LISTSERV - HP3000-L Archives

HP3000-L Archives

January 2002, Week 5

HP3000-L@RAVEN.UTC.EDU

	LISTSERV Archives
	HP3000-L Home
	HP3000-L January 2002, Week 5

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: Virus exploit: new photos from my party!
From:	[log in to unmask][log in to unmask] > "Le Groupe APPIC recrute, [...]36_31Jan200209:19:[log in to unmask]
Reply To:	[log in to unmask]
Date:	Wed, 30 Jan 2002 14:16:33 -0500
Content-Type:	text/plain
Parts/Attachments:	text/plain (53 lines)

Roy Brown wrote in part:
> NOBODY has good reason to believe their PC is safe.
Accepting Wirt's statement that all security is an illusion (which I regard
as an exaggeration for effect)), can we at least agree that there is such a
thing as relative safety? And that, all other things being equal, we can
believe that most things will continue to behave as they have? I have good
reason to believe that my PC is safe from the major known exploits, and have
seen examples of viral email arrive. I open them, I look at the properties
of whatever is left of any attachment. Between our server-based AV scanner,
our desktop AV scanner, and reasonably current patches, I have yet to be
directly affected by any email virus. I expect this to continue to be true.
But by this time, I've probably also heard about them and read about them. I
already know that I'm dealing with a virus, and how that virus works, and I
treat it accordingly.

> Ron's virus sailed straight through my up-to-date Norton virus checker
If by this you mean the stuff that appeared on list, wasn't that represented
in line? That was how it came to me. There would be no reason for an AV
scanner to pick that up, although if one did, I would expect it to be
server-based AV scanning. Desktop-based AV scanning can be configured to
route all email through a proxy facility, that allows it to examine all
email. I have yet to bother with that. Instead, I handle the attachments as
suspect at first, and manually force scans when appropriate.

> Maybe NAV would have caught it if I'd opened it, but I wasn't about to
> find out. It's the way of the world that new viruses arrive
> before their
> antidotes do.
But this is the exception. The "new" viruses that I have seen (this is
anecdotal, and should not be treated as having any real authority) have
exploited older, known vulnerabilities, against which my PC is already
patched. I do find out. So far, I have yet to be fooled.

> Maybe NAV's heuristic checker would have found it anyway; but
> my manual
> one (me) spotted it.
And that's a good and useful approach. I wouldn't want to argue against it,
when it works. By all means, stop, look, and think. Certainly, I think about
what I'm doing, when I get a suspect attachment.

OTOH, how many viruses have been propagated by someone who did not choose
wisely? Those users should be patched by any means necessary. They should
probably also have their email access revoked for at least as long as it
takes the admins to clean up the mess (and perhaps have their mice
confiscated, if only to slow down their double-click reflex), and should be
sent to remedial training.

Greg Stigers
http://www.cgiusa.com

* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *

ATOM RSS1 RSS2

RAVEN.UTC.EDU