Re: Novarg

From: Greg A. Woods (
Date: 01/28/04

  • Next message: Robert Morales: "RE: Novarg"
    Date: Wed, 28 Jan 2004 17:30:34 -0500 (EST)
    To: "Jonathan A. Zdziarski" <>

    [ On Wednesday, January 28, 2004 at 12:05:26 (-0500), Jonathan A. Zdziarski wrote: ]
    > Subject: Re: Novarg
    > The best defense to viruses like this is user education.

    No, the _best_ defense against viruses and worms, especially the e-mail
    borne ones, is to not allow your users to run known vulnerable software
    in the first place.

    There's simply no excuse for any e-mail program ever trusting any code
    it receives from the network. A good e-mail program _will_not_allow_ a
    user to execute an attachment. Any user stupid enough to jump through
    all the hoops which would be necessary to manually execute an attachment
    deserves what they get. It's not hard to make such a manual process
    rather difficult and non-intuitive. The real problem is that vendors
    such as Microsoft have done exactly the opposite to what they should
    have done in designing and implementing their software systems.

    Sure there might be bugs in e-mail software which handles complex
    structures such as MIME, but those can be dealt with -- on the other
    hand trying to fix user behaviour is impossible. Sure you can educate
    them, but they'll still make mistakes -- the software _must_ make it
    very difficult for users to do damaging things to their systems.

    						Greg A. Woods
    +1 416 218-0098                  VE3TCP            RoboHack <>
    Planix, Inc. <>          Secrets of the Weird <>

  • Next message: Robert Morales: "RE: Novarg"