Monday, February 25, 2008

Welcome to the world that Microsoft runs

From Freshwater Bay
Viruses are bad enough. You'd think the experts who advise the rest of us on how to deal with them would at least get their facts straight. 
Take the current Nimda virus, for example. (PLEASE take the Nimda virus, as Henny Youngman would say.) Most of the so-called "expert" warnings about Nimda missed the point completely. They failed to note that you don't need to open any attachments to fall victim to the Nimda Virus. It can infect your PC automatically. You don't have to do anything except get your mail. I'll bet this is news to you. You didn't know this, right? 
That's what I'm talking about. Most of the stuff we learn about viruses is full of Newfie poop. We never seem to learn what's really going on until it's too late. Here's the ugly truth about Nimda. It's a script virus. Windows loves scripts. Windows loves scripts so much it practically invites scripts to run -- without so much as asking your permission. So when a script comes sailing into your Windows PC, Windows looks at all the instructions in the script and follows them to the letter. Follows them out the window, in fact. Follows them so blindly that if the instructions say, "Wipe out all the files in this sucker's C: drive," Windows obediently does exactly what it's told. You didn't know this, right? You thought Nimda was just another attachment-type virus that wasn't dangerous at all if you left attachments alone. 
Welcome to the world that Microsoft runs. Script viruses take advantage of one of the dumbest of all dumb things. Microsoft, the Windows monopoly company, did the first dumb thing by leaving out any protection against bad scripts in Windows. Good scripts or bad, nice ones or mean ones, they are all treated the same way. Nobody else who makes a consumer product would make this kind of mistake. GM and Toyota and all the other car manufacturers know that air can be dusty, so all car engines come with air cleaners. Vacuum cleaners have dust bags. TVs have filters that block signals that come from your neighbor's shop vac. But Windows does not care if scripts are good or bad. It just runs whatever comes its way. Windows runs scripts without a moment's thought -- without asking you if it's OK that some brat in Bratislava wants to wipe out 17 files or read your private documents. That's the first dumb thing. It's a bad enough booboo to get all of Microsoft's software engineers a two-hour interview on the way to  Pearly Gates...No dammed relation of Satanic Billy (I'd let them in, but I'm soft-hearted. That Gabriel fellow is one tough cookie, however.) But this flaw is just the beginning. The second dumb thing is almost impossible to believe. In fact, I've sometimes been asked whether I'm kidding when I describe this immense mistake to user groups. But what I am about to tell you is true. It probably could not occur in an open, competitive software environment. It almost surely is a product of Microsoft monopoly mentality -- the idea that anything goes, that any kind of sloppiness is OK, since everybody is going to continue to buy your products anyway. This is the monopoly that is inflicted on millions of consumers by a company run by two billionaires and staffed by hundreds of millionaires. (Bill Gates and his childhood friend Steve Ballmer run the company, and both are super-billionaires. And Microsoft, believe it or not, has 200 or more millionaires on its staff. It rewards loyalty. When you work for The Beast, as Microsoft is called in England, you get rich if you stay loyal.) All these rich folk seem to be looking the wrong way. The flaw in Windows is so bad that they could all be excused from jury duty forever if they told a judge how important it is to fix the security holes in Windows. It's so bad that every millionaire at Microsoft should be running from house to house in communities all over the nation warning citizens about the danger.
   But in fact Microsoft doesn't care.
Here's the flaw.

You tell me whether this sort of bungling is excusable in an era when every possible safeguard needs to be taken to preserve our physical and electronic security: The monopoly e-mail program, Outlook Express, has an open-door policy for viruses and all other rogue programs that slip into your e-mail. This total lapse in security occurs no matter how careful you are about opening attachments. In fact, Outlook Express does not even tell you that it's going to allow viruses to sneak in. It simply does it. Please stay with me. Just about every Windows user who reads this is a user of Outlook Express -- it's the e-mail software that's forced on millions of Internet users by Internet providers who lack the guts to challenge Microsoft's monopoly -- and that means just about everyone who uses Windows needs to pay very close attention.
   In Outlook Express, messages can be opened the standard way -- by double clicking on each message entry -- or they can be viewed or "previewed" in a separate area of the Outlook Express window. This is called the preview pane. This happens by default. If you simply use your e-mail program the way it was designed -- and why wouldn't you? -- your messages will be "previewed" automatically. You won't have to open them (double click on them) to read them or reply to them. When Outlook Express "previews" a message, it doesn't use any tricks. It opens the message. Read the last two sentences back to make sure you are still with me. There are no special tricks or techniques. You never have to open a message in Outlook Express to read it. Outlook Express does that for you. It does it automatically. It opens the message for you. Surely by now you are wondering about the words "open the message." Isn't that dangerous? If you receive a message that contains a script virus -- a virus that's part of the message, not part of any attachment -- isn't it foolish to open that message automatically? Of course it is. And that's just what the monopoly e-mail program does. It opens all messages automatically. If you use Outlook Express the way it comes from Microsoft (or the way it comes from your no-guts Internet provider), it previews -- it opens -- all messages for you. You don't need to open them. Outlook Express lets those viruses loose for you.
   With me so far?
   There's more. Hold onto your keyboard. You ain't heard nuthin' yet. Let's say you're a bright Windows user and you know how dangerous Outlook Express can be. Let's say you never use the preview pane. Let's pretend you've turned it off.
   Do I have a surprise for you! Listen up.
   Even with its automatic preview turned off, Outlook Express wants you to feel its pain. Outlook Express wants you to know what viruses are like. It wants you to know the difference between your five-year-old Chevy and the BMWs in the parking lots where 200 millionaires work. Even with the automatic preview turned off, even if you never view messages in the preview pane, Outlook Express automatically opens the first message that arrives in an empty Inbox. 
Listen to this again: Outlook Express automatically opens the first message that arrives in an empty Inbox. 
If that brat in Botwood creates a script virus that wipes out your files and your weak-brained sister-in-law passes it on to you right after you've cleaned out your Inbox, guess what? You can say goodbye to your files. It does not matter how carefully you've set up Outlook Express. Don't even think about how dutifully you've made sure that you don't open messages that seem suspicious. Outlook Express will handle that for you. Have the millions of Windows users who like the look and feel of Outlook Express lost their minds? Or are they simply complacent?
   What about the millions of others who have never realized that Outlook Express is just one of many possible e-mail programs? Are they like the hapless hunters and mountaineers who shouldered blunderbusses? I don't have answers. I have suggestions.

