PDA

View Full Version : The irony of Anti-Virus



Erin Salmon
16-07-2002, 06:21 PM
Hi all,

I got the W32.Frethrem.K@mm worm this afternoon... Having updated my virus definitions 7 hours prior to recieving it I though I was safe... Not so!

To make the matter more embarrassing, Norton Antivirus was scanning and sending out copies of this virus to the addresses in my address book.... For something which is costing $50 a year to protect me from viruses, you think it'd be a little bit careful about distributing them at free will... Fortunately I realised what was going on before Norton did, and unplugged myself :)

For those not yet affected, avoid anything with "Re: your password" in the subject line.

:)

Erin

Graham L
16-07-2002, 06:39 PM
If Microsoft can do it, why can't Symantec?

nzStan
16-07-2002, 07:00 PM
Here are some generic questions for everyone (on top of having an anti-virus software)... (this is not specifically asked to address the W32.Frethem.K@mm virus because it would have activated when you double click to open the email. But at least it would have provided a couple of defense lines before it happened).

1. Did you have preview on? If yes turn it OFF! I don't know how many times I have to tell people this but they keep insisting on using the F*#^@%%@&#^#&^#*& Outlook feature (assuming you are using Outlook of course... ignore my ranting if you're a good boy or girl).

2. If you did not have preview on, did you double click on the attachment? If so, then bend over and spank yeself. You know you've been a baaaaaaaad boy (or girl)...

Now, re the W32.Frethem.K@mm virus. Did you patch your Outlook program? Failing to patch these pesky program is like flying a plane with a known defect. Sooner or later it will get ya, so keep your email and browser updated (especially if you are using MS products).

According to Microsoft Security Bulletin (MS01-020) ,

"Incorrect MIME Header Can Cause IE to Execute E-mail Attachment
Originally posted: March 29, 2001"

Internet Explorer 5 service pack 2 was supposed to have addressed this problem.


I know most of us have anti-virus running but to use a really bad analogy... just because you're using condoms doesn't mean you won't catch STD.... You still need to practise sensible and safe sex.

<puff puff puff puff... ranting over...>

Baldy
16-07-2002, 08:34 PM
Well said Stan,

With the very tricky viruses out there (which some incidently disable virus scanners) I practice "Safe Email Practice" - that is, if I don't know who the sender is of the email, it gets dispatched to the rubbish. NO EXCEPTIONS - and if the subject line looks weird, it goes as well

Elwin Way
16-07-2002, 08:34 PM
Makes me damn glad I don't use IE or OE... or Nortons for that matter..

ducks down for the flame war

Linda H
16-07-2002, 08:38 PM
How do you "patch" Outlook Express?

Elwin Way
16-07-2002, 09:00 PM
OE is patched when you download and run lots of little programs from Microsoft called 'Critical updates'.

The updates are supposed to plug holes that come free with OE, but in a lot of cases, end up creating new ones.

The best patch you can get for Outlook Express is one found on the PCWorld magazine called 'Eudora'.

:D

Erin Salmon
16-07-2002, 09:27 PM
Hi,

I do not use preview - I'm not a complete novice!
I did open the email, but I did not open the attachment. In fact, I opened it without hesitation because the subject actually made sense with regard to the originator of the message.

I haven't patched OE recently, I get sick of M$ not doing the job properly the first time round and use Linux wherever I can...

Graham, what do you mean "Microsoft can do it"? Have they achieved something with reference to secutiry??? Let's hear about it!

I find it apalling that there are so many people out there dedicated to wreaking havoc on the world of innocent computer users that you are not safe for more than an hour after downloading the bloody virus updates! What kind of retards constitute the human race? I'm considering installing a Linux based webserver/Mailserver to complement a Linux based PC. I was also thinking of getting a bit of juice out of a few old 486 33-100mhz machines using LTSP... Has anyone ever used this before? I'll create another thread! :)

And don't get me started on spam!

