Re: Are you still looking for an excuse to block executable attachments?
From: Tim Johnson (tjohnson_at_SANDISK.COM)
Date: Tue, 27 Jan 2004 07:41:32 -0800 To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
I think it is a bit naive to think that people can get rid of attachments altogether or require people to use a product like PGP. I mean, if they lack the intelligence to discriminate which attachments they should click on, how can we expect them to learn how to use PGP? And eliminating attachments altogether would require a level of creativity clearly beyond the average end user. Even if we are able to train our users, how can we train the rest of the world that is sending them legitimate emails? And FYI, I don't think there exists an AV product on the planet at this point that doesn't unzip compressed files and search inside of them. It's just that the first time an AV product deletes someone's legitimate email, every good thing they've done goes out the window. The sad truth is that we are stuck with a catch 22: on one side we have a genuine business need to sometimes receive executable attachments, and on the other there is the obvious lack of restraint that makes every user a potential detriment to the security and stability of your organization. Sure, if IT people ran the world we could come up with all kinds of nifty solutions to the overactive trigger fingers of our users, but in the real business world we don't always have that kind of control. To mock the frustration of those of us who have to deal with it is unnecesary. What we need are more solutions that fit the small to medium sized business that can't necessarily afford the out-of-the-box products that can eliminate 90% of these threats. Your script is a good start, but many businesses don't have anyone on staff with enough skill to customize it, or at least the confidence and competence to put that code on a production email server. I guess I don't have a solution myself here, the obvious would be for the software vendors to provide a simple method of filtering attachments in the email server itself, but we can't wait around for that to happen either.