| Home |
| Search |
| Today's Posts |
|
#31
September 21st 03, 05:57 PM
|
|||
|
|||
Virus/Worm - What is it?
73!, Alexander, DL1PBD |
|
#33
September 21st 03, 07:31 PM
|
|||
|
|||
|
On Sun, 21 Sep 2003 10:08:46 -0500, 'Doc wrote:
Cecil, Each antivirus program is different, but most have an email checking option, both incoming and outgoing email. That option should be activated. The options for email checking vary, some require that you decide what to do about an infected email, some will 'clean' it automatically or get rid of it in some way. Which method you choose is up to you. Firewalls are even more varied than antivirus programs and are a real P.I.T.A. to set up correctly. so R.T.F.M. is the key with them. It also depends on the programs/TSR's you use. Some are not safe at all. Richard listed a site in his post that is very very good about telling you the how/what/where about spamming and virus/worm/?? activities. The utilities on that site work, are a good idea, and I recommend them. 'Doc PS - These virus 'floods' are still a P.I.T.A. and I have to delete them, but they stand NO chance of infecting my machine. Hi Doc, To again offer that link: http://grc.com/default.htm to obtain security fixes BEFORE the viruses are diagnosed through autopsy. I've been living quite free of these problems (aside from stupid Comcast) WITHOUT ONE MS security (sic) upgrade for 8 years. I also have not used an "antivirus" program in 12 years. In that same time I have probably downloaded several 10's of GB of software, run it, kept some, discarded most, and to no ill effect. In fact, I am probably my own worst enemy when some 15 years ago I was writing a file interface where one wrong bit erased my hard drive before my jaw could sag. Yesterday only two (2) emails arrived and were caught by one of 7 email filters in my purchased version of Agent - all of them set to trash porn. No other email at all (pretty slow day). They may have been part of this latest Virus, perhaps not, I will never know and I don't care either way. Clearly 80% of those who suffer and complain have some sort of Masochistic need to feed their habit. The folks at Agent are about to release version 2 which will have many more configurable features like multiple accounts support, multiple connection support, folders within folders (for hierarchal email and article storage) and all while maintaining a safe separation between sanity and MS. I will only have to pay an upgrade fee, but I would buy into it full price without hesitation. I also use Agnitum Outpost Firewall. Visit: http://www.agnitum.com/ This blows away nearly all the ads that fill up the browser display (leaving only their default titles as links). When an ad slips through to annoy me, I just add it to the list Outpost ignores downloading. I can set any application's level of trust and block traffic in configurable settings (however, default Outpost works quite well out of the box) - and this is the FREE version. 73's Richard Clark, KB7QHC |
|
#34
September 21st 03, 09:04 PM
|
|||
|
|||
|
On 20 Sep 2003 21:45:27 -0700, (Mark Keith) wrote:
"Ed Price" wrote in message I don't recall anything in Gates' career that's equivalent to the present worm attack. Do you have any factual backup for your off-hand slander? Ed WB6WSN Well, as far as I'm concerned, he had as much hand in it as anyone. If his company would quit selling reader software with enough holes to qualify as swiss cheese, many of these macro viruses wouldn't have a leg to stand on. I've had 100's of server returns accusing me of spreading viruses, and also that I'm running Microsoft Outlook Express 6.00.2600.0000. But this is not the case. I use old bulletproof netscape 3.1 to read mail. These viruses are a non issue to me. Why I would respectfully suggest that you upgrade to one of the later versions of Netscape. 3.1 is about as open to giving out your information as any produced. I run Netscape, Mozilla (slightly different but Netscape used a Mozilla core) Thunderbird, and Pearl. are they an issue to a software that is supposed to be a step up from the ancient reader I'm using? If everyone would quit running Billware 6.00.2600.0000, we could nip this macro virus thing in the bud. If every one would practice safe computing even Bill Ware would work well. Probably would stop 90% of it overnight. Heck, with all the latest The users alone could prevent more than that. Remember that in *most* cases they worms and viruses require the user to run them. Only recently have the true viruses that run when you read them become much of a problem. holes in these new win OS's they are spitting out, I'm temped to stay It's not the OS. IT's the mail and news readers and even then it's more of a problem with the default settings. It's also a lack of firewalls and virus checkers. If people would just turn off java, HTML, the automated entry of addresses into their address books, turn off the ability to automatically run macros when opening a document, and not run attachments until they verify who ever sent it did so on purpose. there would be few successful viruses. It's a knee jerk reaction to blame the OS (which do have lots of holes in them), but in reality the blame for well over 90% of the problem comes directly from us...the users. How many people have you heard state that "they" only open attachments from people they know. That virus, or worm had to get the address form some where and it was in some ones address book. with win98 a few more years. MK The new ones are no worse than 98, or 98 SE. And the early versions of Netscape were terrible for leaking information about the user. Computer People forget that over 90% of computer users are clueless. Roger K8RI (Retired computer systems project manager) Roger Halstead (K8RI EN73 & ARRL Life Member) www.rogerhalstead.com N833R World's oldest Debonair? (S# CD-2) |
|
#35
September 22nd 03, 02:33 AM
|
|||
|
|||
|
Your Unix people told you wrong. Mail worms were invented back before
Outlook, in a primarily unix based internetwork. "bright Indian programmers" do not exist. If you are going to count on that craphole of a place to produce anything usable, then you have a hard wake up coming. A nation without flush toilets is hardly technologically advanced to write an OS of any merit...just think...those idiots have nuclear weapons...probably aimed at themselves. Mac...just what is Bill style? "J. McLaughlin" wrote in message ... Dear Mr. Flint and group: I am told by knowledgeable UNIX people (another partitioning of the world) that the structure of UNIX is such that attacks can not be successful. I am told that there are only three ports into/outof UNIX modules and it is simple to guard them. The Bill ware OSs allow all sorts of back doors and side doors and over-the-transom ports. What I do not understand is why someone has not funded a set of bright Indian programmers to produce an OS that can execute Window programs without committing the errors made by Bill's people. There is a Unix based program that is able to execute some, well behaved Windows programs. I threaten my students with eternal haunting if they ever write a control program in Bill style. 73 Mac N8TT -- J. Mc Laughlin - Michigan USA Home: "Dee D. Flint" wrote in message .com... "David or Jo Anne Ryeburn" wrote in message ... In article , "Dee D. Flint" wrote: snip Persuade the universe to cease using unsafe operating system software, browsers, and e-mail programs coming from Redmond, WA ;-). UNIX, including the version now marketed by Apple, is pretty safe. David, ex-W8EZE, whose computers are happily MS-free except for safe 11 year old versions of Word and Excel If everyone switched to UNIX, the solution would be short-lived as the virus writers would then switch to attacking it. Right now, they simply get more "bang for the buck" by attacking Windows and it doesn't give them much of a thrill to also go after UNIX system users or Apple computer users. Dee D. Flint, N8UZE |
|
#36
September 22nd 03, 03:43 AM
|
|||
|
|||
|
On Sun, 21 Sep 2003 12:28:16 GMT, "Dee D. Flint"
wrote: "David or Jo Anne Ryeburn" wrote in message ... In article , "Dee D. Flint" wrote: I've tried to trap them but the headers and senders, etc are all different. Waste of time. It *used* to work, but rarely will it now. Check the IP, not the from address. The "From:" lines are likely forged. Many such worms and viruses pick recipients and purported senders randomly from the infected computer's They also make them up, or combine several to make one. Outlook or Outlook Express address list. If you want to see where the message really is coming from, examine full headers carefully -- specifically, the "Received: from" lines Look for the IP. If you have a suggestion on how to stop them, please let us all in on it. Persuade the universe to cease using unsafe operating system software, browsers, and e-mail programs coming from Redmond, WA ;-). UNIX, including the version now marketed by Apple, is pretty safe. Unfortunately this is not really the case. There are no truly safe operating systems (and yes MS has a few more problems than others), but the cases in point are not operating system problems. They are mail and newsgroup reader problems and *nearly* all can be prevented by properly configuring said programs. Turn off the ability to read mail in HTML, don't let macros run, disable Java, and above all don't open attachments until after verifying whoever really sent it. This is particularly true if the thing came from some one you know. How many times have you heard some one say, Oh, I don't worry. I only open attachments from people I know. Now there is a prime candidate for a virus. MS operating systems are written for the masses. It depends on your definition of computer literate, but unless you make the definition very lenient there are few computer users who are computer literate. In grad school I taught intro to Computer Science. It was one of those courses where we taught them to turn 'em on, insert a disk, run an app, save the date, and turn it off. I had 195 students. 5 or so shouldn't have been in there as they knew as much as I did and I was working on my masters in CS. Unfortunately they fell into one of those cases where they had to take the course. Another 5 or so were never going to survive that simple goal of the class. The other 185 covered the spectrum in between. Oh...I had about 10 that could type. I'm not defending windows...What I am doing is trying to show where we have gone wrong across the board and the unlikely prospect of it being fixed soon...if ever. Windows was designed to be user friendly. Any one who has done much programming at all knows the more you work to make a "program" user friendly the more difficult it becomes for the programmer. The program becomes more complex. Sometimes much more complex and with each increase in complexity comes an increase in the likely hood of "side effects". For those unfamiliar with the term, side effects are ... well...just that...They are unexpected operations, outputs, or even capabilities from a program, routine, or function that were not expected. Just like side effects from a medication, only in this case it gives your computer a case of diarrhea. Windows was also designed to create a uniform environment for programmers that would also simplify program design...I.E. The DLL, or Dynamic Linked Library. You can create a relatively small but capable program in Visual Basic, or Visual C++. However, compile it into a stand alone program that can be installed on other computers and it will become huge. It includes all the needed DLLs. A 32 K program can easily become 10 or 20 megs. However when you install it the program will only install DLLs that are newer than the ones on the computer. It will ask if you want to install a DLL if the DLL is older than the one currently on the computer. So that 32K program that turned into 9 megs may only add a 100K or so to some computers. Outlook and Outlook Express make use of these integrated functions, or DLLs. Unfortunately they also come with the default settings Which brings me to the main fault of windows. The one that most likely will never be cured. US...You, me, who ever is at the keyboard, that is where the main responsibility lies. We want HTML as it makes the netzines look nice. We want it so we can send professional looking letters and resumes even if it does have the capability of reporting back to who ever sent you the unwanted e-mail. We want Java running. It does do some neat things. We want macros enabled so when we receive that database it will be displayed as the builder intended and we only have to fill in the blanks. Never mind that the macro can do anything on your computer that you can...probably more in most cases. You can do all the education you want, but if the user wants to use those functions/capabilities then they are going to use them whether it opens their computer up to the whole wide world or not. Virus checkers and spam botts are a necessity to keep track of many things. Some reputable companies seem to be including trojans and spy bots in their soft ware. That stuff lets them track your every move. I have no idea as to why they'd want to track mine, but... "SpyBot Search & Destroy" has found a number of them. In one year I received over 250 copies of viruses and worms. BTW, SpyBot, Search & Destroy is free and does a great job. The writer is just looking for donations. So, were Windows to disappear tomorrow, we might get a brief respite from the viruses while the writers retrenched, but they would be back. The users, still looking for functionality above all else would soon be complaining about the security in the new OS, even though they had been taught the principals of safe computing. David, ex-W8EZE, whose computers are happily MS-free except for safe 11 year old versions of Word and Excel In the computing world older is often not better. If word and excel can run macros when you receive them, or load a document then they are vulnerable. To top it off they can't read any of the documents from newer versions. Old versions of Netscape are particularly bad, but early Internet Explorer was no better. Being MS free is no guarantee of safety. If everyone switched to UNIX, the solution would be short-lived as the virus writers would then switch to attacking it. Right now, they simply get more "bang for the buck" by attacking Windows and it doesn't give them much of a thrill to also go after UNIX system users or Apple computer users. Yup! I have to admit that Unix/Linux, and Apple might be a bit more work, but they are not immune. Once some one, or a group puts together the tools in a package the script kiddies take over and use them like an erector set. Without going into details, Worms and viruses can be amazingly simple to write. I wrote a worm as an under grad student. It was only on paper. I gave it to my instructor and asked if we could try it on a virtual machine. After studying the thing for just a couple of minutes he said, I don't think we better try it. I gave him the paper and said "You keep it". The simplest being the macro viruses. OTOH, some of these things are getting pretty sophisticated. They "call home" to see if there is an update to their code,or payload. They don't always behave the same. Now we have some that don't require user intervention if the default settings are such as to let them loose. Still, the vast majority depend on the "idiot" at the keyboard. IF the user never opened the attachment without verification, never let some one trick them into installing a patch from MS, or some other company (those companies don't work that way), never deleted a file because the official looking e-mail told them to do so, never answered an e-mail asking them to update their account information, (particularly when they ask for the account name), and actually practiced safe computing the virus and worm problem would become a relatively small irritation. BTW, I've set here and watched the firewall report probes of the ports. They would start, try a port, not get in, try the next port, and repeat until they had gone through the whole list, and then start over. It doesn't matter if you have one port, or 10,000. If you have one open that is all it takes. Contrary to government figures as to computer literacy, I doubt any where near half the population could truly be called computer literate. When it comes to computer savvy, I doubt more than 5 to maybe 10% would qualify and I think 10% is really stretching it. If 75 to 80% were really computer literate spam and viruses would not be any where near the present problem. It's part ignorance and part apathy...The old "It only happens to other people" syndrome. Kinda like the immortal teenager in his invincible SUV. I drove half way though one of those a couple of years back and shortened my Transam up nearly two feet. (My last thoughts before impact we "Boy, I'll bet this is gonna hurt") Surprisingly I wasn't even sore the next day, but man was I punch for about a half an hour after the impact. I don't think a 6-pack would have that much effect. An aside to security...Using signed documents...Verisign recently hijacked all the unused dot coms and a bunch of other extensions. Type in a non existent URL and see where you end up. They get paid for every so called click through. That means they get paid for every invalid address typed. As a warning...You end up with the prompt for a secure page and no graceful way to say no. IF you say Yes they make money. In windows that just means using the program manager to close the browser. And...Yes they are already getting sued. Roger Halstead (K8RI EN73 & ARRL Life Member) www.rogerhalstead.com N833R World's oldest Debonair? (S# CD-2) Dee D. Flint, N8UZE |
|
#37
September 22nd 03, 03:47 AM
|
|||
|
|||
|
On Sun, 21 Sep 2003 10:13:26 -0600, wrote:
On Sun, 21 Sep 2003 00:37:03 -0700, "Ed Price" wrote: In other words, nothing factual, just "as far as I'm concerned." Thank you for your rant. That was no rant, and pretty factual. Microsoft has left security hole after security hole. Further, almost none of this would happen if people would stop using Outlook and Outlook Express for mail. A Outlook and OE are both capable of operating as text based if the user would set the defaults properly. When configured so they are just as resistant to attack as the other text based readers. They are every bit as capable as Agent which I happen to be using here as I prefer the way it handles newsgroups better than the other two. Roger Halstead (K8RI EN73 & ARRL Life Member) www.rogerhalstead.com N833R World's oldest Debonair? (S# CD-2) good text based email and news program like Agent goes a long way toward preventing both accidental infection and spreading of the trash that currently pollutes the system so heavily. Eudora used to be good also, but I haven't used it in almost 10 years so it could have given in to the weaknesses by now. gm |
|
#38
September 22nd 03, 03:56 AM
|
|||
|
|||
|
On Sat, 20 Sep 2003 19:35:23 -0500, "RB" wrote:
The virus is in the original attachments and at the web site the text urges you to download. If you don't open the attachment, or download the "security patch", you won't get the virus. However, you will get floods of this kind of traffic. It's coming from infected computers that have your That's why I keep changing my posting address. I use a valid one, but it changes as soon as the spam starts to build. email address, and from your email address harvested from newsgroups, and even from some web sites you've gone to. I think the flooding will continue for awhile longer. Some ISPs neutralize the attachment, but the message comes on through with an empty attachment. Whatever, don't take a chance and open the attachment. If you haven't done it yet, mung your newsgroup email address so this won't happen in the future. Something like . That will keep you from getting flooded in the future. Now that is one of my pet peeves. I always use a valid address, although it changes from time to time. Every once in a while I receive an e-mail off a newsgroup and almost invariably the sender forgets to make the return valid. Those get treated just like spam. Just go to one of the e-mail services and get a throwaway address. Use it till it starts getting spam and viruses. Then cancel it and create a new one. If you don't want to receive e-mail from the newsgroups don't use a valid address and state so in your sig. The easiest is to just make the address "don'treply@email or some such that indicates you don't want to be bothered with e-mail answers. Roger Halstead (K8RI EN73 & ARRL Life Member) www.rogerhalstead.com N833R World's oldest Debonair? (S# CD-2) |
|
#39
September 22nd 03, 04:42 AM
|
|||
|
|||
|
Bill wrote:
"bright Indian programmers" do not exist. If you are going to count on that craphole of a place to produce anything usable, then you have a hard wake up coming. A nation without flush toilets is hardly technologically advanced to write an OS of any merit...just think...those idiots have nuclear weapons...probably aimed at themselves. Funny... some people would claim the same about trailer trash rednecks like you. -- Anti-spam measu look me up on qrz.com if you need to reply directly |
|
#40
September 22nd 03, 06:14 AM
|
|||
|
|||
|
Yep.... in one account I am getting something like 1200-1500 of the alleged
"Microsoft" patch per day, and about 3 weeks ago I got nailed the same way with the Sobig:f virus. Since the release of these viruses, I now use the "webmail" mail servers before downloading any email through Outlook Express. I haven't been affected by the viruses in regards to what they were designed directly to do, but affected by the time it takes to download email or going through the webmail service that my ISP offers. I am quite sure that I am not the only one and I am sure that these bogus emails are depleting free space on the email servers in general. -- Ryan, KC8PMX FF1-FF2-MFR-(pending NREMT-B!) --. --- -.. ... .- -. --. . .-.. ... .- .-. . ..-. .. .-. . ..-. ... --. .... - . .-. ... "Cecil Moore" wrote in message ... Is anyone else being deluged with Virus/Worm email messages? -- 73, Cecil http://www.qsl.net/w5dxp -----= Posted via Newsfeeds.Com, Uncensored Usenet News =----- http://www.newsfeeds.com - The #1 Newsgroup Service in the World! -----== Over 100,000 Newsgroups - 19 Different Servers! =----- |
| Reply |
| Thread Tools | Search this Thread |
| Display Modes | |
|
|
Linear Mode
