Nasty New Virus Variants 1050
Lucidus writes "Numerous journals, such as Mac Daily News and The Motley Fool, are reporting that the latest versions of the Beagle/Bagle virus can infect users' computers whether or not they open an attachment. Apparently, the simple act of selecting the message activates the code. Given that you have to select an E-mail to delete it, how are users supposed to protect themselves from this one?"
How about.... (Score:3, Informative)
a. Turn off preview pane
b. Use OWA
c. Stop using Outlook/Outlook Express
?!
Outlook only (Score:2, Informative)
Delete without viewing? (Score:2, Informative)
Re:Two Words: (Score:1, Informative)
Re:Simple... (Score:5, Informative)
I has served me well. Catches a lot of the spyware that my favorite pr0n sites try to push me, too.
Not a problem at all! (Score:4, Informative)
I found that out when I started work at a new company with my PowerBook. Connect to the Exchange via IMAP4 for mail, point the address book at the exchange server via LDAP. iCal wasn't around then, but using that along with groupcal would allow you to do your calendaring, and all without using a single 'authorized' MS client.
On windows...dunno, perhaps there something similar to the groupcal/ical combo to get your calendaring done without Outlook, but I'm not aware of one offhand.
another alternative (Score:5, Informative)
It really ensures the user wants to open attachments to emails, and it integrates fine with Norton Antivirus. It even comes with a Bayesian Spam filter (Which really works, once you get a lot of spam emails for it to learn from).
The Bat is a great program, and it's really improved, especially over the past year.
This is really old news (Score:5, Informative)
In a nutshell, Microsoft uses the filename extension, not the mime type, to decide how to open a particular file. On the other hand, Outlook uses the mime type to decide whether or not to automatically launch images, sound files, etc. So all you had to do was to send a mail with an embedded image with a filename ending in
It has been more than a year since Microsoft crippled^H^H^H^H^H^H^H^Hfixed IE/OE sufficiently to remove this vulnerability.
I must concur with previous posters that the best approach is to avoid these software products.
What to do (Score:5, Informative)
Also nice are programs that let you delete the email at the server before you download, such as mailwasher [mailwasher.net], and with free versions.
Of course, there are a number of alternate email clients out there that will also help block this beastie
Wow, people love to blame Outlook. (Score:5, Informative)
I'm sure that if someone wanted to take the time and analyze the source for Thunderbird, they could easily write the same type of worm/virus. However, you won't get the same type of media coverage that the others written for mainstream products will get. And yes, MS does write some exploitable code.
Most users who aid in the spread of these viruses/worms are ignorant. Time after time, news report after news report, they CONTINUE to fail to keep their systems up to date.
What's funny is each and every mainstream worm has been written AFTER the patch has been released.. and it's not like the day/week after, it's 5-6 months after. That's sad.
Re:protecting from viruses (Score:5, Informative)
This is so true...unlike spam, it's quite possible to detect 100% of known viruses with no false positives. That's because every virus must contain essentially the same payload. Viruses simply can't vary their content as much as spam can, because it has to result in executable code, plus some MIME trick or IE/Outlook exploit, either of which have no legitimate use and could be detected easily.
I started running ClamAV [clamav.net] on my mail server a couple of weeks ago (after seeing a recommendation for it on Slashdot) and since then I have seen my viruses go down from 500 a day to 1 a week. I manually looked through thousands of the held messages and found no false positives, so now anything that ClamAV scans goes directly to
I have no idea why all ISPs don't use ClamAV! Obviously they don't need to throw messages away, just in case - advanced users might prefer that messages probably containing viruses just be quarantined instead - but that would eliminate the problem for most people.
Re:Simple... (Score:2, Informative)
It's relatively simple to protect from this type of virus. A simple text only mail reader would go a long way in eliminating viruses. Of course, Microsoft insists on adding more and more "features" to their products. These features are intended to make the computing experience easier on the noob, but end up having the opposite effect. The amount of time it takes to recover from a major virus attack for a newbie is probably longer than it would take to learn a few tips to secure Outlook, or how long it would take to learn to use a different email client. Yet the stupid people still manage to continue to ruin things for the rest of us. Oh well. At least as long as there are people like that, the virus writers will continue to focus on easily fixed security holes in microsoft, rather than creating a Linux or Mac email virus (no idea how this could be done, but I have learned never to underestimate the power of a smart hacker with an ample supply of caffene).
