On Wed, 2002-07-17 at 13:45, SCRIMSHER,JOHN (HP-Corvallis,ex1) wrote: > > > You are confusing viruses and script kiddies. Different things. > > Different methods of attack. > > > > Not necessarily different. Many of today's email based viruses are created > from Virus Generation kits, not skilled writers, usually by the same Script > Kiddies that attempt defacements of websites. That being said, you are > correct in that viruses are not necessarily the same as a defacement, etc; > another point that gets confused in the article by Mr. Skoll as he uses > numbers based on server defacements to back up his ideas regarding email > borne viruses on Linux vs Windows. Rarely are email borne viruses utilized > to deface a web site. Instead they serve mainly to disrupt messaging > services, and sometimes carry damaging payloads that may alter / delete data > from the infected system. I can vaguely see how that might be seen as valid. I still have problems with the conclusion though. Just because a service is bad does not mean that the e-mail is vulnerable to spread. It is much easier to look for open service for that sort of propigation. Seems like an apples to oranges comparison. It is like saying that since they are running bind, they are more likely to get viruses. it does not follow. > > As you state, nothing compares to an alert and cautious user. Even Win9x > can be used semi-securely if the user of the system is cautious regarding > what emails to open, not enabling File and Print Sharing, etc. I use > Outlook as my primary email client, and I LIKE it (no flames please), but I > do not open emails that look suspicious. We have had our fair share of > email based viruses at work, but my systems have never been infected > unknowingly. If your systems had been infected unknowingly, how would you know? Actually there is an E-mail client that works very similarly to Outlook under Linux. It is called "Evolution". I am using it now. I actually like it much better than Outlook. It has support for PGP/GPG in the client, among of other feature fixes. A few things I want to change. I have source, so i can... Outlook can execute viruses if the preview pane is enabled, however. (NCD got hit pretty hard by the "ILoveYou" virus due to this little "feature".) > Unfortunately in any group of people, you will have a few that are not as > diligent in security practices as they should be and are more susceptible to > Social Engineering, "forget" to install that patch that they were warned to > install, and open file shares with default permissions. These systems > create a problem for the rest of the network, but can be found and remedied > with a proper security team. If you have time to track it down. I remember just how many problems were caused by sales people building NT boxes at NCD. They would configure the box as a PDC or BDC and the whole windows side of the network would start to be very screwy. Nowadays, you also have to worry about people installing the "patches" recommended by outside sources. Either deleting critical files or installing something that turns out to be a trojan.
This archive was generated by hypermail 2b30 : Wed Jul 17 2002 - 21:11:45 PDT