Re: User Education Tool?

[Dave Aronson <securecoding () dja mailme org>]

On Thu March 4 2004 10:17, Andreas Saurwein wrote:

> Now, doing something really flashy like creating an virus like
> application as follows:
> * it is sent as zipped attachment
> * when opened, it brings a huge, clear message, that the user would
> now have been infected with a virus. A short, understandable message
> explaining why and how to avoid it would be appropriate.
> * it asks the user for permission to forward itself to the users
> contacts, to help spreading the education.
>
> Would that still classify as virus? Or would that pass as something
> else? Would a measure like this be of any success? What other
> measure could reach the critical user groups?

Those of us who receive viri, or bounce-reports alleging that we sent 
one, are in the addressbooks of lusers who open viri.  Don't subject us 
to more of this $#!^ than we already are.  Remove the "may I spam your 
friends" aspect, asking them instead to manually forward it to any of 
their friends that they think could use the education, and it might be 
tolerable.

Either way (especially if the manual forwarding is done with the help of 
pulling up the contact list), you can bet some jackass will attach a 
malicious payload, probably triggered right *after* you spread it.  So 
much for being able to treat it as innocent.

Find a way to substitute, for the whole mess, an arm coming out of the 
computer and bitchslapping the idiot silly while calling his attention 
to how incredibly stupid he has just been, and you've got something.  
B-)

-- 
Dave Aronson, Senior Software Engineer, Secure Software Inc.
Email me at: work (D0T) 2004 (@T) dja (D0T) mailme (D0T) org
(Opinions above NOT those of securesw.com unless so stated!)
WE'RE HIRING developers, auditors, and VP of Prof. Services.