|
Radio Folks: PLEASE Do This
The SWEN Worm is possibly the nastiest email worm in history,
so I don't mind getting chewed-out for posting about it. PLEASE run the Symentec fix at: http://www.symantec.com/avcenter/FixSwen.exe You are perfectly safe to do so, and you will help out your friends. Thanks, Dave S. |
David,
You would do much better in your quest to post the LINK to the site rather than the .exe itself. Most folks are pretty gun shy about directly downloading exe files! And they SHOULD be gun shy about opening exe files! So go to www.symantec.com/avcenter and you can find the FixSwen link yourself if you are leery about clicking on an exe link that immediately tries to download a program file. Now.... back to deleting today's batch of 500 'Internet Patch' emails of 106kb EACH. Argggggg Dave "David Stinson" wrote in message ... The SWEN Worm is possibly the nastiest email worm in history, so I don't mind getting chewed-out for posting about it. PLEASE run the Symentec fix at: http://www.symantec.com/avcenter/FixSwen.exe You are perfectly safe to do so, and you will help out your friends. Thanks, Dave S. |
David,
You would do much better in your quest to post the LINK to the site rather than the .exe itself. Most folks are pretty gun shy about directly downloading exe files! And they SHOULD be gun shy about opening exe files! So go to www.symantec.com/avcenter and you can find the FixSwen link yourself if you are leery about clicking on an exe link that immediately tries to download a program file. Now.... back to deleting today's batch of 500 'Internet Patch' emails of 106kb EACH. Argggggg Dave "David Stinson" wrote in message ... The SWEN Worm is possibly the nastiest email worm in history, so I don't mind getting chewed-out for posting about it. PLEASE run the Symentec fix at: http://www.symantec.com/avcenter/FixSwen.exe You are perfectly safe to do so, and you will help out your friends. Thanks, Dave S. |
"David Stinson" wrote in message ... The SWEN Worm is possibly the nastiest email worm in history, so I don't mind getting chewed-out for posting about it. PLEASE run the Symentec fix at: http://www.symantec.com/avcenter/FixSwen.exe You are perfectly safe to do so, and you will help out your friends. Thanks, Dave S. Dave: I don't keep any type of frequent contact list or mailbox list for the very reason that it is the first thing attacked when a virus comes along. I also keep Norton updated. However, it does not stop Bill Gates from writing crappy programs. |
"David Stinson" wrote in message ... The SWEN Worm is possibly the nastiest email worm in history, so I don't mind getting chewed-out for posting about it. PLEASE run the Symentec fix at: http://www.symantec.com/avcenter/FixSwen.exe You are perfectly safe to do so, and you will help out your friends. Thanks, Dave S. Dave: I don't keep any type of frequent contact list or mailbox list for the very reason that it is the first thing attacked when a virus comes along. I also keep Norton updated. However, it does not stop Bill Gates from writing crappy programs. |
|
|
in article , David Stinson at
wrote on 9/24/03 7:41 AM: wrote: However, it does not stop Bill Gates from writing crappy programs. In fairness, I think his software is a target because of who he is and the envy of him, not the quality of the writing. Any computer code open to networking can be "cracked" into; they do it to his because he's the biggest target. D.S. Yes Microsoft software is great. I love all that tax money being spent at various government departments trying to make it all work. Why try to save money, they are just going to spend it on another useless war. I do miss those MS chatrooms. How am I going to keep in touch with all my childhood friends? I do love it when they come to visit me. love to your kids, WacoJacko ....hey, anyone seen my other glove? |
I'm getting over a 1000 per day and my ISP won't do anything about them
becasue they won't block Microsoft. I'mm on a dialup with catalog.com and I'm ready to switch to a new ISP but I wish I didn't have to becasue I've had this email address since 1995. I've got Outlook Express trying to control and Norton strips the 106kb attachment but my email is now pretty much like molasses in January and worthless. Any suggestions on a good ISP with customer service and one that you don't get put on hold for nearly an hour ever time and then the help is pretty much worhtless. tnx hank wd5jfr "David Stinson" wrote in message ... The SWEN Worm is possibly the nastiest email worm in history, so I don't mind getting chewed-out for posting about it. PLEASE run the Symentec fix at: http://www.symantec.com/avcenter/FixSwen.exe You are perfectly safe to do so, and you will help out your friends. Thanks, Dave S. |
I'm getting over a 1000 per day and my ISP won't do anything about them
