Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Novarg

From: "Jonathan A. Zdziarski" <jonathan () nuclearelephant com>
Date: Wed, 28 Jan 2004 17:38:00 -0500
I completely agree that email clients should never allow you to run
vulnerable software, but even if this were never an issue there would be
some other way a dumb user could screw up their system by running
something they're not supposed to.  There are always going to be trojans
in one form or another that rely on this form of "social engineering" to
propogate, and as long as users remain dumb they will continue to
spread.

My wife runs a Windows machine (against my wishes) and has not suffered
from a single one of these huge email distributions...not because of the
virus software (which is rarely updated in time) or because she didn't
get thousands of Sobig.F or MyDoom emails, but because she was smart
enough not to open the files.  She also doesn't use cheezy passwords or
run questionable software which are two other ways dumb employees manage
to open up their systems.

Education and actual security are both important... I believe common
sense and education win out in the case of a trojan though.




---------------------------------------------------------------------------
----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: