"J. McLaughlin" wrote in message
...
YES. MB worth. So many that E-mail drive was filled on Friday. Just
received five in a five minute period.
Not hard to trap, however they are quite a pain. Have yet to get
ISP to block them.
Good luck. Mac N8TT

my isp is stopping the infected ones, which appears to be most of them.. its
funny though, some get through with an empty attachment. there must be a
bug in the virus that occasionally attaches an empty file instead of itself.

"David Robbins" wrote in message
...

"J. McLaughlin" wrote in message
...
YES. MB worth. So many that E-mail drive was filled on Friday. Just
received five in a five minute period.
Not hard to trap, however they are quite a pain. Have yet to get
ISP to block them.
Good luck. Mac N8TT

my isp is stopping the infected ones, which appears to be most of them..
its
funny though, some get through with an empty attachment. there must be a
bug in the virus that occasionally attaches an empty file instead of
itself.


Actually my ISP is blocking the actual virus/worms but then the message
itself gets passed on to me with a statement from the ISP that if I want the
file to contact the sender and arrange another means of getting it.
However, that still is a huge number of emails in my box.

I've tried to trap them but the headers and senders, etc are all different.
If you have a suggestion on how to stop them, please let us all in on it.

Dee D. Flint, N8UZE

"Dee D. Flint" wrote in message
. com...

"David Robbins" wrote in message
...

"J. McLaughlin" wrote in message
...
YES. MB worth. So many that E-mail drive was filled on Friday.
Just
received five in a five minute period.
Not hard to trap, however they are quite a pain. Have yet to get
ISP to block them.
Good luck. Mac N8TT

my isp is stopping the infected ones, which appears to be most of them..
its
funny though, some get through with an empty attachment. there must be
a
bug in the virus that occasionally attaches an empty file instead of
itself.


Actually my ISP is blocking the actual virus/worms but then the message
itself gets passed on to me with a statement from the ISP that if I want
the
file to contact the sender and arrange another means of getting it.
However, that still is a huge number of emails in my box.

I've tried to trap them but the headers and senders, etc are all
different.
If you have a suggestion on how to stop them, please let us all in on it.

Dee D. Flint, N8UZE


if you can filter by the text in the body use "September 2003, Cumulative
Patch" that should be unique enough to catch them without taking out other
messages. the isp messages should be easy to filter out, i use the phrases
"virus found in received message" and "problem found in received message" to
send them to the deleted folder.

In article , "Dee D.
Flint" wrote:

I've tried to trap them but the headers and senders, etc are all different.

The "From:" lines are likely forged. Many such worms and viruses pick
recipients and purported senders randomly from the infected computer's
Outlook or Outlook Express address list. If you want to see where the
message really is coming from, examine full headers carefully --
specifically, the "Received: from" lines.

If you have a suggestion on how to stop them, please let us all in on it.

Persuade the universe to cease using unsafe operating system software,
browsers, and e-mail programs coming from Redmond, WA ;-). UNIX, including
the version now marketed by Apple, is pretty safe.

David, ex-W8EZE, whose computers are happily MS-free except for safe 11
year old versions of Word and Excel

--
David or Jo Anne Ryeburn

To send e-mail, remove the letter "z" from this address.

"David or Jo Anne Ryeburn" wrote in message
...
In article , "Dee D.
Flint" wrote:

I've tried to trap them but the headers and senders, etc are all
different.

The "From:" lines are likely forged. Many such worms and viruses pick
recipients and purported senders randomly from the infected computer's
Outlook or Outlook Express address list. If you want to see where the
message really is coming from, examine full headers carefully --
specifically, the "Received: from" lines.

If you have a suggestion on how to stop them, please let us all in on
it.

Persuade the universe to cease using unsafe operating system software,
browsers, and e-mail programs coming from Redmond, WA ;-). UNIX, including
the version now marketed by Apple, is pretty safe.

