A few friday nights back, our ClamAV started catching a little worm called W32/Zafi.b.
McAfee's DAT files to catch this one came out 2 1/2 days later, on the Monday morning (UK time).
Apart from the Nimda outbreak of 2001, this year is the only time I've seen viruses arrive at our email gateway (thanks ClamAV) before our official antivirus software updates catch them. Netsky, Bagle, and Zafi.b were all caught by ClamAV before McAfee had released DAT files for them.
I'd recommend defense in depth, using multiple virus scanners. We scan all incoming (and outgoing) emails with ClamAV, Bitdefender (free for Linux boxes), and McAfee's uvscan.
It's way too easy to fall into the mindset which says "we have antivirus software everywhere so we're safe". There will ALWAYS be a window of vulnerability between the release of a new virus and the availability of detection patterns. And don't forget that a lot of Windows viruses/worms disable any antivirus software they find running.
It's doesn't take possession of a crystal ball to be able to predict that when home users have applied XP SP2 (at 280 MB, I don't think many home users will be downloading it, somehow) and find that their applications no longer work because of XP SP2's firewall, the first thing they'll do is turn the flipping firewall off.
What's frightening, however, is that Antivirus vendors still haven't got it. Weekly, or even daily pattern updates are NOT sufficient to prevent the spread of viruses and worms.
For example, W32/Zafi.b@MM was in the wild on June 11th this year, and was detected and stopped on the same day by Bitdefender and ClamAV on our MailScanner box. McAfee released its 4366 DAT files 2 1/2 days later, on June 14th.
Similar slow responses happened with Netsky and Bagle, IIRC.
The biggest trouble we have is getting past the mindset which says "we have up to date antivirus on our PCs therefore we're safe". I beg to differ.
Try designing a simple web page, using CSS, with a sidebar menu on the left. To stop the sidebar menu scrolling when you page down the content, use the CSS attribute "position: fixed;".
Then, cry buckets when it doesn't work in IE.
IE's standards compliance (or rather, lack of it) is horrendous.
Apart from the security holes, that's my major gripe with IE.
And over here too! But I should qualify that by saying the the British concept of libertarianism may well be very different from that of the gun-toting Yankee crazies.
Therein lies your first lesson in international law - how to implement a European Union directive in such a way as to follow the letter of the law but with no real intention to do anything serious about the problem the Directive is supposed to be addressing.
British politicians and lawmakers are just like politicans anywhere - totally cynical bastards with their own agendas.
Hmmm, the Motorola 68020 had a 32-bit flat memory model a few years earlier. It's one of those sad quirks of history that Motorola's superior 68K family fell by the wayside whilst the crappy Intel architecture reigned supreme.
There are several infection vectors used by the current round of viruses. I'm assuming that even fully patched versions of Windows, Outlook Express, and Internet Explorer are vulnerable to security exploits (they are).
1: Executable attached to email, either auto-infecting or using the social engineering made possible by Microsoft's "virus-friendly" File Extension Hiding. So people click on what they think is a text file attachment (where even the icon makes them think that it is a genuine text file). As I've repeatedly said before, it is time that Microsoft released a patch to completely diasble and remove this dubious feature from Windows.
Cure: Use a non-Microsoft email reader - Pegasus Mail, Thunderbird, whatever.
2: Social engineering via email. Who in their right mind would open an attached password-protected.zip file where the password was given in the email body?
Cure: User education.
3: Seemingly innocent HTML emails which contain an OBJECT DATA exploit.
Cure: Don't use Outlook. Use an email gateway box running MailScanner to disarm dangerous HTML tags.
4: Worms spread via direct connect to your PC.
Cure: Proper firewalling, use application proxies and don't NAT anything to the net. This is more appropriate in a corporate environment.
5: Web pages with dangerous HTML which, by exploiting IE or Outlook Express vulnernabilities, run malware on your PC.
Cure: Use a proxy server which strips all dangerous tags; Dump Internet Explorer and use Mozilla Firefox instead.
6: You are "Protected" by Antivirus software but the virus / worm got you before the vendor's weekly update came out. (Waving to McAfee and Symantec as I write this). This is the BIGGEST change I've seen in virus behaviour this year. Since February, we've been catching viruses/worms before some of the main vendors have had updated patterns out. (thanks ClamAV and Bitdefender).
Cure: Antivirus vendors need to release patterns as soon as they've got the virus signatures tested, and not wait to see if an outbreak happens. Users need to update their virus patterns on an hourly basis, not weekly.
