Security Incidents mailing list archives
Re: Novarg
From: "Greg A. Woods" <woods () weird com>
Date: Wed, 28 Jan 2004 17:30:34 -0500 (EST)
[ On Wednesday, January 28, 2004 at 12:05:26 (-0500), Jonathan A. Zdziarski wrote: ]
Subject: Re: Novarg The best defense to viruses like this is user education.
No, the _best_ defense against viruses and worms, especially the e-mail borne ones, is to not allow your users to run known vulnerable software in the first place. There's simply no excuse for any e-mail program ever trusting any code it receives from the network. A good e-mail program _will_not_allow_ a user to execute an attachment. Any user stupid enough to jump through all the hoops which would be necessary to manually execute an attachment deserves what they get. It's not hard to make such a manual process rather difficult and non-intuitive. The real problem is that vendors such as Microsoft have done exactly the opposite to what they should have done in designing and implementing their software systems. Sure there might be bugs in e-mail software which handles complex structures such as MIME, but those can be dealt with -- on the other hand trying to fix user behaviour is impossible. Sure you can educate them, but they'll still make mistakes -- the software _must_ make it very difficult for users to do damaging things to their systems. -- Greg A. Woods +1 416 218-0098 VE3TCP RoboHack <woods () robohack ca> Planix, Inc. <woods () planix com> Secrets of the Weird <woods () weird com> --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Novarg sloppy seconds (Jan 28)
- Re: Novarg Jonathan A. Zdziarski (Jan 28)
- Re: Novarg James Riden (Jan 28)
- Re: Novarg Jim Zajkowski (Jan 28)
- Re: Novarg Nick FitzGerald (Jan 29)
- Re: Novarg Greg A. Woods (Jan 28)
- Re: Novarg Jonathan A. Zdziarski (Jan 28)
- best defense (was: Re: Novarg Meritt James (Jan 29)
- Re: best defense (was: Re: Novarg Greg A. Woods (Jan 30)
- Re: Novarg Matt Curtin (Jan 30)
- Re: Novarg Matt Curtin (Jan 29)
- Re: Novarg Jonathan A. Zdziarski (Jan 28)
- RE: Novarg - Stopping .Zip Files Tom Milliner (Jan 28)
- Re: Novarg - Stopping .Zip Files Keith W. McCammon (Jan 28)
- Re: Novarg - Stopping .Zip Files Alvin Mills (Jan 30)
- RE: Novarg - Stopping .Zip Files jamesworld (Jan 28)
- Re: Novarg - Stopping .Zip Files Bill Pennington (Jan 28)
- Re: Novarg - Stopping .Zip Files Keith W. McCammon (Jan 28)