Drobe :: The archives
About Drobe | Contact | RSS | Twitter | Tech docs | Downloads | BBC Micro

Windows nasties can affect ROS users too

By Chris Williams. Published: 5th Mar 2004, 04:29:47 | Permalink | Printable

It's true, it's true

Editorial Once upon a time, RISC OS users could grin in a rather smug manner as the current wave of Windows worms and viruses wreaked havoc on the Internet. Emails carrying infected payloads would be effectively neutralised when opened on an ARM powered machine. TCP/IP services vulnerable on other systems wouldn't be running on a RISC OS machine. Very smug, indeed.

RISC OS, to be honest, is not the most secure OS on the planet and that's an understatement: it's hopeless at security. The phrase, 'security through obscurity' was made for RISC OS. The DCI4 documentation for writing network device drivers is kept confidential for security reasons, but that didn't stop it from being leaked in various formats. Complacency in end users is also an issue: the RISC OS platform is currently so small that even the would be virus writers have left the scene and whilst the network services provided by RISC OS have never been security audited, there's no publically known exploits purely because no one's really bothered to look and poke around. Having said that, RISCOS Ltd. introduced a firewall into Select in order to, amongst other things, help protect ShareFS users.

Compared to the rest of the IT industry, the RISC OS scene is as laid back as a Glastonbury hippie who's been told that cannabis has finally been legalised. When you realise that every application runs its !Boot file automatically when "seen" by the Filer unless the user remembers to hold down the control key and that any application can hook into the kernel or freely disable the firewall, you might as well give up trying and don those tie-dye t-shirts and sandals. Ignorance is bliss, right?

Times change and now RISC OS 4 and Select can be comfortably run on a suitable Windows PC, using VirtualRiscPC. In some ways, Windows is more secure than RISC OS and in others, it's less. The bottom line is that Windows is just as susceptible to viruses and malicious exploits as RISC OS. The big difference between Windows and RISC OS is that, and this may shock you, a lot of people use Windows and there's a lot of nasties in the wild for it. This is precisely why Windows users can't be complacent like us RISC OS users: anti-virus kit, anti-malware and full firewall protection are essential in this day and age. This includes VirtualRiscPC-SE users.

With many dealers touting emulation solutions by offering PCs fitted out with VirtualRiscPC-SE and RISC OS 4, what efforts are being made to ease the culture shock of moving from RISC OS to using Windows? How far should the RISC OS user base go to educate its users on the dangers of Windows security, or have our years of smugly watching the horrors of the likes of Nimda, Code Red and Blaster unfold taught us lessons that some Windows users have yet to pay attention to?

The drobe.co.uk editorial team faced an interesting predicament earlier this week, when Neil Spellings of the Aemulor team emailed in to warn us of a Windows virus doing the rounds. On the one hand, we wanted to inform the corner of the userbase who use Windows with RISC OS of the annoying Beagle worm, but on the other hand, we weren't particularly happy with extending our editorial domain to cover top Windows hints and tips.

"I can understand your position," Neil commented to drobe.co.uk, adding that the worm's propagation email does indeed look very genuine.

"I guess as more and more 'RISC OS machines' are based upon WindowsXP with VirtualRiscPCSE, users are going to have to be more aware of the plethora of security alerts and patches for those systems if they don't want DoS attacks against them, or to catch viruses."

Neil primarily alerted us to the worm because he also runs spellings.net, a web services company that has RISC OS users as some of its clients. NoughtPointOne, who host iconbar.com and other RISC OS related websites, also alerted users to the presence of the worm.

R-Comp is one particular dealer that sells WindowsXP PCs that feature VirtualRiscPC-SE and RISC OS 4. We asked them what they were doing to ensure that RISC OS users who are new to Windows, or new to administrating their own PC, are protected from the 'net's nasties.

"We encourage all users to not use Outlook Express, and instead get them using MessengerPro on RISC OS, since almost all viruses these days exploit the Outlook family and are email transferred anyway. If the RISC OS side is used for email there's really no major risk," explained an R-Comp spokesperson. R-Comp's portables also ship with anti-virus software as standard and they recommend users install Adaware to get rid of any accidentally acquired malware. Also, most of R-Comp's customers are broadband Internet users and therefore rely on firewalls in their home network routers for protection.