David, ex-W8EZE, whose computers are happily MS-free except for safe 11
year old versions of Word and Excel

If everyone switched to UNIX, the solution would be short-lived as the virus
writers would then switch to attacking it. Right now, they simply get more
"bang for the buck" by attacking Windows and it doesn't give them much of a
thrill to also go after UNIX system users or Apple computer users.

Dee D. Flint, N8UZE

Dear Mr. Flint and group:
I am told by knowledgeable UNIX people (another partitioning of the
world) that the structure of UNIX is such that attacks can not be
successful. I am told that there are only three ports into/outof UNIX
modules and it is simple to guard them.
The Bill ware OSs allow all sorts of back doors and side doors and
over-the-transom ports.
What I do not understand is why someone has not funded a set of
bright Indian programmers to produce an OS that can execute Window
programs without committing the errors made by Bill's people. There is
a Unix based program that is able to execute some, well behaved Windows
programs.
I threaten my students with eternal haunting if they ever write a
control program in Bill style. 73 Mac N8TT

--
J. Mc Laughlin - Michigan USA
Home:

"Dee D. Flint" wrote in message
.com...

"David or Jo Anne Ryeburn" wrote in message
...
In article , "Dee
D.
Flint" wrote:

snip

Persuade the universe to cease using unsafe operating system
software,
browsers, and e-mail programs coming from Redmond, WA ;-). UNIX,
including
the version now marketed by Apple, is pretty safe.

David, ex-W8EZE, whose computers are happily MS-free except for safe
11
year old versions of Word and Excel

If everyone switched to UNIX, the solution would be short-lived as the
virus
writers would then switch to attacking it. Right now, they simply get
more
"bang for the buck" by attacking Windows and it doesn't give them much
of a
thrill to also go after UNIX system users or Apple computer users.

Dee D. Flint, N8UZE

Your Unix people told you wrong. Mail worms were invented back before
Outlook, in a primarily unix based internetwork.

"bright Indian programmers" do not exist. If you are going to count on that
craphole of a place to produce anything usable, then you have a hard wake up
coming. A nation without flush toilets is hardly technologically advanced
to write an OS of any merit...just think...those idiots have nuclear
weapons...probably aimed at themselves.

Mac...just what is Bill style?



"J. McLaughlin" wrote in message
...
Dear Mr. Flint and group:
I am told by knowledgeable UNIX people (another partitioning of the
world) that the structure of UNIX is such that attacks can not be
successful. I am told that there are only three ports into/outof UNIX
modules and it is simple to guard them.
The Bill ware OSs allow all sorts of back doors and side doors and
over-the-transom ports.
What I do not understand is why someone has not funded a set of
bright Indian programmers to produce an OS that can execute Window
programs without committing the errors made by Bill's people. There is
a Unix based program that is able to execute some, well behaved Windows
programs.
I threaten my students with eternal haunting if they ever write a
control program in Bill style. 73 Mac N8TT

--
J. Mc Laughlin - Michigan USA
Home:

"Dee D. Flint" wrote in message
.com...

"David or Jo Anne Ryeburn" wrote in message
...
In article , "Dee
D.
Flint" wrote:

snip

Persuade the universe to cease using unsafe operating system
software,
browsers, and e-mail programs coming from Redmond, WA ;-). UNIX,
including
the version now marketed by Apple, is pretty safe.

David, ex-W8EZE, whose computers are happily MS-free except for safe
11
year old versions of Word and Excel

If everyone switched to UNIX, the solution would be short-lived as the
virus
writers would then switch to attacking it. Right now, they simply get
more
"bang for the buck" by attacking Windows and it doesn't give them much
of a
thrill to also go after UNIX system users or Apple computer users.

Dee D. Flint, N8UZE

On Sun, 21 Sep 2003 12:28:16 GMT, "Dee D. Flint"
wrote:


"David or Jo Anne Ryeburn" wrote in message
...
In article , "Dee D.
Flint" wrote:

I've tried to trap them but the headers and senders, etc are all
different.


Waste of time. It *used* to work, but rarely will it now. Check the
IP, not the from address.