becasue they won't block Microsoft. I'mm on a dialup with catalog.com and I'm ready to switch to a new ISP but I wish I didn't have to becasue I've had this email address since 1995. I've got Outlook Express trying to control and Norton strips the 106kb attachment but my email is now pretty much like molasses in January and worthless. Any suggestions on a good ISP with customer service and one that you don't get put on hold for nearly an hour ever time and then the help is pretty much worhtless. tnx hank wd5jfr "David Stinson" wrote in message ... The SWEN Worm is possibly the nastiest email worm in history, so I don't mind getting chewed-out for posting about it. PLEASE run the Symentec fix at: http://www.symantec.com/avcenter/FixSwen.exe You are perfectly safe to do so, and you will help out your friends. Thanks, Dave S. |
Henry Kolesnik wrote:
I'm getting over a 1000 per day and my ISP won't do anything about them becasue they won't block Microsoft. What do you mean by "block Microsoft"? That doesn't make any sense because the junk email has nothing to do with Microsoft other that the clown who started this mess put that in the message. Any suggestions on a good ISP with customer service and one that you don't get put on hold for nearly an hour ever time and then the help is pretty much worhtless. Oh, now you are really dreaming !!! :-) -Bill |
Henry Kolesnik wrote:
I'm getting over a 1000 per day and my ISP won't do anything about them becasue they won't block Microsoft. What do you mean by "block Microsoft"? That doesn't make any sense because the junk email has nothing to do with Microsoft other that the clown who started this mess put that in the message. Any suggestions on a good ISP with customer service and one that you don't get put on hold for nearly an hour ever time and then the help is pretty much worhtless. Oh, now you are really dreaming !!! :-) -Bill |
well, if you lived in the twin cities, MN, it would be visi.com. they
use postini as the virus and spam trapper. postini, however, has one trait that stinks... no "delete all" button. with over 12,000 trapped virii now in their bugpile, there is no freakin' way I'm going to go deleting them 12 at a time. they kind of need to either learn to live with full disk farms, or put a "delete all" button up. Henry Kolesnik wrote: I'm getting over a 1000 per day and my ISP won't do anything about them becasue they won't block Microsoft. I'mm on a dialup with catalog.com and I'm ready to switch to a new ISP but I wish I didn't have to becasue I've had this email address since 1995. I've got Outlook Express trying to control and Norton strips the 106kb attachment but my email is now pretty much like molasses in January and worthless. Any suggestions on a good ISP with customer service and one that you don't get put on hold for nearly an hour ever time and then the help is pretty much worhtless. tnx hank wd5jfr "David Stinson" wrote in message ... The SWEN Worm is possibly the nastiest email worm in history, so I don't mind getting chewed-out for posting about it. PLEASE run the Symentec fix at: http://www.symantec.com/avcenter/FixSwen.exe You are perfectly safe to do so, and you will help out your friends. Thanks, Dave S. -- If it's a "new economy," why do they want my obsolete old money? |
well, if you lived in the twin cities, MN, it would be visi.com. they
use postini as the virus and spam trapper. postini, however, has one trait that stinks... no "delete all" button. with over 12,000 trapped virii now in their bugpile, there is no freakin' way I'm going to go deleting them 12 at a time. they kind of need to either learn to live with full disk farms, or put a "delete all" button up. Henry Kolesnik wrote: I'm getting over a 1000 per day and my ISP won't do anything about them becasue they won't block Microsoft. I'mm on a dialup with catalog.com and I'm ready to switch to a new ISP but I wish I didn't have to becasue I've had this email address since 1995. I've got Outlook Express trying to control and Norton strips the 106kb attachment but my email is now pretty much like molasses in January and worthless. Any suggestions on a good ISP with customer service and one that you don't get put on hold for nearly an hour ever time and then the help is pretty much worhtless. tnx hank wd5jfr "David Stinson" wrote in message ... The SWEN Worm is possibly the nastiest email worm in history, so I don't mind getting chewed-out for posting about it. PLEASE run the Symentec fix at: http://www.symantec.com/avcenter/FixSwen.exe You are perfectly safe to do so, and you will help out your friends. Thanks, Dave S. -- If it's a "new economy," why do they want my obsolete old money? |
Henry Kolesnik wrote:
Any suggestions on a good ISP On a more positive note than my last comment you can check to see which ISPs in your area provide the ability to establish your own filtering at the server so that if this ever happens again, and I'm sure it will, then you can stop it (and other garbage) at the server based on your own criteria. Just check the website homepages of the ISPs operating in your locale and if they have such a feature surely they will tout it. More and more are going in this direction. As far as customer service, one of the ISPs I use has a fully automated management system to add email accounts, change passwords, etc. There's really no reason to ever have to call them. -Bill M |
Henry Kolesnik wrote:
Any suggestions on a good ISP On a more positive note than my last comment you can check to see which ISPs in your area provide the ability to establish your own filtering at the server so that if this ever happens again, and I'm sure it will, then you can stop it (and other garbage) at the server based on your own criteria. Just check the website homepages of the ISPs operating in your locale and if they have such a feature surely they will tout it. More and more are going in this direction. As far as customer service, one of the ISPs I use has a fully automated management system to add email accounts, change passwords, etc. There's really no reason to ever have to call them. -Bill M |
In David Stinson writes:
wrote: However, it does not stop Bill Gates from writing crappy programs. In fairness, I think his software is a target because of who he is and the envy of him, not the quality of the writing. Any computer code open to networking can be "cracked" into; they do it to his because he's the biggest target. Uh-huh. And there's no difference between wax capacitors and mica's -- you wind up replacing the former more often 'cuz there's more of them. -- Tim Mullen ------------------------------------------------------------------ Am I in your basement? Looking for antique televisions, fans, etc. ------ finger this account or call anytime: (212)-463-0552 ------- |
In David Stinson writes:
wrote: However, it does not stop Bill Gates from writing crappy programs. In fairness, I think his software is a target because of who he is and the envy of him, not the quality of the writing. Any computer code open to networking can be "cracked" into; they do it to his because he's the biggest target. Uh-huh. And there's no difference between wax capacitors and mica's -- you wind up replacing the former more often 'cuz there's more of them. -- Tim Mullen ------------------------------------------------------------------ Am I in your basement? Looking for antique televisions, fans, etc. ------ finger this account or call anytime: (212)-463-0552 ------- |
Mike Knudsen wrote:
So, I get a lot of short spam mails with attachments, delete them un-opened and unread, and the big downloads never happen. Of course, those attachments had to move over hte Internet and get stored in AOL's disk farm -- butnot on MY nickel. 73, Mike K. Thats still not much fun if you were to be getting 200 per hour like some guys are reporting and STILL have to manually delete them. Not to be tooting anybody's horn but I just got a 'newsletter' from Mailwasher saying that they can now accomodate AOL email with their latest edition. Hopefully this whole exercise will be an impetus for the backwards/cheap ISPs to get some state-of-the-art filtering in place as well as user-enabled filters. Although the savvy users may go elsewhere I suspect that there's a lot of 'sheeple' who will stick with their crappy ISP in spite of the annoyance simply because they don't know it can be better. I'm kinda of in a tossup trying to decide whether or not this is the responsibility of the ISP or the end user but in a massive case like this one i'd have to put the onus on the ISP to NOT pass this crap on to their users. Thats irresponsible and bad business and is basically what causes the whole worm to continue regenerating. -Bill |
Mike Knudsen wrote:
So, I get a lot of short spam mails with attachments, delete them un-opened and unread, and the big downloads never happen. Of course, those attachments had to move over hte Internet and get stored in AOL's disk farm -- butnot on MY nickel. 73, Mike K. Thats still not much fun if you were to be getting 200 per hour like some guys are reporting and STILL have to manually delete them. Not to be tooting anybody's horn but I just got a 'newsletter' from Mailwasher saying that they can now accomodate AOL email with their latest edition. Hopefully this whole exercise will be an impetus for the backwards/cheap ISPs to get some state-of-the-art filtering in place as well as user-enabled filters. Although the savvy users may go elsewhere I suspect that there's a lot of 'sheeple' who will stick with their crappy ISP in spite of the annoyance simply because they don't know it can be better. I'm kinda of in a tossup trying to decide whether or not this is the responsibility of the ISP or the end user but in a massive case like this one i'd have to put the onus on the ISP to NOT pass this crap on to their users. Thats irresponsible and bad business and is basically what causes the whole worm to continue regenerating. -Bill |
--exray-- wrote:
Mike Knudsen wrote: So, I get a lot of short spam mails with attachments, delete them un-opened and unread, and the big downloads never happen. Of course, those attachments had to move over hte Internet and get stored in AOL's disk farm -- butnot on MY nickel. 73, Mike K. Thats still not much fun if you were to be getting 200 per hour like some guys are reporting and STILL have to manually delete them. Not to be tooting anybody's horn but I just got a 'newsletter' from Mailwasher saying that they can now accomodate AOL email with their latest edition. Hopefully this whole exercise will be an impetus for the backwards/cheap ISPs to get some state-of-the-art filtering in place as well as user-enabled filters. Although the savvy users may go elsewhere I suspect that there's a lot of 'sheeple' who will stick with their crappy ISP in spite of the annoyance simply because they don't know it can be better. I'm kinda of in a tossup trying to decide whether or not this is the responsibility of the ISP or the end user but in a massive case like this one i'd have to put the onus on the ISP to NOT pass this crap on to their users. Thats irresponsible and bad business and is basically what causes the whole worm to continue regenerating. -Bill They should scan every received e-mail for virus or worms, and a valid FROM address. Infected e-mail should be deleted, and a message sent to the sender that it was infected. Earthlink delivers E-mail with no FROM: information in the header. If an ISP can't do this much, they need to go out of business. -- Michael A. Terrell Central Florida |
--exray-- wrote:
Mike Knudsen wrote: So, I get a lot of short spam mails with attachments, delete them un-opened and unread, and the big downloads never happen. Of course, those attachments had to move over hte Internet and get stored in AOL's disk farm -- butnot on MY nickel. 73, Mike K. Thats still not much fun if you were to be getting 200 per hour like some guys are reporting and STILL have to manually delete them. Not to be tooting anybody's horn but I just got a 'newsletter' from Mailwasher saying that they can now accomodate AOL email with their latest edition. Hopefully this whole exercise will be an impetus for the backwards/cheap ISPs to get some state-of-the-art filtering in place as well as user-enabled filters. Although the savvy users may go elsewhere I suspect that there's a lot of 'sheeple' who will stick with their crappy ISP in spite of the annoyance simply because they don't know it can be better. I'm kinda of in a tossup trying to decide whether or not this is the responsibility of the ISP or the end user but in a massive case like this one i'd have to put the onus on the ISP to NOT pass this crap on to their users. Thats irresponsible and bad business and is basically what causes the whole worm to continue regenerating. -Bill They should scan every received e-mail for virus or worms, and a valid FROM address. Infected e-mail should be deleted, and a message sent to the sender that it was infected. Earthlink delivers E-mail with no FROM: information in the header. If an ISP can't do this much, they need to go out of business. -- Michael A. Terrell Central Florida |
Michael A. Terrell wrote:
They should scan every received e-mail for virus or worms, and a That fails when the virus/worm/trojan is modified even slightly. Ask Norton, or McAfee why they have to update their virus scanners almost daily. valid FROM address. How are you going to determine the from address is valid? email the person at the address and ask them? What if the from address belongs to someone other than the actual sender? Infected e-mail should be deleted, and a message sent to the sender that it was infected. If you can determine who the sender really is. Sending email messages to the forged email addresses that exist in the sender field of the bad email just results in more needless email traffic. The current email protocol provides no reliable way of validating the sender's email address. It has needed upgrading for about 15 years now. Earthlink delivers E-mail with no FROM: information in the header. If an ISP can't do this much, they need to go out of business. Since no ISP can do what you are asking, I'd rather keep the current "flawed" ISPs around for now, thank you. Chuck, WA3UQV |
Michael A. Terrell wrote:
They should scan every received e-mail for virus or worms, and a That fails when the virus/worm/trojan is modified even slightly. Ask Norton, or McAfee why they have to update their virus scanners almost daily. valid FROM address. How are you going to determine the from address is valid? email the person at the address and ask them? What if the from address belongs to someone other than the actual sender? Infected e-mail should be deleted, and a message sent to the sender that it was infected. If you can determine who the sender really is. Sending email messages to the forged email addresses that exist in the sender field of the bad email just results in more needless email traffic. The current email protocol provides no reliable way of validating the sender's email address. It has needed upgrading for about 15 years now. Earthlink delivers E-mail with no FROM: information in the header. If an ISP can't do this much, they need to go out of business. Since no ISP can do what you are asking, I'd rather keep the current "flawed" ISPs around for now, thank you. Chuck, WA3UQV |
Chuck Harris wrote:
Michael A. Terrell wrote: They should scan every received e-mail for virus or worms, and a That fails when the virus/worm/trojan is modified even slightly. Ask Norton, or McAfee why they have to update their virus scanners almost daily. valid FROM address. How are you going to determine the from address is valid? email the person at the address and ask them? What if the from address belongs to someone other than the actual sender? Infected e-mail should be deleted, and a message sent to the sender that it was infected. If you can determine who the sender really is. Sending email messages to the forged email addresses that exist in the sender field of the bad email just results in more needless email traffic. The current email protocol provides no reliable way of validating the sender's email address. It has needed upgrading for about 15 years now. Earthlink delivers E-mail with no FROM: information in the header. If an ISP can't do this much, they need to go out of business. Since no ISP can do what you are asking, I'd rather keep the current "flawed" ISPs around for now, thank you. Chuck, WA3UQV I'm not sure of the mechanics of how it is actually done but there are subscription services that ISPs can use to keep their mail services clean and updated if they choose not to do it themselves. Another "I'm not sure how it works" is with Mailwasher Pro...it will not bounce to invalid yahoo addresses. Apparently some 'trial' ping is at work, maybe in conjunction with Yahoo???. Point being that these things can be accomplished although we are at a early stage of seeing it actually happen. -Bill |
Chuck Harris wrote:
Michael A. Terrell wrote: They should scan every received e-mail for virus or worms, and a That fails when the virus/worm/trojan is modified even slightly. Ask Norton, or McAfee why they have to update their virus scanners almost daily. valid FROM address. How are you going to determine the from address is valid? email the person at the address and ask them? What if the from address belongs to someone other than the actual sender? Infected e-mail should be deleted, and a message sent to the sender that it was infected. If you can determine who the sender really is. Sending email messages to the forged email addresses that exist in the sender field of the bad email just results in more needless email traffic. The current email protocol provides no reliable way of validating the sender's email address. It has needed upgrading for about 15 years now. Earthlink delivers E-mail with no FROM: information in the header. If an ISP can't do this much, they need to go out of business. Since no ISP can do what you are asking, I'd rather keep the current "flawed" ISPs around for now, thank you. Chuck, WA3UQV I'm not sure of the mechanics of how it is actually done but there are subscription services that ISPs can use to keep their mail services clean and updated if they choose not to do it themselves. Another "I'm not sure how it works" is with Mailwasher Pro...it will not bounce to invalid yahoo addresses. Apparently some 'trial' ping is at work, maybe in conjunction with Yahoo???. Point being that these things can be accomplished although we are at a early stage of seeing it actually happen. -Bill |
In article , "Michael A. Terrell"
