Re: Bagle.j out

[Kevin Shalla <kshalla () UIC EDU>]

It's no wonder users do this - think of your standard software installation
- put in the CD, then press the "I agree" button, then "next" a bunch of
times.  Our email clients warn us when we're about to open an attachment,
but we're sent so many legitimate ones, this warning has turned to
noise.  We have so many warnings built-in to software that we've become
accustomed to ignoring them all.  It will be a hard sell to eliminate all
attachments, but it will have to be done at some time in the future.  The
vendor response of giving warnings is no help, because we've already got so
many warnings that it is all becoming noise.  Because we haven't developed
more convenient ways of transferring / sharing files, people send them
through email - which is easy for legitimate users, but unfortunately is
also easy for bad guys.  I think we need more convenient ways of composing
nicely formatted messages in file formats which do not allow attachments
(html might be the way).

At 03:34 PM 3/3/2004, you wrote:
> Jack,
>
> At 06:46 AM 3/3/2004 -0500, Jack Suess wrote:
> > What I will probably look at following the suggestion in the
> > Educuause/Internet2 Effective Security Practices Guide
> >
> > http://www.educause.edu/security/guide/VirusandIntrusionDetection.asp
> >
> > and require my mail administrators to rename .exe and .zip attachments to
> > something that can't be auto-opened. This allows people to still transport
> > these but they have to go through a extra step of saving these as a
> > different name and opening the application to read these. Usually those
> > steps provide the "thinking pause" necessary to realize what is legit or
> > not.
>
> I wish this was the case.  Unfortunately, we're seeing clear evidence that
> despite already renaming attachments and inserting a warning, a non-trivial
> number of people on our campus are (1) renaming, (2) unzipping, (3)
> executing, and (4) entering the 'password'.  Step (5) is typically to call
> the helpdesk to report a virus.
>
> As a result, we're going to (at least temporarily) suspend delivery of
> attachments with the .zip extension.
>
> Gordon
>
> **********
> Participation and subscription information for this EDUCAUSE Discussion
> Group discussion list can be found at http://www.educause.edu/cg/.

Kevin Shalla
Associate Director of Information and Technical Services
University of Illinois at Chicago
Office of Admissions and Records (MC 018)
1200 W Harrison, Room 2131
Chicago, IL 60607-7161
(312) 996-1231
kshalla () uic edu

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.