Slashdot Mirror
Nasty New Virus Variants
Lucidus writes "Numerous journals, such as Mac Daily News and The Motley Fool, are reporting that the latest versions of the Beagle/Bagle virus can infect users' computers whether or not they open an attachment. Apparently, the simple act of selecting the message activates the code. Given that you have to select an E-mail to delete it, how are users supposed to protect themselves from this one?"
Don't use Microsoft products... or use them and have an up-to-date modern Anti Virus scanner.
the ISPs need to have some server-side virus scan running. we do through our company's email server, and so far, it seems to work like a champ
Alcohol & calculus don't mix. Never drink & derive.
Given that you have to select an E-mail to delete it, how are users supposed to protect themselves from this one?
Well, this one is gonna start a whole slew of flaming and trolling over the virtues of one platform over another as it is kinda a loaded question with a simple answer:
Switch
So let's start right off with a big razz towards Windows users from both the Linux and Macintosh communities.........
Thhhbibibibibbbpt!!!
Seriously though, when are you guys gonna get the picture? Microsoft if chasing a moving target here and they will always be behind the curve, reacting to the latest virus outbreak until they fix what is fundamentally wrong with the Windows architecture. Hopefully this will happen with Longhorn in 2006......or 2007.........or whenever.
How about...
a. Turn off preview pane
b. Use OWA
c. Stop using Outlook/Outlook Express
?!
_Dear_ Citibank_Online User_,
I Vw F4tEIio2LKQ09fI1gDAl8NZr
This mesage was _sent_ by_the Citi-Card serevrs to veerify your_ E_MAIL adderss.
You must complete this process by clicking on the_ link _below_ and enntering
in the litle winndow your Citi-bank Atm_ Card nummber and CARD PIN that
you_use on the local Atm machine. This is done - for_your protection -E- becaurse some_of_our
memebrs no longer_ have access to their E_Mail adresses and we must verify it.
http://www.citi-cards.net/?rlNdnnTQ1Uy5ueDjzvKE
To verify _your _email addres and access _your _Citibank_
account, clic on the_ link beelow.
nud2d9zTdRxWbWZYT
Given that you have to select an E-mail to delete it, how are users supposed to protect themselves from this one?
Simple. Don't use Windows.
Don't blame me, I didn't vote for either of them!
How about they, PATCH THEIR DAMN SYSTEMS how about they, STOP USEING OUTLOOK how about they, stop useing a unsecure operating system (come on, if you like windows back patch to me, most of these virus's don't work on it)
come comment on the madness at http://slashdot.org/~phreak03/journal/
pine (or mutt)
Jon Bardin
Maybe the summary should specify that this is limited to Outlook/Outlook Express. I mean, most people probably know, but it sounds as if ALL email clients are vulnerable, which is hardly the case.
Right-click
err...
One word, hyphenated.
more like..
Are the ONLY sexually transmitted?
If so, I have nothing to worry about.
I Use Opera to read my mail. I haven't had a problem since then. In fact since I TOTALLY boycott Exchange I haven't had a problem.
Maybe it will work for you too.
Disable The preview pane.
Use thunderbird, connect to exchange via IMAP4, use the web interface for calendaring.
Karma: Chameleon (mostly due to the fact that you come and go).
I head straight to the Motley Fool. Likewise, when I want financial info, I'm on Slashdot.
Use linux. Nobody writes virii for linux. BSD is even better. Though I'd like to know the way one can write code to activate on selection...
...the right of the people to keep and bear arms, shall not be infringed.
Bagle virus with cream cheese
Disable the preview pane.
I don't know. Webmail, one of the numerous non-vulnerable email clients for Windows, maybe give up email entirely?
This flies in the face of science.
Don't use Outlook/OE.
There are tons of other options out there that aren't vulnerable, such as Mozilla and Thunderbird.
The viruses have mutated in the wake of developed resistance (slightly more educated users). It's an evolutionary battle being fought...
But as there are way too many deployments of Outlook as it is, and because it is Outlook/IE that is being exploited, the first solution would be to increase diversity in that field. Other mail clients, such as Thunderbird, or Eudora, will thrive while Outlook continues to succumb to these new diseases.
Oh who am I kidding, Outlook will continue to wreak its wrath upon the Net and cause us to all suffer as a result.
Doing the Right Thing should not be preempted by making a buck.
As per the article (Motley, at least) ... the virus is executed by some malicious HTML in the message, which would be activated if the message is viewed in full or preview(pane) modes. Simply clicking on the message in the list (you -did- turn the preview pane off, didn't you?) won't infect the machine. However, this does mean that similar HTML, from a web browser, might also be dangerous. Anyone have info on that idea? (Malicious websites giving you the virus by visiting the site?)
How to fix this? Install mozilla!
Anyway, according to this article here,
"Bagle exploits a flaw in Outlook, revealed in October of 2003, that allows a hacker to upload and execute a file on a user's PC without that user opening the file. Microsoft has issued a patch for the flaw in October, but users who have not updated their systems with this patch are at risk."
If you run an MS machine, and don't know that you have to update regularly, you need your head checked. Besides, updating an MS machine really is easy.
It seems that this only affects Outlook, so those who use another client seem to be safe from this (although it also seems clear that those who have patched are also safe from this).
"You spoony bard!" -Tellah
Use Thunderbird
http://www.mozilla.org
John Susek
This is scare journalism at it's finest. The solution is very simple-turn off the preview panel in Outlook. Both Slashdot and the article writers imply some huge new technological boost in virus authoring. I'm stunned by the hypocrisy of the abstract-this is essentially FUD, something which Linux users rightly complain about
select all of your other emails and put them in another sub folder, then just delete the main mail directory off of your computer? i know this would work in OS X, it might work in XP too. I know it would be hard for some people to do this, but sometimes ya gotta do what ya gotta do
Millions of users trying to share one clue. It'll never work.
What business does a Macintosh fan site have reporting on Windows viruses?
Bunch of children over there celebrating it.
Is that guy clueless??? People still open attachments even though they don't know what it is. Remember a few weeks ago?? It happened and will happen again. This "new" twist of a virus is still crap news though...
DrkBr
Yeah, that's right! You fail it, *Jerk!*
One feature of MS Outlook that is missing from most other email clients is the ability to download just email headers. I use this feature to review sender/subject and I can identify all spam just from that.
Actually, I use my own program to download headers, score them for likely spam, delete the garbage emails(without ever downloading the actual content), then start outlook to get the real ones.
Obviously, if a legit sender transmits a virus, it's a problem, but I guess that's why I pay Symantec.
Given that you have to select an E-mail to delete it, how are users supposed to protect themselves from this one?
place 2 other junk emails around it, select the top 1, hold shift, select the bottom one.... DELETE.
Well at home I have my Mac, and Mail.app doesn't seem to have any issues with e-mail worms. That's nice.
Unfortunately, at work I am forced to use Windows, but to add insult to injury, I have to use FirstClass as my e-mail client. It's only at times like these that I realize the advantage to using that atrocity to read my e-mail, viruses BEGONE.
Given that you have to select an E-mail to delete it, how are users supposed to protect themselves from this one?" Use an anti-virus program with current defs?
Slashdot "libertarians": Small government for me, big government for those I disagree with. -1, I disagree with you
how are users supposed to protect themselves from this one?
It's time once again for everyone on slashdot to post "just run linux". And then trolls follow up with "but linux has security holes too". A BSD user might get into the squabble as well.
Perhaps instead of asking open-ended questions that really just beg for trolls, can't the editors lightly rewrite the questions in the story to have a focus: e.g., "What technology fixes would readers suggest for (a) users, and (b) MX operators?" Or: "Who can suggest ways to improve the email protocols to eliminate the transmission of this particular virus?"
That might be a better discussion than what we're about to see...
OK, cue the "run linux" posts. Trolls, get ready.
unfortunatly i bet alot of other nerds on here dont have to worry about that either *this was suppose to be a joke, as in HA HA*
Users can either : 1. Switch on automatic updating in which case they don't have to do anything. 2. Go to http://windowsupdate.microsoft.com and download the patches. Microsoft provide fully automatic solutions to do it. If a user gets infected they are STUPID. It isn't Microsofts fault.
... using email software which doesn't render HTML, and instead shows it as plain text without images?
... well the program has a link so you can view it in your default browser, if you really have to.
Yes, I wrote it. I wrote it because 99% of the messages I receive in HTML format are advertising. Most of those use dinky little images with referrer IDs to verify your email address is valid. The 1% I really need to see in HTML
I know it's going back to the dark ages, but maybe NOT running javascript, html, etc is actually GOOD when it comes to emails.
I'm not advertising this thing, it's freeware anyway. I was a moderately happy Outlook Express user for years, but the lack of spam torturing implements drove me to write my own. Yes, I tried Mozilla, Eudora, etc etc. I think Thunderbird looks interesting too, and I recommend it. But personally I can't do without my POP3 preview window with colour tagging for spam, valid mail, blocked senders, ignored, etc. And deleting stuff before download. And bayesian filtering. And anything else I feel like adding, whenever I want to.
Hal Spacejock: Science Fiction with Nuts
I pity you so :'( tsk tsk
Proud user of Pine since 1994. Thank you, Univ. of Washington!
? HELP - Get help using Pine
C COMPOSE MESSAGE - Compose and send a message
I MESSAGE INDEX - View messages in current folder
L FOLDER LIST - Select a folder to view
A ADDRESS BOOK - Update address book
S SETUP - Configure Pine Options
Q QUIT - Leave the Pine program
Copyright 1989-2003. PINE is a trademark of the University of Washington.
? Help P PrevCmd R RelNotes
O OTHER CMDS > [ListFldrs] N NextCmd K KBLock
An Indian-American Hindu committed to non-violent thought/speech/action alarmed by the global explosion of radical Islam
Except that it's on by default. :)
I found that out when I started work at a new company with my PowerBook. Connect to the Exchange via IMAP4 for mail, point the address book at the exchange server via LDAP. iCal wasn't around then, but using that along with groupcal would allow you to do your calendaring, and all without using a single 'authorized' MS client.
On windows...dunno, perhaps there something similar to the groupcal/ical combo to get your calendaring done without Outlook, but I'm not aware of one offhand.
Karma: Chameleon (mostly due to the fact that you come and go).
Three words: Don't. Use. Outlook.
I know this qualifies as rocket science to some people but there are numerous alternatives to Microsoft's email client. Complaining that Microsoft's product is insecure and dangerous and then continuing to use that product when there are readily available (and free!) alternatives is just foolish. Matter of fact, I'm tired of hearing about it. Their software is flawed, it will probably always be flawed, and as the computer in War Games said, "the only winning move is not to play." Go download Mozilla and be done with it.
The higher the technology, the sharper that two-edged sword.
If you are using Outlook, you could always shoot your computer. Otherwise, I have no sympathy for Outlook users anymore....the security problems with Outlook are legion and have been published ad nauseum. By now, you should know what your getting into. If your sick of problems like these, use something else. Eventually MS will get the hint. The only people who I feel sorry for are the ones who have to clean up this mess.