"Overall, I feel the threat from viruses and security vulnerabilities is pretty low, especially if the user is using the machine primarily as a RISC OS machine."

Please, if you're subjecting yourself to Windows, make sure you're using some form of anti-virus package and a firewall. Don't open attachments unless you're absolutely sure of their contents. Follow the links at the bottom of this article and may we never have to devote future drobe.co.uk bandwidth to the subject of Windows and security.

Links


Viruses are bad, mmm'kay
10 handy tips on Windows security
ComputerWorld's security corner - aka IDG MicroSoft's security website - stop sniggering at the back

Previous: LCD offer for new Iyonixes
Next: Select for Iyonix needs cooperation

Discussion

Viewing threaded comments | View comments unthreaded, listed by date | Skip to the end

There is the Windows version of MPro - what's it called Genesis or something. Absolute sh1te I'm afraid - doesn't even multitask, probably worth the price of VARPC just to get a decent news/Email client!

I used RedSquirrel mainly for Pluto!

 is a RISC OS Usersimo on 5/3/04 6:30AM
[ Reply | Permalink | Report ]

I presume you mean Gemini, although your decription of it is suggests otherwise. Take a look at [link] for further details.

 is a RISC OS Usernot_ginger_matt on 5/3/04 1:23PM
[ Reply | Permalink | Report ]

Gemini is excellent - it does indeed multitask (of course) and outdoes MessPro in almost every way. Perhaps you saw a very early development version? It's come a long way and is still developing rapidly. It's been my only mail/news client for almost a year now and I've had no problems, and new features are added continuously.

As for the article, I was rather concerned to see RComp's statement that "almost all viruses these days exploit the Outlook family". That hasn't been true for a year or more. Most viruses now have their own smtp engines and work independently of Outlook (although many will use your address book if they can find it).

I would be concerned if using a VARPC machine on the internet without a hardware firewall, TBH. Given it's working on top of Windows, the security issues are the same as any other unpatched Windows box, even if the user is using RISC OS. I would like to see the manufacturer's enabling something like ZoneAlarm on all VARPCs by default (it's free...).

Not all broadband users have routers - indeed, unless they have multiple PCs, they probably won't. You can't assume that your broadband customers are automatically OK.

 is a RISC OS Userjohnpettigrew on 5/3/04 1:53PM
[ Reply | Permalink | Report ]

On WindowsXP instead of Outlook Express I use Mozilla Thunderbird - now at 0.5 goto:- [link]

I also sometimes use Mozilla Firefox (was called Firebird) for browsing goto:- [link]

I've not yet got VARPC online.

Regards, DaveC

 is a RISC OS UserDaveC on 5/3/04 2:26PM
[ Reply | Permalink | Report ]

Note to John - R-Comp have always championed the router as the mechanism for broadband, right since the early days (and even in the modem era, too). Obviously if users choose to ignore our advice, then that's out of our control, but that's not really the scope of the article. The point about email is that by utilising RISC OS email software, they avoid the primary mechanisms of virus propogation.

It is also worth noting that our email to Chris about this topic was quite lengthy, covering a number of angles (including the aspect of Windows security fixes).

 is a RISC OS Userarawnsley on 5/3/04 2:30PM
[ Reply | Permalink | Report ]

To solve both the firewall and external proxy issues, get IPCop: [link] Free, robust, solid, and with Daniel Barron's DansGuardian available as a content filtering AddOn free. Sits under the desk, and only gets rebooted when a patch needs installing. Which is really painless.

 is a RISC OS Usermikeg on 5/3/04 6:35PM
[ Reply | Permalink | Report ]

The R-Comp spokesperson's mad. None of Bagle, NetSky or Swen were Outlook-specific. They used tricks to actually get the curious to run the executables, not to get Outlook to run it automatically. Also, worms these days don't use Outlook's address book for searching for new addresses to send copies of itself to as such - they just search every file it can find on disc for things that look like addresses, and then use their own SMTP client to send them. So they catch out users of Eudora, Mozilla Mail, and even Messenger Pro for Windows just as badly as they do Outlook.