GRRR

Erin

Elwin Way
16-07-2002, 09:40 PM
>I find it apalling that there are so many people out there dedicated
>to wreaking havoc on the world of innocent computer users that you
>are not safe for more than an hour after downloading the bloody virus
>updates! What kind of retards constitute the human race?

The same retards that allow this to happen? Let's face it, its good news. 98% of virusii are targeted at Microsoft products. There are far better products out there. You are amoungst a group of people who are sick and tired of having to put up with this sort of thing, so are leaning torwards alternative software and even GPL operating systems.

The result is that more people using alternative software means better (and more availability of) software.

The end is nigh! (well for M$ anyway)

Marty2001
16-07-2002, 09:59 PM
Symantec has an email advisory which you can subscribe to that goes out when new viruses appear.
I received the alert at work today and ran live update which updated me to 15 July definitions. These defintions were not available last night (when most business servers update).
Live update is updated weekly, unless a new category 3 virus comes out.
You can use intelligent updater, if you are aware of a new virus and the definitions are not available via live update.

E.ric
16-07-2002, 10:14 PM
Thanks Erin,

I just picked up "your password" in the list of my mail to be downloaded with "mailwasher" and I returned it to sender. thinking it was just standard junk mail, :-):-):-):-):-):-)

From Eric

Erin Salmon
16-07-2002, 10:44 PM
Hi,

Elwin, you have a VERY relevant point there, that if one avoids M$, one is avoiding viruses (+ worms etc), as well as a lot of SPAM, crashes, bugs, insecure programs, identity theft, malicious code, privacy breaches, security holes, stress, caffeine overload (which can lead to seroious or fatal injury, or even lowered sperm count), and tedium!

Good call!

:)

Erin

robsonde
16-07-2002, 11:05 PM
just a word of warning to those who are "happy and safe" with email programs other than OE.

NO email program is virus safe.

there is a virus or two that will auto triger with eudora (older versions)
and there is always one fool who opens an attachment "just to see what it is"

I only have never used OE.
I never open email from people i dont know.
I update my virus scanner every week.
I never open an attachment unless i am sure what it is.
I HAVE BEEN hit by a virus almost every year.

Erin Salmon
16-07-2002, 11:15 PM
Hi,

Yes, I've always been cautious and had the up-to-date AV, but I've never had anything before, but now this one happened to have a subject that applied to what was being conversed between myself and the originator of the message, so I didn't suspect any foul play...

We're going to be in real trouble when we get viruses that can generate a subject based on communication between the originator and the recipient of these viruses... :(

I also fear the day that a virus can be spread purely around mainframe computers, as it could bring the whole internet down in less than a minute if it was well written... However, that's why we employ the security guys right?

:)

Erin

E.ric
16-07-2002, 11:24 PM
Moral of the story return any doubtful mail.

http://www.mailwasher.net/

BIFF
16-07-2002, 11:53 PM
If 95%+ of people used Mac OS (or Linux for that matter) all the viruses would be written for it. There will always be exploits for software as it is impossible to get code perfect the first time. A patch for that iframe vulnerability was released long ago.

Jim B
16-07-2002, 11:59 PM
I really feel for you people, you don't have to suffer like that.
I use Internet Explorer and Outlook Express have done for years
I do not do any updates or patches to make them secure
I do not use any virus software so don't have to worry about updates
I have my OE set to preview messages and I can open all attachments
I have never been infected by a virus.
Too good to be true? believe me it is possible.
:-)

Elwin Way
17-07-2002, 12:04 AM
/\
|
|

Spot the playstation owner

:^O

Elwin Way
17-07-2002, 12:14 AM
> If 95%+ of people used Mac OS (or Linux for that
> matter) all the viruses would be written for it.

Maybe, but there would be less people doing it. Because it would be much harder to do, especially with open source software. Think about it, people would be spending more time testing their code before release - don't forget that people who code Linux do it for the love of it and not to make a quick buck. They are a dedicated bunch of people who's main goal is provide a safe, secure, and user-friendly environment to interface a human with a computer.

