-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 'Lo Allie,
On Sun, 27 Oct 2002 19:40:38 -0500 your time, you authored this: ACM> For stopping harmless test files? I don't know how popular those ACM> test files are apart from eicar.com which is well known (note that ACM> eicar is picked up by most scanners) <shakes head> Comon, that isn't the point and you well know it. The fact that those test files are really harmless isn't the point, but the fact that that files with those extensions are capable of causing 'harm' is. Therefore, a scanner that can 'weed' out files that can be used as exploits through a vulnerable information exchange medium such as email is obviously advantageous to end users. ACM> This has already been implemented in TB! through its inbuilt filetype ACM> restrictions. Yes, I'm aware of that :) ACM> That's a nice simple way of implementing what you're referring to. No, that's not in context. I wasn't referring to that particularly, or singularly, but rather suggesting overall that I was happy to use a scanner with such extra features. Personally speaking, I like the fact that the authors of the software are covering all bases, whether the extras are considered excessive or not. Obviously in the case of the Kapersky authors they don't :) ACM> TB! also doesn't run HTML based scripts and Active X controls. As a TB! ACM> user, you don't actually need the scanner to pass that test. :) I might not need it, but not everyone runs TB! and as AV packages are not authored solely for TB! I think it is a valid extra, even if redundant in this instance. ACM> Warnings should be issued by your e-mail client Yeah, but we are talking real world not ideals. OK, so some email clients like TB! are at the forefront, providing client based protection, but it isn't a matter of what should be but rather what is, and the fact is that not all clients do, so extra protection is warranted. ACM> You agree with me here which is the very essence of the point I was ACM> making that you responded to by saying that I missed the point. I don't think so ;) In this instance I was happy to indicate some agreement, but only to the extent that I was agreeing that any claims made by companies pushing a product were usually exaggerated, or excessive, and most people of course seemed to be aware of that. In other words, the fact that you found the 'sell' ridiculous was unexpected, as generally speaking it's just accepted for what it is, and I shalln't say what 'it is' descriptively :) So, there was no self-contradiction there at all, as you suggest. ACM> What's the pointing of making an issue about .vbs filetypes I think the point is one of familiarity. Not every user is going to be as familiar with .vbs extensions, for example, as they are .com or .exe types. Generally speaking, even the most basic of user gets to grips with the dangers of running .com and .exe files, as they are commonplace extensions on a Windows system, and so understand them as being executable files, but as other executable file extensions aren't commonly used by the less advanced users they may be unfamiliar with what they are, what they can do, and therefore the dangers they could pose. From your position I can see how you can see that it's ridiculous though. ACM> I'd say that they have missed the point that it's the user that has to ACM> be very careful about any of these files. Again, in and ideal world that would be fine. But it aint, and users don't and won't do as they should always, and I don't think they deserve to get infected because of it. Some people might call those types lamers or whatever - a term I hate - but it's not their fault that there is a war against Microsoft going on and they happened to get caught up in the middle of it. I think that the more optional idiot-proof protections there are in place the better. It means that all levels of user are afforded protection, not just those with plenty of air miles behind them. ACM> Why not? Navigate to it and scan it. I will. But see above para :) ACM> It's yet to be opened an then caught by the realtime scanner. It's yet ACM> to be caught by the system wide scans that you may perform on a daily ACM> basis. That's not the point. The point is that an infected file is able to pass through initial defences and get stored on the disk by using a fragmented email, when it would obviously be preferable that it didn't. But that is an ideal, like some of yours I suppose :) I didn't say that it was a disaster, but it is a vulnerability of sorts. - -- Sl�n, Simon @ theycallmesimon.co.uk _______________________________________ Faffing about with TB! v1.61 on W2K SP3 PGP Key: http://pgp.netbanger.com/ -----BEGIN PGP SIGNATURE----- Comment: Privacy is freedom. Protect your privacy with PGP! Comment: KeyID: 0x5C7E8966 Comment: Fingerprint: 851C F927 0296 FF1C 70A2 474F CB6E 6FFE 5C7E 8966 iQA/AwUBPbyYNctub/5cfolmEQK7FwCeLfH8cJOMNdXTiADwH4o7eMcT794AoPWZ vddEnH8pqCl9HUTJ6ApOAMUS =LFhv -----END PGP SIGNATURE----- ________________________________________________ Current version is 1.61 | "Using TBUDL" information: http://www.silverstones.com/thebat/TBUDLInfo.html
