>Perhaps the virus scanners of the world could include >a flag in the data base that the engine uses that would indicate whether a >virus spoofs the source. Then the part of the software that sends notices >to the senders would know that the sender was faked. In this way the help >desks of the world would not be bombarded by questions from users that >never actually had the virus. Well, that's what I recommended. So, I'm glad that's what your suggestion is. :-) >The world would be grateful and throw money at these vendors. Unfortunately, the world is not that simple. That will make us the well-behaved citizen. But because you buy our version, it won't mean that the others will. So, it will be the concept of everyone being well-behaved citizens before the rest of the population benefits. But of course, we have to offer something to get it started. >Another interesting twist is happening with viruses like SOBIG. A mail >filter detected the presence of the executable in the mime attachment and >sent the entire message to the spoofed sender! Of course it was a text >copy of the mime attachment, but if you are interested in collecting the >virus source in a somewhat safer format, here it is for the taking. The >mail filter also says, in different words, if you intended to subvert the >security of the system you should enclose the executable in a zip file. >How nice and accommodating! That's OK. We decipher MIME. And we scan inside compressed files. :-) Jimmy
This archive was generated by hypermail 2b30 : Thu Aug 21 2003 - 18:16:41 PDT