Date: Sun, 28 Sep 2003 18:07:08 -0400
Reply-To: David Beierl <dbeierl@ATTGLOBAL.NET>
Sender: Vanagon Mailing List <vanagon@gerry.vanagon.com>
From: David Beierl <dbeierl@ATTGLOBAL.NET>
Subject: Re: Microsoft patch- hoax or real
In-Reply-To: <002c01c385ed$3ad0ed60$6501a8c0@williamvafwvvc>
Content-Type: text/plain; charset="us-ascii"; format=flowed
William -- if your antivirus software didn't already tell you it's a virus,
then there's a problem with your antivirus software. Antivirus definitions
dated 18 September or later from all major vendors should catch that guy.
As to Microsoft policies, don't believe what people tell you here or
anywhere else -- go to Microsoft.com and find out what their policies
are. The information you were given is correct -- Microsoft never ever
sends updates by email -- but on whose authority do you believe
that? Mine? While you're at it, run Windows Update and make certain sure
that you have applied all critical updates, and that you have automatic
updating working correctly. Also on that page read the special Microsoft
discussion of the blaster worm.
With regard to stuff coming in from the 'net, "developdeepsuspicion" is an
attitude that will serve you well. In particular, shifting from "it's ok
unless I know otherwise" to "it's deadly poison unless I'm absolutely
certain it's not, never mind what it says on the label" is a very useful
thing to do. Keeping your system up to date is a terrific pain unless you
use automatic updating; but automatic or not, you must keep it up to date
because vulnerabilities that have been discovered this week will be the
subject of attacks the week after next, never doubt it. Do your homework
as well as you can, learn how to check things out through snopes.com (for
hoaxes), symantec.com and other antivirus vendors for viruses...don't
depend on a bunch of car people to tell you what you should be finding out
for yourself. Keeping your system clean is your responsibility, to
yourself and to everyone else on the internet (because you have a powerful
machine with a fast connection to the internet, all sorts of bad guys will
be trying to borrow it to attack other folks, send spam, all sorts of good
stuff -- in between reading your credit card numbers, telling your bank to
send them money and so forth); so take that responsibility seriously and
avoid a lot of grief.
If you're not running firewall software, I strongly suggest it. Zone Alarm
(free or paid version), Norton, various others are available.
And if you want a highly effective extra layer of hardware protection from
the bad guys, get a cheap ($75 maybe?) router-switch such as the Linksys
BEFSR41 and install it between your computer and your cable modem. It will
stop 99 and 44/100% of direct attacks on your system before they ever get
to your software firewall. It *won't* stop "social engineering" attacks
like the one you cite, where the attacker tries very cleverly to get *you*
to push the button on your own bomb. On that subject, take a gander at the
article at http://www.infosecwriters.com/texts.php?op=display&id=79 which
is a useful and illustrated discussion of recent internet scams and hoaxes.
regds,
david
At 02:20 PM 9/28/2003, developtrust wrote:
>I thought I read recently on this list that Microsoft does not send update
>info by email. Today I received this message on what looked like a genuine
>Microsoft email with logos etc.. Was this the virus some of you were talking
>of? William
>
>Microsoft Consumer
>
>this is the latest version of security update, the "September 2008,
>Cumulative Patch" update which resolves all known security vulnerabilities
>affecting MS Internet Explorer, MS Outlook and MS Outlook Express as well as
>three new vulnerabilities. Install now to maintain the security of your
>computer. This update includes the functionality of all previously released
>patches.
--
David Beierl - Providence RI USA -- http://pws.prserv.net/synergy/Vanagon/
'84 Westy "Dutiful Passage"
'85 GL "Poor Relation"
| 
