Re: Program that disables my anti-virus

From: Stefan Kanthak (postmaster_at_1.0.0.127.in-addr.arpa)
Date: 08/30/05 

Date: Tue, 30 Aug 2005 01:20:29 +0200

"Patrick Dickey" <pd1ckey43@msn.com.removethis> wrote:

> Stefan Kanthak wrote:
> > "Patrick Dickey" <pd1ckey43@msn.com.removethis> wrote:
> >
> > Your email address is wrong!
> > http://www.ietf.org/rfc/rfc1855.txt tells you netiquette.
>
> Thank you for the clarification on the RFC. However, I will point out
> to you that the date on that paper is 1995, not 2005. 10 years ago,
> they didn't have the spam problem that exists today. And there weren't
> bots designed to harvest e-mail addresses from newsgroups.

Go and inform yourself how the address harvesting bots work.
Reply-To: exists.
The RFC 1855 is still valid and hasn't been superceded.
The same holds for RFC 1036.

You only can use the net because some pioneers wrote standards and others
implemented their systems accordingly. If you think standards are not in
effect for you then please go away and build/use your own net!
 
> So, with all due respect, I'll keep my "wrong" method, since if you want
> to reply to me, you can remove the 'removethis' however, the spambot
> can't.

Clueless!
1. Just try to reply to your posting by email.
   Does your MUA display the email address or just the display name?
2. Harvesting bots can easily detect such simple munging and strip it.

> It gives me a false sense of security that any viruses I receive
> due to posting in public newsgroups, were DELIBERATELY sent out, and not
> just the result of a bot harvesting my e-mail address.

Clueless again.
Viruses are typically sent from end user systems where they lookup the
local address books and the browser caches.
Address harvesting bots scan newsgroups and web sites. And spammers then
use compromised computers like the one of the OP here to send SPAM. The
cause why spammers still can send SPAM are the myriads of 0wned Windows
boxes out there. Most providers/ISPs have long taken measures against
SPAM sent/relayed through their servers, so the spammers use botnets now.

> But, let's not start a flame war here. You have your opinion, and you
> also have the RFC to back you up. I have my opinion, and if I dig deep
> enough, I can find a security bulletin that suggests either NOT posting
> your real e-mail address in a public newsgroup, or putting some tag such
> as "No-Spam" or "RemoveThis" in to fool the bots. Which one supercedes
> which?

See the MSFT netiquette at http://support.microsoft.com/gp/ngnetikette/de/
The RFC is official. If you want it to be superceded: write an update and
submit it to the IETF.
Any moron who proposes to munge addresses is ... well, a moron.

> The original, which is old and doesn't take into consideration,
> the bots, or the new security method, which goes against the RFC?

www.rfc-ignorant.org exists.

> As for the rest of your post, yes you are correct there. I've read the
> page that you referred to. But, I'll ask you this question. If
> everything in that page is correct and absolute, then why is Microsoft
> providing an Anti-spyware program that 'removes existing spyware'? If
> the existing spyware has made the system untrustable, shouldn't MAS tell
> you to reformat instead of trying to remove something that they claim
> can't be guaranteed to have been removed completely? {This is purely a
> rhetorical question, as I'm pretty sure about the answer.}

Yes, any vendor who claims that his tool can remove malware (without to
tell that this is not possible in general) is wrong and lying to it's
customers. NOT TRUSTWORTHY, Microsoft.
And they speak with split tongue: the security pages for home users
typically claim that anti-X can remove malware, while the security pages
for professionals don't.

> One thing that we can both agree on is, that the OP should not be
> running in any type of administrative account. They should be running a
> limited account, with the ability to "Run As...." when needed, and have
> a computer administrator account set up with a password, so they can
> install programs and do administrative tasks. However, a fault IHMO of
> XP Home is that there is no "Administrator" account with a password, in
> case you can't log in as your other accounts. {Saying this, while
> realizing that Microsoft recommends renaming the Administrator account
> or disabling it in XP Pro}

XP Home's "Administrator" can be protected by a password too!
I can even remove the second account from the "Administrators" group.
CONTROL.EXE UserPasswords2 is the command.

And only clueless people at MSFT recommend to rename the Administrator
or Guest accounts. Search for the other papers of Jesper et. al. where
they show that "security through obscurity" ain't security at all.

Stefan

Quantcast