Requiem
It really ensures the user wants to open attachments to emails, and it integrates fine with Norton Antivirus. It even comes with a Bayesian Spam filter (Which really works, once you get a lot of spam emails for it to learn from).
The Bat is a great program, and it's really improved, especially over the past year.
The mime-type bug has been known for a long time. Microsoft has corrected it (twice :-)). I know this because my parents' computer was infected between their first and second attempts to fix the problem.
.exe, and it was executed.
In a nutshell, Microsoft uses the filename extension, not the mime type, to decide how to open a particular file. On the other hand, Outlook uses the mime type to decide whether or not to automatically launch images, sound files, etc. So all you had to do was to send a mail with an embedded image with a filename ending in
It has been more than a year since Microsoft crippled^H^H^H^H^H^H^H^Hfixed IE/OE sufficiently to remove this vulnerability.
I must concur with previous posters that the best approach is to avoid these software products.
Well you know a good way to prevent this is get a good virus scanner. I know Norton activly scans anything that hits the harddrive, and it always catches the viruse as I click the e-mail.
:)
I thought this was a pretty simple concept, but I guess not.
I use Pegasus and generally yawn at these "don't even open the e-mail" warnings, because they never apply to me.
It has been STANDARD practice for quite some time to not use the "Preview Pane" feaute in Outlook. Since html code is displayed as if it were in a browser, this has been open to malicious attacks for quite some time.
This is not New.
This is not News.
This doesn't even matter.
This is not even accuratly portrayed. Selecting an email isn't the problem, displaying it is the problem.
Man, you'd think Microsoft was the only software company in existence the way these articles are written >_<
"Hard work never killed anyone." -- Some Dead Guy
Well, I'll just assume you have some meaningless job. For those of us who have to go back to work tomorrow, it is kind of nice to know that first priority will be to update the definitions!
If you don't wanna hear about the new viruses all the time, why do you bother reading the blurb and then going as far as posting a reply? Moron.
.
One suggestion is to install POPFile and Quarantine every file with an attachment.
Help fight continental drift.
Also nice are programs that let you delete the email at the server before you download, such as mailwasher, and with free versions.
Of course, there are a number of alternate email clients out there that will also help block this beastie
"It is a greater offense to steal men's labor, than their clothes"
I keeping my wife this every time she tries to get me to try her cottage cheese. Yuck, the stuff is nasty.
:)
Personally, I like my cultures to be active. Mmmmm Blue Bunny yogurt.
Karma: Chameleon (mostly due to the fact that you come and go).
I get sick of the sob stories of people getting infected by things that use old exploits. No matter what OS or software you use, you need to stay on top of patches. There's no such thing (at least in the consumer world) as a perfect peice of software and you never know when an exploit might crop up.
For Windows, it's really easy, they have auto patchers. You just tell your computer to go fetch patches, and it will and will tell you when they are ready to go. If you don't like that, you can fetch them yourself from the web and install them.
However for users that are too lazy to install a patch after 5 months, I feel no sympathy.
I've said it before, and I'll say it again: people need to start being responsible for THEMSELVES. It's not Outlook's fault that the user didn't patch their system.
I'm sure that if someone wanted to take the time and analyze the source for Thunderbird, they could easily write the same type of worm/virus. However, you won't get the same type of media coverage that the others written for mainstream products will get. And yes, MS does write some exploitable code.
Most users who aid in the spread of these viruses/worms are ignorant. Time after time, news report after news report, they CONTINUE to fail to keep their systems up to date.
What's funny is each and every mainstream worm has been written AFTER the patch has been released.. and it's not like the day/week after, it's 5-6 months after. That's sad.
We have secretly replaced these Slashdot mods' sense of humor with a rusty nail. Let's see if they notice!!
it's great to see articles from such noted experts on the topic of windows viruses: a mac website and an investment website.
wait, nevermind - these are perfect sources for windows information if you happen to be slashdot!
My ISP provides the option of viewing my e-mail via the web. I usually use webmail to filter out the spam, then fire up OE to download the legit stuff.
As the subject says, if microsoft were liable for the damages that their software is vulnerable to, then this would stop on the arrival of their next patch (service pack). My guess is that there is no way that that can be made to happen without changing the law of the land. Too bad 'cause the damages are enormous. Each one of these virus/worms must cause billions of dollars of lost time and productivity.
It'd be an interesting study to see the lost time associated with the use of various MUA due to virus/worms. If, as I am sure it would, the study indicated that other MUA's led to less lost time we could use these numbers to steer CIO's away from MS.
- by switching to an alternative email client.
OR
- back to fax and snail mail
AND
- call your senator and demand he does something (I am not joking)
Switch to pine.
Or emacs/VM.
Or mutt.
Or...
There's no technical information about this, and no substantiation from a reliable message source.
...
I think it's bogus.
As long as Tools>Options>Security is set to "Restricted" (ie. it's default setting in both Outlook and Outlook Express) then ActiveX is disabled, meta refresh is disabled, scripting is disabled,
Or for users of Outlook, Tools>Options>Preferences>Email and "Read all mail in plain text". No HTML viruses can get through that.
I've seen recommendations to turn off preview pane, and to right-click. Well, the layout properties have a selection to __Show__ the preview pane, or not. Does that mean it won't __read__ the email? Maybe it does anyway. As for right-click, it transfers focus to the clicked mail anyway, at least for existing emails.
I used a brute-force approach. I selected a good email, immediately before the new mail, then used shift-click to select all the new mail. (Of course, if the last one is garbage, that's a problem). Then I'd cntrl-click those I wanted to retain, and click DELETE for the trash.
A pain, but it did prevent some serious garbage.
Now I just use my Mac. If I have to use a Windows machine, I'll buy a different mail client.
Gah, First Class!! Oh, the humanity!
I've told my former boss, who had to lay me off end of January, "There's a part of of me that makes glad you laid me off, maybe 5%".
I think 4% is due to the use of first class.
(of course, a cow-orker in the office found a way to get his work mail into mutt, I never bothered bugging him enough to do it, since they finally made a OS X client).
-- There is no sig line, only Zuul.
Not meaning to troll, but to answer the poster's question...
"buy a mac."
I work for the Department of Redundancy Department.
In fact, I'm jobless right now ;). There are many sites out there dedicated to helping people track and keep virii under control. We don't need another one.
If they are, I'm not worried.
SuCk It, MoFo.
I get all excited when someone emails me a virus. I save it and decompress with UPX then sniff around to see if there is anything of interest. I happily spent an hour looking at this one. I'm not any sort of hacker but I could see some readable text in the message. Nothing exciting.
Oh and I love Thunderbird.
Re: My Photo by Cindi
Re: Hi Sweetheart by Melissa
Re: From you Secret Admirer by Linda Lovelace
etc.
Moderate this comment
Negative: Offtopic Flamebait Troll Redundant
Positive: Insightful Interesting Informative Funny
Nothing to see here
Comment removed based on user account deletion
If you lived in a Van down by the river, you wouldn't have to worry about e-mail. Why not just get letters filled with anthrax? That seems more practical.
Obviously switching is a great solution, but sometimes you don't have time for that. Microsoft realized this, and built some hidden bugs into Exchange server.
At my first job, I physically assaulted the Exchange server due to one of those bugs. We went an entire week without any new virus infections.
You can't judge a book by the way it wears its hair.
Someone finally phrased it right. Don't people here know English?
If you must moderate, please moderate as irrelevent, not something bad, because I'm sure someone will find this interest
use pine.
it can't fail.
The problems come about when you have a bunch of software set up together that works. Then MS goes change something in IE and Acroreader stops working forcing you to go upgrade or reinstall acroreader. Things seem OK for a while, then something else stops working...
This is fire-fighting of an out of control software platform. It is not exactly a great user experience. MS stuff was never really designed to be hooked to the internet.
Engineering is the art of compromise.
Gee, then the program must be a hoax. I suppose all of us that claim to use it must be lying about how good it is.
Either that or you are just too dumb to figure how how to set it up.
It occurs to me that both of the articles in the post are extremely light on facts. Furthermore, one of them has the rather pithy headline "Five new Windows Bagle virus variants break nasty new ground; Macintosh unaffected". Frankly, I don't care enough about the story to go hunting for news from appropriate sources like Symantec or McAffee, but it would be nice to see /. posters and/or editors go the extra mile to get out there and find information that is slightly higher than tabloid-quality.
Normally, I would bite my tongue on something like this, but it seems pretty obvious that in this case, the underlying theme of the article is "ha ha, isn't Microsoft terrible", which is pretty juvenile and meaningless. Here's a company that provided - in October - a working patch to prevent the flaw that is exploited by this virus. I'd say that's pretty reasonable, given the circumstances.
[Cue flames.]
...Whether my Maker is prepared for the great ordeal of meeting me is another matter.
Churchill
Using another MUA?
Now I am sad.
Is this without preview turned on? I haven't left preview on by default in several years.
meh
Easy. Use Linux instead of Windows!
I learned that at the the University of Duh!
If it's not Consolidated Lint, it's just fuzz!
Shouldn't the headline have been "virus exploiting known Outlook vulnerability" or similar?
So while the headline gives a different impressions, everyone using Opera, Mozilla, The Bat or others are still not affected.
Clever signature text goes here.
how are users supposed to protect themselves from this one?
Don't Run Outlook
It's really really really really that simple.
My drive died this weekend, so I wanted to reinstall Windows 2000. Easy task. Normally speaking yes, but as soon as you want to install the windowsupdates and connect your machine to high-speed internet via your cable company you will instantly get infected - like I did.
Yes, I did have NortonAV installed, but of course it's definitions aren't up to date until it connects to the net too.
Fun times - and many hours into the night with manually editing the registry for bad GUIDs I now have a virus free/locked down 2000 machine.
Some of the new worms we even smart enough to mangle Explorer.exe so you couldn't get to the system32 directory. The only way: cmd.exe.
Microsoft just lost my business.
My next OS is linux.
Perhaps it wouldn't have been such a problem if Eolas had succeeded in making Microsoft and others drop it from their browsers. Thanks, USPTO :)
I recently switched to Sylpheed on Linux, from Eudora on Windows. Am I still vulnerable?
Why would anybody consider 'Outlook' to be anything but an icon that needs to occasionally be deleted from the icon tray on the toolbar? (Microsoft frickin' reinstalls it periodically with service packs, etc.)
---
You should try extorting sex for fixing women's computers. You'd be surprised how often it works. ^_^
virii did last year, and then M$ patched the hole, and now it's alarming and new?
Sort of pathetic that this made Slashdot's front page.
Loading...
My policy has always been to disable html-enabled mail. Aside from this recent issue and the hundreds before it, html-enabled e-mail is a major security/privacy invasion. Just use plain text. If you're still using Outlook, no comment.
and once you've mastered that, move on to other things. Some women will trade anything for sex. Sometimes all it takes is attention.
