Re: Anti-Spam ideas for usenet/list harvested email addresses
Paul Johnson <email@example.com> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> On Tue, Sep 23, 2003 at 04:16:02PM -0500, Ray wrote:
> > it seems to me the easiest solution would be for ISPs to have a
> > policy and software that supported the policy of no .exe .com .src
> > .pif .bat (etc...) attachments. any email will either be dropped or
> > have the attachment dropped and replaced with a short explination of
> > it being against policy and how to make a zip/gz/tar/whatever file if
> > they really want to send a .exe
> That's exactly what we want to do: force the user to open a tarball to
> figure out what's up. 8:oP Worm writers *will* adapt to this.
The problem is that the preview pane runs them automatically, If the
file has to be handled at any point such as unzipping a file (Many
windows users have no clue what a tar file is, and there's no reason
they should.) it usually breaks the chain. I believe MS started
defaulting to no executable by default a few viruses ago, with the
option to turn it back on, they need to turn it off and leave it off.
And stop hiding extensions.
> > perhaps if someone wrote the "don't f*&$ open me" virus and had it
> > go through a little tutorial about why not to open unknow attachments
> > have message go something like "I was foolish enough to open the
> > attachment, and since you are at risk of getting a message from me
> > with a virus, this attachment has forwarded itsself to you"
They just had an anti-virus virus, which was at least as bad as the
original. Pass thanks.
> Eh. The way I handled NIMDA and Code Red was to write a quick little
> script with the help of an actually clueful MCSE that ran through the
> apache error.log every hour and used wget to try and exploit the
> offending machine and wipe the drive. After a week of that, there
> were only four or five machines left that would go down for a few
> days, then start trying again for a few minutes until the top of the
> hour hit and got wiped again. Those morons had to have been
> reinstalling windows two or three times a week.
Ehh, you might have given the morons time to back up essential work,
and seperated all the machines, verified they were clean, patched them.
And educated the users, before putting them back on line. It would have
eliminated the need to reinstall multiple times on the same machine, and
it needed to be done anyhow.
I hope your boss authorized it, preferably in writing, or they have a
sense of humor. Otherwise I'd start looking for a job outside the IT
Registered Linux User #303915 http://counter.li.org/