Re: Any value in this list ?
Anthony Atkielski [EMAIL PROTECTED] writes: Yes, hundreds over the past week or so. I have a rule for incoming mail that just directs them to the trash. But it does make one wonder about the participants on the list--I don't have this problem on other lists. Not a good sign... Agreed. So much for experts. The Code Red virus doesn't just use addresses from the infected users address book - it also uses addresses culled from the web browser cache. Not too surprising that this list address would show up a lot. Since this list does not require one to be subscribed to post, it gets more than its share of junk. Frankly, I find the endless (and very repetitive) discussion/complaining about the viruses and warnings even worse than the viruses and warnings - they easy to filter. Isn't the general idea that once a topic reaches a certain traffic level it should be taken to another list, or a face to face session? -- Scott Lawrence[EMAIL PROTECTED] Virata Embedded Web UPnP Technologyhttp://www.emweb.com/
Re: Any value in this list ?
At 08:40 PM 7/31/2001, Greg Minshall wrote: but, as much as i like bashing Microsoft, on this particular point i am first stone inhibited. and, know that whatever is the biggest target is going to take the most (in number and in sophistication) shots. On the other hand, aggressively ignoring 25 years of networking security experience should be worthy of at least a bit of criticism. d/ -- Dave Crocker mailto:[EMAIL PROTECTED] Brandenburg InternetWorking http://www.brandenburg.com tel +1.408.246.8253; fax +1.408.273.6464
Re: Any value in this list ?
Scott writes: The Code Red virus doesn't just use addresses from the infected users address book ... I was talking about fallout from the SirCam virus, which is still filling my mailbox. As far as I can tell, it's all coming from people subscribed to this list, but I'm not really sure. As for Code Red, I'm not worried about that, as I'm not running a Web server of my own. Isn't the general idea that once a topic reaches a certain traffic level it should be taken to another list, or a face to face session? I don't know, is it? Does that apply to Microsoft-bashing, too, which seems to follow just about any complaint about any problem on the Net?
Re: Any value in this list ?
Dave writes: On the other hand, aggressively ignoring 25 years of networking security experience should be worthy of at least a bit of criticism. Well, if that ever happens, be sure to document it and report back to us.
Re: Any value in this list ?
On Thu, 02 Aug 2001 07:29:03 +0200, Anthony Atkielski said: no, it's more like blaming automobile manufacturers for producing cars whose brakes fail when used normally. No, it's more like blaming automobile manufacturers for brakes that don't apply themselves when the driver is too stupid to apply them himself. It's more like blaming the users for failing to put chocks under the tires because they fail to realize that just because the stick is in the PARK position, the car may shift to DRIVE under some circumstances not under direct obvious control of the driver (say, if 3 red pickup trucks in a row drive by). And *ANY* system that attempts to interpret 'image/jpeg' as *ANYTHING* other than image data is just WAITING to pop into DRIVE. /Valdis
RE: Any value in this list ?
At 6:18 PM -0700 8/1/01, Bill Selmeier wrote: Yes but to follow that analogy and again show things are usually near black or white, in the US the Government on behalf of consumers forced car manufacturers to install seat belts starting back in the '60's. It then took a decade or more to convince consumers to wear them. But they evolved and no doubt many people are alive today that wouldn't be otherwise. Each side has to move away from the extreme position that it is all the other viewpoints fault! Really? Then why did the government mandate passive systems such as the motorized seatbelts of the early 90s prior to driver side and then passenger side air bags? Could it have been because voluntary use of seatbelts wasn't sufficiently high? And your point was what?
Re: Any value in this list ?
Ladies and Gentlemen, Do we have this list for debating about Microsoft products or how frequently it released patches or to discuss about the *internet and related issues*? Regards, M.Venkateswar Reddy -- Huawei Technologies, Shenzhen, China Off : +86 755 6540476/77 Hotel :+86 755 660 Suit:540 * Ideas and opinions expressed in this mail are personal * -- - Original Message - From: Samantha Naleendra Senaratna [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, August 01, 2001 12:40 PM Subject: RE: Any value in this list ? Hey, I do not totally agree with Ian. I think Microsoft does not give enough emphasis into security in their products. They do a hell of a job on marketing their products and making them seem flashy and attractive, and only if they put that much work on security. For example six patches were put forward only for this month for patching up vulnerabilities on their products. It is a fact that most of viruses are propagated via Outlook. It is about time that Microsoft gave more thought into this rather than giving excuses because by far they are leading the market in software products as well as they have the resources to do it. Sam At 11:45 AM 7/31/2001 -0700, Ian King wrote: Randy, People wanted to do more than just exchange text messages, and Microsoft (and other companies) built products to help them do that. Microsoft also produces a lot of information on how to secure its products. I do not have the data at hand, but I have read several times that when Microsoft servers are compromised, it is often because they are misconfigured. The argument then becomes, Why aren't they easier to configure? Go back to premise #1, that people want to do more than just exchange text messages - they want collaboration and forwarding and rich attachments and scheduling and all the rest of it. The bells and whistles require lots of knobs and switches I would also point out that NONE of this class of viruses can infect unless the user executes them! It's not as if Outlook or any other MUA automatically launches these viruses - people who evidently live in a complete vacuum and have never heard warnings about executable content, blissfully double-click on the clearly-identified package, and it blows up in their (our) faces. BTW, internally our mail servers are configured to strip anything that looks remotely like an executable. Sometimes this is a pain (I can't mail a legitimate script to a colleague), but that's the world in which we live - more openness means more opportunity for sabots in the gears. In any event, blaming any one company for viruses because its products are abused, seems way too much like e.g. blaming automobile manufacturers for reckless driving. Sure, no one really needs a car that can do 150 MPH when the limit is 60 or 70, but the majority of customers demand a vehicle that *could* do twice the limit, regardless of whether they take advantage of the capability -- or those vehicles wouldn't sell. Bottom line: blaming the instrumentality is easy, but futile. Human beings are responsible for their own actions, although some wish to evade or abuse that responsibility. Again, this is my own opinion, no one else's -- Ian -Original Message- From: Randy Bush [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 31, 2001 10:07 AM To: Ian King Cc: [EMAIL PROTECTED] Subject: RE: Any value in this list ? from the outside, it appears as if microsoft consciously decided to distribute software with everything enabled so that their product would be perceived as very easy to use. the problem is that this means it is also easy to abuse. so the net is now paying for them having a more salable product. who gains, who is bearing the cost? randy
RE: Any value in this list ?
I think Microsoft does not give enough emphasis into security in their products. They do a hell of a job on marketing their products and making them seem flashy and attractive, ... From all the mail on this list it appears that Microsoft did also do a hell of a job by giving people a subject to rant. Maybe a special list should be set up for those who like to spend their (spare?)time whining about Microsoft. I propose to name that list the Any value in this list?-list. The ieft list can than be used again for issues which really matter. Leen Mak.
Re: Any value in this list ?
Keith writes: until they get burned, that is. then they blame the network for their problems. They are more likely to blame their OS vendor, in my experience. Microsoft is a particularly tempting target because so many people feel compelled to bash anyone who has done better than they have, but all vendors are subject to it. Before a customer gets burned, it's Why did you put all this stupid security stuff in? It makes the software impossible to use! and after he gets burned, it's Why didn't you turn on all the security stuff by default? You were being negligent!
Re: Any value in this list ?
Randy writes: oh you mean 98% of microsoft's customer base. yup, that's they. and ms loves to sell to the naive. All vendors try to sell to as many customers as possible. And today, 98% of all customers are technically unsophisticated. So any vendor that wants to seel to the average person has to be willing to sell to the naive. I don't really understand why you talk about Microsoft as though it were a special case.
Re: Any value in this list ?
Melinda writes: It would be refreshing if someone stepped forward and said This is my problem. I will try to fix it. I'll say it, at least with respect to machines under my control. I just avoid opening suspicious attachments, actually. That works really well. At the moment, in the case of SirCam, which continues to flood my mailbox (probably because of this list, but I'm not sure), I have OE set to direct anything of any significant size into a separate folder. I examine the folder periodically, trash anything that is obviously a copy of SirCam, and manually examine any messages that look legitimate (it _is_ possible to do this in OE without actually even opening the message).
Re: Any value in this list ?
On Wed, 1 Aug 2001, Venkateswar Reddy Melachervu wrote: Ladies and Gentlemen, Do we have this list for debating about Microsoft products or how frequently it released patches or to discuss about the *internet and related issues*? And what you makes say this is not related to the internet? MS is producing inferior products which are using the internet to create havoc. cheers, jamal
Re: Any value in this list ?
Jamal writes: MS is producing inferior products which are using the internet to create havoc. Extraordinary claims require extraordinary proof. Do you have any?
Re: Any value in this list ?
Jamal writes: I dont see anything extraordinary in those claims. You don't substantiate them, either. This being so, they serve no purpose, as rants against Microsoft are a dime a dozen on the Net--just about every young male who isn't rich or has failed to get an instant offer from MS after sending in his resume seems to hate the company. And students often hate the company just because they were indoctrinated that way by faculties that have the not-rich/resume-rejected problem themselves. If you really feel that Microsoft is doing these things, point us to the evidence. in regards to inferior products: i can site many many things ... Good. I'm waiting. would the fact that BSD is still running the show at hotmail be sufficient proof to you ... No. Hotmail has had a custom-tweaked version of UNIX running for years (if I recall correctly, the mailer software was specially modified for Hotmail so that it could scale); most of it is gradually being moved to Windows and (possibly) Exchange (although Exchange is poorly adapted to that kind of application), but I'd be very surprised if all of it were entirely supported on Windows, just as I know that it has never been supported with any out-of-the-box UNIX environment. The scale is just too great for any canned solutions. Would the fact that MVS is still the leading mainframe OS be proof to you of the inferiority of UNIX? What about the predominance of Windows on the desktop? You'll have to do better than that. ... or would you need evidence in regards to BoDs at airports and ATM machines when you try to get some cash at 3am? I've never seen one, but the mere fact that they are using Windows should tell you something. Traditionally, OS/2 has ruled in ATMs, but last I read of this, Windows NT Workstation was making inroads into this market. I don't recall any UNIX presence at all, but I may be wrong. You'll need to come up with something more than anecdotes. Something that can withstand analysis by an unemotional observer with no ax to grind. in regards to havoc on the internet: Is the current thread insufficient for you? Yes. It says nothing at all about Microsoft creating any havoc with anything. Again i dont see any extraordinary about any of those claims. They are all subjective and useless rants without hard data to back them up, and you haven't provided any hard data.
