On MovieTome: First Look: Jessica Alba in 'Machete'!
BNET Business Network:
BNET
TechRepublic
ZDNet
TalkBack 39 of 136:
Next »
« Previous
don't forget...
...the home user. No network policies or IT people in place there, and the home user *wants* the ability to install programs (executables) they buy at the store or download over the Internet.

A HUGE percentage of this trojan's spread came from these type of users. Yes, some companies got hit but many didn't due to policies (similar to those you discussed) and systems in place to defend against it, and those that did get hit due to lack of preparation -- or just really determined users happy -- have the people in place to correct it. Again, not so the home users.

Remember also, this trojan was not actually an executable in its original form ... it was a ZIP file. So, the email program saw a ZIP file (which is generally allowed) and allowed the attachment through. The user OPENED the ZIP file, and then EXECUTED the contained executable (not using the mail program, but using the ZIP program). Even if the ZIP program didn't allow execution like that, most users who had gone this far without seeing any red flags would have extracted the file from the ZIP, saved it to their drives, and THEN run it. Extra warnings at this point would most likely have been ignored, too; the user was determined to get to what was in that file. Sandboxes and other extra levels of protection might have helped, but this is hard to implement in practice (remember, the program in question is no longer the EMAIL program, it's the ZIP program, and opening ZIPs and executing things in them is a legitimate function with no way to check the original source of the ZIP file in question -- I might have saved the ZIP file from my email first and then opened it, rather than just bringing it in directly from email).

This is much more of a USER issue than it is actually a TECHNICAL issue; sure, we could make it harder for people to hurt themselves, but it STILL wouldn't stop this.
Posted by: pschroeder@...   Posted on: 02/03/04 You are currently: a Guest | Members login | Terms of Use
Reply to Story Reply to Message

