O/T: Virus mascarading as Microsoft security patch.

In article ,
"Paul Blay" wrote:
*Follow-ups trimmed*

s.p. added.


wrote ...
(Starblade Darksquall) wrote:
Why can't we get an antivirus program that checks to see if an
incoming mail has a virus or not, and if it has one, automatically
deletes it?

They exist. The problem is that no defense software can anticipate
a new pattern of diabolical bits.

Yeah but 98% of the time

How do you measure this? It has no meaning.

...the problem is an old pattern of bits - and
the user that hasn't installed / updated antivirus SW.

Really? I don't hear of virus messes that happened 10 years
ago happening today. Antivirus programs generally tend to
be cumulative.


I think virus checking _by_ISP's_ should be much more common than
it is now.

I'm sure that most ISPs do as much as they legally and computationally
can.

.. It might even pay off directly - in terms of reduced demand
on mailservers.

The lastest one, if I understand the implementation correctly,
swamped the pipes denial of service notices. The strategy
counted on messages getting nixed.

Right now, I'm conducting a test using the assumption that
these threads are posted for harvesting purposes. Think
about that. :-)

The subject line was a spammed post.


/BAH

Subtract a hundred and four for e-mail.

In article ,
"Paul Blay" wrote:
wrote ...
In article ,
"Paul Blay" wrote:
wrote ...
(Starblade Darksquall) wrote:
Why can't we get an antivirus program that checks to see if an
incoming mail has a virus or not, and if it has one, automatically
deletes it?

They exist. The problem is that no defense software can anticipate
a new pattern of diabolical bits.

Yeah but 98% of the time

How do you measure this?

Didn't you know that eleventy four percent of all
statistics are made up on the spot?

Nope.


It has no meaning.

Sure it does.

No, it doesn't; not in the context you used it.


On the first day or so of the virus that is currently
arriving in about 30 posts /day to my email it was 'new'.
For that day or to it is reasonable that anti-virus
software wouldn't have been updated to recognise it.

So far, so good.


However having them _still_ being sent out at 30 posts per day some weeks
_after_ the virus was first released into the wild is a sure sign that
people aren't updating antivirus SW and aren't installing
security patches.

You just did a naughty. The goal of any anti-virus program is to
prevent infection; this does not imply prevent exposure.
This latest bug (to be left unnamed so harvesters cannot detect it)
is mailed out based on harvesting user-ids from newsgroups.
IOW, whoever can get messages about bigger pricks will get
the virus. In addition, the practice of faking fields to
pretend that legitimate ISPs were sending back denials is
swamping those ISPs. There's a site in D.C. that lost power
for a week because of the hurricane. When it came back up
it immediately shut down because it got overwhelmed with
virus effluvia.

/BAH


Subtract a hundred and four for e-mail.

wrote ...
In article ,
"Paul Blay" wrote:
wrote ...
(Starblade Darksquall) wrote:
Why can't we get an antivirus program that checks to see if an
incoming mail has a virus or not, and if it has one, automatically
deletes it?

They exist. The problem is that no defense software can anticipate
a new pattern of diabolical bits.

Yeah but 98% of the time

How do you measure this?

Didn't you know that eleventy four percent of all statistics are made up on
the spot?

It has no meaning.

Sure it does.

On the first day or so of the virus that is currently arriving in about 30
posts /
day to my email it was 'new'. For that day or to it is reasonable that
anti-virus
software wouldn't have been updated to recognise it.

However having them _still_ being sent out at 30 posts per day some weeks
_after_ the virus was first released into the wild is a sure sign that
people aren't
updating antivirus SW and aren't installing security patches.

wrote in message ...
In article ,

Really? I don't hear of virus messes that happened 10 years
ago happening today. Antivirus programs generally tend to
be cumulative.

I do. People forget to install AV software for example, or turn it off.



I think virus checking _by_ISP's_ should be much more common than
it is now.

I'm sure that most ISPs do as much as they legally and computationally
can.

Nope. Many do none what so ever.


.. It might even pay off directly - in terms of reduced demand
on mailservers.

The lastest one, if I understand the implementation correctly,
swamped the pipes denial of service notices. The strategy
counted on messages getting nixed.

Right now, I'm conducting a test using the assumption that
these threads are posted for harvesting purposes. Think
about that. :-)

The subject line was a spammed post.


/BAH

Subtract a hundred and four for e-mail.

wrote ...
In article ,
"Paul Blay" wrote:
wrote ...
It has no meaning.

