RE: Re: Anybody Recognize These Uploads?

["Noonan, Wesley" <Wesley_Noonan () bmc com>]

The problem with targeting outlook as the culpable product, not that it is
really an incorrect assessment, is that the market share leaders have always
and will always remain ripe targets for malicious use and abuse. Netscape
and Eudora aren't as exploited because they aren't as used (so what's the
fun in trying to break them) and Linux on the desktop... well, that is a
whole other can of worms I don't feel like opening. I remember when Novell
had security holes out the wazoo, and it seemed like you could rarely go a
week without some new vulnerability being found. Then all of a sudden it
seemed like the problems with Novell went away and a new piece of software
starting leaking like a sieve. I have always viewed this as part of the
software cycle. At the same time, I have yet to meet anyone who knows how to
effectively break this cycle. When and if some other piece of software comes
to the forefront and starts being used by a slew of people, there is little
doubt (at least in my mind) that it will also become the latest thing
security admins gripe about. 

The problem here IMO is that people use product X because it does something
they want, need or think they need. As long as it meets those wants/needs,
and alternative do not exist (or at least do not exist in the minds of the
user), the users will continue to want, need or think they need it. Sure,
simple software is hard to exploit, but it also doesn't tend to do what
users want. As functionality is added, because customers want it, so are
bugs and vulnerabilities. The sad thing is, if the users do find an
alternative that meets their needs, and enough people follow suit, that
alternative will, if history proves anything, become the latest target of
abuse. And so the cycle continues... such is the nature of the beast.

Wes Noonan, MCSE/CCNA/CCDA/NNCSS
Senior QA Rep.
BMC Software, Inc.
(713) 918-2412
wnoonan () bmc com
http://www.bmc.com


> -----Original Message-----
> From: Christopher Hicks [mailto:chicks () chicks net]
> Sent: Saturday, January 04, 2003 10:25
> To: R. DuFresne
> Cc: firewall-wizards () honor icsalabs com
> Subject: Re: [fw-wiz] Re: Anybody Recognize These Uploads?
>
> On Sat, 4 Jan 2003, R. DuFresne wrote:
> > It's okay to disagree, and yet, if lusers could learn so well, we;d
> > certainly see far less trouble with e-mail viruses.
>
> [This really isn't intended to be flaimbait, but I suspect some will take
> it as such.  Sorry.] Educating users isn't the issue with e-mail viruses,
> Outlook is.  A number of the e-mail viruses that spread like the plague
> didn't require any user interaction whatsoever so user education was
> certainly not relevant.  Even people who are admins and certainly know
> what not to click on got nailed.  But the only people I've seen having
> regular problems with these buggers, are the all-Outlook shops.  We
> support a few dozen clients locally with a wide variety of e-mail setups.
> We've never had e-mail virus troubles with the ones that stuck with
> Netscape, Eudora, or switched to Linux desktops.  The only solution for
> the Outlook diehards was filtering at the server, but that only helps
> after the anti-virus vendors have had long enough to get a fix out.
> (Check out MailScanner at www.mailscanner.info if you haven't already,
> it's really slick.)
>
> The number of crazy, kludgy solutions that folks have thought-up and
> attempted to mitigate what's really just a really badly implemented MUA is
> awe-inspiring.  We had one client that would have their server shut-down
> it's port on the etherswitch and unmount their data drives any time a
> virus was detected on the LAN.  All for the love of Outlook.
>
> --
> </chris>
>
> Programming is a Dark Art, and it will always be. The programmer is
> fighting against the two most destructive forces in the universe:
> entropy and human stupidity. They're not things you can always
> overcome with a "methodology" or on a schedule.
>               -Damian Conway, Perl God
>
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards () honor icsalabs com
> http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards