On 20 Sep 2003 at 12:23, John Hines wrote: > From: "Noel Stoutenburg" <[EMAIL PROTECTED]> > > > One way which > > appears to be quite useful in avoiding worms and virii is to switch > > to an email client not made by Microsoft > > Can you suggest some? Thanks.
For my clients, these are the two Windows alternatives: 1. Eudora Lite 3.01 2. Pegasus Mail You can't get that version of Eudora Lite any longer (it dates from 1998), but I have the installer and give to anyone who asks. It has the advantages of being completely unable to run executable content and has no ads (as the later free versions of Eudora do). I've never been a big fan of Eudora, myself, but novices tend to find it pretty easy. About 3/4s of the clients of mine where I have a say in what email client they use are using this version of Eudora successfully. Pegasus Mail is a more up-to-date email client, supporting both POP and IMAP, but it's also more complex and that's why I don't recommend it to all of my clients, unless they need some of its features. One of my clients was using Netscape Mail and started having major problems and I moved her office to Pegasus Mail. She hasn't been entirely happy with it (learning curve), but she hasn't had any problems, either. Pegasus has excellent filtering and is also designed from the ground up to *never* run executable content. It also filters out all web bugs and warns you whenever an HTML email message has external graphics (and recommends you not load it). It is free and the person who programs it is very adamant about keeping it safe from worm/trojan infection. It has a very powerful addressbook and a number of great features that I just couldn't get along without (including an easily used list of recently used email addresses; I use this so much that I often don't add addresses to my addressbook). Another feature is the ability to get a list of messages from the server and selectively delete/download what you want. One of my clients use this feature extensively during worm outbreaks, previewing before downloading and deleting all the spam/trojans. I would definitely recommend that no one at all use Outlook Express on Windows, as it is very insecure, even moreso than the full-fledged Outlook (which MS has finally fixed so that it's much less vulnerable to exploits, though it is still very hard to configure and comes with completely backwards defaults for Internet email, or any kind of email, for that matter). But I wouldn't use either of them because they are both 100% dependent on Internet Explorer, which has its own set of vulnerabilities. To you really want to have to patch your web browser in order to be sure that your email client is safe? Another thing that has helped all my clients during the recent RPC exploits (Blaster and the followon a month later), is that I don't let any of them connect directly to the Internet without a software firewall. Most of my clients are either dialup (in which case I don't worry about it -- I used to run a software firewall when I was on dialup and never got hit by probes at all, no more than once or twice in a couple of years) or broadband (either DSL or cable). For the broadband users, even if they have only one PC, I put a router between the cable/DSL adaptor and the computer and use NAT (Network Address Translation). This means that their computer's IP address is something like 192.168.1.xxx or 10.0.0.xxx. These addresses are what is called "non-routable" addresses, designed to be used in internal networks. The result is that even without a hardware/software firewall, when someone tries to get to your PC through one of these *they can't do it*. The reason is that they can get to your cable modem, but because the addresses past there are non-routable, traffic can't go any further, because someone outside your network simply can't see what's there. Now, a NAT router can give you a false sense of safety -- it protects you from someone trying to probe your network from outside, but if you have a PC inside that is infected by a trojan or worm (via email), it won't give you any protection. That is, a NAT router is only protection for inappropriate traffice from OUTSIDE. If there's something appropriate INSIDE, the NAT router won't do anything to stop it communicating through it to the outside (and that includes a round trip back to the infected computer). That's why it's important to distinguish a NAT router from a firewall -- a firewall has the capability to monitor traffic in both directions, whereas the router cannot (though some routers actually do offer packet inspection and the possibility of functioning as a firewall, either in hardware or in cooperation with a software firewall). Some of my clients have broadband but do *not* have a router and those clients use a software firewall, either ZoneAlarm or Tiny Personal Firewall. And nobody got infected with Blaster. I was in California at the time Blaster hit and my PC was sitting there at home turned on, connected to the Internet. It was left completely unscathed, because so far as the worm could tell, my PC was not there. If you're wondering about your computer's vulnerability, go to GRC.COM and check out the SHIELDS UP tests. That will tell you what kind of vulnerabilities you are subject to. Another reason to run a software firewall is that you can block outgoing traffic that does not come through an organized program. Many of these emailing worms that use your addressbook to send out mail utilize an internal mail server to send out their bogus messages. If you had a software firewall, you could block ports 25 and 110 for everything but your email client. This would then block any emailing worm from sending anything. If you had alerts turned on, you'd know the minute it tried to send its first message. Another thing that is helpful for security is use a web browser proxy program, like WebWasher. If it is the only program that is allowed to connect on ports 80 and 443, then none of the exploits that connect to Internet Explorer remotely will work. You then set up your web browser(s) to use your WebWasher proxy server. If you then also prevent your web browsers from connecting to any external ports, you get the added benefit that anytime a web page tries to connect on some other port, it is blocked by your firewall. All of this is complicated, yes. But the bad guys out there, combined with the laxness of Microsoft in choosing unsafe default settings for their products, have made it necessary for end users to worry about these complications. You don't have to be a computer technician like me to be able to do these things, though. My clients are doing fine with all of these things, because once they are set up, they just work and you don't have to worry about it. Me, well, I'm so bold as to not even use an anti-virus program. And I haven't had an infection in nearly five years. -- David W. Fenton http://www.bway.net/~dfenton David Fenton Associates http://www.bway.net/~dfassoc _______________________________________________ Finale mailing list [EMAIL PROTECTED] http://lists.shsu.edu/mailman/listinfo/finale
