Firewall Wizards mailing list archives
RE: Re: Anybody Recognize These Uploads?
From: "Noonan, Wesley" <Wesley_Noonan () bmc com>
Date: Sat, 4 Jan 2003 22:45:55 -0600
The problem with targeting outlook as the culpable product, not that it is really an incorrect assessment, is that the market share leaders have always and will always remain ripe targets for malicious use and abuse. Netscape and Eudora aren't as exploited because they aren't as used (so what's the fun in trying to break them) and Linux on the desktop... well, that is a whole other can of worms I don't feel like opening. I remember when Novell had security holes out the wazoo, and it seemed like you could rarely go a week without some new vulnerability being found. Then all of a sudden it seemed like the problems with Novell went away and a new piece of software starting leaking like a sieve. I have always viewed this as part of the software cycle. At the same time, I have yet to meet anyone who knows how to effectively break this cycle. When and if some other piece of software comes to the forefront and starts being used by a slew of people, there is little doubt (at least in my mind) that it will also become the latest thing security admins gripe about. The problem here IMO is that people use product X because it does something they want, need or think they need. As long as it meets those wants/needs, and alternative do not exist (or at least do not exist in the minds of the user), the users will continue to want, need or think they need it. Sure, simple software is hard to exploit, but it also doesn't tend to do what users want. As functionality is added, because customers want it, so are bugs and vulnerabilities. The sad thing is, if the users do find an alternative that meets their needs, and enough people follow suit, that alternative will, if history proves anything, become the latest target of abuse. And so the cycle continues... such is the nature of the beast. Wes Noonan, MCSE/CCNA/CCDA/NNCSS Senior QA Rep. BMC Software, Inc. (713) 918-2412 wnoonan () bmc com http://www.bmc.com
-----Original Message----- From: Christopher Hicks [mailto:chicks () chicks net] Sent: Saturday, January 04, 2003 10:25 To: R. DuFresne Cc: firewall-wizards () honor icsalabs com Subject: Re: [fw-wiz] Re: Anybody Recognize These Uploads? On Sat, 4 Jan 2003, R. DuFresne wrote:It's okay to disagree, and yet, if lusers could learn so well, we;d certainly see far less trouble with e-mail viruses.[This really isn't intended to be flaimbait, but I suspect some will take it as such. Sorry.] Educating users isn't the issue with e-mail viruses, Outlook is. A number of the e-mail viruses that spread like the plague didn't require any user interaction whatsoever so user education was certainly not relevant. Even people who are admins and certainly know what not to click on got nailed. But the only people I've seen having regular problems with these buggers, are the all-Outlook shops. We support a few dozen clients locally with a wide variety of e-mail setups. We've never had e-mail virus troubles with the ones that stuck with Netscape, Eudora, or switched to Linux desktops. The only solution for the Outlook diehards was filtering at the server, but that only helps after the anti-virus vendors have had long enough to get a fix out. (Check out MailScanner at www.mailscanner.info if you haven't already, it's really slick.) The number of crazy, kludgy solutions that folks have thought-up and attempted to mitigate what's really just a really badly implemented MUA is awe-inspiring. We had one client that would have their server shut-down it's port on the etherswitch and unmount their data drives any time a virus was detected on the LAN. All for the love of Outlook. -- </chris> Programming is a Dark Art, and it will always be. The programmer is fighting against the two most destructive forces in the universe: entropy and human stupidity. They're not things you can always overcome with a "methodology" or on a schedule. -Damian Conway, Perl God _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Re: Anybody Recognize These Uploads?, (continued)
- Re: Re: Anybody Recognize These Uploads? Paul D. Robertson (Jan 05)
- Re: Re: Anybody Recognize These Uploads? Gary Flynn (Jan 05)
- Message not available
- Re: Re: Anybody Recognize These Uploads? Marcus J. Ranum (Jan 03)
- Re: Re: Anybody Recognize These Uploads? Mike Hoskins (Jan 03)
- Re: Re: Anybody Recognize These Uploads? Mike Hoskins (Jan 03)
- Re: Re: Anybody Recognize These Uploads? David Lang (Jan 03)
- Re: Re: Anybody Recognize These Uploads? Gary Flynn (Jan 03)
- RE: Re: Anybody Recognize These Uploads? Paul D. Robertson (Jan 05)
- RE: Re: Anybody Recognize These Uploads? Bill Royds (Jan 05)