MyDoom sparks talks of security's future

TalkBack 14 of 136:: Next »; « Previous

Thread View
Flat View

More Points: 1 - We kind of agree on that one. I'll let it be.

2 - If the browser is not deeply tied to the OS, then please tell me how to uninstall it? If you can't uninstall it, please tell me how to keep it from running when I am (a.) browsing the file system, (b.) reading HTML mail, etc., etc., etc. How how to keep it from being re-enabled as my default whenever I apply patches? Also, ActiveX can be run from the browser, and it certainly can run system level OS commands. Maybe MS is telling a lie ... but it looks pretty tied in to me.

3 - On home PC's, I can't uninstall Outlook Express. If I use Outlook express, I have to watch out for the preview pane because scripts used to kick off. Thankfully, MS has fixed that recently. But still, there are a lot of machines out there that still work that way.

I don't see what a ZIP program has to do with anything? Typically, you have to actively click on things in ZIP programs. Much of what Windows does behind the scenes is automatic -- and THAT'S the issue.

4(a) - If I tell my users don't run EXE, VBS or BAT files they will usually listen. If they get something named "britney.jpg.exe" that shows up as "britney.jpg" --- well, you get the drift. How are they to know?

4(b.) - ActiveX isn't what caused the trojan to spread. However, I was addressing the original post about "give me some concrete examples".

4(c.) - Integrating applications as objects using well constructed interfaces is a good thing. Integrating apps using back-doors, unpublished APIs and scripts that run with system privs is a very, very bad thing.

First and foremost, the issue is with MS ... they are more worried about market share and writing the next "killer feature" ... they need to be concerned about stability and security. IMHO.; Posted by: coffeenite Posted on: 02/03/04 You are currently: a Guest | Members login | Terms of Use

Reply to Story Reply to Message

Alert moderator to an offensive message

Subscribe to this discussion via Email or RSS

No, it shows Microsoft software is not working!!! Bobby Sskcat | 02/03/04

You need a life.... DarbyOhara | 02/03/04

Flaming does not prove your point Michael Kelly | 02/03/04

I'll give it a shot. Immanuel Tranz-Mischen | 02/03/04

Excellent suggestion pschroeder@... | 02/03/04

So why hasn't MS done this? Immanuel Tranz-Mischen | 02/04/04

Good question pschroeder@... | 02/04/04

Why wait 4 to 6 years? Immanuel Tranz-Mischen | 02/04/04

waiting pschroeder@... | 02/05/04

partly agree ryusen | 02/03/04

Ask And Ye Shall Receive ... coffeenite | 02/03/04

Please do go on Michael Kelly | 02/03/04

Points pschroeder@... | 02/03/04

More Points coffeenite | 02/03/04

Deep browsers and ZIP programs pschroeder@... | 02/03/04

Browsers, operating systems, and untrusted techies Anton Philidor | 02/03/04

No, it proves that there is always a bigger idiot nucrash | 02/03/04

Users aren't always that dumb ... coffeenite | 02/03/04

...but, quite often, they are! pschroeder@... | 02/03/04

Eh .... coffeenite | 02/03/04

What to do? Doug@... | 02/03/04

Do this MarcB_z | 02/03/04

Sigh pschroeder@... | 02/03/04

Get rid of ActiveX and VBA and 97% of the problem is solved MarcB_z | 02/04/04

Neither of which would have solved THIS problem (NT) pschroeder@... | 02/04/04

But that other 3% thingy would have (NT) MarcB_z | 02/05/04

maybe ... except for the dumb user issue (NT) pschroeder@... | 02/05/04

Fine for the corporate environment jfrankcarr | 02/03/04

question Hanover Phist | 02/03/04

...which... pschroeder@... | 02/03/04

you are right ryusen | 02/03/04

Save and execute no fix wolf_z | 02/03/04

AMEN, Built-in SECURITY helps tho' MarcB_z | 02/03/04

Ok, so then they should have rights to restrict what you can do on your pc? TreborG2 | 02/03/04

