Administrivia

[aleph1 () UNDERGROUND ORG (Aleph One)]

OK folks. I am killing this whole Melissa/Macro Virus thread unless someone
has something really constructive to add (like a free antivirus). The
thing has gotten enough play, everyone's mother has already heard of it,
the AV vendors are working to add every possible mutation of the thing
to their signature files, and the truth is that is does not represent
a new vulnerability (except the fact that is exploits a trust relationship
between the sender and receiver).

I'll take this time to remind everyone that viruses as annoying and
destructive as they can be are nothing more than the symptom of the
of a vulnerability, not the vulnerability itself.

AV vendors can't "fix" the problem anymore than vulnerability scanner
vendors can fix vulnerabilities. They will always be behind the curve
and playing catch up while releasing a never endless stream of updates to
their signature files for a modest fee. They are trying to cure the
symptoms, not the decease.

If you really want this issue to be resolved you will start asking your
vendors for reasonably secure solutions in the first place instead of
depending on whole industries to alleviate the deficiencies of
those products.

--
Aleph One / aleph1 () underground org
http://underground.org/
KeyID 1024/948FD6B5
Fingerprint EE C9 E8 AA CB AF 09 61  8C 39 EA 47 A8 6A B8 01