At 2003-09-26T00:52:37Z, "Jacob Anawalt" <jacob@cachevalley.com> writes: > If thousands of people were personally emailing me virus laiden emails, > that's one thing, but that's not the case here. I'm getting thousands of > emails from copies of a virus that isn't opening O* to send it's mail. Same here, but they're from machines that were infected *by* an Outlook* user opening their mail. > I'm sure someone could pipe up about how it's hard to walk their > grandma/client through installing *zip, which unfortunatly is a valid > point. :( I disagree. I can't think of any reason why I'd be mailing an executable to someone instead of a URL to where they can download it themselves, with the exception of development collaboration among people experienced enough to use *zip. > Lets say all viruses start mailing zipped copies of themselves. They only > have to zip themselves once on the host machine then mail that copy. Now > we have to watch for a zip archive in mime data and unzip all mail to scan > it, or reject zipped files as well. :( I only think that'd be a problem *if* Microsoft built an unzip-then-execute-er into Windows (which is admittedly not implausible). Why? Because the first thing that gets permanently burned into your brain when you work in a tech support position is "people are lazy". I can almost guarantee that requiring an additional couple of clicks before a Trojan installer can be run would drop infection rates by 90%. I think a more solid long-term strategy would be to write mail clients that make it impossible to automatically perform any action on an attachment more advanced than displaying a picture. Want to play an attached MP3? Save it to your drive then load it. Want to open a .zip archive? Save it to your drive first. Refer back to "people are lazy". Removing the "One-Click (TM) Infection" vector would dramatically reduce trojan distribution. -- Kirk Strauser In Googlis non est, ergo non est.
Attachment:
pgp7rwQh8bnW7.pgp
Description: PGP signature