I agree (contradicts myself I agree). Any other suggestions though? As for passing scanning tools, the dumber ones can be defeated simply by changing the .exe extension. Unfortunately, this adds to the steps on the receivers side.
Perhaps not sending the .exe file via email in the first place. Anyone heard of a "secure" web file sharing site? A place where N people can create a shared area which requires authentication to access. This would be a fair place to put the .exe file (NOT a replacement for the encryption). > That scares me telling users to not run exe files emailed to them except the exe files that are emailed to them. I would not send the files as self extracting to avoid mixed messages. Just my .02 > > > Sent from my Verizon Wireless BlackBerry > > -----Original Message----- > From: Bert Van Kets <[email protected]> > Date: Tue, 26 Jan 2010 22:56:51 > To: PaulDotCom Security Weekly Mailing List<[email protected]> > Subject: Re: [Pauldotcom] e-mail attachments and security > > I just tested 7Zip and it does create self extracting files (SFX > option). Combined with the 256bit AES encryption it's a pretty good > solution. The only hurdle now is that EXE files are not accepted by some > e-mail applications, ex. Outlook. Of course zipping the EXE with regular > Windows Zip compression prior to emailing is one possible solution. I > know that with Outlook renaming the EXE to something else is enough to > make it pass. Of course that is a bit less user friendly. > > Thanks for the solution! > You guys rock! > > Bert > > David A. Gershman wrote: > > Sounds to me the only way to go would be for your brother to install the > > software that would encrypt but make a self-extracting executable. This > > way the other end would (hopefully) scan for viruses and just run the > > program which would prompt for the password key. > > > > Any one know of specific programs that do the encryption *and* create > > self-extracting .exe's? > > > > > >> Hi Guys, > >> > >> I got a pretty interesting question from my brother yesterday. He's a > >> medical doctor in the UK and he needs to send reports to other doctors > >> by e-mail regularly. The reports are in MS Word format. These doctors > >> are in different locations and not connected to a common organization > >> (hospital or company). > >> At the moment he uses the MSWord password protection to try to keep the > >> sensitive data away from prying eyes. We all know how secure that method > >> is (not!). > >> I told hem he'd better use some other system that guarantees a bit more > >> protection but the problem is he can not ask of the people who receive > >> the reports to install extra software (like PGP or GPG encryption). The > >> security may not get in the way of the usability. Asking the receivers > >> to install extra software and configuring it is not an option. These are > >> not IT guys and don't even know how to spell GPG, let alone install it. > >> Passing a password over by telephone is the maximum these guys are > >> willing to go. 8-O > >> > >> Do you guys have some ideas on what could be a better solution for this > >> "three legged stool" problem? > >> > >> Thanks. > >> > >> Bert > >> _______________________________________________ > >> Pauldotcom mailing list > >> [email protected] > >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > >> Main Web Site: http://pauldotcom.com > >> > >> > >> > > > > ---------------------------------------- > > David A. Gershman > > [email protected] > > http://dagertech.net/gershman/ > > "It's all about the path!" --d. gershman > > _______________________________________________ > > Pauldotcom mailing list > > [email protected] > > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > > Main Web Site: http://pauldotcom.com > > > > > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com > > ---------------------------------------- David A. Gershman [email protected] http://dagertech.net/gershman/ "It's all about the path!" --d. gershman _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