The "From:" lines are likely forged. Many such worms and viruses pick
recipients and purported senders randomly from the infected computer's

They also make them up, or combine several to make one.

Outlook or Outlook Express address list. If you want to see where the
message really is coming from, examine full headers carefully --
specifically, the "Received: from" lines

Look for the IP.


If you have a suggestion on how to stop them, please let us all in on
it.

Persuade the universe to cease using unsafe operating system software,
browsers, and e-mail programs coming from Redmond, WA ;-). UNIX, including
the version now marketed by Apple, is pretty safe.

Unfortunately this is not really the case.
There are no truly safe operating systems (and yes MS has a few more
problems than others), but the cases in point are not operating system
problems. They are mail and newsgroup reader problems and *nearly*
all can be prevented by properly configuring said programs. Turn off
the ability to read mail in HTML, don't let macros run, disable Java,
and above all don't open attachments until after verifying whoever
really sent it. This is particularly true if the thing came from some
one you know. How many times have you heard some one say, Oh, I don't
worry. I only open attachments from people I know. Now there is a
prime candidate for a virus.

MS operating systems are written for the masses. It depends on your
definition of computer literate, but unless you make the definition
very lenient there are few computer users who are computer literate.

In grad school I taught intro to Computer Science. It was one of
those courses where we taught them to turn 'em on, insert a disk, run
an app, save the date, and turn it off.

I had 195 students. 5 or so shouldn't have been in there as they knew
as much as I did and I was working on my masters in CS. Unfortunately
they fell into one of those cases where they had to take the course.
Another 5 or so were never going to survive that simple goal of the
class. The other 185 covered the spectrum in between. Oh...I had
about 10 that could type.

I'm not defending windows...What I am doing is trying to show where we
have gone wrong across the board and the unlikely prospect of it being
fixed soon...if ever.

Windows was designed to be user friendly. Any one who has done much
programming at all knows the more you work to make a "program" user
friendly the more difficult it becomes for the programmer. The
program becomes more complex. Sometimes much more complex and with
each increase in complexity comes an increase in the likely hood of
"side effects".

For those unfamiliar with the term, side effects are ... well...just
that...They are unexpected operations, outputs, or even capabilities
from a program, routine, or function that were not expected. Just
like side effects from a medication, only in this case it gives your
computer a case of diarrhea.

Windows was also designed to create a uniform environment for
programmers that would also simplify program design...I.E. The DLL,
or Dynamic Linked Library.

You can create a relatively small but capable program in Visual Basic,
or Visual C++. However, compile it into a stand alone program that
can be installed on other computers and it will become huge. It
includes all the needed DLLs. A 32 K program can easily become 10 or
20 megs. However when you install it the program will only install
DLLs that are newer than the ones on the computer. It will ask if you
want to install a DLL if the DLL is older than the one currently on
the computer. So that 32K program that turned into 9 megs may only
add a 100K or so to some computers.

Outlook and Outlook Express make use of these integrated functions, or
DLLs. Unfortunately they also come with the default settings

Which brings me to the main fault of windows. The one that most likely
will never be cured. US...You, me, who ever is at the keyboard, that
is where the main responsibility lies. We want HTML as it makes the
netzines look nice. We want it so we can send professional looking
letters and resumes even if it does have the capability of reporting
back to who ever sent you the unwanted e-mail. We want Java running.
It does do some neat things. We want macros enabled so when we
receive that database it will be displayed as the builder intended and
we only have to fill in the blanks. Never mind that the macro can do
anything on your computer that you can...probably more in most cases.

You can do all the education you want, but if the user wants to use
those functions/capabilities then they are going to use them whether
it opens their computer up to the whole wide world or not.

Virus checkers and spam botts are a necessity to keep track of many
things. Some reputable companies seem to be including trojans and spy
bots in their soft ware. That stuff lets them track your every move.
I have no idea as to why they'd want to track mine, but... "SpyBot
Search & Destroy" has found a number of them. In one year I received
over 250 copies of viruses and worms. BTW, SpyBot, Search & Destroy
is free and does a great job. The writer is just looking for
donations.

