Firewall Wizards mailing list archives
Re: Re: Anybody Recognize These Uploads?
From: "Paul D. Robertson" <proberts () patriot net>
Date: Sat, 4 Jan 2003 22:33:30 -0500 (EST)
On Sat, 4 Jan 2003, Christopher Hicks wrote:
Outlook is. A number of the e-mail viruses that spread like the plague didn't require any user interaction whatsoever so user education was certainly not relevant. Even people who are admins and certainly know
Yet, a good number of the more successful ones were not auto-executing. In fact, I think it's almost safe to say the worst outbreaks of the last couple years have been "click to execute" types. Anna Kournikova springs immediately to mind as a canonical example, but I'm sure I could dig up a lot more if I went back through our early warnings to customers. If I recall correctly, the last two virus variants that got any traction were both click-to-run (pif/scr/exe)'s.
We've never had e-mail virus troubles with the ones that stuck with Netscape, Eudora, or switched to Linux desktops. The only solution for the Outlook diehards was filtering at the server, but that only helps after the anti-virus vendors have had long enough to get a fix out.
Not really, most of the common executable types can be filtered without worrying about signatures. If you're allowing unzipped executables in, you probably need your head examined at this point in time for anything that's not a pure Linux shop, and even then, wine's getting a bit too good... If you're allowing .pif and .scr, well...
The number of crazy, kludgy solutions that folks have thought-up and attempted to mitigate what's really just a really badly implemented MUA is awe-inspiring. We had one client that would have their server shut-down it's port on the etherswitch and unmount their data drives any time a virus was detected on the LAN. All for the love of Outlook.
Actually, we've seen fairly good spreads in large companies from Webmail clients too over the last 2 or so years. Especially for multi-vector worms after signatures are at the gateway. Paul ----------------------------------------------------------------------------- Paul D. Robertson "My statements in this message are personal opinions proberts () patriot net which may have no basis whatsoever in fact." probertson () trusecure com Director of Risk Assessment TruSecure Corporation _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Anybody Recognize These Uploads? Mike Hoskins (Jan 03)
- Re: Re: Anybody Recognize These Uploads? Marcus J. Ranum (Jan 03)
- Re: Re: Anybody Recognize These Uploads? Mike Hoskins (Jan 03)
- Re: Re: Anybody Recognize These Uploads? Marcus J. Ranum (Jan 03)
- Re: Re: Anybody Recognize These Uploads? R. DuFresne (Jan 03)
- Re: Re: Anybody Recognize These Uploads? Gwendolynn ferch Elydyr (Jan 03)
- Re: Re: Anybody Recognize These Uploads? Josh Welch (Jan 04)
- Re: Re: Anybody Recognize These Uploads? R. DuFresne (Jan 04)
- Re: Re: Anybody Recognize These Uploads? Christopher Hicks (Jan 04)
- Re: Re: Anybody Recognize These Uploads? Paul D. Robertson (Jan 04)
- Re: Re: Anybody Recognize These Uploads? Christopher Hicks (Jan 05)
- Re: Re: Anybody Recognize These Uploads? Paul D. Robertson (Jan 05)
- Re: Re: Anybody Recognize These Uploads? Christopher Hicks (Jan 05)
- Re: Re: Anybody Recognize These Uploads? Paul D. Robertson (Jan 05)
- Re: Re: Anybody Recognize These Uploads? Mike Hoskins (Jan 03)
- Re: Re: Anybody Recognize These Uploads? Marcus J. Ranum (Jan 03)
- Re: Re: Anybody Recognize These Uploads? Gary Flynn (Jan 05)
- Message not available
- Re: Re: Anybody Recognize These Uploads? Marcus J. Ranum (Jan 03)
- Re: Re: Anybody Recognize These Uploads? Mike Hoskins (Jan 03)
- Re: Re: Anybody Recognize These Uploads? Mike Hoskins (Jan 03)
- Re: Re: Anybody Recognize These Uploads? David Lang (Jan 03)