Re: Any value in this list ?
On Wed, 1 Aug 2001, Anthony Atkielski wrote: Jamal writes: MS is producing inferior products which are using the internet to create havoc. Extraordinary claims require extraordinary proof. Do you have any? I dont see anything extraordinary in those claims. in regards to inferior products: i can site many many things, would the fact that BSD is still running the show at hotmail be sufficient proof to you; or would you need evidence in regards to BoDs at airports and ATM machines when you try to get some cash at 3am? in regards to havoc on the internet: Is the current thread insufficient for you? Again i dont see any extraordinary about any of those claims. cheers, jamal
Re: Any value in this list ?
On Wed, 1 Aug 2001, Anthony Atkielski wrote: Jamal writes: BoDs at airports and ATM machines when you try to get some cash at 3am? I've never seen one, Maybe this will help (and yes ive seen a few, i wish i had a camera) http://www.daimyo.org/bsod/ Those going to the IETF: Heathrow airport tends to be a good place to find these things. but the mere fact that they are using Windows should tell you something. Traditionally, OS/2 has ruled in ATMs, but last I read of this, Windows NT Workstation was making inroads into this market. I don't recall any UNIX presence at all, but I may be wrong. I see the statement you make as a naive assertion as to whether success is defined by quality rather than monopolistic or marketing reasons. Predominance in the case of MS is a result of marketing and monopolistic tendencies, nothing whatsoever to do with quality. That should be clear, i hope. Ask the DoJ. Predominance of MVS is purely to monopolistic tendencies. I dont think i need to give you any hard proofs (to use your term) that over the last few years, the most disastrous internet viruses are a a result bad quality design at MS. It's a shame we dont have standard bodies to ensure quality assurance on what OSes should be allowed to be on the internet. Come to think of it, we have moral obligation to ensure that bad OSes should not be on the internet (maybe i am being too extreme, but i feel it is unethical for continous harassment from one Os) You'll need to come up with something more than anecdotes. Something that can withstand analysis by an unemotional observer with no ax to grind. I hear you -- didnt get that job therefore didnt get rich and therefore have an axe to grind. It's definetly a new conspiracy theory. cheers, jamal
Re: Any value in this list ?
On Wed, Aug 01, 2001 at 03:06:49PM +0200, Anthony Atkielski wrote: Jamal writes: MS is producing inferior products which are using the internet to create havoc. Extraordinary claims require extraordinary proof. Do you have any? How about several megabytes of data sent to the IETF list? And this is after Microsoft had been told, multiple times, that active content was highly dangerous, and MS's response was that because customers wanted advanced features, this justified it all. Sorry, but I don't buy that argument. And this is what it makes it different from the buffer overruns in sendmail. Those were accidental. What Microsoft did in MS Outlook was deliberate and intentional, and that's a major difference. And this has nothing to do with Microsoft being Microsoft. I would be the first to stand up and denounce GNOME or KDE if they did something as stupid and irresponsible as what Microsoft did with their mail readers. - Ted
Re: Any value in this list ?
Well, U know my friend every thing in the universe is relative and hence connected to each other. So do we discuss in this list about all issues like how MS Office or outlook injects bugs when connected to Internet just because U see the term Internet in the sentence? Regards, M.Venkateswar Reddy -- Huawei Technologies, Shenzhen, China Off : +86 755 6540476/77 Hotel :+86 755 660 Room No:540 -- - Original Message - From: jamal [EMAIL PROTECTED] To: Venkateswar Reddy Melachervu [EMAIL PROTECTED] Cc: Samantha Naleendra Senaratna [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Wednesday, August 01, 2001 7:14 PM Subject: Re: Any value in this list ? On Wed, 1 Aug 2001, Venkateswar Reddy Melachervu wrote: Ladies and Gentlemen, Do we have this list for debating about Microsoft products or how frequently it released patches or to discuss about the *internet and related issues*? And what you makes say this is not related to the internet? MS is producing inferior products which are using the internet to create havoc. cheers, jamal
RE: Any value in this list ?
Yes but to follow that analogy and again show things are usually near black or white, in the US the Government on behalf of consumers forced car manufacturers to install seat belts starting back in the '60's. It then took a decade or more to convince consumers to wear them. But they evolved and no doubt many people are alive today that wouldn't be otherwise. Each side has to move away from the extreme position that it is all the other viewpoints fault! * Bill Selmeier 20720 Maureen Way voice (408)257-7670 President Saratoga, CA 95070 mobile (408)655-3400 RightNet, Inc. http://www.right-net.com [EMAIL PROTECTED] Equipping you to do business on the Internet! On Wed, 1 Aug 2001, Lloyd Wood wrote: On Tue, 31 Jul 2001, Ian King wrote: In any event, blaming any one company for viruses because its products are abused, seems way too much like e.g. blaming automobile manufacturers for reckless driving. Sure, no one really needs a car that can do 150 MPH when the limit is 60 or 70, but the majority of customers demand a vehicle that *could* do twice the limit, regardless of whether they take advantage of the capability -- or those vehicles wouldn't sell. I like that car analogy. In fact, I think it can be extended further. Microsoft: unsafe at any speed. That would make Outlook the exploding Pinto of software; blame the driver for putting the car in a situation where it could explode. Bottom line: blaming the instrumentality is easy, but futile. Human beings are responsible for their own actions, although some wish to evade or abuse that responsibility. Children are human beings. Children are generally not considerd responsible for their own actions. L. [EMAIL PROTECTED]PGPhttp://www.ee.surrey.ac.uk/Personal/L.Wood/
Re: Any value in this list ?