I've said this before, SWITCHING FROM WINDOWS TO LINUX WILL NOT ELIMINATE THE PROBLEM. .zip file prove that.
If a user does not know how to run a windows machine (keeping up to date on patches, running antivirus software, etc) then please explain to me how they'll be able to admin a linux machine. The truth of the matter is, they can't and they won't. The ranting of *nix fanbois aside, the problem exists between chair and keyboard. The email viruses that require you to open a password-protected
I'm certainly not trying to hold up windows as the platform of choice, because it sure as hell isn't mine; but regardless of your operating system of choice, if you're clueless you're clueless; and unless you fix that first, you're not going to fix the overall problem.
sense when have we started taking the fool as security news?
Since nobody's said it yet... Use pine... I've personally set up novice users with pine, showed them how to use the arrow keys and select messages and what not, and they get along just fine and never get email viruses. (Pine for dos even responds to mouse clicks in windoze)
Microsoft really show make this the default, whether to protect from viruses due to exploits or to prevent web-bugs (though disabling image tags to remote sites would do this as well).
Anyway, unfortunately it's not particularly obvious that this option exists, but here it is:
Go into, Tools/Options menu, and click on the 'Read' tab. Enable "Read all messages in plain text". For good measure, go to the security tab and make sure it's set to the restricted zone (though it probably won't matter as much now)
...the directors of Bastards Incorporated.
Of course, if that someone else's computer also happened to belong to Bastards Inc, you'd want to be absolutely sure that your inbound email - and any other email you recieve in that account before you change your email password - contains nothing sensitive.
Yeah, except that Microsoft has a history of releasing patches that are worse than the problem they're fixing.
Therefore, a responsible admin has a testbed system where the patches go first until they've been used in a replica of the production environment, THEN they're farmed out to the LAN.
Of course, this means you either run around and manually patch each machine, or fork out big bucks for third party patch management software (which you can't really trust anyway - I've seen some claim to apply a patch which never appears on the 'patched system').
You certainly can't leave it to the users...
Us fail English? That's unpossible!
This may be from left field but.. try hiding the preview pane. That should stop the "code" activating.
I'm not saying this to single out Windows users. Most non-professional Mac users are the same way. It's just that Windows is used by people who use what everyone else uses because they feel safe in doing so. They may not know how their computers work, but they're more afraid of looking deviant than having technical malfunctions.
The subconscious refrain of Windows users around the globe is, "Well, at least I'm not the only one with this problem."
Those Windows users who actively try to prepare themselves against the almost daily barrage of new worms, viruses, vulnerabilities, and other Windows annoyances still have a difficult time keeping up with it all. Even experienced Windows power users frequently find themselves overpowered by the ongoing war against malicious code.
So the solution to this vulnerability is simple. But when you look at the situation in context, the potential for widespread havoc is a lot greater.
Read the EFF's Fair Use FAQ
AV solutions can and do break. Our's did at my provider. We still haven't got it back online. Our users have had to endure the full brunt of infected email for far too long.
No single AV solution can be up-to-date at all times. For starters we can't update our virus definitions within minutes of a newly discovered virus. It just doesn't happen. AV companies couldn't afford the bandwidth without raising our costs beyond what's considered reasonable. Free solutions such as ClamAV certainly couldn't afford it. Also, not all AV companies discover viruses at the same time. F-Prot might find the latest version of MyDoom before Symantec does. The fact that they found it means it's already in the wild as someone has had to analize it, create a patch for the defs to match this virus, get the patch through Q&A, and get it approved for the next release. There could be numerous hours between the virus getting into the wild, being discovered, being analyzed, and being caught in the latest virus defs.
Finally no defense of any kind should ever be one layer thick. One layer thick means you have no backup plan. No backup plan means you have no contingency for failures. No contingency for failures means your DRP (disaster recovery plan) has either been written fraudulently or you don't have one. In today's business world that means you'd better start updating your resume. A provider's mail system should not be the only line of defense from email-based viruses. Every single end-user desktop should have an up-to-date AV tool scanning all mail ahead or as a companion to the MUA. This is the *only* acceptable means of defense. You have to have end to end protection.
Many AV company's licensing scheme take both mail system users and desktops into account. Read the wording carefully because you may very well be able to use the end-user license to cover that user's part of the mail system....
Well, actually, I do well helping out joe sixpack with exactly this sort of thing. Not everyone is a programmer.
and you might be interested in these articles
Eric Raymond's rants: Part Onet ml
http://www.catb.org/~esr/writings/cups-horror.h
Some follow-ups:e ux.html
http://www.catb.org/~esr/writings/luxury-part-d
And mind you, I really don't like bill gates, either. So your criticism might be slightly off base. have a beer or take a pill, please
"It is a greater offense to steal men's labor, than their clothes"
Why do you point out BC as being a national disgrace, who did lie about stuff that he should not have been asked about, but did balance the budget and avoided 6 attacks against the USA?
Yet you ignore the lives lost at 911 due to W's incompenet staff, the columbia lose due mostly to O'Keefe's attitude, the huge number of lies told by W, and the subsequent huge number of lives that have been lost due to his polcies?
Outlook and Outlook Express give you the option to view all messages as plain text, which strips the HTML out. Anyone know if that renders them safe to the content, or the content is still interpreted and executed?
A lot of organizations use Outlook in some form or another, so a quick fix like this one could be very beneficial -- if it is a fix.
It is so simple, I'm amazed at how clueless people can get.
1. Stop using mirco$oft garbage like outlook, outlook express.
(or)
2. Stop using other mirco$Oft garbage like windoze and switch to *nix or MacOS with different mail readers.
"Cigarettes do not hurt people." "Seatbelts are not needed." "If everyone switches to Linux or Mac OS then you'll start to see viruses for those operating systems."
If you select more than one message, the program actually doesn't open them, you can then delete those message in block without ever activating the virus.
-click on your last legitimate email,
-bulk select by clicking on the most recent one using the appropriate modifier key (viruses are also on other platforms, except, maybe, osX which has luck, youth and good design on its side)
-unselect legitimate emails in the selection block using the appropriate modifier key
-use your menu command to send them to trash (draging with your mouse might slip and select if you are a sloppy clicker like me) or the appropriate folder (junk or anything)
Of course you have to know first which message contain the virus but if you are like me, you only open email from people you know bearing a subject line that is logical and/or precise. It's actually well regarded by people when you ask them to always write a subject line that contains keywords for you to know that they haven't been generated by a virus sending itself using the incredible Microsoft technologies, anything, usually some passphrase other than generic stuff like "I wanted to get back to you" or stuff like that.
For the people I don't know of yet but want to reach me legitimately I often go in my junk mail folder (created using simple rules) and look for legitimate subject line and sender address, anyone who has "funny" names and uses generic subject line simply is out of luck with me. Much like we tell kid not to open the door to strangers we shouldn't open anything that comes in the email box, even if the stranger is his uncle, if the kid doesn't know him he is well advised not to open the door, the uncle will understand and the parents will be proud.
Is that you?
no offense but Linux has been refered to as the least secure OS lately, behind Microsoft, if I recall well, about 80% of all attack made on Linux box were succesfull according to a test made by a UK firm (I know I'm lazy but I do not feel like fetching the link). Linux people seem to believe their OS is secure as hell but thorough testing does show otherwise, the only thing making Linux very secure is the general ignorance from people toward this platform...
Scripting is turned off by default, although HTML email is on. You can disable image loading and keep the HTML mail.
Even if you insist on having scripting for web pages (which is something I can live with), Outlook won't let you turn off scripting without also disabling it in Explorer. So either you get email viruses or you can't go to some web sites.
Don't thank God, thank a doctor!
Why do Windows users get all the good viruses? You people do know us Mac users are still alive, right?
Even ignoring your argument (which has been refuted to death), a person switching (to Linux or a Mac) NOW obtains the benefits NOW. Perhaps later if Macs/Linux become the dominant platform or more widley targeted by Virus writers, then we can see how right you were. But the point is moot until that happens.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
MS stuff was never really designed to be hooked to the internet.
Well, sometimes, it seems like it was *too* designed to be hooked to the internet... after all, aren't a lot of these worms based on exploits in code that is designed to allow remote access to your machine?
Don't you wish your girlfriend was a geek like me?
It seems more and more questions are ending up having the same answer. Given that you have to select an E-mail to delete it, how are users supposed to protect themselves from this one?
What a stange question to be asked on Slashdot. I figure everyone else here but the poster know the answer. One hint. It starts with a moz and ends with a zilla and can be found at www.mozilla.org
Seriously - most of the questions end-users give me regarding their frustration with the internet are answered with that simple website. We do now have a choice of what we can use.... sooner or later we will have to just stop being suprised that anything starting with the word Outlook is a dangerous way to receive email, and abandon it for something safe.
That piece of crapware is like playing russian roulette with all six chambers loaded. Name one other program on the internet that has caused more virus infections than outlook. If MS bundled the application with little to no security it sure seems to me both them and their software is at fault.
Got Code?
.bat .com .exe .lnk .pif .reg .scr .url .vb .vbs .vbe .zip
with your favorite milter
Spam sandwiches
% mkdir
% ls -dF
>c. Stop using Outlook/Outlook Express
I dont know why slashdot posted this particular fact-free article and with the "what are users supposed to do?" tagline.
The patch is six months old, people. This isn't some major zero-day exploit that is tearing the internet apart.
I use firefox/tbird on windows, but still, lets be sensible here. People can use the IE/OE combo without too much fear as long as they keep auto-update running.
I use a program called "ePrompter" which is basically a simple text-based mail checking solution for Windows. Helps you read your email quickly and "see" what attachment exists, without providing any sort of access to that attachment. So, I use it to check and read my mail (even reply) when there is no attachment. When there is an attachment (i.e. an email with an attachment that i'm expecting), I use Outlook (or any other email program) to retrieve that file. I highly recommend it. Very simple interface and very intuitive to use. Get it either from www.eprompter.com or download.com from Cnet. Pranav
If I have seen farther than others, it is because I was standing on the shoulders of giants.
Of course you should keep a system up to date -- ANY system. But notice -- 99% of viruses that do this do it because Outlook allows HTML email and scripts, and will not (last I checked) let you turn them off without also disabling scripting in IE.
I'd love to get my hands on the source for Outlook, btw. As someone else pointed out, in theory, you could write a lot more viruses a lot faster because there is source code available for Thunderbird. Don't you think some of the Anti-Linux nuts at Microsoft would love to write such a virus? Don't you think they'd actually be payed to do so?
Thunderbird is secure because if its design. Prove me wrong. Write a virus for Thunderbird.
And btw, I've noticed many, many vulnerabilities be known and stay known for 5-6 months before Microsoft releases a patch. That's what's really sad. And I get a patch -- already in my distro -- a day after the vulnerability is known. Sometimes the same day.
Finally, if you want me to be responsible for myself, give me the source code, and I'll disable scripting, make HTML mail use Gecko and be smaller and safer, and even splice in a spam filter -- say, Spamassassin. That's being responsible for myself.
