Glenn, there is never a need to send a .exe file nowadays. Anything of that
nature should be zipped using WinZip or similar to compress the file in any
case, and the recipient can then preview the package before opening it.
This is what I do with my clients nowadays, where I need to send updates or
new program executables to them.
The only reason viruses promulgate so fast and so widely nowadays is that
every day there's some idiot (or 10,000 of them) who really thinks that it's
OK to open the attached .exe or .scr or .pif that some unknown person has
sent without checking it out, or without even basic virus protection in
place.
I receive on average 30 emails a day offering me life insurance, member
extension, love-making advice, or just outright plain porn. I'm also told
on average twice a day that my credit card has expired, my order is now
ready, I can get a low mortgage or cheap software, that I can get my meds
from Canadian pharmacies real cheap (Frank, can you explain why I should
wait a week to get my aspirin by mail from Canada - don't these prats have
any concept of the real world?), etc. etc. etc. And there are so many
people saying Hi, or sending mails with neither subject nor text that my
kill filters need bigger radiators on them!
If Bill Gates can fulfil his promise to rid the world of spam in two years,
we should offer him the Nobel Prize for Peace!
John Coyle
Brisbane, Australia
----- Original Message -----
From: "D. Glenn Arthur Jr." <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, February 05, 2004 10:48 AM
Subject: Re: Viruses...
> Robert wrote:
> > At 06:35 AM 5/02/2004 +1000, you
> [ uh, Tanya, I think ]
> > wrote:
> >
> > You must realise that sometimes companies overreact. They will ban ALL
exe
> > attachments claiming they are viruses ;-(
>
> That's not that bad an idea. For an ISP to do it would
> be bad, because in theory somebody might have a legitimate
> need to ship an EXE, but it does make sense for a company
> to decide that EXE files are just too risky and too seldom
> legitimate to be allowed through their mail gateway.
>
> The last time I remember somebody sending my an EXE file
> on purpose was ... about two years ago, I think. And the
> time before that was ... somebody who did it on purpose
> but _shouldn't_have_, because it was a Trojan that he'd
> gotten fooled by, back before mail worms (viri that
> automagically re-mail themselves) had come on the scene.
>
> How often do _you_ need to send an EXE that's not just a
> "hey look at this cute thing I found (which may turn out
> to be a Trojan)"? Where sending source code wasn't more
> apropriate? Yeah, it can come up, but not bloody often.
>
> > >I just came online and downloaded 68 emails, and 9 of these were virus
> > >emails!
> >
> > Life on the net is NOT THAT dangerous!
>
> What, not so dangerous that she actually got nine worms
> out of sixty eight messages?
>
> Or not that dangerous in that it "doesn't matter" if your
> machine gets infected?
>
> Or that just getting them in your mailbox isn't a big
> deal as long as you're careful?
>
> The first of these is refutable by direct observation
> (and if you like, I can give you _my_ numbers, which
> look much more frightening than hers). The second is
> a scary thing to hear someone say nowadays. There have
> already been worms that grab a random document from
> your machine to include to make themselves look legitimate,
> thus exposing private or proprietary information to random
> outsiders, so it's not just "oh you might lose the contents
> of your hard drive, I hope you have backups" and "gee, you
> can unwittingly contribute to DDoS attacks!".
>
> The third is accurate but less than useful for some mail
> programs and basically false for others. It's meaningfully
> true for some reactionary net.old.farts like myself who use
> a text-based mail client on a UNIX/Linux system.
>
> > >I know that my system is
> > >completely virus free,
> >
> > no such thing! there is no 100% guarantee against viruses.
>
> She didn't say "100% SAFE FROM viruses." She said "IS completely
> virus free". She may well be correct today. She may still be
> correct tomorrow. She may even actually _know_ what she claims
> to know. She did not say what you're reacting to.
>
>
> I can say that _my_ system is 100% safe from _email_worms_
> unless _I_ screw up. For me to screw up, I would have to
> go out of my way to invoke a different mail program, one
> that understands attachments, extract the payload of the
> worm, and then manually execute it on a different machine
> ('cause it'll be written for Windows and I'll be reading
> under Linux). It's possible that I'll get bitten by a
> Trojan that way if it's convincing enough _and_tempting_enough_.
> "Look at this cute/dirty screensaver" is not tempting
> enough (for me). I can say that I am _almost_ certain that
> my system is virus-free _at_this_moment_, but it's _possible_
> that a legitimate web site from which I downloaded software
> had been compromised by a third party and had a virus inserted
> into the application I downloaded. It's possible that
> somebody cracked the Linux box that has the modem in it, got
> a shell, and attacked my Windows machines and the Mac from
> there (they're not externally visible due to NAT), but if
> so they're pretty good at hiding their activity so far.
> One of these days I'll get around to installing an IDS, and
> I'll have it monitor outbound as well, to watch for virus
> activity.
>
> But the worms are still a problem for me. They're each
> large and they come in large numbers, choking my modem
> and overflowing my disk quota on the machine at my ISP
> that hosts my account. Between the spam, the worms,
> and the bounces from worms that forged my address, it's
> getting harder and harder to spot the real messages among
> the chaff when looking at a list of fresh email. And once
> in a while I find out that the reason I was having so much
> trouble accessing a particular web site a day earlier is
> that thousands of infected machines were helping to DoS it
> without their owners' knowledge. Or that a sysadmin friend
> had to cancel dinner plans to stay late and clean up the
> mess from the latest worm, because other employees didn't
> bother to take proper precautions, or configured a "more
> convenient" back door into the company network in violation
> of company policy.
>
>
> Life on the net _is_ that dangerous these days. We need
> not panic, but we do need to take it seriously and be
> careful. Check your machines. If you're not running in
> quite as safe an environment as I am, check them _often_.
>
> And never run an executable attachment. This rule should
> be so ingrained that you're incapable of breaking it without
> serious consideration of just how badly you need to run that
> program first.
>
>
> Want to see private correspondence between two people I've
> never met? A virus sent it to me and I saved it. (The
> formatting is lost, as I just used the 'strings' command
> to extract words from it; it wasn't safe to try to open
> with any Windows program.) But one of them had visited my
> web site and the virus got my email address out of his
> web cache and sent me the document randomly. You may not
> have anything on your home machine so private that you'd
> blush to have it broadast, but how many files are there
> on the file server at work that your employers would prefer
> stay inside the company?
>
>
> -- Glenn
>