Keith writes: perhaps because they are shipped that way? Microsoft ships servers with most security features set to low security, because customers whine and complain otherwise. Customers buy on the basis of features and ease-of-use, not security, no matter what they might claim to the contrary. Put a product on the shelf that is configured secure by default, and it will still be on the shelf ten years later. But do you really expect a user to understand that when he clicks on something that is apparently (to him) an image, or even a word procesor document, that it's going to *execute* something that can potentially infect his system? Yes. It only takes a few seconds to learn. And consider this: If a user cannot understand that he should not click on an attachment, how do you expect him to ever understand how to deal with a truly _secure_ system? One reason customers do not buy secure software is that their end users refuse to deal with it. People hate to type passwords and hate having any restrictions at all on what they can or cannot do with a machine. Microsoft deliberately ignored this advice and chose to make their users vulnerable - not just by making the content executable with a single click, but also by bypassing the safeguards in the content-type registration system. Microsoft's objective is to stay in business, and to do that, it has to give customers what they want. Companies that adhere to some noble ideal even when this prevents them from actually selling anything aren't around for long. If you want these standards adhered to, then I suggest you educate and persuade users so that they demand them from vendors. Right now, it's just the opposite, and so that's what vendors provide. Or are you saying that Microsoft employees are no smarter than the average user (whom you expect should know better than to execute a virus)? Microsoft employees who are not IT specialists are no smarter than the average user when it comes to opening attachments. There are lots of non-IT people working at Microsoft nowadays, since it is a large company. Indeed, as it grows larger and deadwood in management accumulates, even people who should probably no better (based on their positions within the company) start to make these stupid mistakes. This has become apparent many times, and I'm sure that other software vendors have exactly the same problems internally. no, it's more like blaming automobile manufacturers for producing cars whose brakes fail when used normally. No, it's more like blaming automobile manufacturers for brakes that don't apply themselves when the driver is too stupid to apply them himself. Presumably, that includes the actions of those at Microsoft who chose to make their customers unnecessarily vulnerable. It's not unnecessary. If that isn't done, nobody will buy the products. It's convenient to blame Microsoft, but it's simplistic. All successful vendors get that way by providing what customers want; if you don't like what they are producing, then I suggest you look at their customer base, not at their engineering teams.
Re: Any value in this list ?
Well, though this may not be a topic for this list, I also want to add my 2 eurocent here (:-) . First, I'm neither a MS hater nor a MS lover. Actually this company is responsible for a lot of fun I had especially in the last 12 months when I red their comments about open software and especially Linux (please don't let us enter the philosophical discussion here, if Linux and/or Linux/390 is open software or not). However, the problem here is NOT a MS problem. If we assume that 20,000 people are subscribed to this list, then 20,000 computers have to run senseless filters to get rid of the crap mail. My opinion is, if only one (1) computer runs this filters (the listserver itself), this is much much more efficient than anything else. You may say, this doesn't help against spam and viruses mailed directly to you. Though you are right, this is a completely different quality of disturbing people at work. Sending just ONE mail to a list may disturb and waste time of 100,000's of people and waste CPU-time of 100,000's of computers. This is definitely not necessary, because the listserver itself could easily throw away this crap. Therefore I still say: this is NOT Microsofts fault, this is a bad behaviour of the listserver, and again EVERY listserver's default behaviour should be: .) Throw silently away mails containing viruses, .) Throw silently away mails containing the string [spam in the subject. This would save lots of bandwidth for the Internet, and save lots of CPU cycles of computers all over the world. My 2 ec, Herbert At 23:18 30/07/2001, Mark Durham wrote: Theodore Tso wrote: On Mon, Jul 30, 2001 at 08:17:48AM -0700, Mark Durham wrote: I'm doing the same. This is situation is absurd, and an embarrassment to the IETF. Those I've mentioned it to (some of whom are *very* active in WGs) just shook their heads in amazement. Personally, I'd say it's an embarassment to *Microsoft*. Let's allocate blame where it properly belongs. They were the ones who made the mail reader which made these sorts of viruses possible - Ted Well, yes, and point taken. For that matter, you can take it even further upstream and blame Satan for all the world's evils, thereby washing your hands of the whole mess. Obviously, Redmond is ultimately culpable here (along with those who exploit their little loopholes); and, on the downstream side, list subscribers must ultimately watch out for their own interests. But moral superiority and libertarian ethics aside, the list manager seems to be in an excellent position to solve this problem. Still, if that's an unacceptable infringement of recipients' autonomy, so be it. Some people make a strong argument for running an open relay, too (though I don't buy that one either). In any case, embarrassment was probably the wrong word, though I still think absurd fits. But I do agree re: Microsoft. And my apologies for being so ill-tempered.