Sure it does.

No, it doesn't; not in the context you used it.

"Most (probably well exceeding 98%) of current computer virus infections
and current virus laden email attachments are of 'known / old' code."

On the first day or so of the virus that is currently
arriving in about 30 posts /day to my email it was 'new'.
For that day or to it is reasonable that anti-virus
software wouldn't have been updated to recognise it.

So far, so good.

However having them _still_ being sent out at 30 posts per day some
weeks _after_ the virus was first released into the wild is a sure sign
that
people aren't updating antivirus SW and aren't installing
security patches.

You just did a naughty. The goal of any anti-virus program is to
prevent infection; this does not imply prevent exposure.

Er, the goals of any anti-virus program are to prevent infection _and_
to remedy infection when detected after the fact. The 'default setting'
of most anti-virus SW I've come across is a full scan automatically
once / day when the computer is otherwise not in use.

This latest bug (to be left unnamed so harvesters cannot detect it)
is mailed out based on harvesting user-ids from newsgroups.
IOW, whoever can get messages about bigger pricks will get
the virus. In addition, the practice of faking fields to
pretend that legitimate ISPs were sending back denials is
swamping those ISPs.

All of which actually come from _somebody's_ machine in the first
place. If these emails with _old_ viruses were being checked by
those people's ISPs I'd be getting some 30 posts a day less email.

In article ,
"Paul Blay" wrote:
wrote ...
In article ,
"Paul Blay" wrote:
wrote ...
snip

You just did a naughty. The goal of any anti-virus program is to
prevent infection; this does not imply prevent exposure.

Er, the goals of any anti-virus program are to prevent infection _and_
to remedy infection when detected after the fact. The 'default setting'
of most anti-virus SW I've come across is a full scan automatically
once / day when the computer is otherwise not in use.

Yes, I misspoke. It's to cure an infection. Prevention is
far more troublesome :-).


This latest bug (to be left unnamed so harvesters cannot detect it)
is mailed out based on harvesting user-ids from newsgroups.
IOW, whoever can get messages about bigger pricks will get
the virus. In addition, the practice of faking fields to
pretend that legitimate ISPs were sending back denials is
swamping those ISPs.

All of which actually come from _somebody's_ machine in the first
place. If these emails with _old_ viruses were being checked by
those people's ISPs I'd be getting some 30 posts a day less email.

It looks like harvesters keep restarting it.
This is an interesting change in tactics. Use the spammer
mentality to spread it.

/BAH

Subtract a hundred and four for e-mail.

In article ,
"Greg D. Moore \(Strider\)" wrote:

wrote in message ...
In article ,

Really? I don't hear of virus messes that happened 10 years
ago happening today. Antivirus programs generally tend to
be cumulative.

I do. People forget to install AV software for example, or turn it off.



I think virus checking _by_ISP's_ should be much more common than
it is now.

I'm sure that most ISPs do as much as they legally and computationally
can.

Nope. Many do none what so ever.

I don't think they can do much legally. Practically, I'm not
sure they do any checking before accepting bits; this is the
real time to prevent bit infection. What do you do with the
execptions to the rule? People have to be allowed to ship
a virus if there's going to be any work done to write anti-virus
code for it. Once you make one exception, you've created a hole.
/BAH

Subtract a hundred and four for e-mail.

In article ,
"Paul Blay" wrote:
wrote in message ...
In article ,
"Greg D. Moore \(Strider\)" wrote:

wrote in message
...
In article , [this was me -
Paul]

I think virus checking _by_ISP's_ should be much more common than
it is now.

I'm sure that most ISPs do as much as they legally and
computationally
can.

Nope. Many do none what so ever.

I don't think they can do much legally.

Sure they can. Otherwise they could hardly offer
it as a service could they?

Then it's a service that requires the user's explicit permission.
Allowing any entity carte blanche to sift all of your bits
without a search warrent is going (if not already) to be tested
in the courts.
If we're going to continue this discussion, please reduce your
right margin.

For example the host provider used for my work
email / web as a freebie has recently ...
"blocked all potential virus.scr and .pif attachments
being transmitted by our mail servers."
if you don't mind five quid per year then ...
"Incoming emails scanned for Viruses, Worms and Trojans"
is added.

Microsoft's web-based Hotmail automatically scans
all attachments for viruses before
allowing them to be downloaded.

Using whose code? MIsfot's? They don't have a sterling coding
reputations of quality.

