Malware (Was: Re: (no subject))

George Toft george at georgetoft.com
Fri Sep 22 09:23:39 MST 2006 

One of the first Outlook worms I received was from my supervisor at 
work.  I knew the sender and the attachment was not unexpected.  This 
concept is part of the social engineering that allows worms to propagate.

You are right - part of the security piece is the person and they must 
become part of the solution through an information security awareness 
program and reinforcement of a questioning attitude.

<RANT>
The cynical side of me says that software development industry has 
trained millions of people to expect computers to not work correctly, so 
anomalies are ignored "because it's Windows" or "because it's a PC".  My 
wife just went through a horrible experience with NAU's web site - 
whenever it screws up, we have to clear cookies, clear cache, restart 
browser.  Turns out this is step 1 in the Help Desk troubleshooting 
guide.  It goes back to the Microsoft Car analogy - the world has been 
trained to expect weird things to happen to PCs, so they don't question 
it.  If my car worked like NAU's web site, it would be back in the shop. 
  (Actually it did - and it took 5 updates to the computer over a 2 week 
period to get OnStar and the phone to work correctly.)
</RANT>

George Toft, CISSP, MSIS
My IT Department
www.myITaz.com
480-544-1067

Confidential data protection experts for the financial industry.


keith smith wrote:
> Isn't part of security the person.  If I receive an email from an 
> unknown that has an attachment I delete it.
> 
> If I'm expecting a .doc or .xls and I know the sender I assume it is safe.
> 
> 
> 
> 
> */"Eric \"Shubes\"" <plug at shubes.net>/* wrote:
> 
>     I saw one mail admin that blocked .xls and .doc extensions too.
>     After all,
>     they can contain macros that can cause damage. :( To me, that's
>     excessive. I
>     kind of doubt that you're blocking these extensions, Craig.
> 
>     Where does it end?
> 
>     Craig White wrote:
>      > I've been doing this for a number of years now and I don't recall a
>      > single instance when it was necessary for a user to get an attachment
>      > that was of a type (exe, com, pif, bat, scr, vbs and there's some
>     more).
>      >
>      > In a world where users do what users do, they can't be trusted not to
>      > blindly open things.
>      >
>      > Yes, Outlook 2K3 and 2K will not allow them to open those files
>     but you
>      > can change the security settings to get around that.
>      >
>      > Older versions of Outlook, etc. aren't likely to have all of the
>      > safeguards in place.
>      >
>      > Craig
>      >
>      > On Thu, 2006-09-21 at 23:37 -0700, Kevin Brown wrote:
>      >> Nothing wrong with an exe getting through. I, on occasion, send
>     things
>      >> to myself that are small executables (maybe its a perl script
>     wrapped up
>      >> with par, or a self executing zip file). Outlook, being the
>     jacked up
>      >> program that it is, just flat out blocks them.
>      >>
>      >> Blindly blocking all .exe, .zip, . attachments is just an idiotic
>      >> knee-jerk reaction. Much like banning violent video games
>     because a few
>      >> of the millions that play commit an act of excessive violence.
>      >>
>      >>> I think that if an exe attachment gets through an e-mail system
>     to the
>      >>> end user, the battle is already lost. Whether they opened it or
>     not is
>      >>> sort of immaterial. Users will do whatever users do.
>      >>>> One of my clients got an email to them from them and it had an
>     .exe
>      >>>> attachment. Fortunately, they called me before opening it.
>     Same deal,
>      >>>> though.
>      >> ---------------------------------------------------
> 
> 
>     -- 
>     -Eric 'shubes'
>     ---------------------------------------------------
>     PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
>     To subscribe, unsubscribe, or to change you mail settings:
>     http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
> 
> 
> 
> 
> - - - - - - -
> Keith Smith
> - - - - - - -
> http://travelingcheese.com/search_engine/increase-search-engine-traffic.html
> - - - - - - -
> 
> ------------------------------------------------------------------------
> Do you Yahoo!?
> Get on board. You're invited 
> <http://us.rd.yahoo.com/evt=40791/*http://advision.webevents.yahoo.com/mailbeta> 
> to try the new Yahoo! Mail.
> 
> 
> ------------------------------------------------------------------------
> 
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change  you mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

More information about the PLUG-discuss mailing list