Re: Why don't we all just end email viruses for good?
From: John Elsbury (john.elsbury_at_spamaway.clear.net.nz)
Date: 07/28/04
- Previous message: Ralph A. Jones: "Re: **Secure** Ftp server"
- In reply to: newdok: "Why don't we all just end email viruses for good?"
- Next in thread: Barry Margolin: "Re: Why don't we all just end email viruses for good?"
- Reply: Barry Margolin: "Re: Why don't we all just end email viruses for good?"
- Reply: Roman Werpachowski: "Re: Why don't we all just end email viruses for good?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 28 Jul 2004 09:46:21 GMT
On 27 Jul 2004 10:12:47 -0700, chs_peanut@yahoo.com (newdok) wrote:
>I think people can end email viruses without the agreement of
>blackhats. i think the solution is very simple: force users of email
>to set a flag before their email service will accept executable files
>or scripts in email, and cut all javascript and vbscript out of email
>messages before presenting them. that simple. would fix so many of the
>problems... because people would have to be expecting a exe for any
>worm to work, which would make the world a better place...
At the corporate level viruses and so on are a non-event: decent
e-mail content filtering can be shown to be functionally effective and
cost-effective and is (arguably) essential: it is easily within the
reach of large corporates. The same goes for spam. Viruses and
spam are therefore primarily a small-business and home-user problem.
What you are proposing doesn't fit with the POP protocol which most
home users use - this is because in the POP regime your ISP has
already accepted the e-mail from the sending MTA (in this case,
usually a trojaned PC) and is just holding it for you until you
connect and collect it. Setting a flag, therefore, can only be done
"on your behalf" at the ISP level (a flag set in your mail client
can't have any effect) and even if there was such a flag the sending
MTA (trojan) would probably ignore it. Your approach implies that
ISPs are going to have to maintain databases containing individual
user preferences and filter mail accordingly. This would be very
expensive and very risky for the ISP.
It would be a lot simpler and cheaper if all ISPs just refused to
accept e-mail traffic (smtp) from IP addresses (probably trojaned
boxes) on their own network sent to other networks - this is where
almost all the virus traffic, and much of the spam, comes from. They
would, of course, accept smtp traffic from their own customers with
static IP addresses (typically corporates), and from dynamic IPs where
the traffic is routed to their *own* mail servers. If enough ISPs
did that (and a few have already started to already) then the few that
don't would die on the vine, as nobody else would accept e-mail
traffic from them.
Please remove "nospam" from mailto address
when replying
- Previous message: Ralph A. Jones: "Re: **Secure** Ftp server"
- In reply to: newdok: "Why don't we all just end email viruses for good?"
- Next in thread: Barry Margolin: "Re: Why don't we all just end email viruses for good?"
- Reply: Barry Margolin: "Re: Why don't we all just end email viruses for good?"
- Reply: Roman Werpachowski: "Re: Why don't we all just end email viruses for good?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
