on 1/15/03 7:15 PM, Dennis T Cheung gibbered: > <RANT> > > I'm usually not negative, but your theory is completely wrong and baseless.
Yeah, that's fine. As a representative of MS don't you think you could show a little more tact in how you handle the issue? I can understand your wanting to nip any word of a mac-specific virus in the bud, and that MS has gotten bashed horribly for their code issues, but your response to his message is equally as baseless. > 1. Your theory is based on the report of 1 report on this list. If this were > indeed a worm, there�d be at least a 50% reporting rate. Clearly this is not > the case. I'd hardly call it a theory, he was just stating that on the windows side of the camp there are virus's that exploit outlook code that do very similar things, and hoped it wasn�t' the case on the mac. Could have been much simpler to say "Don't worry, I'm 99% sure that none of the symptoms reported look like any known virus". > 2. Klez and friends did not attach random files. Klez and friends trolled your > files for email addresses, and sent itself as an attachment to those email > addresses. This report has nothing to do with self-replication or any sort of > spread. Now you're just scaring the living hell out of me, as you're suppose to be some project manager for the macBU and are spouting WRONG information. "In addition to the worm attachment, the worm may also attach a random file from the computer. The file will have one of the following extensions. As a result, the email message would have two attachments, the first being the worm and the second being the randomly selected file." <http:[EMAIL PROTECTED]> Seriously, if you are in charge of overall security for the product in question (entourage) and you don't even understand where the insecurities are, then thank god macs have such low marketshare or there'd be a new exploit every week. > 3. Finally, and I really really hate to say this, but Klez and friends were > mostly the result of user error/social hacking/general ignorance resulting in > the violation of Rule #1: DO NOT OPEN ATTACHMENTS WITHOUT VERIFICATION. This is not only wrong, its silly. Yeah, my girlfriend an email and she's not going to open it without calling me first to be sure I actually sent it. Riiiight. Brilliant design right there, how silly of me to miss it. There are numerous (dear lord, just head over to symantec and do a search for outlook and "open" or "preview" and see how many of them are Klez) and look at how many virus's work by just viewing the message or previewing it. Sorry, this is just very lame. Your own "powered by MSN" site says: "The security hole allows the virus program to pretend to be another, harmless type of file which Outlook and Outlook Express interpret as being safe to run. A patch has been available since March last year, and more information along with a download location for the patch can be found here." <http://www.xtra.co.nz/help/0,,6156-1347943,00.html> Or straight from the horses mouth (you might want to poke around the site and learn how they actually work): <http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security /bulletin/MS01-020.asp> So no, it has to do in many cases with MS (over big objections from security experts) automatically running attachments because the attachment presents itself as ok to run. This is the exact same thing which has occurred recently with IIS servers where you could get the updated patch to fix a bug in an active X control, but a malicious person could then upload the old active x control (to use the exploit) because the software thinks its ok. In some cases just going to a =website= with explorer can infect your system if you aren't patched. So get off your high horse. > To me, common sense would indicate that you shouldn�t open an attachment > called �Usefultool.exe� included in an email with the subject �A useful tool > for you. enjoy� without first asking the sender �WTF is this??�. But I guess > common sense is a bit uncommon. Yep. Thank god ignorance and pomposity is a commodity. > Entourage will actually warn you if another application or applescript tries > to send mail through it. It�s like I say at my lectures at MacWorld: Read the > warnings. Period. Oh, somehow I doubt I'll be taking anything the macBU says on security to heart for awhile. Michael Bryan Bell ------------------ ICQ: 16106263 Yahoo: mhbell1 AIM: drunkenbatman -- To unsubscribe: <mailto:[EMAIL PROTECTED]> archives: <http://www.mail-archive.com/entourage-talk%40lists.letterrip.com/> old-archive: <http://www.mail-archive.com/entourage-talk%40lists.boingo.com/>