Re:protecting from viruses (Score:5, Informative)
Its pretty cheap, and I've not had to worry about any email virii for years.
I'd (personally) like to see more companies (or even ISPs) going this sort of route as not only does it take the hassle away from sysadmins
(so you don't have to drive in at X in the morning to apply a patch), but it consequently helps reduce the rate of spread.
Re:protecting from viruses (Score:3, Informative)
This is probably why they don't do it - they can't risk false positives.
-BHJ
Re:Well, its pretty easy actually.... and painful (Score:5, Informative)
The problems come about when you have a bunch of software set up together that works. Then MS goes change something in IE and Acroreader stops working forcing you to go upgrade or reinstall acroreader. Things seem OK for a while, then something else stops working...
This is fire-fighting of an out of control software platform. It is not exactly a great user experience. MS stuff was never really designed to be hooked to the internet.
Re:Simple... (Score:2, Informative)
This is a common defense from windows users. But it is also false. Attacking a windows computer is fairly easy. You have very few variables. M$ windows, M$ outlook, M$ ie, M$ security (ha! i made a funny) creating something to penetrate a windows box isn't exactly brain surgery. Even when a problem is found by people who aren't looking for malicious reasons, the problem has to be submitted to m$, m$ has to review, figure out how to fix it, create a patch, and then release it. Sometimes followed by another patch to patch the patch.
Now with linux you have OPTIONS. kmail, mozilla, konquerer, etc. etc. and all of this software is released OPEN SOURCE. So you have an infinitely varied setup with an entire community looking at the code. If a problem is found, they can even create their own fixes. Even if a hole in a browser or mail client allows a virus to get into a linux system, the virus has to then find a way to execute itself, and if it wants to do anything major, it also has to find a way to give itself root permissions.
Writing a linux virus isn't and probably will never be impossible, but it would never be able to spread like blaster or mydoom, or any of the other virus that are reeking havoc on the net everyday.
Re:Well, its pretty easy actually.... (Score:2, Informative)
Must
Sorry, I can't help myself. There are several problems with this. (1) Some people get infected within minutes of putting their machines on the web, which means they haven't had time to fix their Windows machine's insecure out-of-the-box configuration. (My mom, who has a PhD by the way, bought a Windows box, and was infected the next day.) (2) You may not be sure if the updates are going to break something. (3) If you refuse to get on the Windows upgrade treadmill, you may end up running an old, unsupported version of Windows, with no way to upgrade it.
Note that all of these are problems that come from running a closed-source OS. (1) Open-source OSes aren't driven by marketing concerns, so they're shipped with configurations that are much more secure out of the box. (2) On an open-source OS, people can look at the updates and see if they look like they're of high quality. (3) On an open-source OS, there's no upgrade treadmill.
Re:Two Words: (Score:3, Informative)
Or the post could be completely mistaken.
Re:how to fix (Score:5, Informative)
James
Re:protecting from viruses (Score:5, Informative)
If people patched their computers, the virus would not have an effect on the computer. Atleast not this one.
Re:protecting from viruses (Score:5, Informative)
It used to be possible to say an e-mail with no attachments was safe, but today's virus of the day is proving that wrong... just using an IE bug in an HTML e-mail is enough to cause trouble.
So, really... nothing's safe. I'm sure somebody will find a buffer exploit for plaintext mail in Outlook someday...
Re:protecting from viruses (Score:5, Informative)
My school's mail server, after getting slammed very hard by er... one of them a couple months ago (I can no longer keep up with which virus is which), installed something that I think is called Vscan. What it does is sends you an email which informs you that you were sent a message with a virus attached, and gives you a link with a generated username (usually the "from" email address) and password to view the message... if you really want to.
I like this system, because it's soooo much easier to filter those messages as Junk than all the random stuff that might be thrown together by a virus
Yes and No (Score:5, Informative)
AV solutions can and do break. Our's did at my provider. We still haven't got it back online. Our users have had to endure the full brunt of infected email for far too long.
No single AV solution can be up-to-date at all times. For starters we can't update our virus definitions within minutes of a newly discovered virus. It just doesn't happen. AV companies couldn't afford the bandwidth without raising our costs beyond what's considered reasonable. Free solutions such as ClamAV [clamav.net] certainly couldn't afford it. Also, not all AV companies discover viruses at the same time. F-Prot might find the latest version of MyDoom before Symantec does. The fact that they found it means it's already in the wild as someone has had to analize it, create a patch for the defs to match this virus, get the patch through Q&A, and get it approved for the next release. There could be numerous hours between the virus getting into the wild, being discovered, being analyzed, and being caught in the latest virus defs.