> There will always be exploits for software as it is
> impossible to get code perfect the first time.

No it's not. It may be difficult, but not impossible. I have released software that I made on my own computer. Not one has ever been sent back with a bug. Admittedly, they were hardly OS stuff, (actually they were novelty / gag / prank stuff) but people who work with Linux, for example, work this way - in 'modules' so to speak.

Another thing to think about - what OS do you think that the people who write viruses commonly use? Bet ya it's not windoze. Without windoze, whats left?

;\

robsonde
17-07-2002, 12:21 AM
Jim B

if you don't use anti-virus programs then how can you be sure you dont have a virus??


makes you think......

Jim B
17-07-2002, 12:36 AM
Ask anyone who has been infected with a virus if they were not made aware of it either by someone advising them or by problems showing up with with their programs or operating system.
I can be sure as all the viruses that are currently affecting Windows systems do not affect me.

Playstations running IE and OE are not affected.

BIFF
17-07-2002, 03:22 AM
> > If 95%+ of people used Mac OS (or Linux for that
> > matter) all the viruses would be written for it.
>
> Maybe, but there would be less people doing it.
> Because it would be much harder to do,
> especially with open source software.

Why would it be harder to do?

> Think about it,
> people would be spending more time testing their code
> before release - don't forget that people who code
> Linux do it for the love of it and not to make a
> quick buck. They are a dedicated bunch of people
> who's main goal is provide a safe, secure, and
> user-friendly environment to interface a human with a
> computer.

I know I would rather fly in a plain designed by an engineer than one made by a 2nd year Biology student in his spare evenings.


>
> > There will always be exploits for software as it
> is
> > impossible to get code perfect the first time.
>
> No it's not. It may be difficult, but not impossible.
> I have released software that I made on my own
> computer. Not one has ever been sent back with a bug.
> Admittedly, they were hardly OS stuff, (actually they
> were novelty / gag / prank stuff)

Has you code been subjected to buffer overflow analysis or race condition testing?


> but people who work
> with Linux, for example, work this way - in 'modules'
> so to speak.

Is that so...? I didn't know this. What are you talking about again?


> Another thing to think about - what OS do you think
> that the people who write viruses commonly use? Bet
> ya it's not windoze. Without windoze, whats left?

I suppose they must do it with blind luck and a cross compiler then.

sal 
17-07-2002, 03:55 AM
playstation?, which one, BIFF or the one directly above you. and the post about not having to do patches, updates, not having av software, now that i think about it, ever since i got the av software, all we have been getting are virus alerts ( well, maybe bout once a month), and before that, we had no problems with our computer.....not saying we didnt have viruses, but we didnt have problems (got the av software on a reccomendation, and it found several files infected, but apparently no damage of any kind.) so now here i am downloading more updates...grrr

heard the one bout the av software programmers actually writing some of the viruses...............

nzStan
17-07-2002, 11:07 AM
Don't be so smug about using Eudora, Play Station or even Linux.

The simple fact is keep up to date with news (IDG news is all you need to keep up to date with these stuff).

Then you need to keep your program updated. That means apply all security patches. Inconvenient??? Yes, so are the burglars and murderers roaming our street. You simply need to be aware of these dangers once you are connected to the information highway.

Years ago I frequently advise users ;

1) "You may open the email to check but please DO NOT double click on the attachment."

NOTE: - this advice no longer apply today because the virus will launch if you open the email (even if you didn't launch the attachment).


2) "Be suspicious of emails with weird or non-relevant subjects"

NOTE: - this advice no longer apply today because they can pick up a random subject from the infected person's inbox and send it to you. Chances are they will contain a title which is very relevant.


3) "Send an email back to the sender letting him/her know he/she is infected"

NOTE: - this advice no longer apply today because new virus will spoof the email address. So sending an email to the sender will only create more confusion.


Here are some basic facts. On business email servers with filters and anti-virus running, I've seen 10 or more virus on a quiet day and probably a hundred or more during a mass infection.

