[ The opinions expressed by authors on Linux Today are their
own. They speak only for themselves and not for Linux Today.
]
The latest e-mail “virus”, Explore.Zip, crippled e-mail
systems worldwide, exploiting a combination of Microsoft Operating
System features and, mostly, the gullibility of its users. “This
will never happen under Linux!”, the usual advocates cry. Perhaps
not yet. And the reasons why are something to give serious thought
to…
By Tristan Greaves (Tristan.Greaves@icl.com)
Explore.Zip can be more accurately described as a Trojan Horse.
A user will receive it in e-mail form, looking to be like an e-mail
from a friend or colleague. Because it is. They will have triggered
the virus, which propagates itself by sending a “friendly” e-mail
to the addresses it finds in their Microsoft Outlook in-box,
complete with an executable file.
That’s the part which exploits Microsoft’s integrated
environment.
The activation of Explore.Zip is dependent upon the actions of
the user. When the user runs the attached executable (and why not,
it’s from a friend, right?), it will wipe various documents from
their hard disk, before spreading itself into the ether. Nasty.
As with Melissa (an earlier, but similar, virus), the response
from some within the Linux community has been predictable. The
claim is that this is yet another reason why Linux is superior to
Microsoft technologies: That only the Microsoft using “fools” will
be tricked by the virus, and that flaws in the Operating System
allow it to do its dirty deeds.
Unfortunately, neither of these items should be completely
regarded by the Linux community as “Good Things”. And this article
tells you why.
Abandon all hope ye who enter here
In general, Trojan horse viruses rely on the user running an
executable file from someone they do not necessarily know. In
essence, a sense of gullibility prevails.
Linux is currently the domain of very technical people, who
naturally do not tend to fall for such tricks. If such a file
popped into the In-box of a Linux user, they would most likely
delete it without a second thought. It comes with experience.
Linux is currently on good course to always remain in this
situation. Some work is being done on making the whole system more
accessible to the general public, but not enough! “Normal” users
don’t want to know how configurable the various bits of the
packages are, if it means poking around them with a text editor.
They, quite rightly, consider that to be a relic of the dark
ages.
Before I am forced to don my asbestos suit, I am not knocking
text-based configuration files. They are indeed very powerful. But
where are the GUI alternatives? Advocates, you may be sharpening
your knives at the very mention of “GUI configurability”, but it is
a Good Thing. Some programs are making headway here: Samba’s SWAT
is a good example.
And as good as “vi” is, a user considering using Linux instead
of Windows will most likely run a mile as they watch you apparently
performing a keyboard-based Karma Sutra when editing one of those
text files.
The GUIs available to users are getting better now. KDE and
Gnome are currently looking the most promising. The GUI can be used
to configure the Window Manager itself, so the potential to use it
to configure Linux applications is there, waiting to be
exploited.
Of course, this does boil down to a choice: Does the Linux
community wish to embrace the majority of the computer using world?
Or does it wish to remain a smaller and, well, “geekier” entity? In
short, is it really content to become just a free version of a 30
year old Operating System?
Or does it want to go further?
Integration Is Not Evil
The fact that Microsoft Office (which includes Outlook) is very
much integrated is what allows Explore.Zip to grab the names from a
user’s address book, and then replicate itself.
This does not mean that integration of applications is a bad
thing.
Users want to be able to drag and drop items from application to
application. They want to be able to share documents. They want to
be able to perform e-mail functions from most of the applications
they use, not have to save the file to disk and load it in to a
generic e-mail package.
Unfortunately, this power has not been utilised under Linux yet.
And it will be needed at enterprise level. Groupware is yet another
buzzword, but is all part of the paperless office ideal that many
companies are still striving for.
The situation is slowly being resolved. StarOffice is now
available under Linux, and other products are on the way.
And the Linux community does have its trump card: Open Source.
Once a good integrative environment is in place, developers will
easily be able to adapt their applications to take advantage. As
has been proved before, the use of Open Source will result in
security holes being plugged much faster than Closed Source
systems…. when/if they arise.
Security really is the bugbear of integration. Linux and the
Open Source philosophy have the opportunity to get it right.
Take me to the bridge of the Enterprise
Integration is one of the key philosophies of enterprise-scale
computing. The ability to scale up is another.
Linux is doing fairly well here. The multi-processor support is
there and constantly improving. Various RAID arrays are supported,
but the number of available drivers and the ease of which they are
configured is not too good at this moment in time.
This takes us back to the GUI point raised earlier. What do you
do if you want a RAID array under Windows NT? Connect it, boot, use
Disk Manager to configure the array how you want it. That’s pretty
much it, and all done using the mouse.
Under Linux? Connect it, re-compile the kernel as required (this
may not be needed though – it depends on future-thinking you were
with your modules), and then play with some fiddly command line
tools to get it set-up and formatted. It’s not very intuitive:
Chances are you will have to check out a couple of HOW-TOs
first.
Again, I love the low-level Linux stuff. However, I want the
*option* of being able to do all of this using a GUI. And so will
any NT Administrators coming to Linux for the first time.
Linux needs to be able to run on the big, massive, gargantuan
servers. It may not *need* to due to its greater efficiency over
NT, but managers like to know that it *can*. Oh, and the “Ah, but I
can run Linux on an old 486” line is getting tiresome now. Sure,
it’s great for simple network routing and e-mail gateway stuff, but
you won’t be running any enterprise-level web server clusters on
them will you?
Choose wisely
There you have it. My views on Linux’s current state in terms of
user friendliness, and its current prowess in the enterprise.
So where does Linux go from here? It’s your call.
Advocates, you could simply keep your current direction. Most
users will stick with Microsoft on their desktops. They’ve heard
how unfriendly Linux is, after all. No software integration,
command-line driven software, and…. configuration text files!?
Why should they change? They don’t care how efficient and cool the
underlying kernel is. They are, quite rightly, thinking in terms of
what they can do with it.
Or do you want most of the computing world to use Linux? If so,
you will have to put up with all of the problems you associate with
Microsoft. Clueless users, running executables from strangers and
trashing their files. More “bloated” applications. However, Open
Source will be prevailing on a much grander scale, with all of the
advantages that ensue. The general public will realise why it is
such a good thing!
All that will take is a consideration of what the majority of
computer users *want*. Powerful GUIs. Powerful integration.
Where do you want to go tomorrow?
BIOGRAPHY
———
Based in England, Tristan Greaves works as a Systems Integrator
within the Information Exchange at ICL (The IT systems and services
company). He is relatively new to Linux, first encountering 2.0.32
at the University of Southampton, where he will be completing his
Computer Science degree next year. His job entails integrating
Linux and Microsoft systems together, and his life would be easier
if “everyone could just get along”. When not hacking Linux, he can
be found making sweet music with his band “Stash” in the Portsmouth
area. His home page resides at http://www.ecs.soton.ac.uk/~tmg296/
Thanks to Rupert Benbrook and Marcus Randle for their insightful
input.