Great Circle Associates Firewalls
(April 1995) 		 
Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]
Subject: re: Self activating viriiiii
From: padgett @ tccslr . dnet . mmc . com (A. Padgett Peterson, P.E. Information Security)
Date: Fri, 21 Apr 95 21:40:59 -0400
To: "firewalls @ greatcircle . com"@UVS1.dnet.mmc.com 
rayg @
 gsco .
 com rote:
> There is no way that reading a text only e-mail message can 
> infect a computer. The only way that a virus could be spread in an e-mail 
> message is if the message has some form of binary attachment, which is detached,
>  and then executed by the receiver, or a virus is sent uuencoded in the text of 
> a message, and the receiver took the deliberate (and cumbersome) step of 
> decoding it and executing it. 

Shall I post my ASCII Christmas card again ? Point is that it can be done, 
but anyone with half a brane should become suspicious. Now that is referring
to a universal situation, a directed attack targetting a particular site
with a known set of applications might be a different story. 

The problem with the "Good Times" hoax is that like any negative, it is hard 
to disprove and reies on FUD for propagation. *I* know it is a hoax because
am eggspurt/egotistical enough to have faith that if it were real, I would
have seen it.

Further, today there is no universal translator. If someone said it is a virus
if you are on a PC and reading X with reader Y then... I'd have to check it 
out. Of course if that definate then anyone could check it out. The Christma
Exec worked because it was in a closed environment in which all systems were
essentially the same. The Morris worm worked because it targetted two common 
systems and only affected those systems. The Worms Against Nuclear Killers
targetted a specific system that, at the time, communicated only with like
(VMS) systems.

The fact is that the proliferation of different systems is a protection in
itself just as the plethora of anti-virus products, good-bad-indifferent,
is a protection in itself since in most cases a directed attack is infeasible.

The myriad of firewalls is similarly a strength. Mother nature has a habit
or trying out everything that may have a remote chance because we never know
all of the rules in advance.

With that in mind, here is Padgett's rule for detecting a hoax:
1) A single specific target can always be attacked by a single software
   attacker (may not succeed but has a good chance)
2) Two targets *might* be attacked if the wind is right & the crik don't rise.
3) Anyone who claims to attack three or more different mechanisms with a single
   program is probably a fool or has a different agenda.

Given this, "Good Times" is self-evidently #3.
						Warmly,
							Padgett
Indexed By Date Previous: Re: Terminology (was: Slip past the firewall?)
From: paul @ hawksbill . sprintmrn . com (Paul Ferguson)
Next: Re: firewall performance
From: "Marcus J. Ranum" <mjr @ tis . com>
Indexed By Thread Previous: denial of service attack by unsubscribers? !
From: Wulf Losee <WLosee @ Getty . Edu>
Next: Firewall running at T3 speeds
From: Phil Trubey <phil @ netpart . com>
Google
 
Search Internet Search www.greatcircle.com