I dunno, "Microsoft Movies" has a nice alliterative feel to it:-)
Re:State of the art?
on
Shrek 2 How-To
·
· Score: 4, Insightful
The original Shrek lacked one piece of animation which really would have helped the animation's "reality".
I don't know if they've learnt since then, but real people (and ogres, I presume) BREATHE. Their rib-cages move, even when they're just standing there talking.
The trouble with "realistic" animation is that we're all going to expect it to be that real in the future. As the technology improves, so will our expectations grow.
I've seen [dictionary word][non-alphanumeric character][dictionary word] (e.g. chrome=turnip) or even [dictionary word][dictionary word] (e.g. purplegearbox), where the concatenated words do not form a dictionary word. Googlewhackers could have fun generating (in)secure passwords along these lines.
Why don't these studies test password schemes commonly found in the real world.
I've seen (e.g. chrome=turnip) or even (e.g. purplegearbox), where the concatenated words do not form a dictionary word. Googlewhackers could have fun generating (in)secure passwords along these lines.
It is as slow as a dog (not a greyhound) under Windows on my K6-2/500 box. The Spam classifying code needs a few strategic yield()s (or the windoze equivalent) in there too, because it kills everything dead whils running through the newly downloaded emails.
GAIM for Windows has been plagued with stability problems from 0.74 onwards, with the MSN protocol being unusable (unless you like GAIM crashing out when people message you). Fortunately, it seems to be fixed in the 0.77 release.
Slashdot Mirror
.. ask if its virus patterns are.
A few friday nights back, our ClamAV started catching a little worm called W32/Zafi.b.
McAfee's DAT files to catch this one came out 2 1/2 days later, on the Monday morning (UK time).
Apart from the Nimda outbreak of 2001, this year is the only time I've seen viruses arrive at our email gateway (thanks ClamAV) before our official antivirus software updates catch them. Netsky, Bagle, and Zafi.b were all caught by ClamAV before McAfee had released DAT files for them.
I'd recommend defense in depth, using multiple virus scanners. We scan all incoming (and outgoing) emails with ClamAV, Bitdefender (free for Linux boxes), and McAfee's uvscan.
It's way too easy to fall into the mindset which says "we have antivirus software everywhere so we're safe". There will ALWAYS be a window of vulnerability between the release of a new virus and the availability of detection patterns. And don't forget that a lot of Windows viruses/worms disable any antivirus software they find running.
Phil
The full text of the book "Rapid Application Development with Mozilla" is available in PDF form from here.
You'll find it helpful.
Every time a new version of Opera comes out, I duly install it on my PC and give it a whirl. And I end up sticking with Firefox.
Opera is ClutterWare. It's user interface sucks big time. And in my testing, it's nowhere near as standards-compliant as Firefox.
Give me lean, clean, amd mean fiery foxes any day.
What You Should Know About Download.Ject
It's doesn't take possession of a crystal ball to be able to predict that when home users have applied XP SP2 (at 280 MB, I don't think many home users will be downloading it, somehow) and find that their applications no longer work because of XP SP2's firewall, the first thing they'll do is turn the flipping firewall off.
Patching isn't dead, it's still needed.
What's frightening, however, is that Antivirus vendors still haven't got it. Weekly, or even daily pattern updates are NOT sufficient to prevent the spread of viruses and worms.
For example, W32/Zafi.b@MM was in the wild on June 11th this year, and was detected and stopped on the same day by Bitdefender and ClamAV on our MailScanner box. McAfee released its 4366 DAT files 2 1/2 days later, on June 14th.
Similar slow responses happened with Netsky and Bagle, IIRC.
The biggest trouble we have is getting past the mindset which says "we have up to date antivirus on our PCs therefore we're safe". I beg to differ.
Phil
Try designing a simple web page, using CSS, with a sidebar menu on the left. To stop the sidebar menu scrolling when you page down the content, use the CSS attribute "position: fixed;".
Then, cry buckets when it doesn't work in IE.
IE's standards compliance (or rather, lack of it) is horrendous.
Apart from the security holes, that's my major gripe with IE.
Phil
We need a new, pithy name for these. Getting people to sign up to receive spam is one of the spammers' cleverest tricks. And it works too well, alas.
And over here too! But I should qualify that by saying the the British concept of libertarianism may well be very different from that of the gun-toting Yankee crazies.
