues described above do not exist. If you mail me the
"love bug" virus and I receive it on a Unix system, it just
lies there doing nothing.
Almost all web servers on the Internet are either some
version of Unix such as Linux, or are Windows-NT servers by
Microsoft. Windows-NT is certainly more secure than
Windows95/98 and built more like Unix. (Nonetheless being
built by Microsoft whose security reputation is so bad, it
must be viewed with suspicion. Many kinds of security flaws
in NT have been demonstrated and fixed.) It is unlikely that
any present virus would be able to damage web files on a
Windows NT server, and certainly not on a Unix server.
Even if someone wrote a virus that would run under the Unix
operating system there would be no way to get it into the
computer and run it except by tricking someone into doing
it. If you succeeded at that it wouldn't be able to hurt
anyone else's files (like your web pages for example) on the
machine. Unix mail reader programs do not have the
privileges required to touch other people's web pages on the
machine even if there were a way to get them to execute
something in an e-mail they received. Things like the
web-server that access and serve your web pages are "users"
just like people on the Unix system with their own security
privileges, and they never download and read mail or obtain
and run new programs. Thus there is no way for a virus to be
given to them.
Someday someone may find a way to attack web files on Unix
servers with a virus or virus-like program, but for the
present at least it is not something you need to lose sleep
over. Hackers of course are another matter....
Best,
Jamie
_____________________________________________________
To subscribe, send email to:
newsletter-request(at)siderealdesigns.com
and include the word subscribe as the only item in
the body of the letter.
To unsubscribe, send email to:
newsletter-request(at)siderealdesigns.com
and include the word unsubscribe as the only item in
the body of the letter.
If you have problems with either of these, write directly
to jamie(at)siderealdesigns.com for prompt attention from
a human.
If you would like to re-publish any of our newsletters,
at no cost, please contact jamie(at)siderealdesigns.com.
"Sidereal" is pronounced sy-DEER-ee-all, and means "of
or pertaining to the stars, the heavens, etc."
______________________________________________________________________________
Sidereal Designs, Inc. "Making The Web Simple." http://siderealdesigns.com
|
Sidereal
Designs, Inc. All rights reserved.