Practically, I'm not sure they do any checking
before accepting bits; this is the
real time to prevent bit infection.

No it isn't.

Huh? Are you sure you read what I wrote?

How many email transmitted viruses rely on infecting
the /mailservers/ of ISPs ?

I didn't say anything about infecting ISPs. I said that the
only reliable place of preventing infections is to check bits
at the point of entry into the system running at the ISP, not
your site.

I wouldn't be rash enough to say "sod all" but I've
sure never heard of any.

You need to brush up on the cracks in Misoft's patch site.
Right now, I can see a daemon running on my ISP's computer trying
to get into my bits. It has a timeout of 30 seconds. It used
to start up at 7:00; this morning I got up at 4:15 and the bit
sniffing started at 5:00. If I were
running my OS, I'd even be able to see what the DTR is.



Client emails, sent or received, are unopened parcels
where only the address label is
examined - from the point of view of ISPs.

Sigh! It used to be that a court order had to be obtained
before bits could be read.


Besides infection is less than half the problem. I'm not
at risk from 'idiot viruses'
(that is those that rely on idiots clicking on an
attachment) but they can sure clog up my mailbox.

That's not the real problem either. The real problem is
making the highway a parking lot. Swamping the net with
traffic of useless humungous chunks affects the economies,
prevents timely reactions to unforeseen events, and
****es people off. People get grumpy. Grumpy people look
for somebody to blame and somebody for revenge.


People have to be allowed to ship
a virus if there's going to be any work done to write anti-virus
code for it.

Then they can send them in password-protected .zip files
(for example). How many
people want to send and/or get _live_ virus emails?

The legitimate ones? Testers. Debuggers. Virus detectors.
There are volunteers out there who monitor such things. They
have to look at the real thing in order to dehack it.

The illegitmate ones are those who are harventing live addresses
from these newsgroups and shipping the worms to/from them.


Once you make one exception, you've created a hole.

Then make no exceptions.

I don't know what biz you're in, but it sure ain't the computing
biz :-). Once upon a time, the only secure system was one that
had no wires going outside the computer room and didn't allow
the human beings to leave the room. Thus it was perfectly secure,
but useless computation. These days, with wireless
comm, I can baldly state that there is no such thing as a secure
system.

/BAH


Subtract a hundred and four for e-mail.

wrote in message ...
In article ,
"Greg D. Moore \(Strider\)" wrote:

wrote in message ...
In article , [this was me - Paul]

I think virus checking _by_ISP's_ should be much more common than
it is now.

I'm sure that most ISPs do as much as they legally and computationally
can.

Nope. Many do none what so ever.

I don't think they can do much legally.

Sure they can. Otherwise they could hardly offer it as a service could they?

For example the host provider used for my work email / web as a freebie has recently ...
"blocked all potential virus.scr and .pif attachments being transmitted by our mail servers."
if you don't mind five quid per year then ...
"Incoming emails scanned for Viruses, Worms and Trojans"
is added.

Microsoft's web-based Hotmail automatically scans all attachments for viruses before
allowing them to be downloaded.

Practically, I'm not sure they do any checking before accepting bits; this is the
real time to prevent bit infection.

No it isn't.

How many email transmitted viruses rely on infecting the /mailservers/ of ISPs ?
I wouldn't be rash enough to say "sod all" but I've sure never heard of any.

Client emails, sent or received, are unopened parcels where only the address label is
examined - from the point of view of ISPs.

Besides infection is less than half the problem. I'm not at risk from 'idiot viruses'
(that is those that rely on idiots clicking on an attachment) but they can sure clog
up my mailbox.

People have to be allowed to ship
a virus if there's going to be any work done to write anti-virus
code for it.

Then they can send them in password-protected .zip files (for example). How many
people want to send and/or get _live_ virus emails?

Once you make one exception, you've created a hole.

Then make no exceptions.

wrote ...
"Paul Blay" wrote:
All of which actually come from _somebody's_ machine in the first
place. If these emails with _old_ viruses were being checked by
those people's ISPs I'd be getting some 30 posts a day less email.

It looks like harvesters keep restarting it.
This is an interesting change in tactics. Use the spammer
mentality to spread it.

I dare say it will not be long before virus / spam combinations are the
norm.

As sending spam email on anything other than a 'opt-in' basis is becoming
illegal in more places [California being the latest, IIRC] sending your spam
via unsuspecting virus infected hosts could be a 'smart' move. (Heaven forefend!)