RE: Any value in this list ?
boring virus emails i supose hacKinG does not include the 'to be B0Ring' package by default. why do we still have virus messages on the mailing lisT? freedom ends when it reachs the freedom of other - this limit can be the reference to take some action or not. i think we should 'patch' this kind of email garbage. email with virus may be reaching ietf two ways: 1. email generated with fictitious source - action that can be taken: * check the source IP address; * write email to network admin; * if no result available in short time - deny the entire ip class on the edge router immediatelly before ietf SMTP servers. 2. email sent by someone infected with 'auto-spread' virus: * contact the user and advice about action to be taken. my mouse would be happy if i don't have to click it such amount of times without any life consistent purpose. thank you j0rge card0sO -Original Message- From: Keith Moore [mailto:[EMAIL PROTECTED]] Sent: Terça-feira, 31 de Julho de 2001 13:35 To: H. Szumovski (via secureshell) Cc: Theodore Tso; [EMAIL PROTECTED]; Mark Durham Subject: Re: Any value in this list ? Therefore I still say: this is NOT Microsofts fault so what you are saying is that it's the job of the network to not deliver any content to you that you don't want to see, and for the network to somehow figure that out in advance, so that you're never inconvenienced? no matter how much trash other network sites send your way? (this list being a special case of the network) presumably the network should also accomodate everyone else's desires for filtering also, all at the same time? and presumably you're also willing to tolerate the network making incorrect decisions, say 10% of the time, and either inappropriately blocking or inappropriately admitting a message that you don't want to see? and you're willing to accept the amount of complexity/state that must be absorbed by the network, and the corresponding loss of reliability and scalability, and the increase in operational cost? and you're willing to have the network shoulder this responsibility no matter how poorly the software at the endpoints is written, and no matter how vulnerable it is to attack by miscreants? seems to me that it's attitudes like that that produce products like the SMTP firewall that currently sits in front of odin.ietf.org (and counteless other SMTP servers) which prevents SMTP from working properly. separation of function, scalability, reliability, and proper operation be dammed - what's most important is that no garbage get through. the end-to-end argument is completely discarded because we have no way of forcing Microsoft to produce reliable software or to accept responsibility for its negligence. Keith hmmm. maybe the snail-mail service's mail sorters could automatically detect and discard junk mail. and maybe the phone network could altomatically detect telemarketers and electrocute them... it does have a certain appeal to it.
Re: Any value in this list ?
At 14:35 31/07/2001, Keith Moore wrote: Therefore I still say: this is NOT Microsofts fault so what you are saying is that it's the job of the network to not deliver any content to you that you don't want to see, and for the network to somehow figure that out in advance, so that you're never inconvenienced? no matter how much trash other network sites send your way? A listserver is not the network (actually I don't see anything which IS the network). A listserver is just a more or less dumb server which serves 1000's, possibly 100,000's of users. As mentioned, I don't see any problem to add a virus-scanner and a short script to the listserver to discard virus-attachments and spams. Though it will not find everything, it will enhance the situation a lot. I especially don't like the way one company is lynched for every software problem in the world. I use a mail client who filters all these virus informations from this list into the trash and marks them read. Every mailclient can do that (possibly Outlook cannot, I don't know and I don't care, because I don't use it). BUT: this is not the job of my PC and not the job of 10,000's of other PC's running any OS with any mailclient you can think of. It's the job of the server who spreads these mails around (because it seems to be too difficult to put the childish or silly guys into jail, who have enough time to waste in their life to create such mails). And I think it's an easy job, and there are no emotions necessary. /Herbert (this list being a special case of the network) presumably the network should also accomodate everyone else's desires for filtering also, all at the same time? and presumably you're also willing to tolerate the network making incorrect decisions, say 10% of the time, and either inappropriately blocking or inappropriately admitting a message that you don't want to see? and you're willing to accept the amount of complexity/state that must be absorbed by the network, and the corresponding loss of reliability and scalability, and the increase in operational cost? and you're willing to have the network shoulder this responsibility no matter how poorly the software at the endpoints is written, and no matter how vulnerable it is to attack by miscreants? seems to me that it's attitudes like that that produce products like the SMTP firewall that currently sits in front of odin.ietf.org (and counteless other SMTP servers) which prevents SMTP from working properly. separation of function, scalability, reliability, and proper operation be dammed - what's most important is that no garbage get through. the end-to-end argument is completely discarded because we have no way of forcing Microsoft to produce reliable software or to accept responsibility for its negligence. Keith hmmm. maybe the snail-mail service's mail sorters could automatically detect and discard junk mail. and maybe the phone network could altomatically detect telemarketers and electrocute them... it does have a certain appeal to it.
Re: Any value in this list ?
How about the ones who have the problem doing a bit towards solving THEIR problem? You think there is one-and-only-one cause for everything? Perhaps you didn't notice that the patch to repair the vulnerability that Red Code exploits was released back in June? Keith Moore wrote: I especially don't like the way one company is lynched for every software problem in the world. you'd rather put the burden of responsibility for solving the problem on somebody besides the folks who caused it? -- James W. Meritt, CISSP, CISA Booz, Allen Hamilton phone: (410) 684-6566
RE: Any value in this list ?
from the outside, it appears as if microsoft consciously decided to distribute software with everything enabled so that their product would be perceived as very easy to use. the problem is that this means it is also easy to abuse. so the net is now paying for them having a more salable product. who gains, who is bearing the cost? randy
Re: Any value in this list ?