So, were Windows to disappear tomorrow, we might get a brief respite
from the viruses while the writers retrenched, but they would be back.
The users, still looking for functionality above all else would soon
be complaining about the security in the new OS, even though they had
been taught the principals of safe computing.


David, ex-W8EZE, whose computers are happily MS-free except for safe 11
year old versions of Word and Excel

In the computing world older is often not better. If word and excel
can run macros when you receive them, or load a document then they are
vulnerable. To top it off they can't read any of the documents from
newer versions. Old versions of Netscape are particularly bad, but
early Internet Explorer was no better. Being MS free is no guarantee
of safety.


If everyone switched to UNIX, the solution would be short-lived as the virus
writers would then switch to attacking it. Right now, they simply get more
"bang for the buck" by attacking Windows and it doesn't give them much of a
thrill to also go after UNIX system users or Apple computer users.

Yup! I have to admit that Unix/Linux, and Apple might be a bit more
work, but they are not immune. Once some one, or a group puts
together the tools in a package the script kiddies take over and use
them like an erector set.

Without going into details, Worms and viruses can be amazingly simple
to write. I wrote a worm as an under grad student. It was only on
paper. I gave it to my instructor and asked if we could try it on a
virtual machine. After studying the thing for just a couple of
minutes he said, I don't think we better try it. I gave him the
paper and said "You keep it". The simplest being the macro viruses.
OTOH, some of these things are getting pretty sophisticated. They
"call home" to see if there is an update to their code,or payload.
They don't always behave the same. Now we have some that don't
require user intervention if the default settings are such as to let
them loose.

Still, the vast majority depend on the "idiot" at the keyboard. IF
the user never opened the attachment without verification, never let
some one trick them into installing a patch from MS, or some other
company (those companies don't work that way), never deleted a file
because the official looking e-mail told them to do so, never
answered an e-mail asking them to update their account information,
(particularly when they ask for the account name), and actually
practiced safe computing the virus and worm problem would become a
relatively small irritation.

BTW, I've set here and watched the firewall report probes of the
ports. They would start, try a port, not get in, try the next port,
and repeat until they had gone through the whole list, and then start
over. It doesn't matter if you have one port, or 10,000. If you have
one open that is all it takes.

Contrary to government figures as to computer literacy, I doubt any
where near half the population could truly be called computer
literate. When it comes to computer savvy, I doubt more than 5 to
maybe 10% would qualify and I think 10% is really stretching it.

If 75 to 80% were really computer literate spam and viruses would not
be any where near the present problem. It's part ignorance and part
apathy...The old "It only happens to other people" syndrome. Kinda
like the immortal teenager in his invincible SUV. I drove half way
though one of those a couple of years back and shortened my Transam up
nearly two feet. (My last thoughts before impact we "Boy, I'll bet
this is gonna hurt") Surprisingly I wasn't even sore the next day,
but man was I punch for about a half an hour after the impact. I
don't think a 6-pack would have that much effect.

An aside to security...Using signed documents...Verisign recently
hijacked all the unused dot coms and a bunch of other extensions.
Type in a non existent URL and see where you end up. They get paid
for every so called click through. That means they get paid for every
invalid address typed. As a warning...You end up with the prompt for
a secure page and no graceful way to say no. IF you say Yes they
make money. In windows that just means using the program manager to
close the browser. And...Yes they are already getting sued.

Roger Halstead (K8RI EN73 & ARRL Life Member)
www.rogerhalstead.com
N833R World's oldest Debonair? (S# CD-2)

Dee D. Flint, N8UZE

Roger Halstead wrote in message \

They are mail and newsgroup reader problems and *nearly*
all can be prevented by properly configuring said programs. Turn off
the ability to read mail in HTML, don't let macros run, disable Java,
and above all don't open attachments until after verifying whoever
really sent it. This is particularly true if the thing came from some
one you know. How many times have you heard some one say, Oh, I don't
worry. I only open attachments from people I know. Now there is a
prime candidate for a virus.

