Re: FYI: Are you still looking for an excuse to block executable attachments?

From: Boring, Andrew (Andrew.Boring_at_MILLERZELL.COM)
Date: 01/27/04

  • Next message: tlarholm_at_PIVX.COM: "Re: GOOROO CROSSING: File Spoofing Internet Explorer 6" 
    Date:         Tue, 27 Jan 2004 16:37:49 -0500
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

    Nick FitzGerald wrote:

    > The trouble
    > is the admins who have decided that, to appease the
    > aforementioned belly-aching, mainly wannabe "power user"
    > crowd, they should let .ZIP files pass without scanning or at
    > least let them pass so long as they do not contain any known
    > malware. This is the gateway scanner equivalent of "opening

    And how many admins sign their own paychecks? Except for the consultants
    among us (and even they work for a client), we are required to appease
    our bosses (senior management, who really and truly do NOT want to
    understand the problem). You want to know what happens when I put my
    foot down and start rules-lawyering too much with company email? Client
    cannot email something to us, we lose billable project time, I get fired
    (or at least reprimanded). It's a very fine line to walk for some
    admins.

    This is ultimately a political and educational problem, NOT a technical
    problem. If this were merely a technical problem, I could solve it with
    a few open source tools (and I do) or a with few commercial licenses;
    and Microsoft and other commercial vendors would have fixed the
    technical problems on their end a loooong time ago (why again does
    [NT]Bugtraq exist?).

    In the corporate world, technology supports the business and the
    business processes. Any technology that interferes with that will not be
    permitted to stay operational by senior management. Yes, there are many
    admins who are not doing the simple minimum required to thwart these
    silly viruses, but how many admins are prohibited from doing the minimum
    in the first place? It's not enough for me to block attachments (which I
    do...mostly), I also need to stop outbound SMTP sessions from randomly
    infected computers (yep, client laptops on the premises!) from spreading
    more viruses to the Internet. But all this is merely damage control. For
    a corporate IT shop, the IT managers need to present a prevention
    process (which will include simple things like blocking attachments) to
    present to senior management. And ultimately, the true fix is for
    Microsoft (and other commercial vendors) to stop improving "Fisher-Price
    GUI" interfaces and to fix the underlying architecture that causes all
    these problems in the first place. And that won't come until IT
    management/admins (you and I) convince senior management to stop buying
    bad software. Only when someone's bottom line is at stake, will the
    technical-side of the problem truly even begin to be addressed. 

    --
Andrew Boring, Senior Network Engineer
Miller Zell Desktop Services
andrew.boring (*at*) millerzell.com
A Conservative is a Liberal who has been mugged.
A Liberal is a Conservative who has been arrested.
-----
NTBugtraq Editor's Note:
Most viruses these days use spoofed email addresses. As such, using an Anti-Virus product which automatically notifies the perceived sender of a message it believes is infected may well cause more harm than good. Someone who did not actually send you a virus may receive the notification and scramble their support staff to find an infection which never existed in the first place. Suggest such notifications be disabled by whomever is responsible for your AV, or at least that the idea is considered.
-----
  • Next message: tlarholm_at_PIVX.COM: "Re: GOOROO CROSSING: File Spoofing Internet Explorer 6"