>: It's amazing how many people will
>: actually choose to execute the program.
>
>I'm not sure that it's -that- many. In any case, binary programs
: My experience is that it is.
: Windowing environments assume that users are ignorant and lead
: they by the nose; users respond by being ignorant and letting
: themselves be led by the nose. Until they are informed of
: the consequences.
Which is why I advocate education.
But let's not lose sight of what this thread started with -
discarding binary executables before they reach the user.
: Don't assume everyone is as technically savvy as the readers of
: this list. That doesn't make them ignorant, just uninformed.
: Bring thee matters, and the consequences, to their attention.
As a matter of fact, I wouldn't assume that readers of this list
are technically savvy in the virus area. Some are, many aren't.
I certainly wouldn't expect my users to be any more security-literate.
And how come I'm being flamed by one person for advocating education
and by another for -not- advocating education?
>sent as attachments aren't that common,
: compared to what? Word documents?
Precisely. Word documents are a different problem, and infinitely
more pressing than people passing binary executables as attachments,
which appeared to be the focus of the original message, as opposed to
data files with embedded macros. Blocking .EXEs etc. doesn't address the
Word problem because Word templates aren't exactly binary executables. If
you -do- start discarding attached Word/Excel documents, that's likely
to be an unacceptable hindering of your users' job function.
: Didn't I hear about macro-viruses?
Precisely. I've spent a lot of time on this list trying to get people
to think -realistically- about the macro virus problem in the context of
firewalls. I'm beginning to wonder why I've bothered.
: >and viruses or trojans passed
: >that way are even less common.
: How about memetic viruses?
A major problem. I've written papers on the subject. But not usually
encountered as a binary attachment.
: >-some- decisions. But do the best you can in the way of education and
: >making protective desktop software available, since the firewall
: >isn't the only entry point.
: It the firewall is NOT the only point of egress for your network
: you better think twice about it.
I'm actually talking about entry points, not egress. Outward bound
viruses are certainly a problem, but only if you don't have adequate
desktop protection. Essentially, viruses are a desktop problem, not a
network problem. Do I really have to say yet again that firewalls are,
in the context of viruses, at best a supplement to desktop protection?
I thought that was a consensus among the regulars by now.
: Or are you referring to people
: keying in stuff manually?
Not a major threat, but it happens.
: Floppies?
Of course. And CDs. And LANs. And binary disk images. Etcetera, etcetera,
etcetera. All the stuff that firewall admins don't necessarily have to
consider. But someone has to.
: Well, run a MAC, and have
: a scanner automatically triggered by inserting the floppy.
Ah, a Mac evangelist. B-)
Oddly enough, PC users have had access to equivalent functionality
for many years. However, I'm afraid you haven't just solved the
world's virus problems at a stroke. There's a lot more to virus
management than 'having a scanner', on Macs or PCs.
--
David Harley | alt.comp.virus FAQ
D .
Harley @
icrf .
icnet .
uk | & Anti-Virus Web Page
Support & Security Analyst | Folk London On-Line gig-list
Imperial Cancer Research Fund | http://webworlds.co.uk/dharley/
|
|