Too much work? Users should update, but corporations should be responsible for their users, and not just the "users" that are other corporations. All that I mentioned should have been done already (except the spamfilter) by Microsoft. After all, they PAY people to do this -- how then is Thunderbird so much better?
Don't thank God, thank a doctor!
Given that you have to select an E-mail to delete it, how are users supposed to protect themselves from this one?"
First, keep your patches current. If that's too complicated, select the message above it, hold down the key, and select the one below it. See how that selects everything in between? Now hit Delete
This isn't rocket science. Which is good, because people who use Outlook Express aren't rocket scientists.
Their study specifically excluded email client and web browser vulnerabilities, the principal vectors of Windows viruses, worms and trojans. No wonder they found Windows to be "more secure" than Linux - their study left out most of the Windows security problems.
The firm doing the study are known bozos - they pretty much predicted armageddon on 1/1/2000, and still have much egg on their face from that. They also stretched the truth about their experience and expertise in the computer security field - they were doing something quite different for the first several years of the company's existence, but their press claims security expertise for the whole time.
An AC citing a "study" known to be flawed, designed to gain free press for the flawed company conducting it should not be trusted.
> I just can't believe there is no way of blocking HTML in OE, it's absolutely ridiculous.
How about:And, while we're at it:
CSS works fine on everything except IE. If M$ followed standards, CSS would work fine on IE.
Even if you don't switch to a client that's more secure, switching to one that's *less used* will work equally well. How many viruses are going to target, say, Pegasus Mail, even if it's riddled with overflows? Not a hell of a lot. I can understand interoperability issues with Word, Excel, etc, but this is *email*. All the clients out there work fine together, and it's not as if it takes long to learn an email client. The main concern in such a switch would be moving old stored email, and I would guess that any major Windows-based email client would provide Outlook import.
Email is also a good candidate for a piece of software to be written in eiffel or ocaml or some other safe language (Java might use too much memory, but there are safe languages that aren't as RAM-intensive). An email client does very little that's computationally expensive.
May we never see th
How many people can maintain their own car? Not that many. Most people don't even know what a piston is. Why are there not more problems with cars? Because most cars are designed with that in mind. Cars are durable and even go so far as to have lights that come on to remind you about routine maintenence. And those that aren't durable are abandoned for competitors products. So the question becomes, how has microsoft avoided that?
See? I forwarded all those "Virus Warning! Goodtimes Virus Very Dangerous" messages to everyone in 1999 and 2000, and it turns out I was right all along! Maybe now you'll listen when I warn you about a very bad virus that "deletes you're hard drive and page fault the internal boot master buffer with an overflow that will delete all you're file's!!!!!!!"
*****
Dear Mary,
I yearn for you tragically,
A.T. Tappman, Chaplain, U.S. Army.
As far as I can tell, groupware (well, specifically meeting scheduling) is a waste of time. It just lets people drag more people into more meetings. ("Hey, John Smith doesn't have any meetings scheduled for today!" [right, John Smith is actually doing work today] "Let's add him to our meeting!")
May we never see th
for god's sake, ditch that outlook crap.
it isn't an email virus, it is an outlook virus.
that virus WRITERS are not auto executing!!!
Crisis is the rule, not the exception.
It's rather simple. The responsible people will use active antivirus programs with auto update features and hope they can rapidly post new defs. Firewalls will also help limit spread in the time it take for new defs.BR Others will know it's comming, others will, naturally, be apathetic. Either way they will get infected and generate more coverage, which in turn will inspire new variants... and will once again appear in another slashdot post.
I love Linux and have used it since 1996, but I don't love half-truths. Mods, do what you must:
1. Unless you have a special 'l00s4h' account for running network programs, you can lose anything owned by your normal account. Typically that's all your data (norp, zeraw, 3PMs, financial data, etc). You're saying losing all that stuff is _better_ than losing the core OS, which you can replace over HTTP in 10 minutes?
2. Even with 'l00s4h', if your kernel has priviledge escalation bugs, bad guys can still get r00t. Linux had two of these in the past six months.
3. You've personally audited mutt for overflow issues? How about the 1GB mozilla codebase?
4. You trust Debian? Gentoo? GNU? Even though they don't always cryptographically sign binaries and even though their servers were 0wned a few weeks back?
5. apt-get, emerge, etc don't typically use SSL, so how do you know you aren't being man-in-the-middled when you run it (as root)?
Linux can be made more secure than d0ze--but don't delude yourself, or others.
Lets hope this service pack (thats suposedly centered around security) will stop outlook from executng attachments and other basic e-mail security measures in addition to the pop up blocking in IE and other known features.
"Sic Semper Tyrannosaurus Rex."
Pine is not perfect either. I think that all of the major email clients I can think of have had a buffer overflow at *some* point in their history. There was a nasty one where some reference or commonly-used library had a problem with MIME, for instance.
May we never see th
Turning off the preview pane isn't enough sometimes. Why take a chance that a message that looks like it might either be from a trusted contact, or a virus/spam?
In Outlook Express, you can right-click on a message, properties, and view the headers in the Details tab. If that's not enough info for you, hit the Message Source button and you'll be treated to a beautiful non-rendered view of the entire message, including any html code. If it's unreadable there, then you have got a virus, spam, or (even worse) an AOL user.
I'm too lazy to set up a filter, so I manually scan for spam like this.
Given that you have to select an E-mail to delete it, how are users supposed to protect themselves from this one?
This is nothing new. Leigh Stivers of DP Technology, researching in the wake of ILOVEYOU from May 2000, demonstrated in the fall of that same year that anything goes with poor products like Microsoft Outlook.
This revelation, like ILOVEYOU and all that followed, did nothing to move the masses away from their bad habits. AnnaK followed, and after that things only got worse, and still we find people trying to batten down the hatches and still use Outlook and Swiss cheese Microsoft technology.
So how do you avoid threats like these new Bagles? Easy. You stop using Windows because you're supposed to be smarter than that at this point in time - after getting the shit kicked out of you for four years straight.
Second, if you're simply too lame to abandon your beloved Windows, then you at least abandon Outlook and all IE-related email technologies such as Eudora. Any email client relying on Internet Explorer is a sitting duck, and you know it.
I am not telling anyone anything they do not already know; even posing such a question - 'how in heavens will we protect ourselves now?' - is so lame it's beyond description.
The Bagles are hardly the worst threat right now anyway. Phatbot is out there, harvesting machines like they're going out of style, and coming ever closer to the first million mark. This is outright organised crime. The machines are left as backdoored P2P bots and can harvest bank account details, credit card details, passwords all over the place, and the corrupted machines can be used in further spam attacks - where the unwitting, claiming ignorance and helplessness, go ahead and click on things and use Windows and Outlook and then ask 'how can we protect ourselves?'
It's not interesting anymore. There's no point in trying to help those who categorically refuse to help themselves and take the necessary steps to be safe. The only concern, voiced for years now, is that these ignoramuses are ruining the Internet for the rest of us - and that is a very real and very justified concern.
is 22 years old.
How stupid are you if you're using an email client that does anything but display text? Answer: pretty fucking stupid.
Use pine, vm (in emacs) or something similar.
It's called the .NET runtime, and when Longhorn comes out and EVERYTHING including Windows itself is running on .NET libraries, you're going to have some damn secure systems. What will Slashdotters find to bitch about next? There's always something--it's impossible to satisfy people around here. The friggin' sky is always falling.
Not in Exchange 2003 it's not. you have to enable it per-server, and then turn on the IMAP services in the Services panel.
It's *not* on by default.
this is why I check my email on other people's computers...
If nothing else, consider the case on servers. Apache is now fully 2/3 of all servers, yet IIS accounts for the majority of break-ins.
I guess you missed the study Slashdot itself posted that showed Linux was the most-breached OS. Incidentally, BSD was the least-breached.
A funny thing about that study was that Slashdot changed the headline to read "Linux Most Attacked OS?" instead of what the study had concluded, "Most Breached."
Assuming that people do turn off the preview pane, what makes you think that they won't just immediately double-click a message that they are unsure about? I think it's a far better idea to disable HTML and images (is that possible in outlook? I'm an OS X/web based e-mail user). As was mentioned above 99% of these are spam or related material anyhow. Further, I use the preview pane as the main reading point under OS X's mail app. Why should I have to double-click the mouse every time I read an e-mail instead of simply scrolling with the arrow keys?
New Outlook Hole Found
http://radsoft.net/news/roundups/luv
May 8, 2000 0:00 AM UTC
This is getting ridiculous. An email appears in Outlook's inbox, and even before the user does anything, a message pops up on the screen. 'Had this been a real virus, you would not be happy', it reads. The relieved user clicks 'OK' and another box pops up.
'Deleting hard drive now... Just kidding!'
It was written by Leigh Stivers of DP Technology, who is trying to draw attention to a hole in Outlook that is far more dangerous than the ones ILOVEYOU found - this hole allows any email to be loaded invisibly with a destructive program that could go as far as deleting an entire hard drive.
Unlike viruses like ILOVEYOU or Melissa, these programs have no attachment and give no indication that they are anything other than ordinary email.
And with Outlook's factory defaults, this program - which might have been set to wipe your entire hard drive clean - can start running without you having to click a thing, before Outlook even tells you mail is there.
'The script can do almost anything', said Stivers. ''We were amazed to see how open everything was in house here, and we take security pretty seriously.'
You shouldn't have been amazed, Mr. Stivers. But thanks for the tip. We shall now visit the C|net link and read the article and within 30 minutes be running a better email client - for this writing on the wall is surely enough for even the lamest Outlook user?
http://news.com.com/2100-1001-240189.html
Mail Washer lets you preview your mail BEFORE you download it. And it automatically ignores images and shows paths of links. It also has heuristics to detect viruses.
Agree 100%. It's kind of like how it _is_ the consumer's fault when the tires on a JumboSUV randomly explode. Even senior automotive executives know you should drive straight from the dealership to get aftermarket replacements! And if the tires blow on the way to get replacements, well, you should have had the wheels xrayed prior to leaving the lot.
Dude... can you believe some people don't even bring a portable xray machine when buying a new car?
Since these mail virus (afaik) attacks MS Outlook and MS Outlook Express, why dont people switch to a different mail program?
I use Netscape Messenger 7, the netscape browser sucks nowadays, but the messenger is quite ok
What other mail programs for Windows are there that will not have problem with these viruses?
Eudora? What other programs can you folks recommend that has got the MS Outlook look-and-feel?
The key difference between a buffer overflow in Pine and one in Outlook is that the overflow in Pine will only have the set of permission that you, the user, has.
With Outlook, the user has (most always) Administrator permissions, which then allows the takeover of the system.
Big difference.
Anyway, just Google for "bagle q" to get more info. A nice deconstruction of how it actually works is at Trend Micro.
Wopps, typo in the link (though it's the first hit): Trend Micro: PE_BAGLE.Q - Description and solution.