Finally no defense of any kind should ever be one layer thick. One layer thick means you have no backup plan. No backup plan means you have no contingency for failures. No contingency for failures means your DRP (disaster recovery plan) has either been written fraudulently or you don't have one. In today's business world that means you'd better start updating your resume. A provider's mail system should not be the only line of defense from email-based viruses. Every single end-user desktop should have an up-to-date AV tool scanning all mail ahead or as a companion to the MUA. This is the *only* acceptable means of defense. You have to have end to end protection.
Many AV company's licensing scheme take both mail system users and desktops into account. Read the wording carefully because you may very well be able to use the end-user license to cover that user's part of the mail system....
Re:Mod Parent Down (Score:5, Informative)
Well, actually, I do well helping out joe sixpack with exactly this sort of thing. Not everyone is a programmer.
and you might be interested in these articles
Eric Raymond's rants: Part Onet ml
http://www.catb.org/~esr/writings/cups-horror.h
Some follow-ups:e ux.html
http://www.catb.org/~esr/writings/luxury-part-d
And mind you, I really don't like bill gates, either. So your criticism might be slightly off base. have a beer or take a pill, please
Outlook vulnerable with view as plain text? (Score:3, Informative)
A lot of organizations use Outlook in some form or another, so a quick fix like this one could be very beneficial -- if it is a fix.
Re:Switch!!! (Score:4, Informative)
It's ridiculous that more viruses (or worms) come through email than through any other means. I predict that someday soon, people will stop using Outlook [Express] and start getting their viruses through Internet Explorer, Samba shares, or straight through the wire (smashing the IP stack). Maybe then it really will be important to switch to Linux.
I agree, people should switch, but if people used Windows with more intelligence... Well, maybe people wouldn't want to switch, which would be a Bad Thing, so maybe I should keep my mouth shut.
Re:Not just clicking on it (Score:3, Informative)
Yes. The flaw isn't in Outlook/OE per se, but in IE, which those two use for rendering html. From the article: "..infects a PC through a known flaw in the Internet Explorer browser..."
another way, simpler to avoid it (Score:2, Informative)
-click on your last legitimate email,
-bulk select by clicking on the most recent one using the appropriate modifier key (viruses are also on other platforms, except, maybe, osX which has luck, youth and good design on its side)
-unselect legitimate emails in the selection block using the appropriate modifier key
-use your menu command to send them to trash (draging with your mouse might slip and select if you are a sloppy clicker like me) or the appropriate folder (junk or anything)
Of course you have to know first which message contain the virus but if you are like me, you only open email from people you know bearing a subject line that is logical and/or precise. It's actually well regarded by people when you ask them to always write a subject line that contains keywords for you to know that they haven't been generated by a virus sending itself using the incredible Microsoft technologies, anything, usually some passphrase other than generic stuff like "I wanted to get back to you" or stuff like that.
For the people I don't know of yet but want to reach me legitimately I often go in my junk mail folder (created using simple rules) and look for legitimate subject line and sender address, anyone who has "funny" names and uses generic subject line simply is out of luck with me. Much like we tell kid not to open the door to strangers we shouldn't open anything that comes in the email box, even if the stranger is his uncle, if the kid doesn't know him he is well advised not to open the door, the uncle will understand and the parents will be proud.
Re:protecting from viruses (Score:2, Informative)
The
Re:protecting from viruses (Score:2, Informative)
Re:protecting from viruses (Score:5, Informative)
Obviously the mail client is not the problem. The user is
(And if you're wondering why the virus is encrypted, it's so it passes through filters. Encrypting with a random password has the nice side effect of randomizing the data. So there are no known strings to filter on. Pretty clever.)
To start, block or strip this: (Score:2, Informative)
with your favorite milter
Re:Wow, people love to blame Outlook. (Score:5, Informative)
I'm not, for several reasons:
1. Thunderbird has never thought implementing auto-launch of executables embedded in email was a good idea.
2. If you're using Thunderbird, you're probably using Firebird, and it's not as likely to try to do what the malformed HTML tells it to.
