> > I can vaguely see how that might be seen as valid. I still > have problems with the conclusion though. Just because a > service is bad does not mean that the e-mail is vulnerable to > spread. It is much easier to look for open service for that > sort of propigation. Seems like an apples to oranges > comparison. It is like saying that since they are running > bind, they are more likely to get viruses. it does not follow. > > > my systems > > have never been infected unknowingly. > > > If your systems had been infected unknowingly, how would you know? Good point :)... My systems have been knowingly infected when I was the virus support engineer. I would disconnect a machine from the network, set Outlook to prompt for logon, keep a new image CD nearby, then run whatever attachments were in a message to get an idea of how we could combat it until our AV Solution provider supplied new definitions. If my systems became infected unknowingly, they would get discovered in short time by the constant monitoring that is done on my equipment because of the nature of my work. > Actually there is an E-mail client that works very similarly > to Outlook under Linux. It is called "Evolution". I am using > it now. I actually like it much better than Outlook. It has > support for PGP/GPG in the client, among of other feature > fixes. A few things I want to change. I have source, so i can... I have been wanting to try this... Thanks for the name again. Unfortunately my work requires that the majority of my time is spent on Win32 platforms, but I do keep 3 linux boxes for testing and am looking forward to a time when I can switch my laptop from XP to Linux. > Outlook can execute viruses if the preview pane is enabled, however. > (NCD got hit pretty hard by the "ILoveYou" virus due to this little > "feature".) There is a patch for this... My Outlook is configured to not execute attachments unless I double-click on them... Also Outlook XP is much better about prompting for permission to run if the message is opened and an ActiveX component tries to run, when in doubt (like when it says its from Gator Corporation) I hit the cancel button. > If you have time to track it down. I remember just how many > problems were caused by sales people building NT boxes at > NCD. Time is always an issue when people have the ability to install whatever they want on the network. However there are ways to reduce the time constraints... I believe that McAfee has a good solution for active scanning of the network using a distributed model that, if you have the ability to generate signatures quickly, should allow you to find offending systems within minutes of them becoming active. I believe they call it ThreatScan... I haven't tried it yet, but in talking with them it sounds promising... If you trust sales reps :). There may be other solutions available, or coming soon from other vendors as well. John
This archive was generated by hypermail 2b30 : Thu Jul 18 2002 - 10:37:56 PDT