Alert moderator to an offensive message

Subscribe to this discussion via Email or RSS

No, it shows Microsoft software is not working!!!  Bobby Sskcat | 02/03/04
You need a life....  DarbyOhara | 02/03/04
Flaming does not prove your point  Michael Kelly | 02/03/04
I'll give it a shot.  Immanuel Tranz-Mischen | 02/03/04
Excellent suggestion  pschroeder@... | 02/03/04
So why hasn't MS done this?  Immanuel Tranz-Mischen | 02/04/04
Good question  pschroeder@... | 02/04/04
Why wait 4 to 6 years?  Immanuel Tranz-Mischen | 02/04/04
waiting  pschroeder@... | 02/05/04
partly agree  ryusen | 02/03/04
Ask And Ye Shall Receive ...  coffeenite | 02/03/04
Please do go on  Michael Kelly | 02/03/04
Points  pschroeder@... | 02/03/04
More Points  coffeenite | 02/03/04
Deep browsers and ZIP programs  pschroeder@... | 02/03/04
Browsers, operating systems, and untrusted techies  Anton Philidor | 02/03/04
No, it proves that there is always a bigger idiot  nucrash | 02/03/04
Users aren't always that dumb ...  coffeenite | 02/03/04
...but, quite often, they are!  pschroeder@... | 02/03/04
Eh ....  coffeenite | 02/03/04
What to do?  Doug@... | 02/03/04
Do this  MarcB_z | 02/03/04
Sigh  pschroeder@... | 02/03/04
Get rid of ActiveX and VBA and 97% of the problem is solved  MarcB_z | 02/04/04
Neither of which would have solved THIS problem (NT)  pschroeder@... | 02/04/04
But that other 3% thingy would have (NT)  MarcB_z | 02/05/04
maybe ... except for the dumb user issue (NT)  pschroeder@... | 02/05/04
Fine for the corporate environment  jfrankcarr | 02/03/04
question  Hanover Phist | 02/03/04
...which...  pschroeder@... | 02/03/04
you are right  ryusen | 02/03/04
Save and execute no fix  wolf_z | 02/03/04
AMEN, Built-in SECURITY helps tho'  MarcB_z | 02/03/04
Ok, so then they should have rights to restrict what you can do on your pc?  TreborG2 | 02/03/04
I think they should be restricted  voska | 02/03/04
restrictions  ryusen | 02/03/04
Nobody said "restrict"  MarcB_z | 02/04/04
Restrict execs  Domb2 | 02/03/04
don't forget...  pschroeder@... | 02/03/04
Harder to hurt yourself/easier to effect others  Domb2 | 02/03/04
integration  pschroeder@... | 02/03/04
RE Integration  Domb2 | 02/03/04
RE RE integration  pschroeder@... | 02/03/04
re re re:  ryusen | 02/03/04
Integrated NOT EQUAL TO welded  MarcB_z | 02/04/04
Exactly.  bhanes@... | 02/03/04
Maybe we could return to non-executable mail?  Atlant | 02/03/04
Easy, get rid of VB & Office Macros  MarcB_z | 02/03/04
Lot's of systems use this technology  Heatlesssun | 02/03/04
Excel and Word are good reporting tools  jfrankcarr | 02/03/04
getting rid of useful features,  ryusen | 02/03/04
Microsft "solution" negates "useful" features  MarcB_z | 02/04/04
you don't get it... JPG & GIF can have embedded URLs!  TreborG2 | 02/03/04
Stupid Human Tricks  Squawkbox | 02/03/04
Actually ... Image files don't work that way  coffeenite | 02/03/04
Email should be just plain text  voska | 02/03/04
Files  pschroeder@... | 02/03/04
Even at that  bhanes@... | 02/03/04
Of all things...  rbethell | 02/03/04
spam filtering doesn't stop mail from *known* sources  TreborG2 | 02/03/04
{cough} change the OS {cough}  Xunil_Sierutuf | 02/03/04
still the wrong answer  TreborG2 | 02/03/04
good comments  Domb2 | 02/03/04
How about  bhanes@... | 02/03/04
The answer is so simple...  Heatlesssun | 02/03/04
Simpler solution  tic swayback | 02/03/04
to scan the attachment  Fred Flintsone | 02/03/04
Yes, I read it !  chawly | 02/09/04
funny thing about linux...  ryusen | 02/03/04
Suggested Solutions  Domb2 | 02/03/04
Other options  Letophoro | 02/03/04
And item 5  Domb2 | 02/03/04
Pop-up msg's worthless  Gasman_z | 02/03/04
Overrides are too common  Domb2 | 02/03/04
Let's agree and disagree  chawly | 02/09/04
The real story  usapride | 02/03/04
About enough  MkIIISupra | 02/03/04
license requirement  Domb2 | 02/03/04
Amen ... but apply that across the boards  pschroeder@... | 02/03/04
Nice post.....  Jose Jimenez | 02/03/04
problem with licencing  ryusen | 02/03/04
The NSA are fools?  B.O.F.H. | 02/03/04
well  bhanes@... | 02/03/04
Yes but .....  chawly | 02/09/04
Granted I only deal with SMB's  JoeMama_z | 02/03/04
It won't work  j.m.galvin | 02/03/04
I have one big problem with your statement  JoeMama_z | 02/03/04
ZIP files  pschroeder@... | 02/04/04
in my origional post....  JoeMama_z | 02/04/04
antivirus  pschroeder@... | 02/04/04
Unless your anti virus updates every day.  JoeMama_z | 02/05/04
Daily updates  pschroeder@... | 02/05/04
P.L.B.A.C. Virus  JoeMama_z | 02/05/04
So what was that MyDoom thingy  FilledOut | 02/03/04
What it was  tic swayback | 02/03/04
Sorry  FilledOut | 02/03/04
Hey Kids  Fred Flintsone | 02/03/04
It Shows that Microsoft Has Near-Zero Security  brenthawkinsmd | 02/03/04
What mail software has built in Virus protection?  PeteS_z | 02/03/04
some do not  JWatson77 | 02/06/04
Corporate vs. Home users  jfrankcarr | 02/03/04
What a sad state of affairs.  No_Ax_to_Grind | 02/03/04
Actually the Internet was a DoD/DARPA project...  B.O.F.H. | 02/03/04
It started well before that.  No_Ax_to_Grind | 02/03/04
History lesson  B.O.F.H. | 02/03/04
Interesting turn of events  tic swayback | 02/03/04
Just hilarious  nograin | 02/03/04
SpongeWare  pj-xmesh | 02/03/04
We'll let you answer the phone  jfrankcarr | 02/03/04
Stop it! You can't use common sense here!!!  No_Ax_to_Grind | 02/03/04
well...  yucantrak | 02/03/04
True  JWatson77 | 02/06/04
Short coming in MS products  grumpy_trumpy | 02/03/04
Short coming in Victoria Secrets products  No_Ax_to_Grind | 02/03/04
Linux - a Burka for your computer?  jfrankcarr | 02/03/04
You still don't "get it" do you.  No_Ax_to_Grind | 02/03/04
Well, to use another analogy  jfrankcarr | 02/03/04
Congratulations - you get it  Harry Bardal | 02/03/04
Product Flaws  tic swayback | 02/03/04
The point is, blaming the victim.  No_Ax_to_Grind | 02/03/04
Should the user shoulder any responsibility?  tic swayback | 02/03/04
But...  quietLee | 02/04/04
I agree  JWatson77 | 02/06/04
How's that again?  pschroeder@... | 02/03/04
No Spam from Zombie attackers  ratatat62 | 02/03/04
Education of the END USER is the only solution  morgaine2003 | 02/04/04
Why Email Executables?  dadon | 02/04/04
Business reasons  pschroeder@... | 02/04/04
Why Email Executables?  dadon | 02/05/04
FTP  pschroeder@... | 02/05/04
Fighting Fire With Fire  LAMski | 02/08/04
Fix Email, not OS  DGSteig | 02/09/04
Wrong solution! Wrong target! Wrong thinking!  harperwill@... | 02/09/04
problem is between keyboard and chair...  absentia | 02/09/04
my Doom  a8a09923@... | 02/09/04
Oh well, sh** happens ...  Shodan_z | 02/13/04

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

advertisement
advertisement

Meet Doc

  • Here to help you with your Document Management Needs
  • Doc is an enigma. Born to a Russian ballerina and a German electrical engineer, he grew up in various locations in the United States. He’s seen the insides of more brands, versions, and generations of printer and printer-related hardware than almost anyone.
  • To learn more about this mysterious figure check out his blog on ZDNet and his Workspace on TechRepublic. You’ll be glad you did.
  • Produced by
    ZDNet and