MS operating systems are written for the masses. It depends on your
definition of computer literate, but unless you make the definition
very lenient there are few computer users who are computer literate.

Thats the exact problem as I see it. The *average* e-mail user, who
has little on the ball as far as puters is left to the wolves because
MS installs all that stuff with all the options wide open. And unless
you go and read all the docs to learn how to turn it off, the average
user will not even be aware that they are at risk. And you know how
many probably read the docs....Yep, about 4.27%...If MS gave a real
hoot about protecting peoples security, they would install with it all
turned off, and instruct the user to turn on features as or if needed.
But nooooooo......The average users first instruction on the problem,
or feature that led to the problem, is after they are cleaning out a
macro virus. And with a virus like sobigf, you could go for months
without knowing you had it , unless someone finally tells you. The
sent emails are forged with someone in the address book, or whatever.
Then, hummmmm, they finally learn about attachement problems, etc..
It's kind of the same way with the "ports" that MS likes to leave wide
open with a default install. The average user won't have a clue his
box is wide open. Well, Maybe if he stumbles across Gibson research or
whatever...
A good majority of the outlook virus problem victims are e-mail
readers that could give a hoot about puter OS's, outlook or whatever.
They plug it in, and dial up. MS doesn't do them any favors by leaving
them wide open to attack, and not even telling them about it in a
noticable manner. There are worms out now that need no e-mail
connection. They are planting them through open ports I think. I don't
keep up with all the "new" OS problems much. I only worry about the
one I'm running at the time. MK

Dee D. Flint wrote:

"David or Jo Anne Ryeburn" wrote in message
...

In article , "Dee D.
Flint" wrote:


I've tried to trap them but the headers and senders, etc are all

different.

The "From:" lines are likely forged. Many such worms and viruses pick
recipients and purported senders randomly from the infected computer's
Outlook or Outlook Express address list. If you want to see where the
message really is coming from, examine full headers carefully --
specifically, the "Received: from" lines.


If you have a suggestion on how to stop them, please let us all in on

it.

Persuade the universe to cease using unsafe operating system software,
browsers, and e-mail programs coming from Redmond, WA ;-). UNIX, including
the version now marketed by Apple, is pretty safe.

David, ex-W8EZE, whose computers are happily MS-free except for safe 11
year old versions of Word and Excel


If everyone switched to UNIX, the solution would be short-lived as the virus
writers would then switch to attacking it. Right now, they simply get more
"bang for the buck" by attacking Windows and it doesn't give them much of a
thrill to also go after UNIX system users or Apple computer users.

You have touched on the answer, Dee.

What computer and software manufacturers have done that is a fatal flaw
in their systems is insist that "EVERYTHING HAS TO BE THE SAME" I
remember the abuse that I took from PC users because I was running an
Amiga for so many years. Installed User Base, PC Compatibility and other
mantras were tossed at me and others who dared to use "non-standard"
computers like the Amiga and the Mac.

But here we are undergoing attack after attack because of what. 95
percent of us are using the same platform, the same OS and the same
software. We are going through an computer analog (heh heh) of the Irish
potato famine.

I do like to draw a parallel between the agricultural monoculture and
computer monoculture. Only grow one crop, and you're vulnerable.

Whether MS likes it or not, one big step toward a cure (besides them
writing incredibly poor software) is for there to be several different
types of email software. This software is not to be crippled by all the
features that they try to add, with every feature seems to come a new
vulnerability. Especially things like IE and Outlook coupling up mailing
addys.

I personally use only the MS products that I absolutely have to, and
will not use their mailing system. I use Netscape for mail, and it works
okay. If Netscape were to somehow become the big mail program - which
will never happen - I'll switch to something else.

But the majority of PC users are unwilling to believe this sort of
rationale, as they scramble daily to update their Virus definitions, an
other stunts that don't really work too well.

After all, there has to be a virus that infect a computer before there
can be a definition for it.

- Mike KB3EIA -