| "Richard Clark" wrote:
| ...
| http://grc.com/default.htm
| ...

Useful, indeed!

pez
SV7BAX

Dee D. Flint wrote:

"David or Jo Anne Ryeburn" wrote in message
...

In article , "Dee D.
Flint" wrote:


I've tried to trap them but the headers and senders, etc are all

different.

The "From:" lines are likely forged. Many such worms and viruses pick
recipients and purported senders randomly from the infected computer's
Outlook or Outlook Express address list. If you want to see where the
message really is coming from, examine full headers carefully --
specifically, the "Received: from" lines.


If you have a suggestion on how to stop them, please let us all in on

it.

Persuade the universe to cease using unsafe operating system software,
browsers, and e-mail programs coming from Redmond, WA ;-). UNIX, including
the version now marketed by Apple, is pretty safe.

David, ex-W8EZE, whose computers are happily MS-free except for safe 11
year old versions of Word and Excel


If everyone switched to UNIX, the solution would be short-lived as the virus
writers would then switch to attacking it. Right now, they simply get more
"bang for the buck" by attacking Windows and it doesn't give them much of a
thrill to also go after UNIX system users or Apple computer users.

You have touched on the answer, Dee.

What computer and software manufacturers have done that is a fatal flaw
in their systems is insist that "EVERYTHING HAS TO BE THE SAME" I
remember the abuse that I took from PC users because I was running an
Amiga for so many years. Installed User Base, PC Compatibility and other
mantras were tossed at me and others who dared to use "non-standard"
computers like the Amiga and the Mac.

But here we are undergoing attack after attack because of what. 95
percent of us are using the same platform, the same OS and the same
software. We are going through an computer analog (heh heh) of the Irish
potato famine.

I do like to draw a parallel between the agricultural monoculture and
computer monoculture. Only grow one crop, and you're vulnerable.

Whether MS likes it or not, one big step toward a cure (besides them
writing incredibly poor software) is for there to be several different
types of email software. This software is not to be crippled by all the
features that they try to add, with every feature seems to come a new
vulnerability. Especially things like IE and Outlook coupling up mailing
addys.

I personally use only the MS products that I absolutely have to, and
will not use their mailing system. I use Netscape for mail, and it works
okay. If Netscape were to somehow become the big mail program - which
will never happen - I'll switch to something else.

But the majority of PC users are unwilling to believe this sort of
rationale, as they scramble daily to update their Virus definitions, an
other stunts that don't really work too well.

After all, there has to be a virus that infect a computer before there
can be a definition for it.

- Mike KB3EIA -

Mike Coslo wrote:
Dee D. Flint wrote:
"David or Jo Anne Ryeburn" wrote:
"Dee D. Flint" wrote:

If you have a suggestion on how to stop them, please let us all in on
it.

Persuade the universe to cease using unsafe operating system software,
browsers, and e-mail programs coming from Redmond, WA ;-). UNIX, including
the version now marketed by Apple, is pretty safe.

David, ex-W8EZE, whose computers are happily MS-free except for safe 11
year old versions of Word and Excel


If everyone switched to UNIX, the solution would be short-lived as the virus
writers would then switch to attacking it. Right now, they simply get more
"bang for the buck" by attacking Windows and it doesn't give them much of a
thrill to also go after UNIX system users or Apple computer users.

You have touched on the answer, Dee.

David is the one who touched on it. The answer *is* to use an
OS designed to be secure. Microsoft products are not, while
virtually all of the current unix systems are. Some unixes (the
ones with open source code, which does not include Apple) do
have higher potential for good security than others.

The "bang for the buck" argument is proof of it too. If you
want a *bang*, then shutdown the *entire* Internet, not just
some percentage of the hosts connected to it. The fact is
that from the start the Internet itself ran on unix. That is
less true today, but it is still true enough that if one could
write a virus to knock out unix, one could just shut the
Internet off for days.

But, of course, it can't be done (or that is exactly what they
would be doing).

--
Floyd L. Davidson http://web.newsguy.com/floyd_davidson
Ukpeagvik (Barrow, Alaska)

Roger Halstead wrote in message \

They are mail and newsgroup reader problems and *nearly*
all can be prevented by properly configuring said programs. Turn off
the ability to read mail in HTML, don't let macros run, disable Java,
and above all don't open attachments until after verifying whoever
really sent it. This is particularly true if the thing came from some
one you know. How many times have you heard some one say, Oh, I don't
worry. I only open attachments from people I know. Now there is a
prime candidate for a virus.

MS operating systems are written for the masses. It depends on your
definition of computer literate, but unless you make the definition
very lenient there are few computer users who are computer literate.