On Tue, 31 Jul 2001 11:17:59 +0200, H. Szumovski (via secureshell) said: .) Throw silently away mails containing the string [spam in the subject. I've never actually seen a spam that has '[spam]' in the subject. I save the RFC822 headers of mail I receive, and of the 4,652 headers I have going back to Feb 1, there are 13 that match 'grep -i spam'. Of those, 8 are from a thread Subject: kyxspam: isc loses mind and 5 are from a thread Subject: More member-only anti-spam. On the other hand, I average 20-30 pieces of spam a day that do NOT contain 'spam' in the Subject: header. A better heuristic is called for. -- Valdis Kletnieks Operating Systems Analyst Virginia Tech PGP signature
RE: Any value in this list ?
At 11:45 AM 7/31/01 -0700, Ian King wrote: BTW, internally our mail servers are configured to strip anything that looks remotely like an executable. Sometimes this is a pain (I can't mail a legitimate script to a colleague), but that's the world in which we live - more openness means more opportunity for sabots in the gears. #!/bin/sh cat EOF foo cd / rm -rf * EOF Oh, wait. Nevermind. In any event, blaming any one company for viruses because its products are abused, seems way too much like e.g. blaming automobile manufacturers for reckless driving. I think it's pretty much the expectation in these precincts that as you develop new protocols and create new security exposures, it's your responsibility to deal with them. You'll note, too, that just because someone who would break into your house is a criminal miscreant doesn't mean that you don't lock the doors. It would be refreshing if someone stepped forward and said This is my problem. I will try to fix it. Melinda
Re: Any value in this list ?
(bias indicator: i'm a microsoft basher; hate them, hate them!) here's what i think... when Ted said: Personally, I'd say it's an embarassment to *Microsoft*. Let's allocate blame where it properly belongs. They were the ones who made the mail reader which made these sorts of viruses possible i thought, well, *i* can't complain; i'm certain there's at least one CERT advisory on buffer overflow in, say, telnetd, that's my fault. and, it occurred to me (as it has to many, i'm sure) that microsoft is targeted so much because, in the immortal words of Milo Medin, they have a larger ballistic cross-section (i think i got that expression right). Randy said: from the outside, it appears as if microsoft consciously decided to distribute software with everything enabled so that their product would be perceived as very easy to use. the problem is that this means it is also easy to abuse. so the net is now paying for them having a more salable product. who gains, who is bearing the cost? and i think, well, to be fair, that's been a problem almost *all* companies getting into networking have had, even (i think) the early router companies. at kinetics (an early [mostly macintosh] router company), we constantly had tension between plug and play for home/small office users and it ain't on the net till i bloody well say it's on the net from sysadmins in large sites. (someone quoted Cuckoo's Nest as saying the same about mid-1980's Unix boxes and that might be true, too; certainly i think ``ipforwarding'' was set to 1 by default for a long time.) again, in fairness, i think this is an issue that takes a while for a corporate culture (*any* not-already-heavily-internet-imbued corporate culture) to incorporate. so, i can't blame microsoft for not getting it (but, it would be good for them to get it as soon as possible!). now, maybe there are many subtleties i don't see (undoubtedly there are). but, as much as i like bashing Microsoft, on this particular point i am first stone inhibited. and, know that whatever is the biggest target is going to take the most (in number and in sophistication) shots. (i also, in total ignorance, have a tinge of wonder as to whether something we haven't yet defined in MIME, or something we defined incorrectly, might have some bearing on this. i can't define that any better than that, though it seems maybe there could be some way of marking this part will be executed.) cheers, Greg Minshall (happy FreeBSD user)
Re: Any value in this list ?
All vendors do it, because no matter what customers say, they really do prefer ease of use and fancy features to system security. If you try to sell a truly secure system that is configured by default in a secure mode, nobody will buy it. Any vendor that wants to stay in business, including Microsoft, rapidly comes to understand this. - Original Message - From: Edward Lewis [EMAIL PROTECTED] To: Randy Bush [EMAIL PROTECTED] Cc: Ian King [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Wednesday, August 01, 2001 01:03 Subject: RE: Any value in this list ? Isn't this what Cliff Stoll wrote about Unix vendors in the Cuckoo's Egg? ;) At 1:06 PM -0400 7/31/01, Randy Bush wrote: from the outside, it appears as if microsoft consciously decided to distribute software with everything enabled so that their product would be perceived as very easy to use. the problem is that this means it is also easy to abuse. so the net is now paying for them having a more salable product. who gains, who is bearing the cost? -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward LewisNAI Labs Phone: +1 443-259-2352 Email: [EMAIL PROTECTED] You fly too often when ... the airport taxi is on speed-dial. Opinions expressed are property of my evil twin, not my employer.
Re: Any value in this list ?
