[LINK] 90 MS viruses - 12 Megs - a week

Robin Whittle rw@firstpr.com.au
Sat, 05 Oct 2002 13:52:42 +1000 

I have received 90 virus / worm emails in the last 7 days - comprising
12 Megabytes.  A few of these are notifications of failed delivery of
messages sent with my email address.  These are costing me at least $10
a month in bandwidth and probably more after protocol overheads.  

I would like to doctor my Postfix mail server to make it refuse to
accept messages with the most common viral attachments, since this cost
adds up over the year.  However, from reading:

  http://www.postfix.org/docs.html
  http://www.mengwong.com/misc/postfix-uce-guide.txt

I get the impression it would take me hours to sort out and would not
actually reject the viral emails soon enough to stop the whole message
arriving.

These are primarily viruses which rely on MS software insecurities which
I think are not just bugs, but deliberate "automatic" "features" such as
passing an attachment which claims to be MIME type .WAV to the Media
Player, but which is actually an .exe, which Media Player then
automatically executes.   Some involve asking the user to click on an
executable programs which is a screen saver - so this is not a specific
MS software problem.   Really, all email software should make it nearly
impossible to run any executable attachment.   A favourite approach in
the past would be to have the attachment "PRETTY-GIRL.JPG.exe" with the
default Windows behaviour with Outlook (Express) to hide the ".exe" so
giving the hapless user no way or recognising the difference between a
graphics file and a virus executable.

I use Netscape 4.77 for email and for browsing unless a site doesn't
work with it - then I use Mozilla.   I don't click dodgy-looking
attachments, but most of these messages do not rely on that - they have
no visible attachment under Netscape and I think they infect unpatched
MS Outlook (Express) simply by the email being viewed - with no user
interaction or possibility of preventing this.  I do not run anti-virus
software, though I did run it a while ago and found no virus infections
at all.  I would know it if my machines were infected - I have LEDs
driven by the modem lights on my desk here.

I have never had a virus on my Windows machines and I get tired of
trying to tell people that MS email and browser software is really
insecure.

I agree that the PC and security matters are too complex and important
to be left to ordinary users - so they should take theirs in somewhere
for advice on how to keep it safe and reliable, just as with cars, our
bodies etc.


I wish I could say that Mozilla's email system was better, but it lacks
a spellchecker (Netscape 8 has one) and there are still some unresolved
usability and corruption bugs:

   http://bugzilla.mozilla.org/show_bug.cgi?id=35389

      Double click onto a folder and the original folder also changes.

   
   http://bugzilla.mozilla.org/show_bug.cgi?id=141983

      Space added to indented line when sending or saving message


Also, in Netscape 4.77, I can easily dump one or more selected messages
to the Spam or Virii mailboxes with "Alt M 0 2" or "Alt M 0 3". 
Mozilla  / Netscape 8 has no such numeric short cuts, so excessive,
stressful, time-consuming cursor movement would be required.  The
alternative is to simply delete them, but that means I need to be more
careful about the process than I currently am.    

Probably I should set up my Courier Maildrop filtering to detect the
obvious virus / worm emails and most of the spam by one of the recently
developed systems.


  - Robin
----------
For Link list information see http://sunsite.anu.edu.au/link/