Therein lies your first lesson in international law - how to implement a European Union directive in such a way as to follow the letter of the law but with no real intention to do anything serious about the problem the Directive is supposed to be addressing.
British politicians and lawmakers are just like politicans anywhere - totally cynical bastards with their own agendas.
It's another example of the UK's inability to enact good laws.
In the Windows environment there are a host of different OS-specific needs which are best served by Windows-specific scripting programs.
Two which come to mind are KiXtart which I use to do clever things in our users' login scripts and Winbatch.
Phil
Oops, 68000. But the 68020 was out a few years before the i486.
Hmmm, the Motorola 68020 had a 32-bit flat memory model a few years earlier. It's one of those sad quirks of history that Motorola's superior 68K family fell by the wayside whilst the crappy Intel architecture reigned supreme.
Some people never learn :-)
There are several infection vectors used by the current round of viruses. I'm assuming that even fully patched versions of Windows, Outlook Express, and Internet Explorer are vulnerable to security exploits (they are).
.zip file where the password was given in the email body?
1: Executable attached to email, either auto-infecting or using the social engineering made possible by Microsoft's "virus-friendly" File Extension Hiding. So people click on what they think is a text file attachment (where even the icon makes them think that it is a genuine text file). As I've repeatedly said before, it is time that Microsoft released a patch to completely diasble and remove this dubious feature from Windows.
Cure: Use a non-Microsoft email reader - Pegasus Mail, Thunderbird, whatever.
2: Social engineering via email. Who in their right mind would open an attached password-protected
Cure: User education.
3: Seemingly innocent HTML emails which contain an OBJECT DATA exploit.
Cure: Don't use Outlook. Use an email gateway box running MailScanner to disarm dangerous HTML tags.
4: Worms spread via direct connect to your PC.
Cure: Proper firewalling, use application proxies and don't NAT anything to the net. This is more appropriate in a corporate environment.
5: Web pages with dangerous HTML which, by exploiting IE or Outlook Express vulnernabilities, run malware on your PC.
Cure: Use a proxy server which strips all dangerous tags; Dump Internet Explorer and use Mozilla Firefox instead.
6: You are "Protected" by Antivirus software but the virus / worm got you before the vendor's weekly update came out. (Waving to McAfee and Symantec as I write this). This is the BIGGEST change I've seen in virus behaviour this year. Since February, we've been catching viruses/worms before some of the main vendors have had updated patterns out. (thanks ClamAV and Bitdefender).
Cure: Antivirus vendors need to release patterns as soon as they've got the virus signatures tested, and not wait to see if an outbreak happens. Users need to update their virus patterns on an hourly basis, not weekly.
That'll do for starters.
No, it just means that cynical idiots like me will notice every slip and whinge about it ;-)
I dunno, "Microsoft Movies" has a nice alliterative feel to it :-)
The original Shrek lacked one piece of animation which really would have helped the animation's "reality".
I don't know if they've learnt since then, but real people (and ogres, I presume) BREATHE. Their rib-cages move, even when they're just standing there talking.
The trouble with "realistic" animation is that we're all going to expect it to be that real in the future. As the technology improves, so will our expectations grow.
oops, must remember to preview next time
I've seen [dictionary word][non-alphanumeric character][dictionary word] (e.g. chrome=turnip) or even [dictionary word][dictionary word] (e.g. purplegearbox), where the concatenated words do not form a dictionary word. Googlewhackers could have fun generating (in)secure passwords along these lines.
Why don't these studies test password schemes commonly found in the real world.
I've seen (e.g. chrome=turnip) or even (e.g. purplegearbox), where the concatenated words do not form a dictionary word. Googlewhackers could have fun generating (in)secure passwords along these lines.
It is as slow as a dog (not a greyhound) under Windows on my K6-2/500 box. The Spam classifying code needs a few strategic yield()s (or the windoze equivalent) in there too, because it kills everything dead whils running through the newly downloaded emails.
Phil
I tried SmartFTP and it went in the bin as soon as I discovered Filezilla.
My other favourite is the text editor ConTEXT.
And WinGAIM to replace the bloatware instant messengers.
GAIM for Windows has been plagued with stability problems from 0.74 onwards, with the MSN protocol being unusable (unless you like GAIM crashing out when people message you). Fortunately, it seems to be fixed in the 0.77 release.
31st March 2005. Win ME expired on 31 Dec, 2003.
See here for more details.