3. Even if you *do* manage to get Firebird to do it, it's not part of the operating system, and isn't likely to be able to do really nasty stuff to your computer.
Patch was available on October (Score:5, Informative)
I dont know why slashdot posted this particular fact-free article and with the "what are users supposed to do?" tagline.
The patch is six months old, people. This isn't some major zero-day exploit that is tearing the internet apart.
I use firefox/tbird on windows, but still, lets be sensible here. People can use the IE/OE combo without too much fear as long as they keep auto-update running.
Simple Solution (Score:2, Informative)
Idiots (Score:2, Informative)
First, keep your patches current. If that's too complicated, select the message above it, hold down the key, and select the one below it. See how that selects everything in between? Now hit Delete
This isn't rocket science. Which is good, because people who use Outlook Express aren't rocket scientists.
Re:What do you do? What do you do?! (Score:4, Informative)
The firm doing the study are known bozos - they pretty much predicted armageddon on 1/1/2000, and still have much egg on their face from that. They also stretched the truth about their experience and expertise in the computer security field - they were doing something quite different for the first several years of the company's existence, but their press claims security expertise for the whole time.
An AC citing a "study" known to be flawed, designed to gain free press for the flawed company conducting it should not be trusted.
Re:protecting from viruses (Score:2, Informative)
Re:Switch!!! (Score:4, Informative)
If everyone switches to wearing condoms or practicing abstinence then you'll start to see AIDS mutations that jump through the air or something.
That is nonsense. A HIV strain that propagates through the air will be strongly favored whether people practice safe sex or not, because people breathe more than they have sex. Taking precautions against venereal spread of HIV will do nothing to increase the mutation rate of the virus.
Nothing New (Score:5, Informative)
This is nothing new. Leigh Stivers of DP Technology, researching in the wake of ILOVEYOU from May 2000, demonstrated in the fall of that same year [com.com] that anything goes with poor products like Microsoft Outlook.
This revelation, like ILOVEYOU and all that followed, did nothing to move the masses away from their bad habits. AnnaK followed, and after that things only got worse, and still we find people trying to batten down the hatches and still use Outlook and Swiss cheese Microsoft technology.
So how do you avoid threats like these new Bagles? Easy. You stop using Windows because you're supposed to be smarter than that at this point in time - after getting the shit kicked out of you for four years straight.
Second, if you're simply too lame to abandon your beloved Windows, then you at least abandon Outlook and all IE-related email technologies such as Eudora. Any email client relying on Internet Explorer is a sitting duck, and you know it.
I am not telling anyone anything they do not already know; even posing such a question - 'how in heavens will we protect ourselves now?' - is so lame it's beyond description.
The Bagles are hardly the worst threat right now anyway. Phatbot is out there, harvesting machines like they're going out of style, and coming ever closer to the first million mark. This is outright organised crime. The machines are left as backdoored P2P bots and can harvest bank account details, credit card details, passwords all over the place, and the corrupted machines can be used in further spam attacks - where the unwitting, claiming ignorance and helplessness, go ahead and click on things and use Windows and Outlook and then ask 'how can we protect ourselves?'
It's not interesting anymore. There's no point in trying to help those who categorically refuse to help themselves and take the necessary steps to be safe. The only concern, voiced for years now, is that these ignoramuses are ruining the Internet for the rest of us - and that is a very real and very justified concern.
Re:protecting from viruses (Score:5, Informative)
VBA doesn't actually have anything much missing from the VB6 command set. The only thing it's really missing is the ability to make compiled executables, that VBA programs can only be embeded in certain MS filetypes. It's a much bigger power tool than most people expect...
Re:Switch!!! (Score:3, Informative)
For those who ARE using Outlook Express (you probably don't want to admit it), simply go to View->Layout... and uncheck "show preview pane." Bada bing. Add that to applying the restricted attachment options on the security tab under Tools->Options and you're set. Until they find a way to embed the virus in headers, you'll be safe from e-mail viruses and you can go on using the [admittedly bad] Microsoft e-mail client.
.NET (Score:2, Informative)
Re:protecting from viruses (Score:3, Informative)
"This new version of Bagle only requires a recipient to open the email or view it within the Outlook preview frame, where some invisible HTML code downloads and infects a PC through a known flaw in the Internet Explorer browser." (my emphasis)
Nothing to do with attachments
Four Years Old (Score:5, Informative)
http://radsoft.net/news/roundups/luv
May 8, 2000 0:00 AM UTC
This is getting ridiculous. An email appears in Outlook's inbox, and even before the user does anything, a message pops up on the screen. 'Had this been a real virus, you would not be happy', it reads. The relieved user clicks 'OK' and another box pops up.
