Educause Security Discussion mailing list archives
Re: Bagle.j out
From: Kevin Shalla <kshalla () UIC EDU>
Date: Wed, 3 Mar 2004 16:45:10 -0600
It's no wonder users do this - think of your standard software installation - put in the CD, then press the "I agree" button, then "next" a bunch of times. Our email clients warn us when we're about to open an attachment, but we're sent so many legitimate ones, this warning has turned to noise. We have so many warnings built-in to software that we've become accustomed to ignoring them all. It will be a hard sell to eliminate all attachments, but it will have to be done at some time in the future. The vendor response of giving warnings is no help, because we've already got so many warnings that it is all becoming noise. Because we haven't developed more convenient ways of transferring / sharing files, people send them through email - which is easy for legitimate users, but unfortunately is also easy for bad guys. I think we need more convenient ways of composing nicely formatted messages in file formats which do not allow attachments (html might be the way). At 03:34 PM 3/3/2004, you wrote:
Jack, At 06:46 AM 3/3/2004 -0500, Jack Suess wrote:What I will probably look at following the suggestion in the Educuause/Internet2 Effective Security Practices Guide http://www.educause.edu/security/guide/VirusandIntrusionDetection.asp and require my mail administrators to rename .exe and .zip attachments to something that can't be auto-opened. This allows people to still transport these but they have to go through a extra step of saving these as a different name and opening the application to read these. Usually those steps provide the "thinking pause" necessary to realize what is legit or not.I wish this was the case. Unfortunately, we're seeing clear evidence that despite already renaming attachments and inserting a warning, a non-trivial number of people on our campus are (1) renaming, (2) unzipping, (3) executing, and (4) entering the 'password'. Step (5) is typically to call the helpdesk to report a virus. As a result, we're going to (at least temporarily) suspend delivery of attachments with the .zip extension. Gordon ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
Kevin Shalla Associate Director of Information and Technical Services University of Illinois at Chicago Office of Admissions and Records (MC 018) 1200 W Harrison, Room 2131 Chicago, IL 60607-7161 (312) 996-1231 kshalla () uic edu ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
Current thread:
- Re: Bagle.j out, (continued)
- Re: Bagle.j out Bradley D. Thornton (Mar 03)
- Re: Bagle.j out Jack Suess (Mar 03)
- Re: Bagle.j out Michael_Maloney (Mar 03)
- Re: Bagle.j out Iljun Kim (Mar 03)
- Re: Bagle.j out Joe St Sauver (Mar 03)
- Re: Bagle.j out Cal Frye (Mar 03)
- Re: Bagle.j out Gordon D. Wishon (Mar 03)
- Re: Bagle.j out Marty Hoag (Mar 03)
- Re: Bagle.j out Matthew Dalton (Mar 03)
- Re: Bagle.j out Scott Weeks (Mar 03)
- Re: Bagle.j out Kevin Shalla (Mar 03)