Here is another fact. There weren't any virus for PDAs, cellphone, Linux etc. Well wrong! They are appearing and they will always be there.

Elwin Way
17-07-2002, 11:26 AM
> > Maybe, but there would be less people doing it.
> > Because it would be much harder to do,
> > especially with open source software.
>
> Why would it be harder to do?

It is well documented that Linux security is tighter than a Nun's XXXX.

> I know I would rather fly in a plain designed by an
> engineer than one made by a 2nd year Biology student
> in his spare evenings.

Personally, I'd rather fly in a plane that has been designed, built and tested by a wide and diverse range of people than one built by someone who never was an engineer, but a businessman who has bought a plane made out of paper mache, covered it with paint, and sold it as an airliner....

Apologies for the long sentence :)

> Has you code been subjected to buffer overflow
> analysis or race condition testing?

Don't most of the bugs in wondows suffer from this problem? :D

> 'modules'
> > so to speak.
>
> Is that so...? I didn't know this. What are you
> talking about again?

I don't really know. I could have sworn I started off on something about Linux... perhaps you'd be best talking to people who do it (http://www.ele.auckland.ac.nz/~macdon/linux/help.php3).


> I suppose they must do it with blind luck and a cross
> compiler then.

Well I'll give you a clue. It's not a playstation...

:p

Graham L
17-07-2002, 02:13 PM
What have Microsoft done? Lots. They're a great company. They have a Developers subscription thing which (for money) you get the new stuff in time to make applications ready for the release. MS managed to provide pre-virused (Klez) software on some of their CDs. How's that for service?

There is a well known weakness called "buffer overflow". It slows things down a bit if you test for this.

MS want to produce fast code, so they tend to not test for things which will never happen, like buffer overflow. They release the OS or the application, and people find that they get virused. MS issue a critical patch. People find that viruses get in through the weakness introduced by the fix. MS issue ...

A year goes by, then it's time for a new, better, safer, (more expensive) OS . To make it fast, MS don't test for things which will never happen, like buffer overflow...

It's called "reinventing the wheel". Or gross incompetence. Or something. ;-)

There is a news group which is well worth reading: comp.risks . It's been going for a long time. A lot of the stories are funny. Some of them would be funny if they weren't so serious. (It's all true).

BIFF
17-07-2002, 07:27 PM
> It is well documented that Linux security is tighter
> than a Nun's XXXX.

Please produce some factual evidence to prove that Linux security is any more tight than any NT Kernel based Windows system. If you actually knew what you were were talking about you'd know that Linux has more exploits produced per year than any other OS. And this is despite it's non majority market share.


> Personally, I'd rather fly in a plane that has been
> designed, built and tested by a wide and diverse
> range of people than one built by someone who never
> was an engineer, but a businessman who has bought a
> plane made out of paper mache, covered it with paint,
> and sold it as an airliner....

By this sentence I presume you are under the mistaken idea that Bill Gates actually writes his own code rather than employing professional programmers.

> > Has you code been subjected to buffer overflow
> > analysis or race condition testing?
>
> Don't most of the bugs in wondows suffer from this
> problem? :D

And most of the bugs in Linux too.

You are a Linux fanboy. I however like *all* OS' and realise each has it's own strengths.

Mike
17-07-2002, 07:32 PM
> > Why would it be harder to do?
>
> It is well documented that Linux security is tighter
> than a Nun's XXXX.

that's debatable. It's well documented now, because there isn't the security risk involved with something like Windows - why? because people spend all their time writing exploits for Win based systems. But to take it back to that scenario, if 95% of the population was using Linux, then people would be exploiting it more than they are.

mark c
18-07-2002, 02:02 PM
Any AV program must be almost always out of date, coz they work by recognising something already documented. No-on gets protected until many have been infected. A check on executables in email progs would be a better way to do it Doesn't have to throw a wobbly on every prog. trying to run but one launching from an email yes.