[conspire] linux antivirus?

Blue Boar BlueBoar at thievco.com
Thu Sep 11 19:40:07 PDT 2003

Rick Moen wrote:

> That's missing the point.  The "worm" in both those cases merely
> -=automated=- a non-automated remote attacker's easy misappropriation of
> system root access (a vulnerability that in I believe both cases had
> been left wide open for five-plus months).  

That's what worms do, that's what worms are.  Does your definition of worm 
vary from mine, somehow?  One can create a worm that is more subtle and 
does things like try to guess and crack password, and exploit established 
trust relationships (again, Morris) but who cares?  That flavor, for all 
intents and purposes, is obsolete.  It's not the type people are concerned 
about at present, and it makes the kind that use exploits no less wormy.

> To paraphrase one of my essays, calling it "enabling worms" is like
> saying a homeowner "enabled arson" after he left his home wide open and
> unoccupied for six months, then burglars finally noticed the house,
> stole its valuables, and finally torched the place.  The "worms" are
> just a minor aftereffect of a far more basic underlying problem.

It's like leaving your Windows/IIS box unpatched for weeks, and then a 
worms exploits it and spreads. I'm really not grasping this distinction 
you're trying to make.


More information about the conspire mailing list