Re: [tlug] mail recommendations

["Stephen J. Turnbull" <stephen@example.com>]

>>>>> "A" == A Sajjad Zaidi <A.Sajjad> writes:

    A> And [MUA diversity] one of the reasons we dont have to worry
    A> much about worms and viruses spreading through emails.

False.  You're _basically_ right, that "biodiversity" plays an
important role in making open source systems robust to infection.  But
it's only part of the story, and it's not the diversity of MUAs that
matters much.

Worms and viruses spread through automatic execution, and then attack
vulnerable applications.  It is quite easy to arrange for automatic
execution via MIME external bodies, which many of these MUAs support
(that's why they call MIME a "standard").  But the vulnerable
application _need not be the MUA_; it can be something much more
standardized (eg, sendmail or Apache).  In order to have worm-like
behavior, all you need is to be able to parse email directories, then
call /usr/lib/sendmail, which is pretty easy for most any script or
program that manages to get itself executed.

Cf. http://www.linuxmafia.com/~rick/faq/#virus, and note how Moen
debunk's Simon Garfinkel's advocacy of virus checkers for Linux.  That
mistake is based on his understanding the hole in your argument as
stated, but not why it actually works when properly applied.

The real reasons are

1.  Lack of privilege of ordinary and most system users.  This
    contains damage to a single user's account, and generally leaves
    the system completely unaffected.

2.  Auto-execute is _off_ by default, except for read-only viewers.
    The main potential exception would be Ghostscript (Postscript has
    all the facilities you would expect of a general-purpose
    programming language, it's just hard for humans to write, but that
    now has the -dSAFER switch which mostly prevents writing files etc.

Of course you can use script-kiddie-style attacks on other security
holes to get around 1, but those are bugs.  This is not the same thing
as using ordinary macros in Microsoft Word via OLE.

And to get around 2, it's true that most Unix programs, including
allegedly "read-only" viewers, have access to exec(3) or system(3)
exposed somewhere, but this is typically pretty hard to get at, and
the variety and rapid evolution of the code often makes it very hard
to develop a robust exploit.  Again, this is more a bug in specific
versions, rather than a designed-in "feature" that would really hurt
users if you shut it off (what would MS Office be without OLE? a very
poor imitation of KOffice...).

Food for thought: I suspect that it would be very hard for Microsoft
to rewrite all its software to use safer inter-client protocols.  Yet
Unix, despite the apparent flimsiness of its traditional "network of
friendly users" approach to security, has shown itself to be capable
of quite robust security characteristics.

-- 
Institute of Policy and Planning Sciences     http://turnbull.sk.tsukuba.ac.jp
University of Tsukuba                    Tennodai 1-1-1 Tsukuba 305-8573 JAPAN
              Don't ask how you can "do" free software business;
              ask what your business can "do for" free software.