Not to totally encourage a non-firewall thread...
But why not block .exe or .vbs, or whatever? If it's so important to have
it sent via email, why can't the sender use some utility like WinZip or
pkzip and then attach the file? Who really needs Flash greeting cards and
rampant email viruses anyways? The problem we had with our virus scanner on
our mail server was that there wasn't an updated virus definition for the
Anna's virus yet. That and our users that couldn't distinguish the .vbs
extention and double-clicking on the attachment (arrrgh).
--Matt
> -----Original Message-----
> From: Ray [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, February 14, 2001 12:01 AM
> To: Noonan, Wesley
> Cc: [EMAIL PROTECTED]
> Subject: RE: FW: Anna Kournikova virus information - Please Read
>
>
> On Tue, 13 Feb 2001, Noonan, Wesley wrote:
>
> > Here is where I think it is overkill. Security isn't
> everything, and it sure
> > isn't the only thing. Someone once told me "security that
> hampers work is
> > not security". That is such a true statement. Security like
> that is just as
> > bad as the "malicious code" it serves to stop. They take
> different methods,
> > but the end result is the same - lost time and money.
>
> *All* security hampers work. The lock on my door hampers work since i
> have to waste 5 seconds opening it. Same as a car alarm. Do
> i lose more
> time/money by taking 5 seconds to unlock the car everyday, or should i
> just leave it open all the time?? Users don't know
> (computer) security,
> but they definitely need it. It's up to us to figure out how much...
>
> > Rather than blocking all .vbs extensions, one could block
> only those that
> > their DAT files recognize. That allows the .vbs extensions
> a company may
> > need to receive to work just fine. I'll give you an
> example. This very email
> > I am writing will be blocked by no less than 10 people on
> this list. Why?
> > Not because it contains a virus (it doesn't) but because it
> contains a key
> > word. And as a result, no less than 10 people will gain no
> worthwhile
> > information from our exchange (not that they would anyway,
> but you get my
> > point ;-)). This is little better than blocking "all .vbs files". It
> > prevents the exchange of information.
>
> I completely disagree that this is "better" than blocking all
> .vbs. If
> you're blocking this key word, how do you get CERT
> advisories?? How do
> you get advisories from your vendor?? How do you get that
> message from
> your mom when she asks if you got hit with the new virus!
>
> > Does the above protect against everything? No, you have the
> possibility that
> > a "new" virus slips in before your DAT's are updated, but
> one must ask
> > themselves "is the risk worth it, now that I have mitigated
> it in this
> > manner". The answer varies from case to case.
>
> 99% of the time the virus will hit before your DAT's are
> updated, unless
> you're updating every machine every 5 minutes. The virus isn't "new"
> until it hits, and a worm of this nature can spread
> throughout the world
> in a few short hours.
>
> > Let me ask you this. Does anyone know of an email scanning
> product that
> > blocks "all .exe and .com extensions" by default and
> design? Of course not
> > (or at least I don't know of one - not by default at
> least), since people
> > need to be able to pass executables as part of their day to
> day business.
> > The same holds true for .vbs. The shops that have lot's of
> W2K and are
> > managing the hell out of it are doing so with scripting.
>
> I'll say again that a .vbs attachement is completely useless.
> There's no
> valid reason for it. And if you're "managing the hell out
> of" your W2k
> shop by emailing vbs scripts to yourself then running them in outlook,
> then i'd say you have much bigger problems than this little
> virus thing.
>
> > An even better solution to the .vbs issue that I have seen
> is the newest
> > outlook patches which only allow you to save files with
> that extension (no
> > running of the code from the email client). Now that's a
> good balance of
> > protection and function IMHO. Another solution (though with
> secure email it
> > is tough, if not impossible, to do) is to change the
> extension to something
> > like .txt when it passes through the gateway. Yet another
> one is to change
> > the default execution method for .vbs to be "notepad.exe".
> Then one can
> > either uses cscript to manually run any .vbs that they need
> to, or pick an
> > extension (i.e. .wes) and associate .wes with wscript. Now
> anything that
> > comes in as .vbs is harmless, and you can still push and run scripts
> > internally by using the .wes extension.
>
> Great... if only i could find that automagic update every
> machine on the
> network script.
>
> > It's all about mitigating the risk while providing
> solutions that allow the
> > users to work. No one said that it would be easy :)
>
> Until then, i'll just block ALL vbs scripts, and js, vbe,
> pif, reg, scr,
> and anything else that looks dangerous, since those files are
> much much
> more risky than they are useful when sent as a mail
> attachement. I would
> hope a lot of people agree.
>
> later!
> Ray
> =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
> Ray DeJean http://www.r-a-y.org
> Systems Administrator Southeastern Louisiana University
> IBM Certified Specialist AIX Administration, AIX Support
> =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
>
>
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
