«

http://www.sophos.com/security/analy...badbunnya.html

http://www.theregister.co.uk/2007/05/22/badbunny/

"" This is old-school malware - seemingly written to show off a proof of
concept rather than a serious attempt to spy on and steal from computer
users. A financially motivated hacker would have targeted more widely used
software and not incorporated such a bizarre image. ""


--
Jonathan Walker

"You'll have to excuse me — I have a long
bath and a short dress to get into."

In article <>, lid says...
> http://www.sophos.com/security/analy...badbunnya.html
>
> http://www.theregister.co.uk/2007/05/22/badbunny/
>
> "" This is old-school malware - seemingly written to show off a proof of
> concept rather than a serious attempt to spy on and steal from computer
> users. A financially motivated hacker would have targeted more widely used
> software and not incorporated such a bizarre image. ""
>

I wonder if the John Leyden that is named in theregister is the same as the Joe
Leyden that was known/active around BBS circles in nz in the 80ies.

-P.

--
=========================================
firstname dot lastname at gmail fullstop com

In message <>, Jonathan Walker wrote:

> http://www.sophos.com/security/analy...badbunnya.html
>
> http://www.theregister.co.uk/2007/05/22/badbunny/

Given how Java-heavy OpenOffice is, I think this gives the lie to the claim
that using a managed language like Java really makes any difference to
security. Also others have reported that OpenOffice is actually more
resource-hungry than M*#$%s&ft Office is.

On Wed, 23 May 2007 17:27:00 +1200, Lawrence D'Oliveiro wrote:

> In message <>, Jonathan Walker wrote:
>
>> http://www.sophos.com/security/analy...badbunnya.html
>>
>> http://www.theregister.co.uk/2007/05/22/badbunny/
>
> Given how Java-heavy OpenOffice is, I think this gives the lie to the
> claim that using a managed language like Java really makes any
> difference to security. Also others have reported that OpenOffice is
> actually more resource-hungry than M*#$%s&ft Office is.

Open Office can be run java free. Somethings are missing if it is.

On Wed, 23 May 2007 05:45:10 +0000, Gordon wrote:

>> Given how Java-heavy OpenOffice is, I think this gives the lie to the
>> claim that using a managed language like Java really makes any
>> difference to security. Also others have reported that OpenOffice is
>> actually more resource-hungry than M*#$%s&ft Office is.
>
> Open Office can be run java free. Somethings are missing if it is.

And on the Linux platform, the script that is dropped is a PERL script.

On MacOS X the script is a Ruby script, and on Windows the script is a
Java script.


--
Jonathan Walker

"You'll have to excuse me — I have a long
bath and a short dress to get into."

In message <>, Jonathan Walker wrote:

> On Wed, 23 May 2007 05:45:10 +0000, Gordon wrote:
>
>>> Given how Java-heavy OpenOffice is, I think this gives the lie to the
>>> claim that using a managed language like Java really makes any
>>> difference to security. Also others have reported that OpenOffice is
>>> actually more resource-hungry than M*#$%s&ft Office is.
>>
>> Open Office can be run java free. Somethings are missing if it is.
>
> And on the Linux platform, the script that is dropped is a PERL script.
>
> On MacOS X the script is a Ruby script, and on Windows the script is a
> Java script.

Are these scripts still dropped if the Java parts are disabled?

On Thu, 24 May 2007 12:27:48 +1200, Lawrence D'Oliveiro wrote:

>> On MacOS X the script is a Ruby script, and on Windows the script is a
>> Java script.
>
> Are these scripts still dropped if the Java parts are disabled?

If you had actually read the article, your would have learned that the
actual script in the OpenOffice document is a StarBasic macro script.

So, either you should have Macro scripting turned off is OOo, or you
should have no Java installed - or both.


--
Jonathan Walker

"You'll have to excuse me — I have a long
bath and a short dress to get into."

In message <>, Jonathan Walker wrote:

> On Thu, 24 May 2007 12:27:48 +1200, Lawrence D'Oliveiro wrote:
>
>>> On MacOS X the script is a Ruby script, and on Windows the script is a
>>> Java script.
>>
>> Are these scripts still dropped if the Java parts are disabled?
>
> If you had actually read the article, your would have learned that the
> actual script in the OpenOffice document is a StarBasic macro script.

Which doesn't answer the question.

Lawrence D'Oliveiro wrote:
> In message <>, Jonathan Walker wrote:
>
>> http://www.sophos.com/security/analy...badbunnya.html
>>
>> http://www.theregister.co.uk/2007/05/22/badbunny/
>
> Given how Java-heavy OpenOffice is, I think this gives the lie to the claim
> that using a managed language like Java really makes any difference to
> security. Also others have reported that OpenOffice is actually more
> resource-hungry than M*#$%s&ft Office is.

It may be so. OpenOffice is a 'true' application so it has to abide by
proper application protocols with respect to the operating system. This
is the way it ought to be security-wise. MS Office tends to be a
Siamese twin 'offshoot' of Windows, so has performance advantages of
being sort of part of the operating system but at the risk of security
and stability. Moreover it may not be as highly optimised as MS Office.

However in the days of cheap hardware, any alleged performance
deficiencies of Open Office are of little moment - security and
stability should take priority over performance.

In any case to suffer the virus, one would need to both open an infected
file and specifically allow macros to run for that file. Moreover it is
extremely unlikely that the virus can penetrate beyond user space, so
cleaning up is relatively simple.

"peterwn" <> wrote in message
news:4656a0ba$...
> Lawrence D'Oliveiro wrote:
>> In message <>, Jonathan Walker wrote:
>>
>>> http://www.sophos.com/security/analy...badbunnya.html
>>>
>>> http://www.theregister.co.uk/2007/05/22/badbunny/
>>
>> Given how Java-heavy OpenOffice is, I think this gives the lie to
>> the claim
>> that using a managed language like Java really makes any difference
>> to
>> security. Also others have reported that OpenOffice is actually
>> more
>> resource-hungry than M*#$%s&ft Office is.
>
> It may be so. OpenOffice is a 'true' application so it has to abide
> by proper application protocols with respect to the operating
> system. This is the way it ought to be security-wise.

And yet security remains a problem for this true pig of an
application.

> MS Office tends to be a Siamese twin 'offshoot' of Windows, so has
> performance advantages of being sort of part of the operating system
> but at the risk of security and stability.

MS Office is not "part of the operating system" but is instead
optimized performance-wise to work **with** the operating system
(Windows, and to a lesser extent OS/X). WorkPerfect Office does much
the same. Why can't OO developers match that level of performance?

> Moreover it may not be as highly optimised as MS Office.
>
> However in the days of cheap hardware, any alleged performance
> deficiencies of Open Office are of little moment - security and
> stability should take priority over performance.
>

Only if the security and stability features of OO were demonstrably
better could you make this argument stick. But then, oops -- "Malware
targets Open Office users" -- so your sales pitch is what exactly?

> In any case to suffer the virus, one would need to both open an
> infected file and specifically allow macros to run for that file.

Same as in MS Office.

> Moreover it is extremely unlikely that the virus can penetrate
> beyond user space, so cleaning up is relatively simple.

Well, heck, why worry at all then?