First, stop believing in faeries (Can't believe I said that! We're good people). The world is a tough place. As long as you accept the way Outlook Express works, you can be sure that someone is writing a virus with your name on it.
Second, protect yourself against scripts that are intended to do you harm. Get Script Sentry. It's free and easy to use. Find it by searching for it on Google. (If you don't know about Google, you also need to push that rock out of the way. You've been sleeping under it for too long.)
Third, get a good antivirus program and use it.
Fourth, update your antivirus program every two or three days. Usually, you can do this in a minute or less.
Fifth, don't use the preview pane in Outlook Express unless you have Script Sentry installed. (Note well: If you follow suggestion No. 2, you won't have to worry about using the preview pane. What are you waiting for?)
Sixth, consider switching to a safer e-mail program. There are many. An excellent modern e-mail program for Windows that emphasizes safety is a program with the unusual name of "The Bat!" from RIT Labs. (Google will help you find it.)
Seventh, stop treating e-mail as if it comes from God. Delete all mail that you have any doubts about. Delete all mail that's not from someone you know. Delete all mail that has attachments. (Try it. After a week or so, someone who was actually sending you something important will ask why you didn't respond. You can then write back and explain that your mail program deletes all attachments -- yes, blame it on the software -- and you can then tell the people who send you attachments that they need to send plain messages instead. After all, if they are trying to tell you something, what's wrong with typing a message?)
Eighth, stop treating Windows as if it came from the 12 disciples. Windows is a badly designed monopoly operating system. The way you free yourself from Windows is simple: You stop using it. You get a Mac. (Don't give me all that sobbing and wailing about not being able to run your favorite programs on a Mac. That's just ignorant babble. You can get Microsoft Word and the other parts of Microsoft Office for the Mac. You can get Outlook Express -- a SAFE version of Outlook Express. You have Internet Explorer for the Mac. You have Adobe Photoshop and other Adobe image editing programs. You even have ACDSee, the best image viewing program for Windows, for the Mac. The list goes on and on. You have a choice of hundreds of thousands of commercial programs and shareware-and-freeware programs for the Mac.)
Ninth, don't let Windows hide the true nature of files. By default, Windows refuses to show you the "extension" on the end of a filename. That lets viruses romp around your computer system by hiding their actual purpose. Call the store that sold you the PC and tell them to help you change Windows so it displays all filename extensions. Don't let them off the hook. If your Ford dealer sold you a car without headlights, you'd be banging down his door. The same goes for this inexcusable lapse in Windows. Tell the store (or call the manufacturer) and demand to be shown how to change this setting. Threaten to sue if you have to. (No, I'm not being cute. The first time a virus slips in under this cover and sends out salacious or threatening e-mail under your name, you will be ready to sue in earnest. Get this fix done NOW.)
Tenth, pay attention to the way your Windows PC is used, whether by you or by others in your family. Don't download every file that comes your way on the Web. Choose downloads carefully. Don't accept files sent your way by an instant message program. Don't trust your sister-in-law or your husband's best friend or your Aunt Suse when they send you mail. They don't know anything about safe e-mail. Don't let your friend Jennifer send you a zillion attached messages every three days. Tell her to stop, and block her mail if she doesn't. (All good mail programs let you block mail from specified senders.)
   Do these things now. Do them as if your safety depends on it............. Because it does.

Be Kind to yourself and Your computer.

Roderick B

No comments: