Re: Virus/adware/spyware -- is there all-in-one protection in one program?
From: cquirke (MVP Win9x) (cquirkenews_at_nospam.mvps.org)
Date: 06/25/04
- Next message: cquirke (MVP Win9x): "Re: Virus/adware/spyware -- is there all-in-one protection in one program?"
- Previous message: Jupiter Jones [MVP]: "Re: re-install Win XP - to get clean"
- In reply to: Alun Jones [MSFT]: "Re: Virus/adware/spyware -- is there all-in-one protection in one program?"
- Next in thread: Alun Jones [MSFT]: "Re: Virus/adware/spyware -- is there all-in-one protection in one program?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 25 Jun 2004 21:29:32 +0200
On Thu, 24 Jun 2004 13:57:48 -0700, "Alun Jones [MSFT]"
>"Lionel Fourquaux" <use.reply.to@no-spam.invalid> wrote in message
>> Alun Jones [MSFT] wrote:
>> > Yeah, but that would need to be put in place (as a proxy) between the
>> > email client and the email server, rather than be something that the
>> > email client could call.
>> Some antivirus programs work this way, to be sure they intercept the
>> emails before the client reads them.
>The ones I've used don't work this way very well.
Agreed! The general av-vs.-email problems I've seen include:
1) Loose ends with interposing av
Typically these take over the role of the email client, getting mail
from the ISP and sending mail to it. When the av app dies an
unnatural death (malware kills it, or userr deltrees it, or some file
system corruption eats it), email traffic can't cross the chasm.
Same sort of problems arise when user changes email app, ISP, or both
(e.g. new ISP is "installed" by running a CD setup that hijacks the
email app). Things fall apart.
2) Amputated email traffic
This is the "lost messages" thing. Let's say the email app initiates
the DUN connection and terminates it when it is done. It sends
outgoing messages to "the mail server", which in this case is the av
on the same PC. Having done so, it drops the line, and marks all
outgoing mail as sent (therefore doesn't try to send them again).
Meanwhile these messages are still being chewed on by the av, and when
the av's finally ready to send them, it can't because the line's
dropped. "We didn't get it!?" ' But I *did* send it! ' etc.
3) The av ate my mailbox
This isn't something I'd expect from an av that's interposing within
the email axis. It's more likely to result when someone does an
"automatically fix" av scan of the "entire system", and the av finds
malware within what it ASSumes is a temp or .EML file, and thus
"fixes" it by deleteing the infected "message". Trouble is, the file
it deletes is not just one "message" but an entire mailbox.
All sorts of av pose this risk to Eudora mailboxes, even though the
embedded malware poses no risk via Eudora whatsoever. For this reason
I set up filters to divert script- or iframe-containing mail to a
"risk" mailbox, so these never contaminate the "real" Inbox.
Attachments aren't a problem, as Eudora splits those out of the
mailboxes anyway, creating them elsewhere as loose files.
>------------ ----- ---- --- -- - - - -
The most accurate diagnostic instrument
in medicine is the Retrospectoscope
>------------ ----- ---- --- -- - - - -
- Next message: cquirke (MVP Win9x): "Re: Virus/adware/spyware -- is there all-in-one protection in one program?"
- Previous message: Jupiter Jones [MVP]: "Re: re-install Win XP - to get clean"
- In reply to: Alun Jones [MSFT]: "Re: Virus/adware/spyware -- is there all-in-one protection in one program?"
- Next in thread: Alun Jones [MSFT]: "Re: Virus/adware/spyware -- is there all-in-one protection in one program?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