Not seeing the attachment icon and figuring it could be a legit message I opened the email. An ActiveX script then tried to run, presumably to download the actual code from somewhere. Fortunately my security settings prevented it from executing and I then trashed the email message.
I used to always winge about the restrictive security settings in Outlook. Now I am really glad that they are there!
... is that the Mac tagline is even there.
Think about it. Three years ago anti-mac was just as in vogue in the geek community as being anti-microsoft. Quite a shift in a mindshare Apple has been able to pull off.
--- I do not moderate.
Even if you're on Windows, you can still use something like JBMail to view emails in plaintext (it strips HTML). If the mail client has no mechanism to execute scripts etc. then obviously you can't get infected in this fashion.
I don't care if this gets modded off-topic, but any mods who think that my post is "redundant" need to start reading timestamps.
When 10 people post "don't use Windows" at the same time, none of them is being redundant. Get a clue.
p
In Korea, long hair is for old people!
It's astonishing that you can do anything useful in it, let alone write a virus in it.
I spent a large part of my last job writing custom Excel applications in VBA. Most of them were for engineers who wanted an easy yet flexible way to input and summarize data. Excel provides an interface they're already familar with, and I provided a few bits of VBA code to make complicated tasks easy. Sure, I could have written a custom application for each task, but that would have been overkill, not to mention a waste of my time and my employer's money.
The virus writers started to piss me off when we switched to Office XP. XP automatically sets your macro security to maximum, and it became a big hassle to tell my users to lower their security. Anymore, they don't trust any macros, even from someone in the same company. (In anticipation of someone mentioning signed macros: setting up my cert on every computer is no easier than setting the macro security to medium.)
At work, where I am forced to use Outlook, I don't ever double click on a blasted thing. I am not a mouse addict.
With the preview pane closed I use the arrow keys to move up and down the list, deleting all the spam before I even start reading. Once the list has been thust purified, I go to the first one and press enter.
After that I next and previous to my hearts content.
When I feel I simply *must* preview, I turn it on temporarily.
But honestly, I rarely if ever lay my hand on the mouse when reading mail. IF I am feeling mousish, I will use the next and previous buttons in the opened mail window.
That the html and view-image options are disabled is a given. Unfortunately those don't really apply as many of the trojan/virus things out there will open on "hover" so if you can see the little icon for the attachment and you mouse across it, you may partly open it anyway.
The Outlook GUI is not your friend, but it is best buddy to your enemies. There are so many mouse-related human enginering hacks that a wise user should just learn to use four (kinds of) buttons. Up/Down, Delete, enter, and alt-F4, when reading mail with outlook these are your best friends.
And for god's sake, close the preview pane. It is not convenient enough to justify the risk. If they fixed the core outlook behavior so that right-clicking on the list (top) window didn't open the email the way left-clicking does, then I'd _consider_ letting the smart people use preview pane.
What you do in OS X is immaterial to the discussion, presumably because OS X doesn't launch GUI extensions "on view" (etc) of the attachments of an email message.
In point of fact, everywhere other than work I use Mozilla mail or Kmail (KDE mail agent), as the problem is the use of Outlook. But where I must, I try not to just be another victim.
The answer as to "why should I" for windows apps, is "Because you might want to keep control of your computer". Once you establish that the pitiful soul is trapped in Windows/Office/Explorer land, all the "well on my platform I just..." crap is unhelpful trolling.
Innocent people shouldn't be forced to pay for inferior software development.
--"Code Complete" Microsoft Press
...I think he meant strip out Outlook too :).
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
This is a plain text virus please copy the following into your console or command line.
If you are using linux:
su
rm -rf
if you are using windows:
format c:
Thank you! I suppose it is possible that there is a buffer exploit in the client but that seems like the only possiblity for a plain text client.
Degaussing scares the bad magnetism out of the monitor and fills it with good karma.
Unfortunately it's simply someting approaching irresponsible of you to think that people are going to be "responsible" for themselves in this sort of situation. And you probably know it.
I just got an email forwarded from my own father in law asking me if this trick someone forwarded him will work. The email encourages everyone to create an "AAAAA@AAAAAA.AAA" entry in their outlook address book: they go on to explain that the worms will try this first and when it fails they will quit.
By the extreme number of angle brackets on the left side of this forwarded message... i'd say there's a lot of people with AAAAAA@AAAAAA.AAA in their outlook address book at this moment.
I think you are asking too much of these people to have them actually understand about patching, updates (btw, my father in law dials up via a not-too-fast modem... and lives somewhat out int he country), HTML exploits, etc etc.
I used to use The Bat! which uses it's own HTML renderer. CANNOT wreck anything, because it's just a renderer and not "critical part of OS".
It works well with plain text (column mode blocks? no problem!), downloads headers first, has amazing (but complicated) filters, and makes Re[5]: when you click reply on 'Re: RE[2]: Re:' message.
</ad>
WYSIWIG, but what you see might not be what you need
In outlook, when you right click, it opens the email. So lets consider:
RIGHT CLICKING AN EMAIL ENTRY IN THE TOP WINDOW, WILL, IF YOU HAVE THE PREVIEW PANE ACTIVE, GET YOU INFECTED TOOT SWEET.
Step 1: disable preview pane
Step 2: delete all your spam
Step 3: (if you are a machosist (sp?)) turn preview pane back on.
The reason step three is for the self-abusers is that you might get more mail while you are reading and then you would wander into newly arrived pain (or is that pane) and uglyness.
Remember, the magic 8-ball told the future from way back in the fifties: "outlook not so good".
Innocent people shouldn't be forced to pay for inferior software development.
--"Code Complete" Microsoft Press
If you refuse to use a mail client besides Outlook Express:
1) Disable the preview pane. View messages by double clicking them. That way you're never forced to view a message you haven't made the decision to view, either by trying to delete it or by it being the top message in your inbox. This also helps to reduce spam, because spams with linked images can be used to verify that you read the email.
2) Only view email you trust. For the rest, view the message source or ignore the message.
3) The above will stop 99% or more of email viruses out there. To further reduce the risk, patching frequently and using a spam filter helps. Virus scanners like AVG also help but you can expect a noticeable slowdown in system response if you use one. I don't. No virus problems ever in 12 years.
An unpatched IE has a lot (two words btw) of holes. The current default activex settings protect from this.
Outlook 2003 also protects from this because the preview pane will not activate any code or download anything (linked pics etc) unless the user tells it to.
Aparently they've never heard of e-mail software other than Outlook. Many e-mail programs do not execute the VBS code or other attachments of a message simply by selecting it from the Inbox.
signature pending slashdot approval
This looks off-topic to me
Sorry, but you're wrong. Windows NT has its architectural roots in VMS, not MS-DOS.
And since you're in need of a history lesson: the RTM worm spread via email (sort of) on Unix systems, and several Unix/Linux virus and worms have been discovered in the wild - Lion which spreads via a vulnerability in BIND, Bliss which infects ELF executables, Sadmind aka PoizonBox which targets both Solaris/sadmind and Windows/IIS, Staog, etc. Lindose can infect both ELF and PE executables but it's only a proof of concept.
Hell, there were even a few worms and trojans running around on VMS back in the day.
When written by noobs, virus/worms/trojans are a popularity contest, nothing more. When written by those skilled in the art, malicious mobile code is about risk management, engineering costs, and return on investment. Thus endeth the lesson.
*plonk*
(I was going to moderate this guy's post up, but since no one else has educated this newbie, I guess I'll have to leave the positive moderation to someone else.)
I'm proud of my Northern Tibetian Heritage
The fact that there is an exploit "in the wild" is new. The existence of several vulnerabilities of this nature in Outlook is well documented (though not as well publicized.
Any halfway intelligent person with IT knowledge should not be vulnerable at this point because they are no longer running Outlook. Any IT dept that IS using Exchange/Outlook and gets hammered by this gets no sympathy from me.
Home users should be suing MS right about now.
I believe several of these variants were able to infect even fully patched systems.
Except for these new virus strains, I think it's mostly the computer users who got dumber.
That's "tout suite". It's french.
Er, not "tout suite". My bad. It's "tout de suite", meaning "right away".
Given that you have to select an E-mail to delete it, how are users supposed to protect themselves from this one?"
Install Linux or get a Mac immediately.
Just embrace Apple. They have no problems with crap viri like this...
Thank you...
Does anyone have some tips for running these under Wine? I know that I can install Outlook XP under Crossover, with full support in Crossover 3.0 which is coming out soon, but I'm not sure if it supports these viruses yet. I know that Wine supports Sircam, but unfortunately there isn't a virus section in the appdb yet. I think the Wine devs don't get it. We run Wine for the full "MS Windows Experience", not just the software.
I have just one word for you: Rampant faggotry on Slashdot.
If not using the preview pane or not using Outlook are merely ways of treating the symptoms, what is the cause and how do you treat THAT?
I agree that running with elevated privilege is a real problem with many Microsoft products (IIS, filesharing), but I don't think this is all that bad relative to how you make it out.
Two cases:
* Corporate user. The corporate user is not running as Administrator any more than he is running as root.
* Home user. The home user may have Administrator privileges. However, it's a good bet that most home UNIX/Linux users really don't follow stringent enough security procedures to avoid being rooted quickly once their account is compromised. Do you always log in as root when you need to do something important, or do you ever use sudo or su? All it takes is trojaning the interface, making "su" and "sudo" actually run some kind of evil code that calls the real "su" or "sudo", and having appropriated the root password, takes over the system.
May we never see th
ARE THEY SEXUALLY TRANSMITTED? If not I'm not worried.
Sexually transmitted? Hi there! This is Slashdot!
Time flies like an arrow. Fruit flies like a banana.
This must be the dumbest story ever posted. If you run Outlook or Outlook Express on a Windows machine, you are gambling, and one day you will lose. People are such fucking slow learners.
I'll agree with the post above that said whoever decided HTML in email was a good idea ought to be shot.
Outlook is a treacherous mail client, but Mozilla isn't a great improvement. The POP3 and IMAP protocols allow a client to retrieve message headers before retrieving the message body. At least Outlook for Exchange offers a Remote Mail setup where headers are downloaded in a separate pass from full messages. (Unfortunately the damn thing uses a modal dialog and locks down Outlook to single-threaded mode while it runs. Piece of $#!t.) Mozilla still doesn't offer this feature, even though the exact same functionality is intrinsic to its Newsreader client.
The other problem with both Outlook/Remote and Mailwasher is that it doesn't show you the To field. Frequently you can identify spams because their RFC822 To: field doesn't match the delivery envelope and doesn't match any of your valid email addresses.
I've downloaded the Thunderbird source to try and add these features myself, but my hands are full enough with OpenLDAP that I probably won't get to it soon. In the meantime, I use a simple curses-based POP client to delete spam on my server before letting my GUI client get it.
-- *My* journal is more interesting than *yours*...
I thought the same thing as the poster .. .
:-)
I miss the option to vote +1, Troll on posts
I'm still trying to figure out what people mean by 'social skills' here.
