Re: Non existing attachments, more info

From: William D. Colburn (aka Schlake) (wcolburnat_private)
Date: Wed Feb 20 2002 - 09:07:15 PST

Next message: nicolas brulez: "Avirt 4.2 question"

Previous message: 'ken'@FTU: "Four More ScriptEase MiniWeb Server v0.95 DoS Attacks"
In reply to: David F. Skoll: "RE: Non existing attachments, more info"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

You can't discard "bad" messages because you can't identify them.  RFC
compliant messages can contain stuff that end-user software might
interpret specially.  The MyParty is an example.  It is a compliant
message that contains a bunch of garbage in it that no (sane) human can
read.  The problem is that some end-user software is too smart for its
own good and finds content (the garbage) where none should exist and
then turns it into an "attachment".

There is no solution.  You can't force companies to stop making
bugs ("innovations") in their software.  You can't reasonably locate
every bug ("innovation") in every peice of software.  Even if you could
locate every bug, imagine how hard it would be to write software that
contained all the known bugs in all known mail processing software
(there lots of groups that attempt this feat on a daily basis so I think
we know how hard it is).

I think we are stuck reacting proactively to discovered holes from now
until the end of time.  Even if we stop using the current bad-guy (MS),
some other company would step in to add new bugs ("innovations") that
users desperately want.  We will never reach a point of stability where
nothing new is ever invented.

On Tue, Feb 19, 2002 at 04:20:25PM -0500, David F. Skoll wrote:
> You are probably right, but that breaks the "robustness principle": be
> conservative in what you do, be liberal in what you accept from others
> (RFC 793, referring to TCP, but a widely-held philosophy in Internet
> standards.)
> 
> I think that reformatting the message as valid MIME is a reasonable
> compromise, because it should ensure that MUA's interpret the message
> the same way the scanner did.  However, when I have time, I will add
> the option to my scanner to reject suspicious messages of any type.
> 
> Long term, though, the only way around e-mail-borne malware is to stop
> using susceptible programs like Windows and Outlook.  It is this last
> step that people are reluctant to take.
> 
> --
> David.

--
William Colburn, "Sysprog" <wcolburnat_private>
Computer Center, New Mexico Institute of Mining and Technology
http://www.nmt.edu/tcc/     http://www.nmt.edu/~wcolburn

Next message: nicolas brulez: "Avirt 4.2 question"
Previous message: 'ken'@FTU: "Four More ScriptEase MiniWeb Server v0.95 DoS Attacks"
In reply to: David F. Skoll: "RE: Non existing attachments, more info"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Feb 20 2002 - 17:38:28 PST