RE: MyDoom sparks talks of security's future (Three messages)

[InfoSec News <isn () c4i org>]

Forwarded from: Chad W. Didier <cdidier () cdsupportservices com>

Why not quarantine individual computers or networks at the ISP level
then redirect them to a proxy that does nothing but tell the
users/admins their network is compromised and quarantined and will
remain so until the problem is solved?  The ISP could even offer an
online virus scan as a possible means to clear up their machine and
allow them access to the internet.

All internet data funnels through an ISP at some point. If virus
threats are as serious as the industry moans and groans about then how
come we haven't seen serious attempts to quarantine infected
individuals or entire networks thereby preventing continued spread of
the virus and driving home the seriousness of that individual or
organization's failure to protect their own systems.

A doctor will quarantine a person or group if he believes them to be
infectious with a serious illness. Why then are we not quarantining
our digital selves? Obviously, the expectation that an individual or
organization is going to do what is right and follow best practices
isn't working.


-=-


Forwarded from: Kurt <kurtbuff () spro net>

Ya know, someone could do the world a large favor if they actually
wrote what a lot of people have speculated about - a MyDoom variant
that spreads, but after some period of time formats the local hard
drive.

I'm no fan of viruses, nor especially of virus writers, but if someone
did this, it would actually help reduce a lot of problems, including
spam.


-=-


Forwarded from: "Henderson, Dennis K." <Dennis.Henderson () umb com>

How about simply not allowing SMTP direct to the Internet?  Geez,
that's a no-cost solution for companies with firewalls..

Dennis


-----Original Message-----
From: William Knowles [mailto:wk () c4i org] 
Sent: Tuesday, February 03, 2004 5:50 AM
To: isn () attrition org
Subject: [ISN] MyDoom sparks talks of security's future 


http://news.com.com/2100-7349_3-5152165.html

By Robert Lemos 
Staff Writer, CNET News.com
February 2, 2004

The virus, which has combined many old attack techniques into a
successful package, was hardly blunted by antivirus programs during
the first few hours of its exponential spread.

That's a problem, said Shlomo Touboul, CEO of security software maker
Finjan Software.

"The MyDoom attack should never have propagated so far into the
Internet," he said. "It is obvious that we need another layer (of
software) to protect during the first hours of attack."



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.