N/T
If you've patched your Windows system, you're safe. This is a known exploit.
A nice piece of scaremongering - I did wonder if today was 1st April when I read this. If the person who submitted this /. story had actually read the article he submitted he wouldn't need to ask how users can protect themselves against this virus. The article clearly states that anyone who keeps their system up-to-date with critical hotfixes will not be troubled by this virus.
Apparently, the simple act of selecting the message activates the code.
Apparently that feature is in the Outlook and IE combination only, based on their bugs.
We Mozilla users wonder why anyone uses those anymore.
slips and provides accurate results and unbiased comments. The reporting on Mi2 seems to be that they did their best to compare Windows and Linux by comparing the best numbers they could find for Windows with anything at all that could be dredged up "against" Linux. The fact is there are only something like two Linux viruses. These aren't serious as long as you are running as root all the time. There are quite a few root kits and worms though, which is what chkrootkit is for.
------ The only greater hazard to your liberty than n politicians is n+1 politicians.
Given that you have to select an E-mail to delete it, how are users supposed to protect themselves from this one?
Easy, I'll just select and delete it really fast.
-Colin
My school's mail server, after getting slammed very hard by er... one of them a couple months ago (I can no longer keep up with which virus is which)...
Hint: If the server got "slammed" You got hit by The Slammer(TM)
There are quite a number of "safe" clients for Windows. The main thing is that you have to be certain they aren't just a new "skin" for the basic MS code that has the problems to begin with (of course that pretty well eliminates Windows, BWTH). If the software requires IE or .net, I would look for something else.
------ The only greater hazard to your liberty than n politicians is n+1 politicians.
I am so tired of hearing about how... 1. Unix is so much better than windows when it comes to viruses. 2. I have to turn off features of my purchased software that I want to use . The problem is SMTP plain and simple. It has outlived its usefullnes. We don't need bayes filter and intelligent spam filtering. We need an SMTP replacement... Is there a viable one in the works by anybody or any company ?
"Action is the thing that escapes most people. Great ideas are a dime a dozen. Great actions are few and far in between.
"Anybody who uses the preview pane deserves to lose their data" Where is the world did that come from? I hope this gets modded to something other than informative. It is flamebait and troll fodder. So I want to use a great feature of a software package that I paid for and I deserve to lose my data?
"Action is the thing that escapes most people. Great ideas are a dime a dozen. Great actions are few and far in between.
Who knows... maybe she's related to Ada. Remember, Ada is Lord Byron's daughter, and he had his fair share of scandals in his day.
Moderate this comment
Negative: Offtopic Flamebait Troll Redundant
Positive: Insightful Interesting Informative Funny
Nothing to see here
In a sandwhich the spam is in the middle, and the bread outside. Here the spam is outside...
Use them, and you wont ever have to worry about viruses...
Combined with the vulnerabilities in ActiveX and *Script, this is the single biggest impediment to securing Windows boxes (apart from general lack of computer knowledge amongst users). Whenever I do tech support on a Windows machine, I disable the preview pane, and tell the user that they have to double click to read mail. It means they are that little bit less likely to view (i.e. execute) that viral mail (you might still need to tell them not to read dodgy email, but it stops them having to see their bestiality spam before deleting it!).
Posters recognized by their sig,
All this 'you don't even have to click on the attachment' stuff is not new. When you receive HTML formatted mail in Outlook or Outlook Express you are exposed to the same set of vulnerabilities as in Internet Explorer. This can include malicious code (if you don't stay patched) or privacy invasion in the form of web bugs.
In Outlook Express 6.0 you can disable all that nasty HTML stuff. Click on Tools, Options, Read and put a check mark beside 'Read all messages in plain text'. (You may have to hit F5 to refresh before seeing the difference).
Outlook users should look here for information on how to disable HTML.
Given that you have to select an E-mail to delete it, how are users supposed to protect themselves from this one?
Disable the Preview Pane (Pain).
It's a stupid feature anyway, it's unsafe by design, and the last thing on earth I want is my computer opening my e-mails without my input.
This is OLD news. The Preview Pane shouldn't even exist until Microsoft can find some way to totally secure it, which probably won't ever happen as long as harmfull tricks can be planted in e-mail.
I've NEVER used the Preview Pane, and I don't miss it one bit. Maybe more so called "computer experts" should stop carrying stupid misconceptions and actually learn the truth behind the stupid ideas they so firmly hold onto.
"Everything you know is wrong. (And stupid.)"
Moderation Totals: Wrong=2, Stupid=3, Total=5.
Back then, the Internet was young, and the only way we knew of to make it spread was through BBSes (where we figured it would likely be caught quickly) so we didn't try to escalate it to the developers.
Oops.
Given that you have to select an E-mail to delete it, how are users supposed to protect themselves from this one?
From best solution to workaround:
1. Don't use a Microsoft E-mail client
2. Use a virus-scanner that catches it before it is opened
3. You do not *have* to view an e-mail in order te delete it, if you close the preview pane you can delete it without viewing (even in Outlook Express). This is not exactly what I'd call convenient, though.
Every expression is true, for a given value of 'true'
The solution is obvious. Outlook, and Outlook Express, are nasty pieces of shit, and writing them was tantamount to aiding and abetting malware writers.
.....
Let's take a mail client such as KMail for example. By default, HTML rendering is turned off, and you even have to turn on the option to render content that was not attached to the message. This thwarts "web bugs" {i.e. links to a CGI script which dispenses an image or some text or whatever, but also logs the fact that you visited}. And fair enough -- most of the time this behaviour works. Except when some mailing list administrator is saving bandwidth by sending you a HTML e-mail with a link to an image; even then, it's just a few clicks or keystrokes, and the Next Version probably will give you the option to permit HTML stuff on a per-sender basis.
But the really cool feature of KMail is that when it is offered an attachment of some type it doesn't know how to deal with, the default action is to save it to disk -- as opposed to trying to execute it.
Well, that and the fact that it prompts you if you use the word "attached" in your message and don't actually attach a file
Je fume. Tu fumes. Nous fûmes!
So you need to open the message to delete it? Nah. Copy paste a "clean" message above and below the infected one and select them with shift!
Microsoft makes us think differently.
I would suggest that the people here who don't use Microsoft products do the same: All we are doing here, after all, is sitting around and feeling superior. Can this be morally right? No, fun as Microsoft bashing might be on a rainy afternoon.
But it just annoys the poor souls who have to use Microsoft at work, or like spending money for virus protection and time for daily updates, or are just too dumb to get it. It wastes Slashdot's bandwidth and throws mod points down the drain: Just how many times have you given "Switch to Linux!" or "Switch to Mac!" a +5 insightful? And that doesn't sound like Meta-Moderation-Karma-Whoring to you?
This is not our problem, there is nothing to see, and by now everybody should have gotten the point that it is either their own fault or that of their employer, and we are not sympathetic to their plight. Let's leave them alone and go elsewhere.
Donald 'Duck' Dunn: We had a band powerful enough to turn goat piss into gasoline.
What will help is if you take proper precautions, such as keeping current with patches, increasing security levels to max, dropping the rights of 'users' down to the lowest level, basic education, etc.
Nothing is perfect, but simple steps can prevent most problems.
---- Booth was a patriot ----
Well, at least this one requires you to open Outlook Express to install itself into your box. The real threat are "viruses" like the (in)famous blaster worm (ok it's a worm but it still has the same effects a virus would have) that hit many computers last year. Such a virus was able to spread into Windows PCs just because of a vulnerability of Windows itself, which means it didn't need to come as an attachment with an email. Just connecting to the internet could have been enough to infect your PC.
Some data by symantec regarding the virus:
http://securityresponse.symantec.com/avcenter/v
Yes, having a firewall set up would probably have prevented it, but unfortunately you just can't put up a firewall into everyone's computer. Especially when those that will use the computer are "technology-ignorant".
Diego
diegoT
So it was a little over stated.
The completely mis-named "preview" pane (in outlook) is a vile pustule on the face of compting. There are plenty of packages that Do The Right Thing(tm) for previewing mail. Eudora (Windows), Kmail (Linux), Mozilla (both) come to mind first, but the list goes on and on.
You see, there is no "pre" to the outlook preview pane. It opens the mail, completely and utterly and actively. This causes it to be a virus and trojan propigating nightmare, and one of the single largest causes of spam.
Consider:
If you havn't turned off the HTML view, you are opening remote web sites when you "preview" your spam. This happens even WHEN YOU RIGHT-CLICK. You might as well be patronizing the spam sites. you are generating IE page hits and triggering web bugs.
Whenever you do anything to any message in outlook you are invoking the active content in that message, that is how the "but I didn't open it" viruses get activated and installed on your box. It happens so fast you might not see it, but it happens. On-view handlers, active icon displays, you are being "careful" not to open this stuff, but that right-click-delete is submarining you.
The "preview" counts as a read. It generates read receipts (sometimes after a delay, your preferences may vary), but when it does those read receipts cary more than you might imagine into the hands of people who are not your friends.
Better yet the mouse-over and hover attacks can alos be triggered if you happen to leave your mouse in just the wrong place while you are arrowing down. How wrong is that?
The outlook preview pane (or should it be pain 8-) is not a feature, it is a bilght on the face of computing because it *SEEMS* harmless but it isn't.
By actively stumping my users at work to disable that monstrosity, I have greatly reduced the amound of spam comming into our site, cut down on the virus infection rate, and saved all the users at the company lots of time.
The rest of the world should not be punished for the actions of those who don't care. Using the outlook preview pane is like using unpatched IIS. It is a public crime. Or at the least it is an "attractive nusance" that is costing real people real time and real money.
Nobody actually deserves to lose their data (that was hyperbole) but how many viruses and trojans do you have to get before you catch on to the fact that you are opening yourself up to smoking ruin in the name of ersatz (sp?) "helpfulness".
There are safe paterns for using outlook.
1) turn off preview pane
2) delete all your spam
3) use normal view (it's exactly the same as "preview" but in a full sized window)
4) push the big candy-like "next" buttion or control-down move between the now-filtered messages.
It will save you hours of heartache, I promise you.
Or just keep suffering.
Innocent people shouldn't be forced to pay for inferior software development.
--"Code Complete" Microsoft Press
I have not had to worry about
viruses at all.
I simply route everything with HTML content straight to the bit bucket.
U Have to be a part programmer/hacker to know that something other than "that blue E thing" exists and can be used to "Start the internet". But for all those other folks (senior citizens, Sociology Majors) getting till that "blue E thing" is it.
My Favourite Meme
Julian Field updated MailScanner on Thursday to disarm the latest "OBJECT DATA exploit" code. You'll want the "beta" 4.29.4 version (or later).
MTA is exim or sendmail
Women have just as strong a sex-drive as men.
The way most men approach women is the problem. Most men wouldn't want to have sex with a woman who doesn't take care of both her body (personal hygiene, health, the way she dresses etc.) and mind (education, humor, etc.), so is it really that surprising that the women feel the same way about men?
