> To: DEREK MARTIN (SD544808) > From: Alan for the SANS NewsBites service > Re: December 5 SANS NewsBites > > Goner is a dangerous worm that is spreading far too rapidly. However, > it caused no problem at all in those organizations that block > attachments of most malicious types. [...] > AP
I, personally, found the e-mail interesting and informative. Thanks, Derek! However, AP's opinion is, in my oh, soooo humble opinion, silly. "Gee, doctor, the patient has a headache." "Quick, get out that axe, nurse!" One shouldn't be forced to change a fully-functioning server's configuration to attempt to cope with buggy software. And keeping all executable attachments from being mailed is Just Dumb. I think it's stooopid that MS is going to enforce this behavior with Office XP (or, at least, so said reports re: the Office XP beta), and I think servers that enforce this are equally dumb. "What do you mean you didn't get the NDA from the lawyer?" "Well, the server thought it was a virus because it had an extension of .DOC." While I grant that there might be some validity in considering any MS attachment a virus, to immediately reject them out-of-hand is nothing short of pure idiocy. Instead, a multi-pronged approach should be used: - Always, relentlessly, drive into your users' heads that they must be cautious and vigilent in opening attachments, no matter how innocuous they appear. Importantly, immediately after hearing a (reliable) report of a new virus, inform all your users. The virus you guard against at the server, that slips in through Yahoo Mail, is one that shouldn't be allowed in, regardless. - Most e-mail server mailing lists cook up a filter for the virus-du-jour a few hours after the virus is announced. Make use of said filter. - Immediately, and without hesitation, zap that damn "feature" in Winblows wherein file extensions are hidden from the user, thus making something like pieBillGates.MPG.scr look like pieBillGates.MPG. - Have some virus detection software on your client PCs. Have it update *daily*, preferably from an in-house source so you have control over it. Viruses suck, but they're a fact of life for the modern sysadmin. It's up to us to be vigilent, but not unthinkingly so -- we still have users to support, who rely heavily on e-mail. There is absolutely no reason an intelligent, pro-active sysadmin should need to emasculate his mail server... and, possibly, force people into creating and making use of backdoors akin to Yahoo Mail. $.02 (+/- $3.1415E7) -Ken ***************************************************************** To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *****************************************************************