 is a RISC OS Usernunfetishist on 5/3/04 7:32PM
[ Reply | Permalink | Report ]

The .vsb virusses are outlook specific though, that is if you don't change the standard settings. If you update on time and secure your windows IE and outlook settings (which is not so easy) windows is pretty secure though, just don't run any executables you get by email.

 is a RISC OS UserJaco on 5/3/04 8:04PM
[ Reply | Permalink | Report ]

OT regarding firewall IPcop, Ive done some appps/bits to get firewall infos.

 is a RISC OS Userchod on 5/3/04 9:32PM
[ Reply | Permalink | Report ]

This smacks of scaremongering to me (at least the headline does). Whilst strictly speaking it can be true, it's only true when RISC OS users are really being Windows users. The content of the article is a differnt story, and raises some serious questions (why IS the !boot hole still there when it's been a risk for years? If it was limited to loading sprites and setting filetypes and runtypes would that really break much?)

 is a RISC OS UserSimonC on 6/3/04 2:34PM
[ Reply | Permalink | Report ]

SimonC>

Ahem, a user running RISC OS under emulation on a PC is *always acting as a Windows user*, as anytime VARPC does anything it has to interact via Win API's and/or DirectX. Just because you're in an emulated environment and do not *see* Windows does not mean it's not there - anything you see displayed, any keypresses you make, any disk or network access you wind up doing is *actually* being done through Windows.

This has a number of consequences (i). The user *must* ensure that the latest *Window AV* is installed (ii). That - particularly with XP- that they have some sort of internet security product installed (e.g., Norton's Internet Security, or if you prefer, Zone Alarm) and that (iii) Windows itself has all critical security patches applied and Service packs installed (please note WinXP has a new Service Pack (SP2) on the way).

As to the !Boot issue, yes it is a security problem, but if it were "fixed" now what would break ? Putting that on top of all of Windows security baggage makes for a system that is arguably less secure than either RISC OS or Windows would be by themselves.

Regards

Annraoi

 is a RISC OS UserAMS on 6/3/04 6:22PM
[ Reply | Permalink | Report ]

AMS: You can imagine how concerned I was when someone involved in promoting Windows machines with RISC OS emulators, used the words "Secure Environment" when talking to me about how emulated RISC OS makes use of the underlying Windows system.

No coherent explanation of what "Secure Environment" meant was forthcoming...

dgs

 is a RISC OS Userdgs on 6/3/04 7:08PM
[ Reply | Permalink | Report ]

nunfetishist: Do any email clients other than the outlook family share the double extension bug that allows files to appear to the user as a different type? (easily blocked by an SMTP firewall prohibiting attachements named *.*.*)

 is a RISC OS Userjess on 6/3/04 9:28PM
[ Reply | Permalink | Report ]

dgs: If your system is behind a router and the internet is only accessed via the RO emulator, where would the holes be? (Of course if you did that why bother with a windows system, rather than native hardware?)

 is a RISC OS Userjess on 6/3/04 9:32PM
[ Reply | Permalink | Report ]

AMS: That was my point about "when they're being Windows users". I was complaining about the headline, not the entire article, since the headline implied not just VRPC.

As for !boot, I was thinking of RO in general, not just for VRPC, and I don't see much of a reason for not tightening it up. Some apps might require shuffling stuff into the !Run instead.

 is a RISC OS UserSimonC on 7/3/04 12:26AM
[ Reply | Permalink | Report ]

jess: Supporting double extensions is not a bug. Obeying the first three characters after a full stop, and not the last however, is. I don't think Outlook suffers from this. (Otherwise, you can't have filenames with full stops in them, and as extensions are just a naming convenstion, not something inforced by the OS [since Windows 95, anyway])

 is a RISC OS Usernunfetishist on 7/3/04 2:30PM
[ Reply | Permalink | Report ]

SimonC>

Indeed point taken.

The !Boot issue perhaps could be addressed by limiting its effect to modifying things only within the directory in which it resides (i.e., its own application) and/or perhaps warning users if a !Boot attempts to run an executable (for example with RO popping up a message to say "!Boot attempting to run executable xxxx Do you wish to allow this [Yes/No]".

Problem is so many things rely on !Boot being able to do whatever it wants if we now modify how it behaves how many things will break ???