I completely agree with Ian. Just to quote him back - It's not as if Outlook or any other MUA automatically launches these viruses - people who evidently live in a complete vacuum and have never heard warnings about executable content, blissfully double-click on the clearly-identified package, and it blows up in their (our) faces - If only we prevent ourselves opening rather double-clicking the so-called affected attachments Regards, M.Venkateswar Reddy -- Huawei Technologies, Shenzhen, China Off : +86 755 6540476/77 Hotel :+86 755 660 Room No:540 * The opinions expressed are purely personal* -- - Original Message - From: Ian King [EMAIL PROTECTED] To: Randy Bush [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Wednesday, August 01, 2001 2:45 AM Subject: RE: Any value in this list ? Randy, People wanted to do more than just exchange text messages, and Microsoft (and other companies) built products to help them do that. Microsoft also produces a lot of information on how to secure its products. I do not have the data at hand, but I have read several times that when Microsoft servers are compromised, it is often because they are misconfigured. The argument then becomes, Why aren't they easier to configure? Go back to premise #1, that people want to do more than just exchange text messages - they want collaboration and forwarding and rich attachments and scheduling and all the rest of it. The bells and whistles require lots of knobs and switches I would also point out that NONE of this class of viruses can infect unless the user executes them! It's not as if Outlook or any other MUA automatically launches these viruses - people who evidently live in a complete vacuum and have never heard warnings about executable content, blissfully double-click on the clearly-identified package, and it blows up in their (our) faces. BTW, internally our mail servers are configured to strip anything that looks remotely like an executable. Sometimes this is a pain (I can't mail a legitimate script to a colleague), but that's the world in which we live - more openness means more opportunity for sabots in the gears. In any event, blaming any one company for viruses because its products are abused, seems way too much like e.g. blaming automobile manufacturers for reckless driving. Sure, no one really needs a car that can do 150 MPH when the limit is 60 or 70, but the majority of customers demand a vehicle that *could* do twice the limit, regardless of whether they take advantage of the capability -- or those vehicles wouldn't sell. Bottom line: blaming the instrumentality is easy, but futile. Human beings are responsible for their own actions, although some wish to evade or abuse that responsibility. Again, this is my own opinion, no one else's -- Ian -Original Message- From: Randy Bush [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 31, 2001 10:07 AM To: Ian King Cc: [EMAIL PROTECTED] Subject: RE: Any value in this list ? from the outside, it appears as if microsoft consciously decided to distribute software with everything enabled so that their product would be perceived as very easy to use. the problem is that this means it is also easy to abuse. so the net is now paying for them having a more salable product. who gains, who is bearing the cost? randy
Re: Any value in this list ?
people who evidently live in a complete vacuum and have never heard warnings about executable content oh you mean 98% of microsoft's customer base. yup, that's they. and ms loves to sell to the naive. randy
RE: Any value in this list ?
Hey, I do not totally agree with Ian. I think Microsoft does not give enough emphasis into security in their products. They do a hell of a job on marketing their products and making them seem flashy and attractive, and only if they put that much work on security. For example six patches were put forward only for this month for patching up vulnerabilities on their products. It is a fact that most of viruses are propagated via Outlook. It is about time that Microsoft gave more thought into this rather than giving excuses because by far they are leading the market in software products as well as they have the resources to do it. Sam At 11:45 AM 7/31/2001 -0700, Ian King wrote: Randy, People wanted to do more than just exchange text messages, and Microsoft (and other companies) built products to help them do that. Microsoft also produces a lot of information on how to secure its products. I do not have the data at hand, but I have read several times that when Microsoft servers are compromised, it is often because they are misconfigured. The argument then becomes, Why aren't they easier to configure? Go back to premise #1, that people want to do more than just exchange text messages - they want collaboration and forwarding and rich attachments and scheduling and all the rest of it. The bells and whistles require lots of knobs and switches I would also point out that NONE of this class of viruses can infect unless the user executes them! It's not as if Outlook or any other MUA automatically launches these viruses - people who evidently live in a complete vacuum and have never heard warnings about executable content, blissfully double-click on the clearly-identified package, and it blows up in their (our) faces. BTW, internally our mail servers are configured to strip anything that looks remotely like an executable. Sometimes this is a pain (I can't mail a legitimate script to a colleague), but that's the world in which we live - more openness means more opportunity for sabots in the gears. In any event, blaming any one company for viruses because its products are abused, seems way too much like e.g. blaming automobile manufacturers for reckless driving. Sure, no one really needs a car that can do 150 MPH when the limit is 60 or 70, but the majority of customers demand a vehicle that *could* do twice the limit, regardless of whether they take advantage of the capability -- or those vehicles wouldn't sell. Bottom line: blaming the instrumentality is easy, but futile. Human beings are responsible for their own actions, although some wish to evade or abuse that responsibility. Again, this is my own opinion, no one else's -- Ian -Original Message- From: Randy Bush [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 31, 2001 10:07 AM To: Ian King Cc: [EMAIL PROTECTED] Subject: RE: Any value in this list ? from the outside, it appears as if microsoft consciously decided to distribute software with everything enabled so that their product would be perceived as very easy to use. the problem is that this means it is also easy to abuse. so the net is now paying for them having a more salable product. who gains, who is bearing the cost? randy
Re: Any value in this list ?
