Full Disclosure mailing list archives
Re: E-Mail viruses
From: Cael Abal <lists2 () onryou com>
Date: Fri, 05 Mar 2004 18:52:58 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Curt Purdy wrote:
Personally I'd dispute this solution's elegance, anything which requires substantial user behaviour change (and doesn't drastically improve the virus/worm situation across the board) is an ugly kludge.I would say that completely eliminating all virus infected attachments, past/present/future without any further interaction by IT dramatically improve the virus/worm situation across the board.
The problem is, though, you're training your users and customers (likely at significant expense) to use some bizarre munging method to satisfy the whims of your particular mail gateway. Although it will stem the flow of incoming automated worms/viruses on your end, this will not help reduce virus/worm propagation anywhere else. This, to me, is not what I would call dramatically improving the virus/worm situation across the board. Think about the implementation nightmare. What will you do when someone attempts to send an attachment to one of your users? Will you fire off an automated response, instructing them to use your .xyz solution? How will you prevent sending notifications to forged From: addresses? Will you instead simply silently kill all attachments, passing the body of the message -- that's ugly too, it requires the recipient to notify the sender their attachment was blocked, describe your solution to them, and hope the attachment gets resent. Do you trust your users to accurately describe file renaming to other users? Are your users comfortable with the variety of OSes still out there? Are your users smart enough to realize they shouldn't start renaming attachments they send to other folks? Also, keep in mind your users will still get hammered by all those annoying e-mail virus/worm messages (sans executables), unless you also continue to implement an anti-virus scanner. Didn't you hope to be rid of that? Finally, what if you decide to change procedure in the future? Everything you've taught your users is completely useless to them, all that time and effort ends up being a complete writeoff, and you'll have to *untrain* them all. Your idea is interesting and certainly deserves further thought and discussion, but it's no panacea. Instead of implementing this particular solution (with all its costs), I'd instead recommend Old Faithful: 1) Continue following industry Best Practices. 2) Educate your users as best you can. In my mind this is much, much better (for everyone) in the long run. Sincerely, Cael -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (MingW32) iD8DBQFASRLaR2vQ2HfQHfsRAn2lAKCLVmeuD+RyFnccu88K8jWDXP0qHACfXlj1 ysYMFduEuVon2BUgdKhtwgk= =/sDh -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: E-Mail viruses Earl Keyser (Mar 04)
- Re: Re: E-Mail viruses Ron DuFresne (Mar 05)
- RE: [inbox] Re: Re: E-Mail viruses Curt Purdy (Mar 05)
- Re: [inbox] Re: Re: E-Mail viruses Valdis . Kletnieks (Mar 05)
- RE: [inbox] Re: Re: E-Mail viruses Curt Purdy (Mar 05)
- RE: [inbox] Re: Re: E-Mail viruses Ron DuFresne (Mar 05)
- Re: Re: E-Mail viruses Cael Abal (Mar 05)
- RE: [inbox] Re: Re: E-Mail viruses Curt Purdy (Mar 05)
- Re: E-Mail viruses Cael Abal (Mar 05)
- RE: [inbox] Re: Re: E-Mail viruses Curt Purdy (Mar 05)
- RE: [inbox] Re: Re: E-Mail viruses Chris DeVoney (Mar 05)
- Re: E-Mail viruses starwars (Mar 05)
- Re: Re: E-Mail viruses Nick FitzGerald (Mar 06)
- Re: Re: E-Mail viruses Valdis . Kletnieks (Mar 08)
- Re: Re: E-Mail viruses Nick FitzGerald (Mar 08)
- RE: [inbox] Re: Re: E-Mail viruses Curt Purdy (Mar 09)
- Re: Re: E-Mail viruses Ron DuFresne (Mar 05)
- Re: [inbox] Re: Re: E-Mail viruses gadgeteer (Mar 05)
- RE: [inbox] Re: Re: E-Mail viruses Patrick Nolan (Mar 05)
- Re: [inbox] Re: Re: E-Mail viruses Nick FitzGerald (Mar 05)
- RE: [inbox] Re: Re: E-Mail viruses Aditya, ALD [Aditya Lalit Deshmukh] (Mar 07)