Talk:Christmas Tree EXEC

Computing Mid‑importance

	This article is within the scope of WikiProject Computing, a collaborative effort to improve the coverage of computers, computing, and information technology on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.ComputingWikipedia:WikiProject ComputingTemplate:WikiProject ComputingComputing articles
Mid	This article has been rated as Mid-importance on the project's importance scale.
	This article is supported by WikiProject Computer Security (assessed as High-importance).

I'm editting here[edit]

FYI, I'm the "Ross Patterson" from the RISKS Digest reference in the article. I'll be careful and only make changes that are supported by other sources. RossPatterson (talk) 01:07, 31 October 2008 (UTC)[reply]

Refusal to execute "CHRISTMAS"[edit]

The article states that "IBM's internal mainframes refuse to execute programs named CHRISTMAS". However, the article also states the file-name was and only could be 8 characters long (CHRISTMA). I'm thinking that the mainframes refused to execute CHRISTMA or this feature is just made-up. I haven't changed the article, since I don't know much about it... 82.34.233.236 (talk) 18:42, 1 March 2009 (UTC)[reply]

I've just deleted the comment. The {{Fact}} tag was six months old, so it looked like it would never get a reference. RossPatterson (talk) 20:04, 1 March 2009 (UTC)[reply]

Not entirely correct[edit]

IBM MVS systems have never been limited to 8 character filenames; only the member names of libraries, such as EXEC libraries, were limited to 8 characters. The "Christmas Tree EXEC" described here was actually not a worm so much as a spammy chain letter. GlennAllenII (talk) 16:36, 22 October 2009 (UTC)[reply]

It was VM/CMS systems, not MVS, and CMS files are (or were, prior to OpenEdition) named by a pair of 8-character tokens. Hence "CHRISTMA EXEC". One could argue about what it was, but what it most resembled 22 years ago was what we now generically call malware. It was a program, delivered over the net, which when run harvested addresses and sent itself to them from you. RossPatterson (talk) 18:32, 22 October 2009 (UTC)[reply]

Warning[edit]

There really needs to be a pop up or some kind of warning for the source code for the virus to warn you what you're about to open, because i thought the link was a SCREENSHOT of the worm, not the actual worm. I'm just lucky I have avast running real time. —Preceding unsigned comment added by Yutsi (talk • contribs) 03:53, 1 January 2010 (UTC)[reply]

Avast! didn't help you. It doesn't run on the only type of system where this worm can run. Nonetheless, the link to the source was removed about 8 months after your comment, and several years later the server hosting it was shut down. RossPatterson (talk) 00:51, 7 January 2013 (UTC)[reply]

Well, a working link to the source code is back in the article, but not to worry. The *only* way the code will do what it was designed to do is if you happen to 1) have access to a VM system (today it's called z/VM, but I digress) (a VERY unlikely situation since these days z/VM isn't very common). 2) you would have to copy/paste or by other means enter the code into the Xedit editor on VM, or use the IND$FILE transfer program, or FTP the code, or... (you get the idea) 3) Save the code somewhere on your assigned VM userid. 4) Run the exec by typing CHRISTMA.

Before I retired I was a VM software developer. I just read the CHRISTMA EXEC, and I still understand every line of that code. I remember when this hit in the 80s, and yes, it did cause a mess for a while as copies of the code began clogging up the works. By the way, the article says code was hidden past column 80 (which was a standard screen width on the types of terminals in use back then), but in the example I just looked at, there's nothing past column 80. I can't remember if the original used that trick, so I'm not going to change the article. — Itsfullofstars (talk) 00:26, 20 June 2021 (UTC)[reply]

Personal anecdote[edit]

I received this file, read the source code, went "Heh, that's cute", and executed it to send the Christmas card to my address book. I didn't think through the implication of what would happen if all the recipients did the same -- remember, this was before the RTFM worm. :-) --SarekOfVulcan (talk) 22:08, 4 February 2011 (UTC)[reply]

External links modified[edit]

Hello fellow Wikipedians,

I have just modified one external link on Christmas Tree EXEC. Please take a moment to review my edit. If you have any questions, or need the bot to ignore the links, or the page altogether, please visit this simple FaQ for additional information. I made the following changes:

Added archive https://web.archive.org/web/20080917175424/http://vx.netlux.org/exotic.php to http://vx.netlux.org/exotic.php

When you have finished reviewing my changes, you may follow the instructions on the template below to fix any issues with the URLs.

Y An editor has reviewed this edit and fixed any errors that were found.

If you have discovered URLs which were erroneously considered dead by the bot, you can report them with this tool.
If you found an error with any archives or the URLs themselves, you can fix them with this tool.

Cheers.—InternetArchiveBot (Report bug) 17:36, 29 April 2017 (UTC)[reply]