Thats the exact problem as I see it. The *average* e-mail user, who
has little on the ball as far as puters is left to the wolves because
MS installs all that stuff with all the options wide open. And unless
you go and read all the docs to learn how to turn it off, the average
user will not even be aware that they are at risk. And you know how
many probably read the docs....Yep, about 4.27%...If MS gave a real
hoot about protecting peoples security, they would install with it all
turned off, and instruct the user to turn on features as or if needed.
But nooooooo......The average users first instruction on the problem,
or feature that led to the problem, is after they are cleaning out a
macro virus. And with a virus like sobigf, you could go for months
without knowing you had it , unless someone finally tells you. The
sent emails are forged with someone in the address book, or whatever.
Then, hummmmm, they finally learn about attachement problems, etc..
It's kind of the same way with the "ports" that MS likes to leave wide
open with a default install. The average user won't have a clue his
box is wide open. Well, Maybe if he stumbles across Gibson research or
whatever...
A good majority of the outlook virus problem victims are e-mail
readers that could give a hoot about puter OS's, outlook or whatever.
They plug it in, and dial up. MS doesn't do them any favors by leaving
them wide open to attack, and not even telling them about it in a
noticable manner. There are worms out now that need no e-mail
connection. They are planting them through open ports I think. I don't
keep up with all the "new" OS problems much. I only worry about the
one I'm running at the time. MK

On Tue, 23 Sep 2003 20:58:45 GMT, Richard Clark
wrote:

On Tue, 23 Sep 2003 20:10:55 GMT, Roger wrote:
I have a static IP address, would you care to prove how open to attack
my system is?

Hi Roger,

It is not apparent in your headers.

73's
Richard Clark, KB7QHC

I know, I would have to give it to you. I don't think its quite as
easy as you say to "hack" into an NT system, unless the person that
set up has no idea what their doing.

On Wed, 24 Sep 2003 12:37:37 GMT, Roger wrote:

On Tue, 23 Sep 2003 20:58:45 GMT, Richard Clark
wrote:

On Tue, 23 Sep 2003 20:10:55 GMT, Roger wrote:
I have a static IP address, would you care to prove how open to attack
my system is?

Hi Roger,

It is not apparent in your headers.

73's
Richard Clark, KB7QHC

I know, I would have to give it to you. I don't think its quite as
easy as you say to "hack" into an NT system, unless the person that
set up has no idea what their doing.

Hi Roger,

So why ask in the first place?

73's
Richard Clark, KB7QHC

On Wed, 24 Sep 2003 15:53:56 GMT, Ken wrote:


Richard;
Your statement is in reference to systems that have been infected by a
virus or worm. The O/S has nothing to do with who the virus's are sent to.
I set up several e-mail accounts on yahoo and posted to several groups.
I did pick a subject that would generate responses, after 7 or 8 hours the
e-mail accounts were filled with messages with the virus attachments. I
don't use Microsoft products, So I don't know how Outlook handles replies
to usenet posts. That is, if it treats it as an E-mail address and adds it
to an address book. Although its possible that the subject I picked could
have upset a few enough to intentionally send me an E-mail with a attached
virus, I would tend to think that its based on address books.
I have set several more accounts up on Yahoo, trying to narrow down
which groups seem most prone to generating virus e-mails.

Ken

Hi Ken,

Yours is simply the same chorus before you: "It ain't about MS."

You then snap the rug from under yourself (how do you do that?) by
saying virus (what does a virus infect except an OS?).

It is the height of denial to portray these attacks as coming from an
individual sitting in the bedroom sending emails, or a group of
closeted individuals pushing send buttons. That traffic would be
snuffed so fast where MS would have sheriffs at their door in a
millisecond.

A virus by definition infects the OS. There are many out there built
into the backbone of the internet. Some are router only OS's, others
are Linux machines, Unix machines, Sun Machines, and certainly MS
machines. Does it take Rocket Surgery to diagnose that of those, one
OS source (fill in the blank) in particular has been announcing
security failures in their designs (and I am not talking about the
ubiquitous OE/IE problems so many snuggle up to as it nibbles into
their tender flesh) 2 a week? This is up from an average of once a
week for at least two years. If the backbone escaped attack (and it
is certainly more geared for following events than users are); it
follows someone ELSE's machine has become infected and is acting in
part of a conspiracy to accomplish this work through proxy.

Guess what they have as an OS? Care to wager it is an unprotected
system that has been requiring patches on a weekly basis for years?

All of this is classic symptomatology of recent attacks and hardly a
novel concept drug up from the deep recesses of my paranoia.

There are two classes of MS users. Those who are infected but live
through its effects without obvious harm (except for lost bandwidth
capacity they blame on "general conditions"). A century ago they
would go by the name Typhoid Mary. Then there are those who are
infected but are being hammered by the virus AND spreading infection.
There is a third and fourth class that barely wiggle the digits: the
lucky and the smart.

Eventually, through Darwinian thinning, the smart population will
become dominant, but only if they can crawl over the mountains of
corpses that litter the -ahem- netscape.

73's
Richard Clark, KB7QHC

On Wed, 24 Sep 2003 18:30:16 GMT, Ken wrote:

Richard Clark wrote:

Richard;
Hope you don't mind if I respond to each part of your post?

Not if you don't object to my clipping extraneous material here.

Yours is simply the same chorus before you: "It ain't about MS."

Really? Where did I say that? I don't even use Microcrap, why would I
defend them?

I cannot speak to your motivation. I can respond to its appearance
however.

"The O/S has nothing to do with who the virus's are sent to:"
Which it TRUE!

Perhaps so, but hardly a subject that merits discussion unless this is
a recovery group where we all talk about feelings.

I don't use windows and have a bunch of e-mails with virus's in them.

Well, do they present an issue vis-a-vis the virus, or simply the
quantity of mail clogging things in general? You don't offer much to
separate what issue you are responding to.

I think you miss read what I was saying, or maybe I didn't make myself
clear. Your system doesn't have to be infected to receive a bunch of
E-mails with the virus. Everyone was complaining about the number of virus
e-mails they were receiving. That doesn't mean that their system is
infected. It does mean that an infected Microsoft system sent them. Is
that better?

Perhaps. I see nothing to consider except to observe that those who
have suffered are likely candidates for spreading the same contagion.
You implicitly offer you are not one to be part of that vector, but
again you've offered nothing in that regard to distinguish what it is
that brings you forward.

I am reacting to those who think that all danger is external (the
fuzzy warm feeling that if there are miscreants mining newsgroups for
names and addresses, then our sufferers are not part of the problem);
nothing could be further from the truth.

Didn't mean to upset you Richard, it sounded like you wanted to discuss
where the list of e-mail address's were coming from that had virus's sent
to them. Do you repond to all posts in such a manner? My first post to
you and respond like I have been arguing with you for the past 2 weeks. I
doubt that you even bothered to read the rest of my post after you saw the
O/S part of it.

And yet you have nothing to offer about where they came from. Every
post made is an act of personal choice. If you choose my
observations as an issue, I respond to that. If you choose
where the list of e-mail address's were coming from that had virus's sent
to them.
then you would have offered that in your post. You did not. I cannot
respond (or actually I hesitate) to my projections of what I think you
want. Others here do that quite well - generally that is very
unsatisfactory dialog (being one-sided and all).

I have offered both points of view throughout this thread, you have
not responded to where I presented the discussion of news group
mining. Again that is a personal choice of yours for which I am not
in a position to dictate.

You presume I want to discuss where the address's are coming from.
Actually no, I have no interest in that at all. It would seem even
fewer of the complainants here do either. I observed earlier that
rraa does not appear to have been mined for any list. I also observed
that if newsgroups were being mined, then those sufferers apparently
became part of the contagion somewhere else, or through some other
activity. Absolutely no one has stepped forward to enumerate their
other activities (public health goes down the crapper in such times if
other activities reveal the vector).

To this point, today, I have received only 7 emails, all of which
triggered the usual porn filtering mechanism. That is fairly typical
for my public exposure here, and I participate in a dozen odd other
groups to notice that discussion of this virus is a wholly alien
subject. This, to me, suggests that the premise of newsgroup mining
is so much looking under the bed for monsters. I have corresponded
with one here who posts to one technical group that is heavily
trafficked by potential miscreants (or so is my presumption by his
description) and I would speculate, yes, any open address in that
group (especially if you respond to those with an attitude) is a
target of opportunity.

But just what does a target offer? A new vector of infection, and if
that target is practicing anti-viral lifestyles, that presents a
fairly limited contagion that barely rises above sniffle.

Just one not practicing an anti-viral lifestyle has, through MS
products, the capacity to spread infection like a firestorm. Hence,
it doesn't really matter where the address's are found, there are
30000 different groups that need only offer a thousandth of a percent
hit rate to cascade into millions.

73's
Richard Clark, KB7QHC

On Thu, 25 Sep 2003 00:21:53 GMT, Ken wrote:

Richard Clark wrote:

Richard;
Sorry, I didn't mean to come across like I did. Can I blame it on a
bad day at work? I had scanned through the messages and thought I had seen
were you had an idea where the E-mail addresses came from. Thats why I
wrote to you with what I had found out, looking for your input and ideas.
If I knew more about how outlooks address book work, I think I have a
pretty good idea where the address's are coming from.

I apologize for the way I acted toward you

Ken

Hi Ken,

I took no slight. Further, I did, as you described, hit you like this
was going on between us for two weeks - just my nature. Some forgive
me, others don't, the rest don't care as long as it makes for good
theater.

There's every chance they (the names and addresses) are mined off the
newsgroup participants. These things have to start somewhere.
However, what feeds them is what I am interested in (being potential
fodder), and when simple maintenance can snuff a bug, and many would
rather suffer through it without dignity - then I don't offer much
sympathy and tea.

To this point in time today, only 10 trash canned items. I don't
expect it is anything more than luck that there are these few as it
has nothing to do with being hit, but rather by who threw the blow
(actually the why).

73's
Richard Clark, KB7QHC

I have created email addresses that have never been exposed to the net or
the web.
The ones using regular words get hit sooner and more frequently that the
ones using random alphanumeric characters.

Can you say ViralSpamBot?
But.....
What I want to know is......
......why?

Is life THAT boring?

73
H.