Re: Novarg

["Greg A. Woods" <woods () weird com>]

[ On Wednesday, January 28, 2004 at 12:05:26 (-0500), Jonathan A. Zdziarski wrote: ]
> Subject: Re: Novarg
>
> The best defense to viruses like this is user education.

No, the _best_ defense against viruses and worms, especially the e-mail
borne ones, is to not allow your users to run known vulnerable software
in the first place.

There's simply no excuse for any e-mail program ever trusting any code
it receives from the network.  A good e-mail program _will_not_allow_ a
user to execute an attachment.  Any user stupid enough to jump through
all the hoops which would be necessary to manually execute an attachment
deserves what they get.  It's not hard to make such a manual process
rather difficult and non-intuitive.  The real problem is that vendors
such as Microsoft have done exactly the opposite to what they should
have done in designing and implementing their software systems.

Sure there might be bugs in e-mail software which handles complex
structures such as MIME, but those can be dealt with -- on the other
hand trying to fix user behaviour is impossible.  Sure you can educate
them, but they'll still make mistakes -- the software _must_ make it
very difficult for users to do damaging things to their systems.

-- 
                                                Greg A. Woods

+1 416 218-0098                  VE3TCP            RoboHack <woods () robohack ca>
Planix, Inc. <woods () planix com>          Secrets of the Weird <woods () weird com>

---------------------------------------------------------------------------
----------------------------------------------------------------------------