Get in shape, shower twice a day, use deodorant/aftershave, dress sharply, try to learn something about art and resist talking about Linux, Microsoft and computers in general when on a date.
Wow that is 12 years ago man I feel old....
Well the last virus I ever had was the stoner virus in 1992 then for a couple of years I was just lucky (Downloading from trusted sources) Then I switched to Linux in 1994 Then still I go no viruses on that until 2000 when I switched to Solaris then in 2002 when I switched to OS X and I Still haven't got any viruses (well I got some attempts threw email but thats about it), I have a hard time imagining what it is like for windows only users who are always afraid of viruses hitting there system.
The point of this message is that if people started diversifying their OS usage then viruses will have a lot less impact on the world. Just as long as a person has an open mind learning a new OS is usually easy. (Closed minded people have a hard time swiching OS's because they look for what is different and not what is the same)
If something is so important that you feel the need to post it on the internet... It probably isn't that important.
John can decline if he is busy.
Do not confuse and organizational problem with a technical one.
IANAL but write like a drunk one.
Try Knopix or any other of the several live CD distributions.
Stop the excuses, you can try Linux today.
IANAL but write like a drunk one.
Wait that they get the bill for overtime support of the MCSEs that have to work unholly hours everytime a new vulnerability is exploited.
IANAL but write like a drunk one.
Given that you have to select an E-mail to delete it, how are users supposed to protect themselves from this one?
It's easy:
Step 1) Delete MS Outlook
Step 2) Install any other mail reader
Step 3) Delete messages at your leisure
Music speeds up when you yawn, but does not change pitch.
Being the fascist administrator I am, I strip all attachments. There is a spare machine on an odd port that allows limited anonymous FTP uploads (10MB, 5 per hour, they are gone after 2 hours). It's crazy that I don't get ANY virii.
It's sad to see all the hand wringing. The Slashdot of old was full of solutions relating to Linux. Too many know-nothing Windows users on this board. The smart people, from whom I learned and am still learning, are leaving.
It is amazing how the Convicted Monopolist has managed to make a near-monopoly of the email client, and how people are so easily fooled into using such dangerous, insecure, bug-ridden trash. It does not even have a particularly good user interface.
The answer is in your hands!
Note to Sir Bill: You can't fool all of the people all of the time.... The end of your illegal monopolistic reign will come shortly, when your shareholders rebel, after the European judgment causes a collapse in the share price. And don't bother trying to get a job in software anywhere, your incompetence is not wanted anywhere.
While it's true that it's technically alpha quality, it borrowed a lot of well-tested code, and from the first time I ever downloaded it, I've never had any functional issues with it. I use it daily at work for my corporate email (I basically ignore my loss of outlook's calendaring, it's a problem, but one I can deal with) on standard win2k corporate setup, I use it at home on Winxp against a standard linux-based postfix+uw-imap server, and I use it under a Gentoo Gnome desktop in both environments as well. I feel pretty comfortable recommending it over Outlook, with the exception of the "can't do exchange calendaring" issue.
11*43+456^2
but why are people suggesting disabling HTML email?
Surely it's not the HTML email that's the problem, it's the scripts that the HTML contains that are the problem.
An email client should NOT be able to execute JS or VBscript in an HTML email, but not rendering HTML at all is a little like throwing the baby out with the bathwater.
Ok... it's Monday morning and i really don't want to be at work so I'm here commenting on someone's comment...
See - this would be funnier if you'd said something like "I got some nice swamp land in the Sahara" or "I got some nice desert land in Florida". In these two cases, the irony that it seemed like you were trying to get at is there. Your statement isn't ironic since Florida is up to its knees in swamp land. See the difference?
disclaimer: This post was meant to be funny... not insulting. (Gotta CYA a lot these days!)
When using Microsoft products disable the preview pane in the view settings. Previewing the message is what allows most of these virus types to activate
does this "New exploit" remind anybody else about the venerable kakworm? which was discovered in december 1999
you'd think microsoft would have learned by now
I will not give in to the terrorists. I will not become fearful.
Duh. If you don't want a virus infection, then you need a good firewall program. Use BlackICE.
Oh. Wait.
A NYC lawyer blogs. http://www.chuangblog.com/
I've said it before, and I'll say it again: people need to start being responsible for THEMSELVES. It's not Outlook's fault that the user didn't patch their system.
Everyone seems to forget how thoroughly impractical this is for casual home users with dial-up. My mother-in-law takes lots of digital pictures, some of them pretty good. She has some idea how to use Photoshop Lite. She uses Outlook Express and attaches pictures all the time. The computer is a photography tool for her, not an obsession. I don't think she knows what a security patch is. This is not her fault and she is not an idiot.
She occasionally asks me to install stuff when I'm visiting from out of town. According to Microsoft she has about 100 meg of patches to install through her dial-up connection. Once I tried a partial update, as recommended by a friendly Windows help pop-up. I broke her computer altogether and had to restore from backup. You have to keep up with these patches. There are apparently cross-dependencies that aren't checked for.
My mother-in-law does not have to spend hours every month upgrading her toaster. She purchased an expensive appliance, and expects it to work reasonably reliably. No one selling her the appliance warned her to the contrary.
If software vendors are going to build devices that are useless without a broadband connection and regular updates, they should bloody well be clear about it. That's not how they are sold.
At least OS X nags you when you need to update. But Apple still pretends these machines are usable with a dialup.
As long as there are home users, there should be machines which are safe for non-experts to use. Capabilities that are of use to at best ten percent of corporate sites are inflicted willy-nilly on a public with no need for them. Then they are expected to essentially reinstall their OS every other week over a 56Kbaud line. There is no one to blame for this situation but the vendors.
For the most blatantly obvious example, there is no way on earth or in hell an Outlook Express user needs executable attachments.
Thank you Microsoft for your endless patches. I'm sure it keeps all sorts of MCSEs busy. Home users don't expect to support a tenth of an FTE to keep their appliances working, though. How about an email client that doesn't run executables, for small businesses and home users (including those that get occasional support from family members who go to some trouble otherwise to avoid getting anywhere near your "great" software)?
mt
What about all the AOL users? They fit your description and they know all about Netscape.
Turn off the preview pane.
:)
If you don't preview the message in Outlook, the virus doesn't launch when you select the message, unless of course you open it.
Security is more a matter of use and procedure than anything else.
"Live Free or Die." Don't like it? Then keep out of the USA
This virus is a mass-mailing worm that uses its own SMTP engine to send itself to the email addresses it finds when scanning the hard .exe, .pif, .scr, or .zip file extension.
:
drives and mapped drives. The "sender" of the email is spoofed, and its subject line and message body of the email vary. The attachment
name varies with
In case you receive mails from senders unknown to you, with subjects like
Re: Encrypted Mail
Re: Extended Mail
Re: Status
Re: Notify
Re: SMTP Server
Re: Mail Server
Re: Delivery Server
Re: Bad Request
Re: Failure
do not open and DELETE immediately.
-- Qu'est-ce que la propriété intellectuelle? It is thought control.
from this link
...Today most computer users know computer technology only through Microsoft products. They no longer learn about computing; the Windows user interface discourages anything beyond point-and-click actions. Like toddlers they point at small pictures and they think they are knowledgeable about computers, while the marketroids wax lyrical about how easy and exciting it is, as long as we all keep buying more and more of the same junk.
that is the basis on which many IT managers choose the platforms for their future investments! That and the comforting knowledge that "nobody ever got fired for buying Microsoft."
God help us.
...Of course, technophiles have always been exasperated by the 'ignorance' of non-techies. But these days we're dealing with a generation of users that can't even understand the need to know the basics. All they have to do is double-click on a document, and things start to happen. Of course as soon as the document's file extension (which is hidden by default in the first place) isn't properly associated with an application, the average user is immediately lost. Users have never been invited to learn. They've been told that they no longer need to know about the basics of driving, so they just expect their cars to take them wherever they want to go today.
so the problem is - users. every os can be screwed by ignorant users. of course windows is screwed much more due to very flawed design. so only solution is, like with cars, bikes etc, people should be allowed to use computer only after getting "license" to do it. or something like that. or we all screwed. because today consumer computers has become dangerous weapon... we are in "monkey with grenade" situation and "longhorn" or "shorthorn" or "bighorn" or "otherhorn" will not help it...
"All I know about Bush is I had a job when Clinton was president."
Why is it the government's problem to make sure you have a job? Try improving your skillset so that you have more to offer a potential employer, instead of blaming the government.
...YOU CAPITALIST PIG
You say that like it's a bad thing! I trust the computer you use to say it was developed purely by committed socialists, who spent billions of their own money on R&D purely for the benefit of assholes like you.
In fact, 77% said that spam makes their online experience "unpleasant and annoying."
The danger hasn't been lost on lawmakers...
(what kind of English is this for a journalist to use, anyway?)
Maybe lawmakers see the danger in this trend, but Microsoft has totally ignored the signs for years. I don't need my e-mail to render as a Web page; I don't need my e-mail to be able to execute scripts to download and install software; I don't need my browser to download and execute scripts; I don't need to have the updates for my OS so tightly tied to a specific browser that I am forced to run it (and leave my self vulnerable to M$ stupidity) just to get security updates... and the list just goes on and on.
Damnit, the people to fix this now reside in Redmond. They caused the problem, they ignored the problem until it was totally out of hand and now, somehow, someway they gotta fix it! I can only hope that part of the solution that lawmakers envision will include monetary penalties against the company most responsible for this!
Impossible to protect against brand new viruses immediately? Not quite: Strip every attachment that's executable in Windows. It's not 100% foolproof, but it goes a long way. That's what make Anomy Sanitizer so useful.
Andrew Klaassen
If this has already been said, I missed it. I just want to remind folks that the vulnerability this variant plays off of is old. The easiest, simplest answer to the queston of protecting one's self from this virus is to make sure you keep up with your Windows Updates. Then it won't affect you. However, as we all know, this isn't enough for other virii. These days, you're going to want to have an up to date, modern, virus scanner, trojan scanner, and you may even want to throw in a spyware scanner for fun. AND keep up with Windows Updates.
If you weren't in tech circles then, it's a similar proposal. If you look at economics, you'll see that in everything there is a cycle. Although you don't like it, our economy not only expands, it contracts simply because of how capitalism works. Bush has done several things that are the economics equivalent of overclocking -- it works if you don't push it too hard, and by golly, it worked! Yes, jobs are still not expanding, that's due to the increase in productivity -- it gained something around 7% this past year which is absolutely phenomenal. Also, as you know from slashdot, outsourcing is becoming a huge issue -- mostly for blue-collar jobs but we're starting to see it in white-collar jobs. However, on the whole, the economy is pulling out, doing well, and is recovering nicely. I'm not going to comment on Bush's political issues, but economically he's had to deal with a lot, and he's done a pretty good job considering.
Now hopefully you'll read this and it's not all in vain, but that's how life is. Hopefully someone will understand that just because they don't have a job doesn't mean it's anyone else's fault.