I think they should be restricted voska | 02/03/04

restrictions ryusen | 02/03/04

Nobody said "restrict" MarcB_z | 02/04/04

Restrict execs Domb2 | 02/03/04

don't forget... pschroeder@... | 02/03/04

Harder to hurt yourself/easier to effect others Domb2 | 02/03/04

integration pschroeder@... | 02/03/04

RE Integration Domb2 | 02/03/04

RE RE integration pschroeder@... | 02/03/04

re re re: ryusen | 02/03/04

Integrated NOT EQUAL TO welded MarcB_z | 02/04/04

Exactly. bhanes@... | 02/03/04

Maybe we could return to non-executable mail? Atlant | 02/03/04

Easy, get rid of VB & Office Macros MarcB_z | 02/03/04

Lot's of systems use this technology Heatlesssun | 02/03/04

Excel and Word are good reporting tools jfrankcarr | 02/03/04

getting rid of useful features, ryusen | 02/03/04

Microsft "solution" negates "useful" features MarcB_z | 02/04/04

you don't get it... JPG & GIF can have embedded URLs! TreborG2 | 02/03/04

Stupid Human Tricks Squawkbox | 02/03/04

Actually ... Image files don't work that way coffeenite | 02/03/04

Email should be just plain text voska | 02/03/04

Files pschroeder@... | 02/03/04

Even at that bhanes@... | 02/03/04

Of all things... rbethell | 02/03/04

spam filtering doesn't stop mail from *known* sources TreborG2 | 02/03/04

{cough} change the OS {cough} Xunil_Sierutuf | 02/03/04

still the wrong answer TreborG2 | 02/03/04

good comments Domb2 | 02/03/04

How about bhanes@... | 02/03/04

The answer is so simple... Heatlesssun | 02/03/04

Simpler solution tic swayback | 02/03/04

to scan the attachment Fred Flintsone | 02/03/04

Yes, I read it ! chawly | 02/09/04

funny thing about linux... ryusen | 02/03/04

Suggested Solutions Domb2 | 02/03/04

Other options Letophoro | 02/03/04

And item 5 Domb2 | 02/03/04

Pop-up msg's worthless Gasman_z | 02/03/04

Overrides are too common Domb2 | 02/03/04

Let's agree and disagree chawly | 02/09/04

The real story usapride | 02/03/04

About enough MkIIISupra | 02/03/04

license requirement Domb2 | 02/03/04

Amen ... but apply that across the boards pschroeder@... | 02/03/04

Nice post..... Jose Jimenez | 02/03/04

problem with licencing ryusen | 02/03/04

The NSA are fools? B.O.F.H. | 02/03/04

well bhanes@... | 02/03/04

Yes but ..... chawly | 02/09/04

Granted I only deal with SMB's JoeMama_z | 02/03/04

It won't work j.m.galvin | 02/03/04

I have one big problem with your statement JoeMama_z | 02/03/04

ZIP files pschroeder@... | 02/04/04

in my origional post.... JoeMama_z | 02/04/04

antivirus pschroeder@... | 02/04/04

Unless your anti virus updates every day. JoeMama_z | 02/05/04

Daily updates pschroeder@... | 02/05/04

P.L.B.A.C. Virus JoeMama_z | 02/05/04

So what was that MyDoom thingy FilledOut | 02/03/04

What it was tic swayback | 02/03/04

Sorry FilledOut | 02/03/04

Hey Kids Fred Flintsone | 02/03/04

It Shows that Microsoft Has Near-Zero Security brenthawkinsmd | 02/03/04

What mail software has built in Virus protection? PeteS_z | 02/03/04

some do not JWatson77 | 02/06/04

Corporate vs. Home users jfrankcarr | 02/03/04

What a sad state of affairs. No_Ax_to_Grind | 02/03/04

Actually the Internet was a DoD/DARPA project... B.O.F.H. | 02/03/04

It started well before that. No_Ax_to_Grind | 02/03/04

History lesson B.O.F.H. | 02/03/04

Interesting turn of events tic swayback | 02/03/04

Just hilarious nograin | 02/03/04

SpongeWare pj-xmesh | 02/03/04

We'll let you answer the phone jfrankcarr | 02/03/04

Stop it! You can't use common sense here!!! No_Ax_to_Grind | 02/03/04

well... yucantrak | 02/03/04

True JWatson77 | 02/06/04

Short coming in MS products grumpy_trumpy | 02/03/04

Short coming in Victoria Secrets products No_Ax_to_Grind | 02/03/04

Linux - a Burka for your computer? jfrankcarr | 02/03/04

You still don't "get it" do you. No_Ax_to_Grind | 02/03/04

Well, to use another analogy jfrankcarr | 02/03/04

Congratulations - you get it Harry Bardal | 02/03/04

Product Flaws tic swayback | 02/03/04

The point is, blaming the victim. No_Ax_to_Grind | 02/03/04

Should the user shoulder any responsibility? tic swayback | 02/03/04

But... quietLee | 02/04/04

I agree JWatson77 | 02/06/04

How's that again? pschroeder@... | 02/03/04

No Spam from Zombie attackers ratatat62 | 02/03/04

Education of the END USER is the only solution morgaine2003 | 02/04/04

Why Email Executables? dadon | 02/04/04

Business reasons pschroeder@... | 02/04/04

Why Email Executables? dadon | 02/05/04

FTP pschroeder@... | 02/05/04

Fighting Fire With Fire LAMski | 02/08/04

Fix Email, not OS DGSteig | 02/09/04

Wrong solution! Wrong target! Wrong thinking! harperwill@... | 02/09/04

problem is between keyboard and chair... absentia | 02/09/04

my Doom a8a09923@... | 02/09/04

Oh well, sh** happens ... Shodan_z | 02/13/04

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

Three Steps You Need to Know to Stop Data Loss Varonis Sensitive data exposed to misuse or loss... it is the stuff of nightmares ... Download Now
Reducing Server Total Cost of Ownership with VMware Virtualization Software VMware VMware virtualization enables customers to reduce their server TCO and ... Download Now
Five Steps to Determine When to Virtualize YourServers VMware Server virtualization isn't just for big companies. Entry-level ... Download Now

Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors

Enterprise Applications

Check out some of the easiest and most powerful ways to boost productivity while saving money on your application infrastructure. See ZDNet's comprehensive Enterprise Application resource center, now!

New Online Dashboard

Read about top issues IT decision-makers face every day, plus get cost effective solutions to real life IT problems. Oracle Topline

Read the original story

MyDoom sparks talks of security's future

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors

Enterprise Applications

Blogs

Product Reviews

Videos

White Papers and Webcasts

Downloads

More

ZDNet News & Blogs

Product Reviews

Product Blogs

White Papers & Webcasts

Downloads