Thread: Virus/Worm email messages
View Single Post
  #36   Report Post  
Old September 22nd 03, 03:43 AM
Roger Halstead
 
Posts: n/a
Default
On Sun, 21 Sep 2003 12:28:16 GMT, "Dee D. Flint"
wrote:


"David or Jo Anne Ryeburn" wrote in message
...
In article , "Dee D.
Flint" wrote:

I've tried to trap them but the headers and senders, etc are all
different.


Waste of time. It *used* to work, but rarely will it now. Check the
IP, not the from address.

The "From:" lines are likely forged. Many such worms and viruses pick
recipients and purported senders randomly from the infected computer's

They also make them up, or combine several to make one.

Outlook or Outlook Express address list. If you want to see where the
message really is coming from, examine full headers carefully --
specifically, the "Received: from" lines

Look for the IP.


If you have a suggestion on how to stop them, please let us all in on
it.

Persuade the universe to cease using unsafe operating system software,
browsers, and e-mail programs coming from Redmond, WA ;-). UNIX, including
the version now marketed by Apple, is pretty safe.

Unfortunately this is not really the case.
There are no truly safe operating systems (and yes MS has a few more
problems than others), but the cases in point are not operating system
problems. They are mail and newsgroup reader problems and *nearly*
all can be prevented by properly configuring said programs. Turn off
the ability to read mail in HTML, don't let macros run, disable Java,
and above all don't open attachments until after verifying whoever
really sent it. This is particularly true if the thing came from some
one you know. How many times have you heard some one say, Oh, I don't
worry. I only open attachments from people I know. Now there is a
prime candidate for a virus.

MS operating systems are written for the masses. It depends on your
definition of computer literate, but unless you make the definition
very lenient there are few computer users who are computer literate.

In grad school I taught intro to Computer Science. It was one of
those courses where we taught them to turn 'em on, insert a disk, run
an app, save the date, and turn it off.

I had 195 students. 5 or so shouldn't have been in there as they knew
as much as I did and I was working on my masters in CS. Unfortunately
they fell into one of those cases where they had to take the course.
Another 5 or so were never going to survive that simple goal of the
class. The other 185 covered the spectrum in between. Oh...I had
about 10 that could type.

I'm not defending windows...What I am doing is trying to show where we
have gone wrong across the board and the unlikely prospect of it being
fixed soon...if ever.

Windows was designed to be user friendly. Any one who has done much
programming at all knows the more you work to make a "program" user
friendly the more difficult it becomes for the programmer. The
program becomes more complex. Sometimes much more complex and with
each increase in complexity comes an increase in the likely hood of
"side effects".

For those unfamiliar with the term, side effects are ... well...just
that...They are unexpected operations, outputs, or even capabilities
from a program, routine, or function that were not expected. Just
like side effects from a medication, only in this case it gives your
computer a case of diarrhea.

Windows was also designed to create a uniform environment for
programmers that would also simplify program design...I.E. The DLL,
or Dynamic Linked Library.

You can create a relatively small but capable program in Visual Basic,
or Visual C++. However, compile it into a stand alone program that
can be installed on other computers and it will become huge. It
includes all the needed DLLs. A 32 K program can easily become 10 or
20 megs. However when you install it the program will only install
DLLs that are newer than the ones on the computer. It will ask if you
want to install a DLL if the DLL is older than the one currently on
the computer. So that 32K program that turned into 9 megs may only
add a 100K or so to some computers.

Outlook and Outlook Express make use of these integrated functions, or
DLLs. Unfortunately they also come with the default settings

Which brings me to the main fault of windows. The one that most likely
will never be cured. US...You, me, who ever is at the keyboard, that
is where the main responsibility lies. We want HTML as it makes the
netzines look nice. We want it so we can send professional looking
letters and resumes even if it does have the capability of reporting
back to who ever sent you the unwanted e-mail. We want Java running.
It does do some neat things. We want macros enabled so when we
receive that database it will be displayed as the builder intended and
we only have to fill in the blanks. Never mind that the macro can do
anything on your computer that you can...probably more in most cases.

You can do all the education you want, but if the user wants to use
those functions/capabilities then they are going to use them whether
it opens their computer up to the whole wide world or not.

Virus checkers and spam botts are a necessity to keep track of many
things. Some reputable companies seem to be including trojans and spy
bots in their soft ware. That stuff lets them track your every move.
I have no idea as to why they'd want to track mine, but... "SpyBot
Search & Destroy" has found a number of them. In one year I received
over 250 copies of viruses and worms. BTW, SpyBot, Search & Destroy
is free and does a great job. The writer is just looking for
donations.

So, were Windows to disappear tomorrow, we might get a brief respite
from the viruses while the writers retrenched, but they would be back.
The users, still looking for functionality above all else would soon
be complaining about the security in the new OS, even though they had
been taught the principals of safe computing.


David, ex-W8EZE, whose computers are happily MS-free except for safe 11
year old versions of Word and Excel

In the computing world older is often not better. If word and excel
can run macros when you receive them, or load a document then they are
vulnerable. To top it off they can't read any of the documents from
newer versions. Old versions of Netscape are particularly bad, but
early Internet Explorer was no better. Being MS free is no guarantee
of safety.


If everyone switched to UNIX, the solution would be short-lived as the virus
writers would then switch to attacking it. Right now, they simply get more
"bang for the buck" by attacking Windows and it doesn't give them much of a
thrill to also go after UNIX system users or Apple computer users.

Yup! I have to admit that Unix/Linux, and Apple might be a bit more
work, but they are not immune. Once some one, or a group puts
together the tools in a package the script kiddies take over and use
them like an erector set.

Without going into details, Worms and viruses can be amazingly simple
to write. I wrote a worm as an under grad student. It was only on
paper. I gave it to my instructor and asked if we could try it on a
virtual machine. After studying the thing for just a couple of
minutes he said, I don't think we better try it. I gave him the
paper and said "You keep it". The simplest being the macro viruses.
OTOH, some of these things are getting pretty sophisticated. They
"call home" to see if there is an update to their code,or payload.
They don't always behave the same. Now we have some that don't
require user intervention if the default settings are such as to let
them loose.

Still, the vast majority depend on the "idiot" at the keyboard. IF
the user never opened the attachment without verification, never let
some one trick them into installing a patch from MS, or some other
company (those companies don't work that way), never deleted a file
because the official looking e-mail told them to do so, never
answered an e-mail asking them to update their account information,
(particularly when they ask for the account name), and actually
practiced safe computing the virus and worm problem would become a
relatively small irritation.

BTW, I've set here and watched the firewall report probes of the
ports. They would start, try a port, not get in, try the next port,
and repeat until they had gone through the whole list, and then start
over. It doesn't matter if you have one port, or 10,000. If you have
one open that is all it takes.

Contrary to government figures as to computer literacy, I doubt any
where near half the population could truly be called computer
literate. When it comes to computer savvy, I doubt more than 5 to
maybe 10% would qualify and I think 10% is really stretching it.

If 75 to 80% were really computer literate spam and viruses would not
be any where near the present problem. It's part ignorance and part
apathy...The old "It only happens to other people" syndrome. Kinda
like the immortal teenager in his invincible SUV. I drove half way
though one of those a couple of years back and shortened my Transam up
nearly two feet. (My last thoughts before impact we "Boy, I'll bet
this is gonna hurt") Surprisingly I wasn't even sore the next day,
but man was I punch for about a half an hour after the impact. I
don't think a 6-pack would have that much effect.

An aside to security...Using signed documents...Verisign recently
hijacked all the unused dot coms and a bunch of other extensions.
Type in a non existent URL and see where you end up. They get paid
for every so called click through. That means they get paid for every
invalid address typed. As a warning...You end up with the prompt for
a secure page and no graceful way to say no. IF you say Yes they
make money. In windows that just means using the program manager to
close the browser. And...Yes they are already getting sued.

Roger Halstead (K8RI EN73 & ARRL Life Member)
www.rogerhalstead.com
N833R World's oldest Debonair? (S# CD-2)

Dee D. Flint, N8UZE

Reply With QuoteReply With Quote