LISTSERV - HP3000-L Archives

HP3000-L Archives

July 2001, Week 3

HP3000-L@RAVEN.UTC.EDU

	LISTSERV Archives
	HP3000-L Home
	HP3000-L July 2001, Week 3

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: Snow white -- is it just me?
From:	Tom Emerson <[log in to unmask]>
Reply To:	Tom Emerson <[log in to unmask]>
Date:	Mon, 16 Jul 2001 14:13:33 -0400
Content-Type:	text/plain
Parts/Attachments:	text/plain (61 lines)

On Mon, 16 Jul 2001 10:41:56 -0700, Bruce Toback <[log in to unmask]> wrote:

>Denys Beauchemin wrote:
>
>>Perhaps Bruce is unaware that by simply disabling VBS as an association,
he
>>immediately becomes immune to macro viruses coming on Lookout 97, 98, 2000
>>and XP.  A simple fix that, if widely known, would put firewall vendors
and
>>anti-virus vendors out of business or at least in a world of hurt.  One
can
>>always make a good living scaring people to death.
>
>Denys is correct; Bruce was completely unaware that disabling VBS would
>stop Word macro viruses. (Is that true, Denys? It's what your statement
>says. Your statement also implies that firewalls aren't necessary if you
>disable VBS as an association.)

I would say that Denys is correct for one and only one method of attack.
The root problem, however, is the plethora of things windows considers to
be "executable", and by "clicking" on a file with a particular file
extension [a bozo implimentation if ever I saw one (*)] causes the windows
GUI to attempt to load & execute something of questionable origin.

Try this exersize:

* open any "explorer" type window [file explorer]
* select the "view" menu item
* click the "file types" tab
  [note how long it takes to "load" this dialog -- the longer you've run
your system without a total reload of the OS the longer this will take to
load...]
* scroll through the list and count how many have the word [EXECUTABLE]
next to the "opens with" label  (also count any that open with
RUNDLL/RUNDLL32)

>That's why it's better use the anti-virus software at the point of entry,
>at least for large organizations. I'll grant that the anti-virus vendors'
>advertising goes way over the line, but their software still performs a
>useful function by protecting users who have better things to do than
>learn about file associations.

From the above, it's getting to the point where about any random three-
letter "extension" will be considered "executable" in some form or another -
- policing all of the possible "methods" will become unmanageable for the
average human...

Tom

(*) I've never really worked on Macintosh computers enough to be aware of
how well or not their method works, but I've always felt it was a "better"
arrangement: the file "label" itself contains a pointer (resource) to the
proper program to open/load/deal-with the file.  As I write this, however,
I'm starting to reconsider -- with that arrangement, there is nothing
visually in the filename that would "suggest" a file would be executable or
loaded via a script processor or shell, so there is less likelihood a user
will recognize a dangerous file...

* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *

ATOM RSS1 RSS2

RAVEN.UTC.EDU