In message <9146DBDC8503D411B18A204C4F4F50200A65DB(a)172-16-1-2.static-dialup.xtra.co.nz>, James Guidera writes:
[Joe Abley says: don't strip the viruses, let the natural order prevail]
There is no point blaming the mail client. No matter who makes the mail client, if it is popular it will be open to attach. Be it Notes, GroupWise, Outlook. Whoever is the biggest and most common would be the target.
There is every point in blaming the mail client -- it's the "automagically do stuff" behaviour of the mail clients which makes all of these viruses spreading around possible. The "automatically run programs when clicked on" is bad enough (where programs == "anything executable", including "documents" with embedded programming languages and auto execute features); the preview bugs are even worse. There were far far fewer mail viruses in the days when you had to work rather hard to run a program sent to you by mail (eg, cut out encoded section, manually feed to uudecode or unshar it, compile the source, and run it). cat, more, less and other similar mail clients have far fewer security problems. Even telnet has fewer security problems as a mail client (although it does suffer from plain text passwords over the wire). And mail/mailx don't have that many security problems on the _reading_ side (on the sending side they're a bit of a festering pile of security holes). There might be an argument that only mail clients vulnerable to being infected will be popular (the converse of what you're suggesting) -- because they're more point'n'drool. However I'm with Joe: if you let the viruses do their thing, preferably as dramatically as possible, then the natural order will prevail eventually, as people get tired of reinstalling their machine for the third time that week (and/or confidental documents leaking and/or their clients shunning them). To bring it vaguely back on topic: mail scanners at ISPs (eg, the Xtra ones) would do need to either forward on the bones, or bounce the whole message back to the "sender" -- silently dropping things is bad, as it just hides the problem (and can hide more stuff). For messages which appear to be viruses that send their own mail (ie, spreading as worms), I'd personally go for just bouncing the whole message back. (Yes I know Klez, et al, forge the from address too, so you can't usefully bounce it -- but the recipient doesn't want it either. I'm going to get stray Klez as either "sender" or recipient whichever way you go.) Ewen - To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
On Wed, 11 Sep 2002, Ewen McNeill wrote:
To bring it vaguely back on topic: mail scanners at ISPs (eg, the Xtra ones) would do need to either forward on the bones, or bounce the whole message back to the "sender" -- silently dropping things is bad, as it just hides the problem (and can hide more stuff). For messages which appear to be viruses that send their own mail (ie, spreading as worms), I'd personally go for just bouncing the whole message back.
Poor postmasters... -- Juha Saarinen - To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
On Wed, 11 Sep 2002, Ewen McNeill wrote:
However I'm with Joe: if you let the viruses do their thing, preferably as dramatically as possible, then the natural order will prevail eventually, as people get tired of reinstalling their machine for the third time that week (and/or confidental documents leaking and/or their clients shunning them).
I have been loath to take part in this festering pile of off topic email, but what the hell... The biggest problem I have with this whole ISP-based mail filtering is that it instills a dangerous false sense of security. The fact is, they can't stop everything (although they do okay so far), and for all the ISPs footnotes saying "Desktop virus scanning is important still" users are simply going, "oh, I don't need virus protection, my ISP has me covered for that. Anything I get through my mail is safe. It's been checked. I can double-click on everything!" I think users should remain scared sh*tless (wouldn't want teletech to bounce this) about viruses. They are still not scared enough. They need more fear. Protecting them from viruses at an ISP level just makes them complacent. -- Dylan Reeve - dylan(a)wibble.net It's just not cricket. - To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
participants (3)
-
Dylan Reeve -
Ewen McNeill -
Juha Saarinen