Regards

Annraoi

 is a RISC OS UserAMS on 7/3/04 4:20PM
[ Reply | Permalink | Report ]

Iam not sure what t***s means above but I didn't type it (cue XFiles music).

Regards

Annraoi

 is a RISC OS UserAMS on 7/3/04 4:30PM
[ Reply | Permalink | Report ]

nunfetishist: Outlook does something stupid, like displaying the icon for the first extension and obeying the second one and ignoring the mimetype.

 is a RISC OS Userjess on 7/3/04 6:04PM
[ Reply | Permalink | Report ]

Well I'm using a RPC and I've been affected. Since these new viruses scan files on the disc (including news postings with my message IDs that looks like emails to my domain) rather than relying on OE users who have my address in their address book, I've been having to filter off a lot more viruses and virus bounces.

 is a RISC OS Userninja on 9/3/04 5:48PM
[ Reply | Permalink | Report ]

Don't email idiots, don't give your email address to idiots, problem solved.

If your files are stored in HostFS then Windows had full access to them, viruses can alter them, scan them for email addresses

 is a RISC OS Usermavhc on 9/3/04 10:49PM
[ Reply | Permalink | Report ]

Hopefully the authors of Virtual RPC have tested their product with the Microsoft beta of Windows XP Service pack 2.

Seeming due to lots of new security issues quite a number of existing XP apps may fail when SP2 is added.

Sp2 is suppose to be 400MB plus in size too. :-O

Hope they've got broadband....

 is a RISC OS Userquatermass on 11/3/04 1:39PM
[ Reply | Permalink | Report ]

Actually, while I obscure my email address for news postings (altering it to an address I own, of course) my messageIDs take the form 'me.1428384@me.com' and my filters must be set up wrongly since mails sent to that message ID end up in the me@me.com mailbox. I don't think it's possible to reject mail sent to invalid users, or at least I couldn't find a way to do it with FreeSMTP and since switching over to POPstar in a rush after FreeSMTP broke, I haven't spent the time to really check if POPstar can do it.

 is a RISC OS Userninja on 11/3/04 6:22PM
[ Reply | Permalink | Report ]

quatermass: Well, no wonder plenty of people don't have fully patched Windows systems, if that's the case.

 is a RISC OS UserSimonC on 12/3/04 9:59AM
[ Reply | Permalink | Report ]

SimonC, they can always order the free security update CD from Microsoft UK. They just have to find the elusive URL!

Ok, here it is: [link]

One odd thing I've noticed is that most XP users seem to think that the auto-update program does it all. But it only does some of the updates.

 is a RISC OS Userquatermass on 12/3/04 12:11PM
[ Reply | Permalink | Report ]

Please login before posting a comment. Use the form on the right to do so or create a free account.

Search the archives

Today's featured article

  • Article graphics insight
    Easy when you know how
     10 comments, latest by thesnark on 21/8/04 10:59PM. Published: 18 Aug 2004

  • Random article

  • Epsom Show Theatre Highlights

     Discuss this. Published: 25 Oct 2000

  • Useful links

    News and media:
    IconbarMyRISCOSArcSiteRISCOScodeANSC.S.A.AnnounceArchiveQercusRiscWorldDrag'n'DropGAG-News

    Top developers:
    RISCOS LtdRISC OS OpenMW SoftwareR-CompAdvantage SixVirtualAcorn

    Dealers:
    CJE MicrosAPDLCastlea4X-AmpleLiquid SiliconWebmonster

    Usergroups:
    WROCCRONENKACCIRUGSASAUGROUGOLRONWUGMUGWAUGGAGRISCOS.be

    Useful:
    RISCOS.org.ukRISCOS.orgRISCOS.infoFilebaseChris Why's Acorn/RISC OS collectionNetSurf

    Non-RISC OS:
    The RegisterThe InquirerApple InsiderBBC NewsSky NewsGoogle Newsxkcddiodesign


    © 1999-2009 The Drobe Team. Some rights reserved, click here for more information
    Powered by MiniDrobeCMS, based on J4U | Statistics
    "So, if I had 'teased' you with spin you might have printed it. Instead because it was simply factual you decided not to"
    Page generated in 0.1745 seconds.