Date: Thu, 25 Sep 2003 12:54:54 -0700
Reply-To: JD Foster <jidd@JIDDWARE.COM>
Sender: Vanagon Mailing List <vanagon@gerry.vanagon.com>
From: JD Foster <jidd@JIDDWARE.COM>
Subject: Re: Strange messages-- infected file
Content-Type: text/plain; charset="iso-8859-1"
Tom,
You may be a sysadmin, but please don't assume that you are the only one on
the list or that your "solution(s)" are the answer to everybody's problems.
IMHO, your remarks on the subject come across (as many sysadmins do) as
quite condescending. Not to mention off-topic.
I'm quite familiar with the behind-the-scene's work that goes into
protecting networks. That, and I fully appreciate the end-user frustration
of being a sysadmin. However, please find a nice BOFH mailing list to vent
these frustrations in rather than taking it out on fellow listees who don't
share your point of view.
FWIW, I very recently asked a number of mail server administrators in a
newsgroup that I frequent exactly what e-mail client (windows platform) they
personally use. The overwhelming (and my personal) favorite? Almost every
single one of them choose Outlook Express. Yes, it has vulnerabilities.
But its also (relatively) lightweight, ubiquitously available, user
friendly, and supports most mail server configurations well
(pop/imap/http/ssl).
No mail client worth a hill of beans is going to be completely immune from
exploits. Features vs security is always *something* of a tradeoff (more
code=more opportunity for mistakes). Granted, I think Outlook (not OE) is a
bloated piece of poop, but for some users its more or less appropriate (not
calling the user a bloated piece of poop :-)). OE, IMHO, is a fair balance
between features (HTML e-mail, multiple account management, newsgroup
access, etc..) and security, when used responsibly. While I've tried many
other mail clients, I seem to always gravitate back to OE. I too fall into
the camp of "have used OE for X years and haven't *ever* caught a virus."
Call me ignorant as you have others if you wish, its really no sweat off my
back.
Granted, by running my own mail server I can practice some security measures
that most users don't have available to them, specifically server-side
anti-virus scanning. However, the four biggest options available to every
*user* that would make a difference are:
1. Current AV software (can't emphasize this enough)
2. A well configured firewall/brodband router
3. Judiciously not opening suspicious mail
4. Properly configuring *whatever* mail client you choose so as to
realistically minimize your opportunity for infection while not
significantly crippling your ability to USE the program.
Yeah, AV software isn't perfect, but it goes a LONG way towards closing
vectors of attack. Same for firewalls. Finally, numbers 3 & 4 can best be
addressed through user education (granted, no small feat!). It does take
some thinking to recognize what shouldn't be opened just because its there.
Additionally, vendors could do the world a huge favor and ship their
products locked down, and notify users when/if they enable features that
compromise security.
Just my 1.99999¢
For those who've stuck with it through this entire post, thanks. I've said
what I have to say on the subject and will refrain from further cluttering
the list with posts on this topic. If you have responses to this post that
you wish to share with the list, that's up to you. However I will not
comment on the subject except to questions/comments/remarks directed towards
me and my response will be off-list. I'm happy to share whatever
info/knowledge I may have on the matter via personal mail.
Cheers,
JD
P.S. FWIW, there is IMHO a great collection of e-mail newsletters available
for subscription at www.woodyswatch.com. They have excellent
tutorials/informational-notices/etc... on general MS Windows stuff, MS
Office, and a brand new newsletter specifically addressing e-mail usage and
best practices. All written in such a way that you don't have to be a
sysadmin to understand or benefit from them. I highly recommend them.
----- Original Message -----
From: "tom ring" <taring@TARING.ORG>
To: <vanagon@GERRY.VANAGON.COM>
Sent: Wednesday, September 24, 2003 7:25 PM
Subject: Re: Strange messages-- infected file
> I say this as someone who has worked as a sysadmin at a credit transaction
> network ops center, and also at a moderately large ISP.
>
> Just don't use Outlook. Anyone that hasn't caught a virus/worm/whatever
is
> lucky, or more likely, wrong. You caught it and never knew it. I have
spent
> way too many hours trying to convince customers they were infected, while
they
> said they weren't because their antivirus programs said they weren't.
>
> Folks, antivirus programs are very often wrong, and I've watch 10 of
megabits
> per second of traffic from corporate and private systems that are "OK"
that
> prove it. You have no idea how much effort is put into biulding cisco
ACLs
> (access control lists), and PIX firewall lists, and more, to keep this
crap at
> bay.
>
> tom
>
> On 24 Sep 2003 at 20:13, tom ring wrote:
>
> > Right. Keep fooling yourself. The best way to use it is not.
> >
> > On 24 Sep 2003 at 18:11, Philip Chidlaw wrote:
> >
> > > It's largely in how you use outlook. I have been very actively running
> > > OL (not express) on my work and home machines as my sole email client
> > > since its lame beginnings in 95 with never an infection by virus,
> > > trojan, or worm. Hoaxes - yes.
> > >
> > > Philip Chidlaw
> > >
> > > -----Original Message-----
> > > From: Vanagon Mailing List [mailto:vanagon@GERRY.VANAGON.COM] On
Behalf
> > > Of tom ring
> > > Sent: Wednesday, September 24, 2003 6:37 PM
> > > To: vanagon@GERRY.VANAGON.COM
> > > Subject: Re: Strange messages-- infected file
> > >
> > >
> > > And if you don't use MS Outlook or Outlook Express, you pretty much
> > > don't need to worry if they get by the filter.
> > >
> > > My problem with this whole thing is that many people stand there with
a
> > > huge target painted on themselves and then try to put enough
plexiglass
> > > between them and the snipers.
> > >
> > > Get smart. Get rid of Outlook. Use something, ANYTHING, else.
> > >
> > > No offense, and I'm not singling anyone out. I'm just being realistic
> > > here.
> > >
> > > tom
> > >
> >
> >
> > ------
> > Tom Ring K0TAR, ex-WA2PHW EN34hx
> > 85 Westphalia GL Albert
> > 96 Jetta GL The Intimidator
> > taring@taring.org
> >
> > "It is better to go into a turn slow, and come out fast, than to go into
a turn fast
> > and come out dead." Stirling Moss
> >
> >
> >
>
>
> ------
> Tom Ring K0TAR, ex-WA2PHW EN34hx
> 85 Westphalia GL Albert
> 96 Jetta GL The Intimidator
> taring@taring.org
>
> "It is better to go into a turn slow, and come out fast, than to go into a
turn fast
> and come out dead." Stirling Moss
>
|