Re: Are We Addressing Cyber Crime Backwards


"Imhotep" <imhotep@xxxxxxxxxx> wrote in message
news:_qOdnSQLWqlbnfvZRVn-gg@xxxxxxxxxxxxxxx

Those viruses almost never come from people you know.

Bull "cookies". They come from anyone who is infected. It could be your
wife, a co-worker, a work mate or an old friend. A lot of those viruses
just simply look at your addressbook and send to everyone in it....

Most email viruses, both of these included, forge the from: address. If it
did come from a friend of yours, you'd never know it.

What kind of "security expert" double-clicks on a .BAT or .ZIP file
attached
to an undeliverable error message that begins "Dear user?" And then when

1) Where in the article does it say that she killed on a ".bat" file?

Based on the knowledge of how these two email viruses work. I can almost
see clicking on a ZIP file, if the text of the email was not too absurd.
Even then, I can't see an expert security author of ten years doing so
without antivirus installed, then shrugging and going about her business
when nothing happens.

2) Your are missing my point. Ask yourself something. Why couldn't a
mature
OS defend against a virus sent via email?

Any OS with antivirus does. The XP SP2 AES attachment feature does as well.
But no OS is going to prevent you from running a .ZIP file, nor should it.

3) Why is it that people like you, consistently blame the users for the
shortcomings of Microsoft products. This is an overused excuse that has
become quite lame....

Windows does exactly what the user tells it to do so. You want Windows to
read the email, figure out whether it is real or fake, and then prevent the
user from opening it, with 100% accuracy?

As I understand it, the main reason why *nix doesn't get infected with
viruses is because you can't double-click to launch email attachments based
on file extension, you have to save them to disk first. This may be
effective, but it's hardly advanced virus protection. It's probably also
the reason why most homes and businesses in America run Windows and not
*nix.

One legitimate complaint about Windows that leads to its insecurity is the
magic file type feature, where a virus author can rename a .COM or .WMF file
to .BAT or .PIF or .GIF and it still executes, regardless of the extension
and the icon being shown to the user. Another one is the feature that hides
file extensions and MIME types from the user, but uses them when making
decisions about executing files.

But at the same time, software like IE is in some ways coded far more
securely than all other browsers [for example, in its ability to resist
unexpectedly mangled HTML code like the one used by download.ject], and yet
IE's security suffers by being the most desirable target for attacks. The
point is, even when Microsoft does things right and codes things securely,
people don't notice the thousands of exploits that failed, just the ones
that succeeded.

Second, since the majority of viruses are a Microsoft problem, this
conversation is NOT off topic.

There is a separate newsgroup for viruses. Once again, this newsgroup is
for Microsoft customers seeking help. Most of the people you're talking to
[including myself] don't work for Microsoft and are here donating their
evenings and weekends to help people. You're not getting through to
Microsoft, or to Microsoft users by posting this stuff here.



.

Relevant Pages

  • Re: opinions about MS Vista
    ... I just received an email from a friend (Actually he is a windows lover). ... He attended a session organized by Microsoft to introduce the most recent ... Tell your mom to remind you to switch on your computer at a specified time. ...
    (Ubuntu)
  • Re: Microsoft: No responsibility accepted
    ... > Microsoft Corp. on Wednesday announced the creation of a $5 million fund ... > conviction of virus writers. ... > information that leads to the arrest of the authors of two recent viruses, ... Blaster exploited a hole in the Windows RPC DCOM ...
    (microsoft.public.security.virus)
  • Dual-boot w/ME vs. XP vs. W98se
    ... I have a friend that is currently dual-booting Debian Sarge with Windows ... 'bought and paid for' by Microsoft. ... " Bill Turner ...
    (Debian-User)
  • Re: Are We Addressing Cyber Crime Backwards
    ... consistently blaming users for the clear ... lack of security in Windows products is getting pretty old and lame... ... You cannot possibly disagree that the only way to get those viruses is by ... I don't think everything Microsoft does is ...
    (microsoft.public.security)
  • Re: Validation of XP
    ... Windows is no more "prone" to viruses & malware than any other OS that can ... or rather how does Microsoft fix this. ...
    (microsoft.public.windowsxp.general)