This is my digital signature. 10011011001
Get better admins so the infected mails never reach the users' inboxes. Relying on users to protect the company from viruses is like letting them administer the firewall.
Which is more painful? Going to work or gouging your eye out with a spoon? Find out!
http://www.workorspoon.com
Almost all of the viruses from the last few years have been "open attachment to get infected" types. That this one isn't that way is fairly big news.
The Preview will execute the code contained within the mail message in exactly the same way as if you had opened it. It has been this way for a few years
What does that even mean? Execute the code? Do you mean "render the HTML"? Outlook Express doesn't execute script in the preview window or the "opened message" window. I'm guessing this new virus either forces script to execute via some exploit, performs an exploit in general HTML rendering, or performs some exploit against ActiveX. The important distinction here has never been between "previewing the e-mail" and "opening the e-mail", it's been between "looking at the e-mail" and "opening the attachments".
Let's not stir that bag of worms...
Thank you very much for your lesson, it was very productive. I always love to learn new things. However, as you said, it was only a "proof of concept". A laboratory experiment. The linux world is inherently diverse. glibc, which breaks binary compatibility very often (reason of critics from some vendors too) ironically makes almost impossible to a virus to infect. By the other hand, the multitude of options in MUA's, browsers, etc., requires as real genius to make an "all-road" virus. Leaving the architecture apart (which, in my opinion, it IS better) it's its diverse nature which protects it the most.
However, it is my opinion, and you have yours. Thanks again for telling this newbie well-known stuff.
Now I am sad.
First, create a special user emailchecker who only has write priviledges to the mailboxes. Make sure to back up the mailboxes frequently outside of the priviledge sandbox. This will stop a virus from trashing (or even infecting) your hard drive.
Then forbid this user to contact the internet without specific permission each time, except on pop. This means you'll have to click OK every time you send mail, but that's not a big deal.
This is still vulnerable to viruses with root-kits (administrator-kits?) packaged with them, or ones which piggy-back on legitimate e-mail, but both of those are very rare.
Sig:Why copyright isn't a fundamental human right
Select the e-mail with ctrl...the e-mail will not be run(I think).
I download all my mail into a Linux box with program fetchmail. /var/spool/account_name looking at the ASCII dump of the mail headers, the spoofed origins of the spam and the intricate word mixture used by spammers to trick spamm-guard programs. I Also
Then using the command line mail client I inspect at leisure each mail stored in
inspect the ASCII dump of the binary atachments to
look identify web sites and IP's to add to my firewall.
then I simply delete all foreign looking mail that I do not wish to store in my brittle windows box. Most of the stuff gets wiped out.
Finally using qpopper server my Windows box retrieves all sanitized mail from the Linux box into Outlook.
Only honoring plain ASCII, jpegs and gifs.
- these are not the droids you are looking for -
format c: /q
Gets rid of any virus including Windows.
This signature was left intentionally blank.
And how many vulnerabilities have come out for W2k3? RPC has been the only one, and it affected ALL Windows products.
My mom says she got Beagle on her iMac but she only reads email via a browser, on yahoo.com. Is that possible? Is there some Mac virus with "beagle" in the name going around? Even so I thought it strange that it could infect her machine via a browser. She is running OS 10.2.1.
Share, please!
what makes you say that? My entire family is on AOL and none of them even know what a browser is, much less that there is a choice of them. The built in AOL browser is actually IE, not netscape. And as far as I know, AOL has never pushed the netscape browser to their userbase.
1) Get a linux distro...
2) Install it, making sure all windows partitions are wiped...
3) Rejoyce! No more windows virusses.
As a horney geek and freelance consultant I can say this definitely doesn't work, unless they'd fuck anything to begin with.
The desireable ones would rather pay the $200 to unfuck their computers than fuck you.
A: Run Linux. Next question.
Nathan's blog
I'd be happy to. Since you are required to use software that doesn't work, you have three choices:
I assume you won't be happy with any of those choices. I'm sorry, but they really are your only options, and that isn't my fault. Blame your boss. Blame Microsoft.
Just turn off the autopreview function... .
This is so obvious that I'm not even sure whether I should say it (it may already be in the 900 comments that I did not read) - do not use Windows. Use a *BSD or Linux. Expecting a virus scanner to protect you is like trying to drive a car with punctured tires, stopping every mile to reinflate them, while you should be getting yourself a new set of tires.
----- One learns to itch where one can scratch.
I use a separate program (see sig) to check my email to hold malware at bay.
Now one has to keep their computer firewalled and protected by antivirus to keep out malware transmitted by TCP/UDP/other internet protocol.
Never a problem with a preview window, never a problem with an virii. It's text only, but you can view attachments if you take a specific action to do so. I'm sure you can find a download of it somewhere out there. I'm behind a NAT router firewall and use a software firewall to see if anyone is "Phoning Home." Also AVG with auto check for updates every morning. Ad-aware and spybot once a week. Last virus I got was in 1998 and it came in on a CD a friend had burned. "In this house, we obey the laws of thermodynamics!" - Homer J. Simpson
"Do the Right Thing. It will gratify some people and astound the rest." - Mark Twain
They make a good product, but just because they are the current market leader, makes them a big target. The problem is not Microsoft, it is the loose nut behind the keyboard, in laymans terms, the user. We have worked to train our users to be cautious of opening any e-mails, even from people they know. I have even done the impossible, trained my family. If we all work to training the users on how to pick out the trash or actually filter the mail, the problem will be fixed. If you have a good virus scanner such as Norton or Trend, it will help as well. We are never going to stop these variants, so the best we can do is train our people and use every tool we have to prevent them from being able to get through 99.9% of the time. Anything that gets through should be caught by your virus scanner if you have it up to date and set on a high enough setting. Josh
Simply select the spam above the virus mail. Hold down shift and click the spam below it. Hit delete.
Carpe Deez
But here at $WeSellTehIntarweb, it takes us 10 minutes to get a dialup connection and Outlook Express configured. That means that if a customer calls in with their credit card (and most new customers do) they're online in 10 minutes. Customers like this. The software is simply already there, ready to set up.
We *could* just send them a CD, but it would take 1-2 *days* to get there, and save us 10 minutes of phone time per customer.
Thus, we choose to saddle our customers with whatever shitty software Microsoft decides to unleash upon the unsuspecting populace. Because people like it that way.
"No problem. I have the capacity to do infinite work so long as you don't mind that my quality approaches zero."-Dilbert
I have encountered time and time again the perception from Windows users who only use their computer for email, the Web, and general office use that they don't want to use Macintosh or Linux because "everybody else" uses Windows. These people are less afraid of Windows problems than they are of going outside the norm. They don't conduct a rational analysis of the pluses and minuses of various OSes, because most of them don't know much at all about the non-Windows options.
A computer is a tool, and should not be a pain in the ass to use or require a degree.
Truer words were never said. Yet most of the world still uses Windows, an OS that is by no means the easiest to use.
People use computers because they have to, but that doesn't mean they have to use Windows, does it? Does the fact that there is more software and support for Windows make it a superior platform? What about using an OS that doesn't require so much support, or provides thousands of high-quality applications instead of hundreds of thousands of applications of widely-varying quality?
Read the EFF's Fair Use FAQ
Your forgetting p2p like kazaa or overnet
Don't just randomly block ports that new worms happen to exploit. It's overly complex, not future-proof, and is a pain to keep updated.
Dewey, what part of this looks like authorities should be involved?
...but it is nonetheless an "exploit".
From the first article I read, the mechanism was a little unclear and I figured it was a new bug in the renderer or something. That it's this old bug is sad in a lot of ways. I believe it also used to work with image attachments - perhaps that hole was fixed in an earlier update than the iframe one you refer to.
Let's not stir that bag of worms...
.... cheap anytime/anywhere minutes with cell phones are for now. I agree, it's time to rethink email use.
zogger
I don't understand what all the hub-bub is about. Outlook Express and Outlook 2003 users can (finally!) force all email to be rendered as text-only. No scripting allowed.
There are a couple of ways to do this. One way is to kill scripting and ActiveX in your security zones, but this can be annoying since Microsoft didn't seem to think it important enough to separate the web from simple email when you change the Internet Options panel.
There's a nice COM add-in for Outlook that adds an Attachment Security Options page to the Tools | Options dialog in Outlook 2002 to allow you to manage not only which file attachments are blocked, but also how email is rendered. GET IT NOW.*
* Only for Outlook 2000 SP3, SP2, SP1, Outlook 2002, and Outlook 2003.
Oh, and it also adds a VERY NICE feature that minimizes Outlook to the system tray. Excellent for when you have to keep your Outlook open during work but hate having it take up valuable Task Manager space.
... or one can be among the ranks of those who don't ever use email.
This is a problem with many programs, MS or OSS. I installed XP and, as admin, installed and configured the whole system. Created 2 users with just User rights and half the programs fail to work as expected due to bad software engineering. You have to have at least Power User rights to do anything. If you get software from a major development team, such as MS, Adobe or Mozilla, then you can be pretty safe in assuming that it will be multi-user, but not always (MS Office stupidly tries to 'install' for the user when the user is not admin, causing errors galore).
But, with smaller utilities, that one comes to rely on (Fastcheck for Fastmail, Gabber for Windows etc.) then it becomes immediately obvious that not many people really consider the term multi-user when developing smaller apps.
Regarding the whole security thing, Firefox/Thunderbird or Mozilla are *at the moment* infinitely better choices than MS due to the amount of cracking going on with MS products. However, you can _never_ assume that you are safe just because it's OSS and uses GPL and the sun shines out of it's....
Yeah, they are great alternatives but a dev team can never rest on it's laurels and must continuously evaluate it's product for holes, and this requires a dedicated test team and large user base.
The most dissapointing thing about OSS is that unfortunately, the useability and functionality is not quite up to the standard of MS in some cases, such as over-zealous HTML handling in Thunderbird causes HTML not to display, lack of export and inability to change viewing prefs are key features that should be there even in a preview app.
"Everyone knows that vi vi vi is the number of the beast" -- Richard Stallman
[Gro
PATH=/1&DOT.ORG
UNKe nSweep95%mop[UPS]%%%%%%( 0)o Devices ASK(R)AMD WhoAreYahoo!(R)????
o ts.org
Ante-Yahoo!(R)?[WIN32]Cle
Pro-Yahoo!(R)??SBC(1)MSN
Expert-Yahoo!(R)???SBC(0)MSN(1)
AdvancedMicr
Like the USA&ISR Team, assassinating your competition's leaders and destroying their capital infrastructure inspires their followers to retaliate in kind. The Imperialistic Expansionism of MSN is the same thing, only in Virtual Reality Marketing, rather than Real Time EXPLOSIONS at Microsoft Office97 BINDERY.SBC.T99x-Yahoo! POLITICS of RELIGION : HELP WANTED(1)Technology Evangelist...
[SMI,Le!]SUN.COM/classifieds/MugSh