[LINK] Current Virus Flurry

[Chirgwin, Richard]

Howard,

It just goes in circles. The industry - not just Microsoft - uses "the user
should keep up-to-date" as the catch-all for security hassles.

Really, pretty much the whole of the supply side - Microsoft, ISPs, telcos,
with the enthusiastic support of governments around the world - have
evangelised the Internet. The consistent message for seven years is that
"the Internet is for everybody", that "you need to go online", and so on.

But security is too much for the users. For eg, from Symantec (a press
conference yesterday) "there are 50 new vulnerabilities reported every
week". (and yes, MS software is the source of most of them, according to
Symantec's CEO). That's a load beyond most experts, let alone the individual
user.

It's reasonable to require IT professionals to keep abreast of patch
requirements. But in the consumer environment, "patch your system" is just a
cop-out for suppliers to dodge their responsibilities.

Richard Chirgwin

> -----Original Message-----
> From: Howard Lowndes [mailto:lannet@lannet.com.au]
> Sent: Thursday, 7 November 2002 15:29
> To: Malcolm Miles
> Cc: link@anu.edu.au
> Subject: Re: [LINK] Current Virus Flurry
> 
> 
> On Wed, 6 Nov 2002, Malcolm Miles wrote:
> 
> > On Wed, 06 Nov 2002 13:30:38 +1100, you wrote:
> >
> > >"Would IE always execute the attachment?
> > >
> > > No. IE would only execute the attachment if File 
> Downloads were enabled in the Security Zone
> > > that the e-mail was opened in. However, File Downloads 
> are enabled in all zones by default."
> >
> > The hole exploited by this virus and other recent viruses was fixed
> > back in March 2001. Current versions of IE are not be 
> affected by this
> > virus.
> >
> > >In other words, the correct answer is "Yes". Here is an 
> email virus that will,
> > >by default, execute and spread its malicious cargo. The 
> Symantec writeup on the
> > >virus mentions that the machine can be become unstable and crash.
> >
> > So the answer is "No" if you are running the current product or you
> > have updated IE any time since March last year.
> 
> That may be true, but sadly, regularly updating installed systems is a
> rare occurence, especially in smaller organisations with no 
> IT setup, and
> I would venture to suggest in a lot of bigger organisations with IT
> setups.  Let's face it, many of the vulnerable M$ systems out
> there are post-automated update being available.
> 
> I am only too well aware of how difficult it is to keep Linux boxes
> updated, and I can reach almost all of mine over the Internet 
> since they
> are spread across SE Australia.  It's a damned sight harder 
> with Windows
> networks with or without permanent Internet access.
> 
> -- 
> Howard.
> LANNet Computing Associates - Your Linux people
> Contact detail at http://www.lannetlinux.com
> "Flatter government, not fatter government." - me
>  Get rid of the Australian states.
> ------------------------------------------
> If electricity comes from electrons, does morality come from morons?
> 
> 
> _______________________________________________
> Link mailing list
> Link@mailman.anu.edu.au
> http://mailman.anu.edu.au/mailman/listinfo/link
>