'Deleting hard drive now... Just kidding!'
It was written by Leigh Stivers of DP Technology, who is trying to draw attention to a hole in Outlook that is far more dangerous than the ones ILOVEYOU found - this hole allows any email to be loaded invisibly with a destructive program that could go as far as deleting an entire hard drive.
Unlike viruses like ILOVEYOU or Melissa, these programs have no attachment and give no indication that they are anything other than ordinary email.
And with Outlook's factory defaults, this program - which might have been set to wipe your entire hard drive clean - can start running without you having to click a thing, before Outlook even tells you mail is there.
'The script can do almost anything', said Stivers. ''We were amazed to see how open everything was in house here, and we take security pretty seriously.'
You shouldn't have been amazed, Mr. Stivers. But thanks for the tip. We shall now visit the C|net link and read the article and within 30 minutes be running a better email client - for this writing on the wall is surely enough for even the lamest Outlook user?
http://news.com.com/2100-1001-240189.html
Re:Switch!!! (Score:2, Informative)
The fact is, the kinds of viruses that routinely affect Outlook and Outlook Express are simply impossible on Linux or any other flavor of Unix. The architecture doesn't work that way. There have been viruses and worms written for *nix, and with the exception of the Morris worm, which actually exploited a feature of Sendmail rather than of Unix and was a cross-platform worm thereby, none of them have been particularly widespread.
It has already been explained by someone else, but in Linux - no matter what mail client you use - there is simply no concept of an excutable attachment. Binary attachments may be viewable, but they cannot be executed. So until someone comes up with a way to embed something in an attachment which can cause the viewer to do something bad, such as take the attachment and execute it as its own code, Linux and all other *nix platforms are pretty safe from email viruses. Moreover, not only is such a thing very hard to do (if it's even possible), it's further limited by the fact that you just don't know what somebody is using as a viewer for a given file type. There are so many choices. There are dozens of things that could be my
A worm that does not depend on email has a little better chance on *nix, such as the Lion worm (IIRC) that could infect certain versions of lpd a few years ago. Still, that one was never really widespread either, because:
A) Not all machines are running any kind of lpd;
B) If they are, it may be firewalled off and/or not listening on an external interface and/or not accepting connections from non-local IPs;
C) It might not be an affected version anyway;
D) It might be CUPS or lprng, and those wouldn't be affected at all, unless you took all three of them into account when writing the worm (the lion worm didn't). Even then, you'd have to hit the right version on the right platform for each variant.
A worm or virus that tried to exploit features of an MTA or database or something within X would also face a tough time because they might not (read "probably won't") work on all distros, glibc versions, KDE versions, Gnome versions, Fluxbox versions, IceWM versions, WindowMaker verions, etc. If it depends on an MTA or database to spread, then you have to account for Sendmail (lot of versions), Postfix, qmail, Exim (v. 3.x and 4.x), some proprietary MTAs, and who knows what else. If it's a database, could be Oracle, MySQL, Postgresql, or who knows what else. And of course it has to be unfirewalled. Most people running an SQL server on *nix are also running a firewall. Maybe multiple layers of firewalling, if they're properly paranoid.
These are issues faced by anyone who wants to write a virus or worm for Linux or Unix.
The fact is, writing worms and viruses for Linux, *BSD, or a proprietary UNIX platform is a lot harder than writing them for Windows, and they spread a lot more slowly and don't get nearly as far. Yes, as Linux continues to grow in popularity you will see more attempts at viruses and worms for Linux. Most of them will be abject failures, and even the ones that aren't will never have the impact that Viruses and worms have had on Windows. Not only for the reasons outline above, but for one more big one, which is a product of the reasons above: SPEED. There are simply too many different distros on different hardware platforms, with different configurations, and different versions of key items on which a worm will depend, for it to be able to spread quickly.
That is why, even if Linux should someday utterly dislodge Windows from the desktop and command a 90% market share, with the rest mostly held by Mac, it will NEVER have the kind of virus and worm problems Windows has. On Windows, the problems are designed in. On *nix, they are designed *out*.
