Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: The Morris worm to Nimda, how little we've learned or gained

From: Ryan Russell <ryan () securityfocus com>
Date: Fri, 4 Jan 2002 20:21:36 -0700 (MST)
On Thu, 3 Jan 2002, Richard Johnson wrote:


Some organizations have made progress on #3.  Outlook and Outlook
Express came close to being banned at ucar.edu due to the severe time
drain caused by always having to clean up after the latest
Outlook-enabled virus.  Sadly, the entrenched convenience argument was
used in conjunction with the lack of enforceability cop-out to water the
ban idea down to a "we disrecommend the use of Outlook and Outlook
Express."


Note that is a pretty poor excuse (the unenforcability part.)  Every mail
client announces what is is every time mail is sent.  Use your favorite
NIDS to RST the connections and/or correlate them to usernames when they
use the same IP to get POP/IMAP mail.

I'm not faulting you... I'm faulting people who assuming something is a
social problem when there's a dandy technical solution.

(Or I just misunderstand the problem... there is a risk just having
Outlook/OE installed, even if you don't use it.  I don't think you can
take it off nowadays without going to a lot of trouble to make a Windows
Lite.)

                                        Ryan

_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: