Bugtraq mailing list archives
Reliable Software Technologies releases new e-mail virus protection software
From: tim () RSTCORP COM (Tim Hollebeek)
Date: Wed, 14 Jun 2000 15:31:46 -0400
Reliable Software Technologies has just released a new program (JustBeFriends) designed to prevent e-mail macro viruses from spreading. It can be used along with or instead of the Microsoft supplied e-mail protection patch. JustBeFriends works will all versions of Outlook and Outlook Express, and is substantially simpler than the Microsoft patch. For full details, see http://www.rstcorp.com/news/jbf.html. E-mail viruses spread by exploiting existing mail programs to send themselves to a large number of new recipients. In addition, many viruses may also modify or damage the computer on which they are run. While most home and office computers are not sufficiently secure to make preventing damage to files on the computer possible, it is possible to make sending e-mail from scripts much harder. This move limits a particularly nasty way that viruses propagate. Both Microsoft's security update and JustBeFriends succeed in disabling script-based e-mail. Microsoft's approach works by internally controlling access to a large number of subsections of Outlook that can be used to gather e-mail addresses or send e-mails. Unfortunately, in order to prevent future e-mail viruses, this list of protected objects needs to be exhaustive. E-mail addresses may still be exposed if they appear in signatures, message bodies, or other documents. Future methods for exploiting flaws in Outlook to send e-mails are likely to be found. JustBeFriends works by controlling the ability of other applications to access Outlook or Outlook Express. In the event that the access comes from a script being run from the desktop or from an attachment, the access is denied. Otherwise, the user is asked to confirm that the application should be allowed access to Outlook. JustBeFriends was developed primarily by Tim Hollebeek, Research Associate at RST Labs. It makes use of advanced technology developed in part under a DARPA grant titled "Sandboxing Mobile Code Execution Environments". Extensive testing of JustBeFriends was performed by members of the RST Software Risk Managementsm division. Install and uninstall scripting was completed by Core Technologies.
Current thread:
- arprelay: a tool to edit TCP connections in a LAN, (continued)
- arprelay: a tool to edit TCP connections in a LAN Felix von Leitner (Jun 09)
- Re: Sendmail local root exploit on linux 2.2.x Alan Iwi (Jun 12)
- Splitvt exploit syzop (Jun 14)
- Re: Splitvt exploit Joey Hess (Jun 14)
- Re: Splitvt exploit Andrey Savochkin (Jun 16)
- Re: Splitvt exploit Joey Hess (Jun 16)
- NAI WebShield SMTP does not scan base64 encoding chris.paget () ANALYSYS COM (Jun 20)
- Re: Splitvt exploit Joey Hess (Jun 14)
- Re: Splitvt exploit Kris Kennaway (Jun 15)
- Re-release of IIS 5.0 Patch for MS00-031 Microsoft Product Security (Jun 16)
- Infosec.20000617.panda.a Ian Vitek (Jun 17)
- Reliable Software Technologies releases new e-mail virus protection software Tim Hollebeek (Jun 14)
- Microsoft Security Bulletin (MS00-041) Microsoft Product Security (Jun 14)