Use MailWasher (Score:2, Informative)
Re:Complete lie (Score:5, Informative)
I saw the study. It was done the British group Mi2, who is about as useful as IDC or Gartner, with their own vested interest. In almost every situation, the Linux openings were simple PHP's being hit on systems with multi domains rather than the systems being owned. Too be honest, I would love to see a company/group without a vested interest do a real study and report the numbers.
BTW, even though your BSD statement was a simple red herring, I suspect that it has merit.
Re:protecting from viruses (Score:2, Informative)
The spam filter is very aggressive, so when we first implemented it there were some false positives. It throws everything it filters into a quarantine and generates daily quarantine reports to all of the users along with a "release" link. If there's a FP in there, the user can release it right then and there. It even offers to whitelist the sender to prevent more FP's in the future.
I know there have been some FP's since we track the release clicks, but we've had no complaints and nothing but praise since we put it in.
The best part is that our e-mail admin time has been reduced only to adding new accounts :).
Re:Yes They Are Sexually Transmitted (Score:2, Informative)
It's not a matter of opening.
People have to select the message to delete it in Outlook, which presents a problem.
Re:protecting from viruses (Score:2, Informative)
Re:protecting from viruses (Score:5, Informative)
Joking aside, be careful that you check the exact exit code that you need to determine whether ClamAV found a virus or not. I was using a script called clamfilter.pl that someone else wrote. Since I was in a hurry, I went ahead and stuck it in my procmailrc without checking into it much. It seemed to work for quite a while. When one of the MS virus storms hit, I started sending all the viruses to /dev/null like you are. This turned out to be a mistake.
At some later point, we had a hard drive disaster that left most of /usr unreadable. However, the mail server was still running, and still using clamav to filter mail. Due to one of clamav's files becoming unreadable, clamav started exiting with a nonzero exit code, but not because it was finding a virus in the mail. Hence ALL mail went to /dev/null for a few days while the system was being rebuilt, and we didn't discover it until afterwards. I filed a bug with the clamfilter forum, but up till now the author hasn't fixed his (IMO dangerous) code that he is offering for general use.
The moral of the story is, if you are sending mail to /dev/null in ANY case, be damn sure that you are properly checking clamscan's exit code.
Simple rules for avoidance (Score:4, Informative)
1) Disable the preview pane. View messages by double clicking them. That way you're never forced to view a message you haven't made the decision to view, either by trying to delete it or by it being the top message in your inbox. This also helps to reduce spam, because spams with linked images can be used to verify that you read the email.
2) Only view email you trust. For the rest, view the message source or ignore the message.
3) The above will stop 99% or more of email viruses out there. To further reduce the risk, patching frequently and using a spam filter helps. Virus scanners like AVG also help but you can expect a noticeable slowdown in system response if you use one. I don't. No virus problems ever in 12 years.
stop using Outlook (Score:3, Informative)
Aparently they've never heard of e-mail software other than Outlook. Many e-mail programs do not execute the VBS code or other attachments of a message simply by selecting it from the Inbox.
Re:MacDailyNews? (Score:4, Informative)
Re:protecting from viruses (Score:2, Informative)
The current stable release of clamav doesn't support OLE2 scanning, thus can't catch viruses in many MS Office documents. (0.66-0.68 have OLE2 disabled).
As far as why most ISPs aren't running clamav.. That's simple.. Load Average. Many ISPs are pushing their mailserver hardware pretty hard. As a result they don't have a lot of spare CPU onhand to do virus scanning.
At the ISP level, CPU time isn't free, it costs because you need better more powerful servers to process the same volume of mail. Admittedly PC hardware is cheap for desktops, and low-end server-grade stuff isn't outrageous, it's still an added cost that can't be ignored. Scanning is going to easily double the amount of CPU time per message compared with just store and deliver, so you've just doubled the cost of your inbound MX hardware (assuming you're doing load balancing and can just double the number of servers).
Sure it's money well spent, but it's not as inexpensive or free like it may seem at first glance.
Re:protecting from viruses (Score:3, Informative)
I don't feel safe unless i'm reading my email through a CLI...
Re:Complete lie (Score:3, Informative)
It was incredible.
I don't care what OS they where testing, there test proved only one of two thing:
1) they're catering to who paid them
or
2) they have no clue.
Besides, the poster staement was about Apache, not Linux.
