lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <404912DA.3040007@onryou.com> From: lists2 at onryou.com (Cael Abal) Subject: E-Mail viruses -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Curt Purdy wrote: >> Personally I'd dispute this solution's elegance, anything >> which requires substantial user behaviour change (and doesn't >> drastically improve the virus/worm situation across the board) >> is an ugly kludge. > > I would say that completely eliminating all virus infected > attachments, past/present/future without any further interaction by IT > dramatically improve the virus/worm situation across the board. The problem is, though, you're training your users and customers (likely at significant expense) to use some bizarre munging method to satisfy the whims of your particular mail gateway. Although it will stem the flow of incoming automated worms/viruses on your end, this will not help reduce virus/worm propagation anywhere else. This, to me, is not what I would call dramatically improving the virus/worm situation across the board. Think about the implementation nightmare. What will you do when someone attempts to send an attachment to one of your users? Will you fire off an automated response, instructing them to use your .xyz solution? How will you prevent sending notifications to forged From: addresses? Will you instead simply silently kill all attachments, passing the body of the message -- that's ugly too, it requires the recipient to notify the sender their attachment was blocked, describe your solution to them, and hope the attachment gets resent. Do you trust your users to accurately describe file renaming to other users? Are your users comfortable with the variety of OSes still out there? Are your users smart enough to realize they shouldn't start renaming attachments they send to other folks? Also, keep in mind your users will still get hammered by all those annoying e-mail virus/worm messages (sans executables), unless you also continue to implement an anti-virus scanner. Didn't you hope to be rid of that? Finally, what if you decide to change procedure in the future? Everything you've taught your users is completely useless to them, all that time and effort ends up being a complete writeoff, and you'll have to *untrain* them all. Your idea is interesting and certainly deserves further thought and discussion, but it's no panacea. Instead of implementing this particular solution (with all its costs), I'd instead recommend Old Faithful: 1) Continue following industry Best Practices. 2) Educate your users as best you can. In my mind this is much, much better (for everyone) in the long run. Sincerely, Cael -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (MingW32) iD8DBQFASRLaR2vQ2HfQHfsRAn2lAKCLVmeuD+RyFnccu88K8jWDXP0qHACfXlj1 ysYMFduEuVon2BUgdKhtwgk= =/sDh -----END PGP SIGNATURE-----
Powered by blists - more mailing lists