| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <200403242035.04626.fulldisc@ultratux.org> From: fulldisc at ultratux.org (Maarten) Subject: viruses being sent to this list On Wednesday 24 March 2004 13:34, Gadi Evron wrote: > As I got a response from the managers, I am happy. And I took it off-list. I left this thread alone for a long time, partly since what I felt was already being said by others, and also partly because I consider myself new here so I mostly lurk 'n learn. ...However, I now want to contribute a bit. > The samples below could have been detected by any AV using signatures > alone. Thus, without any heuristics, not risking false positives or > requiring more time spent on moderation. Albeit a valid point, I still consider it irrelevant. It will _cost_ the listmaintainers/listowners, no matter how you turn it. It may be time spent in setting up and configuring, it maybe be cost incurred in browsing through logs. It may be extra CPU load due to scanning, it may be dealing with malcontent listusers or faults that -inevitably- will occur. God forbid, we may even one day get a witty worm variant that exploits a vulnerability in the virusscanner this list uses... at this point, nothing surprises me. And for what? I can see NO valid reason whatsoever that anyone can demand that a list take care of what they deliver through it. Here below are my reasons. For starters, any filtering on the content can open you up for lawsuits. For that same reason even ISPs are (well, were...) reluctant to install any filtering (be it mail, or on IP level). Once you do that, you prove that you have control over your content and the first RIAA or DMCA subpoena is in the mail already. Retaining any "common carrier" status is quite important. Especially for a list dealing with such [legally] delicate stuff as this one. This reason above, I feel, should be enough to seal the case in and by itself. However, I have another one: I think it is unreasonable to expect that anyone else than you yourself should be the gatekeeper of your own front door. If you fear viruses, you run a mailscanner. Your security, your burden. Not ours. I run a full non-windows environment since 1997 and I think it is unreasonable that we all make an effort just because some people choose to use "a somewhat less secure" environment. Yes, it IS your free choice. To follow the analogy, it is not normal for one to ask the mailman to bring a ladder with him, just because you have your mailbox mounted at the second floor. If you fear that pranksters might fsck up your mailbox, get a better protected mailbox. But don't burden the mailman (or the sender) with your own issues. If you dislike the ads that come a magazine you subscribed to, unsubscribe. It's that simple, really. Three parties can influence what gets through to your mailbox. The government (by passing a law that forces everybody to abide by it), yourself (of course) and your ISP (it is the only party you pay; thus the only one that you have (or can claim) any leverage with. And third, this is not your average list or forum, it really isn't called full-disclosure for nothing. Stuff _will_ be delivered here that you surely do not want to run in an uncontrolled environment. We all know this. Most of us walk on their toes here; if they didn't already read their mail in ascii-only mode -just because of the paranoia that often comes with this job- they may change their minds when they subscribe to FD. You know the sign... "Ye who enter here... yada yada yada". ;-) Well... this subject has been beaten to death, and I even helped a bit. I will now crawl back to the little internet-corner whence I came I guess :-) Maarten
Powered by blists - more mailing lists