Re:protecting from viruses (Score:3, Informative)
Re:.NET (Score:2, Informative)
Try this, use the
For the fill function I'm counting 4 seconds for 320x240 and less than a second for the Win32API call.
RTFA people (Score:1, Informative)
Re:Switch!!! (Score:4, Informative)
You mean apart from the Ramen Worm [com.com]?
In fact wasn't that the first effective worm on the net? One that affected only Red Hat Linux systems?
Re:Simple... (Score:5, Informative)
This has ALWAYS been the case when it comes to Outlook and Outlook Express. The Preview will execute the code contained within the mail message in exactly the same way as if you had opened it. It has been this way for a few years. This is what Valve's Half-Life 2 Lead programmer claims happened that lead to the leaked source code for HL2.
Excel was vulnerable too (Score:1, Informative)
Back then, the Internet was young, and the only way we knew of to make it spread was through BBSes (where we figured it would likely be caught quickly) so we didn't try to escalate it to the developers.
Oops.
Solution (Score:5, Informative)
From best solution to workaround:
1. Don't use a Microsoft E-mail client
2. Use a virus-scanner that catches it before it is opened
3. You do not *have* to view an e-mail in order te delete it, if you close the preview pane you can delete it without viewing (even in Outlook Express). This is not exactly what I'd call convenient, though.
Re:Switch!!! (Score:4, Informative)
Even if viruses existed in line with market share you would expect 100s or thousands of linus viruses.
Also the linked article does explain why Linux is an attractive target for virus writers: which supports point - that Windows viruses are not more prevelant purely, or even mainly, because it is more widely used.
Block tcp on port 81 (Score:4, Informative)
Re:Simple... (Score:5, Informative)
Don't forget that the Witty is entirely memory resident so most (if not all) virus scanners will miss it...
Re:Simple... (Score:2, Informative)
too poor to build a second box... nonsense (Score:4, Informative)
Stop the excuses, you can try Linux today.
Re:Simple... (Score:2, Informative)
i found this while looking for av software for my brother's pc, as he's recently had some virus problems. of course, i also got him using thunderbird and firefox
Re:Simple... (Score:2, Informative)
Well many of us unfortunately have to use Windows because (a) our work requires it and/or (b) more critically, our clients have Windows, and only know how to use Windows. So you have to develop your products for Windows if you actually want to sell anything :( :( ...
Re:Duh... how do i avoid viruses? (Score:1, Informative)
Re:Simple... (Score:5, Informative)
Re:Simple... (Score:2, Informative)
-- C.
Re:protecting from viruses (Score:1, Informative)
But I think Fed Ex already beat you to the punch.
I'm preaching to the choir, but the only system that I can see really 100%
which \
takes current user knowlege into account
+ will keep a network virus free
+ uses Windows
+ allows users to make mistakes
= server-side scanning/stripping of attachments.
That, or a new program which exposes email only via a web interface and only exposes mail as plain text.
Any other scenario has rogue users who can make mistakes leading to a less than 100% solution and the appearance of virii on a network.
Re:Switch!!! (Score:2, Informative)
Of course, it was my fault, for running an unpatched system. But I also have the perspective of the common user here: I did not know that a patch had been released
Re:Simple... (Score:2, Informative)
Thus the fundamental flaw of signature based protection. Cisco has a sweet little product out called Cisco Security Agent. Check it out. [cisco.com] My company is evaluating it now. It's a tad pricey, but it uses behavioral analysis to determine whether or not executed code is a worm, virus, or any other kind of malware. So there actually can be protection against unknown threats.
Re:Not just clicking on it (Score:3, Informative)
Begin HTTP dump: That'll usually just about do it. I've seen it before with the AIM viruses which have been common lately. It's actually a bit funny when it happens on a MacOS 9 machine
ActiveX controls I'm told are actually a great way to make this happen automatically and without notice (erm, on Windows), but I have no idea about the actual method.
Bah (Score:3, Informative)
The Preview will execute the code contained within the mail message in exactly the same way as if you had opened it. It has been this way for a few years
What does that even mean? Execute the code? Do you mean "render the HTML"? Outlook Express doesn't execute script in the preview window or the "opened message" window. I'm guessing this new virus either forces script to execute via some exploit, performs an exploit in general HTML rendering, or performs some exploit against ActiveX. The important distinction here has never been between "previewing the e-mail" and "opening the e-mail", it's been between "looking at the e-mail" and "opening the attachments".