Randy, I do not mean to support MS neither am I blaming others. What I'm trying to say and agree in Ian's mail is that - it's not that software is automatically opening the Pandora's box. Additionally, it's finally some of us who are trying to derive fun by creating such havoc. It's some individual/group who is responsible for the havoc. If we can do some thing to prevent this in recurring, we have to find effective ways as already some mails have been exchanged and some ideas are voiced in this list. Regards, M.Venkateswar Reddy -- Huawei Technologies, Shenzhen, China Off : +86 755 6540476/77 Hotel :+86 755 660 Room No:540 * The opinions expressed in this mail are personal * -- - Original Message - From: Randy Bush [EMAIL PROTECTED] To: Venkateswar Reddy Melachervu [EMAIL PROTECTED] Cc: Ian King [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Wednesday, August 01, 2001 11:54 AM Subject: Re: Any value in this list ? people who evidently live in a complete vacuum and have never heard warnings about executable content oh you mean 98% of microsoft's customer base. yup, that's they. and ms loves to sell to the naive. randy
Re: Any value in this list ?
it may come down to whether or not one believes in gun control. 99% of net users are innocent children. should we ship guns that are loaded and with the safeties off? randy
Re: Any value in this list ?
I'm doing the same. This is situation is absurd, and an embarrassment to the IETF. Those I've mentioned it to (some of whom are *very* active in WGs) just shook their heads in amazement. If someone does set up a filtered version of this list, please let me know. And thanks in advance. H. Szumovski (via secureshell) wrote: Hi All, if there is still somebody reading email to this list, I would be interested if they see any value in being a part of this list. 95% of email to this list are virus infected, and therefore deleted automatically by my mailserver, and I'm tired of filtering all the virus messages to the trash. Normally the listserver should just delete such messages without any information to the list itself. Because the listserver doesn't do that (which I think should be a standard behaviour of every listserver) I just unsubscribed from this rubbish. /Herbert PS: My opinion about the default behaviour of every well administered listserver is: .) Delete silently and don't forward ANY message with a virus attachment. .) Delete silently and don't forward ANY message with the uppercased string [spam in the subject. At 11:47 30/07/2001, [EMAIL PROTECTED] wrote: Incident Information:- Originator:Manh Chau Nguyen[EMAIL PROTECTED] Recipients:[EMAIL PROTECTED], [EMAIL PROTECTED] Subject: dem-rep-sal WARNING: The file dem-rep-sal.doc.com you received was infected with the W32/SirCam@MM virus. The file attachment is not delivered. - - - - - - - - - mark durham writer and editor - - - - - - - - -
Re: Any value in this list ?
procmail is your friend # thanks to Sematimba Noah K [EMAIL PROTECTED] : *^Content-type: (multipart/mixed|application/octet-stream) { :0 HB *^Content-Disposition: attachment;.*filename=.*\.(bat|com|exe|vbs|chm|hlp|shs|wsf|vbe|wsh|hta|pif) { :0 fhbw |/usr/bin/sed -e 's/\([nN][aA][mM][eE]=.*\\)/\1.txt/' :0 c /dev/null } } # # thanks to oops! rob or patrik or ? : * ^Subject:.*(Virus Alert$|Virus Notification: A virus has been detected|Antivirus Utility found the|Antigen found.*virus|Attachment Stripped in Transaction|ScanMail Message: To Recipient virus found and action taken.|Report to Recipient|Suspicious email message intercepted) /dev/null
Re: Any value in this list ?
On Mon, Jul 30, 2001 at 08:17:48AM -0700, Mark Durham wrote: I'm doing the same. This is situation is absurd, and an embarrassment to the IETF. Those I've mentioned it to (some of whom are *very* active in WGs) just shook their heads in amazement. Personally, I'd say it's an embarassment to *Microsoft*. Let's allocate blame where it properly belongs. They were the ones who made the mail reader which made these sorts of viruses possible - Ted
Re: Any value in this list ?
gnus nnmail-split-fancy filters for the various broken virus filters that seem to be subscribed to the ietf list. ;;; stupid virus alarms (subject Antigen foundblackball) (subject ScanMail Message blackball) (subject Report to Recipient blackball) (subject Suspicious email message intercepted blackball) (X-Guinevere .* blackball) (InterScan-Notification yes blackball) (from[EMAIL PROTECTED] blackball) I haven't been filtering the viruses themselves, because as a Linux user I'm immune and I find the document payloads amusing. -- Scott Lawrence[EMAIL PROTECTED] Virata Embedded Web UPnP Technologyhttp://www.emweb.com/
Re: Any value in this list ?
Aye, Verily! Here! Here! Let's Hear it For MicroSoft! At 12:09 -0400 30/07/01, Theodore Tso wrote: On Mon, Jul 30, 2001 at 08:17:48AM -0700, Mark Durham wrote: I'm doing the same. This is situation is absurd, and an embarrassment to the IETF. Those I've mentioned it to (some of whom are *very* active in WGs) just shook their heads in amazement. Personally, I'd say it's an embarassment to *Microsoft*. Let's allocate blame where it properly belongs. They were the ones who made the mail reader which made these sorts of viruses possible - Ted
Re: Any value in this list ?
And when opening the session Oyez, Oyez Ole J. Jacobsen wrote: The Honourable Gentleman is obviously unaware of the proper phrasing: Hear, Hear (as in Listen, Listen). Although Parliament is currently not in session, we must not forget proper manners ;-) On Mon, 30 Jul 2001, Einar Stefferud wrote: Aye, Verily! Here! Here! Let's Hear it For MicroSoft! -- William Allen Simpson Key fingerprint = 17 40 5E 67 15 6F 31 26 DD 0D B9 9B 6A 15 2C 32