writes: They should scan every received e-mail for virus or worms, and a valid FROM address. Yes, no reason a server like AOL can't do this (maybe they do -- I don't get anything like 200 per day, let alone per hour of Spam). Infected e-mail should be deleted, and a message sent to the sender that it was infected. No, don't send the recipeint an email for every one that was deleted -- as someone already noted, that is a PITA in itself. Perhaps every 24 hours the ISP could send the recipeint a list/log of deleted messages. Oops, you said back to the *sender*. Well, if it's an invalid Spam address, that won't do anything but clog up the network further. If it is valid, it's just a waste of BW, and may help the spammer fine-tune his text to get thru the filter next time. OK, if it's *infected*, may be good to notify the sender, who may be an innocent victim whose machine has been taken over. I'll buy into that. Earthlink delivers E-mail with no FROM: information in the header. If an ISP can't do this much, they need to go out of business. Boooo! Agreed. --Mike K. Oscar loves trash, but hates Spam! Delete him to reply to me. |
In article , "Michael A. Terrell"
writes: They should scan every received e-mail for virus or worms, and a valid FROM address. Yes, no reason a server like AOL can't do this (maybe they do -- I don't get anything like 200 per day, let alone per hour of Spam). Infected e-mail should be deleted, and a message sent to the sender that it was infected. No, don't send the recipeint an email for every one that was deleted -- as someone already noted, that is a PITA in itself. Perhaps every 24 hours the ISP could send the recipeint a list/log of deleted messages. Oops, you said back to the *sender*. Well, if it's an invalid Spam address, that won't do anything but clog up the network further. If it is valid, it's just a waste of BW, and may help the spammer fine-tune his text to get thru the filter next time. OK, if it's *infected*, may be good to notify the sender, who may be an innocent victim whose machine has been taken over. I'll buy into that. Earthlink delivers E-mail with no FROM: information in the header. If an ISP can't do this much, they need to go out of business. Boooo! Agreed. --Mike K. Oscar loves trash, but hates Spam! Delete him to reply to me. |
In article , --exray-- wrote:
Chuck Harris wrote: Michael A. Terrell wrote: They should scan every received e-mail for virus or worms, and a That fails when the virus/worm/trojan is modified even slightly. Ask Norton, or McAfee why they have to update their virus scanners almost daily. valid FROM address. How are you going to determine the from address is valid? email the person at the address and ask them? What if the from address belongs to someone other than the actual sender? Infected e-mail should be deleted, and a message sent to the sender that it was infected. If you can determine who the sender really is. Sending email messages to the forged email addresses that exist in the sender field of the bad email just results in more needless email traffic. The current email protocol provides no reliable way of validating the sender's email address. It has needed upgrading for about 15 years now. Earthlink delivers E-mail with no FROM: information in the header. If an ISP can't do this much, they need to go out of business. Since no ISP can do what you are asking, I'd rather keep the current "flawed" ISPs around for now, thank you. Chuck, WA3UQV I'm not sure of the mechanics of how it is actually done but there are subscription services that ISPs can use to keep their mail services clean and updated if they choose not to do it themselves. I _do_ know how they work. Those services *still* let stuff leak through, when 'something new' shows up. "Somebody" has to do an analysis, determine that it _is_ a virus/worm, and develop a 'signature' for it, that pattern-matching routines can use to identify subsequent instances. The subscription services rely on *outside* specialists -- like Norton, or MacAfee -- to do that analsysis, and supply the 'signatures'. Their primary strength is 'spam' filtering, which they accomplish by noting when the 'same' message starts showing up 'lots of places'. *BUT* the 'early bird' instances *do* get through, before things hit the 'lots of places' threshold. And, there is a real risk of legitimate traffic being mis-identified as spam. Another "I'm not sure how it works" is with Mailwasher Pro...it will not bounce to invalid yahoo addresses. Apparently some 'trial' ping is at work, maybe in conjunction with Yahoo???. Nope. Some _forms_ of names are not legal/valid at yahoo. knowing what the rules are for 'allowed' names, one can suppress those which are 'disallowed'. Point being that these things can be accomplished although we are at a early stage of seeing it actually happen. Without a _complete_ redesign/replacement of the basic mail-transport protocol, it is simply _not_possible_ to check for a vaild 'From' address at the point of receipt. *NOR* to tell authoritatively where it _actually_ came from. |
In article , --exray-- wrote:
Chuck Harris wrote: Michael A. Terrell wrote: They should scan every received e-mail for virus or worms, and a That fails when the virus/worm/trojan is modified even slightly. Ask Norton, or McAfee why they have to update their virus scanners almost daily. valid FROM address. How are you going to determine the from address is valid? email the person at the address and ask them? What if the from address belongs to someone other than the actual sender? Infected e-mail should be deleted, and a message sent to the sender that it was infected. If you can determine who the sender really is. Sending email messages to the forged email addresses that exist in the sender field of the bad email just results in more needless email traffic. The current email protocol provides no reliable way of validating the sender's email address. It has needed upgrading for about 15 years now. Earthlink delivers E-mail with no FROM: information in the header. If an ISP can't do this much, they need to go out of business. Since no ISP can do what you are asking, I'd rather keep the current "flawed" ISPs around for now, thank you. Chuck, WA3UQV I'm not sure of the mechanics of how it is actually done but there are subscription services that ISPs can use to keep their mail services clean and updated if they choose not to do it themselves. I _do_ know how they work. Those services *still* let stuff leak through, when 'something new' shows up. "Somebody" has to do an analysis, determine that it _is_ a virus/worm, and develop a 'signature' for it, that pattern-matching routines can use to identify subsequent instances. The subscription services rely on *outside* specialists -- like Norton, or MacAfee -- to do that analsysis, and supply the 'signatures'. Their primary strength is 'spam' filtering, which they accomplish by noting when the 'same' message starts showing up 'lots of places'. *BUT* the 'early bird' instances *do* get through, before things hit the 'lots of places' threshold. And, there is a real risk of legitimate traffic being mis-identified as spam. Another "I'm not sure how it works" is with Mailwasher Pro...it will not bounce to invalid yahoo addresses. Apparently some 'trial' ping is at work, maybe in conjunction with Yahoo???. Nope. Some _forms_ of names are not legal/valid at yahoo. knowing what the rules are for 'allowed' names, one can suppress those which are 'disallowed'. Point being that these things can be accomplished although we are at a early stage of seeing it actually happen. Without a _complete_ redesign/replacement of the basic mail-transport protocol, it is simply _not_possible_ to check for a vaild 'From' address at the point of receipt. *NOR* to tell authoritatively where it _actually_ came from. |
In article ,
Michael A. Terrell wrote: Chuck Harris wrote: Michael A. Terrell wrote: They should scan every received e-mail for virus or worms, and a That fails when the virus/worm/trojan is modified even slightly. Ask Norton, or McAfee why they have to update their virus scanners almost daily. In this case, they don't need to search for a valid file name. All they need to do is search for a segment of the worm that doesn't change. Someone is doing it, I am getting messages that I was sent a E-mail with the worm, and it was removed. I find it interesting that most of these are from other countries, including a Russian ISP. Which works *ONLY*AFTER* "somebody" has analyzed the virus/worm, and determined a 'signature' for it. And *maybe* gotten one that did _not_ change between varients. valid FROM address. How are you going to determine the from address is valid? email the person at the address and ask them? What if the from address belongs to someone other than the actual sender? I am talking about e-mail with a blank FROM: No sender is listed, no domain, no IP address. Any e-mail missing any of these should be bounced at the server. WRONG. Such mails are *required* to be accepted, according to long-standing standards. Historical reason: those messages were, traditionally, 'bounce' messages from remote servers, that were unable to deliver a message you sent. The 'null sender' was *deliberate* design, to prevent 'bounce of a bounce' messages, 'bounce of a bounce of a bounce', etc. Infected e-mail should be deleted, and a message sent to the sender that it was infected. If you can determine who the sender really is. Sending email messages to the forged email addresses that exist in the sender field of the bad email just results in more needless email traffic. The current email protocol provides no reliable way of validating the sender's email address. It has needed upgrading for about 15 years now. They need to standardize what is required in e-mail headers. Refuse any e-mail with an incomplete header, or with a faked domain name. If they can maintain a black hole list for renegade ISPs, they can maintain a database of valid E-mail domains. Not since last week, when the registry operator for the .com and .net domains installed 'wildcard' records that match a query for *any* *NONEXISTANT* domain. Earthlink delivers E-mail with no FROM: information in the header. If an ISP can't do this much, they need to go out of business. Since no ISP can do what you are asking, I'd rather keep the current "flawed" ISPs around for now, thank you. Chuck, WA3UQV I would rather they look into, and solve the problems. They need to learn how to do their jobs. They are supposed to be selling service, not excuses. Some things _cannot_ be done, without *completely* replacing the infra- structure. When this involves _millions_ of machines, that are *not* under any 'centralized' control, accomplishing such infrastructure 'replacement' is a matter of many _years_. And, until such time as *everybody* uses the new system, all the systems that _have_ upgrades must *still* be able to communicate using the -old- system, in order to send to, or recieve from systems that have _not_ upgraded. And, since the 'bad guys' will *not* convert to the new system, whereby they could be immediately identified, there is essentially *zero*benefit* to using the 'new' system -- until that point, *many* years down the road, when the 'old style' methodology can be turned off. How do you convince folks to adopt 'new and different' technology, *NOW*, that won't shoe appreciable benefits till, say, ten years down the road? You "don't know what you don't know" about how email is actually handled. |
In article ,
Michael A. Terrell wrote: Chuck Harris wrote: Michael A. Terrell wrote: They should scan every received e-mail for virus or worms, and a That fails when the virus/worm/trojan is modified even slightly. Ask Norton, or McAfee why they have to update their virus scanners almost daily. In this case, they don't need to search for a valid file name. All they need to do is search for a segment of the worm that doesn't change. Someone is doing it, I am getting messages that I was sent a E-mail with the worm, and it was removed. I find it interesting that most of these are from other countries, including a Russian ISP. Which works *ONLY*AFTER* "somebody" has analyzed the virus/worm, and determined a 'signature' for it. And *maybe* gotten one that did _not_ change between varients. valid FROM address. How are you going to determine the from address is valid? email the person at the address and ask them? What if the from address belongs to someone other than the actual sender? I am talking about e-mail with a blank FROM: No sender is listed, no domain, no IP address. Any e-mail missing any of these should be bounced at the server. WRONG. Such mails are *required* to be accepted, according to long-standing standards. Historical reason: those messages were, traditionally, 'bounce' messages from remote servers, that were unable to deliver a message you sent. The 'null sender' was *deliberate* design, to prevent 'bounce of a bounce' messages, 'bounce of a bounce of a bounce', etc. Infected e-mail should be deleted, and a message sent to the sender that it was infected. If you can determine who the sender really is. Sending email messages to the forged email addresses that exist in the sender field of the bad email just results in more needless email traffic. The current email protocol provides no reliable way of validating the sender's email address. It has needed upgrading for about 15 years now. They need to standardize what is required in e-mail headers. Refuse any e-mail with an incomplete header, or with a faked domain name. If they can maintain a black hole list for renegade ISPs, they can maintain a database of valid E-mail domains. Not since last week, when the registry operator for the .com and .net domains installed 'wildcard' records that match a query for *any* *NONEXISTANT* domain. Earthlink delivers E-mail with no FROM: information in the header. If an ISP can't do this much, they need to go out of business. Since no ISP can do what you are asking, I'd rather keep the current "flawed" ISPs around for now, thank you. Chuck, WA3UQV I would rather they look into, and solve the problems. They need to learn how to do their jobs. They are supposed to be selling service, not excuses. Some things _cannot_ be done, without *completely* replacing the infra- structure. When this involves _millions_ of machines, that are *not* under any 'centralized' control, accomplishing such infrastructure 'replacement' is a matter of many _years_. And, until such time as *everybody* uses the new system, all the systems that _have_ upgrades must *still* be able to communicate using the -old- system, in order to send to, or recieve from systems that have _not_ upgraded. And, since the 'bad guys' will *not* convert to the new system, whereby they could be immediately identified, there is essentially *zero*benefit* to using the 'new' system -- until that point, *many* years down the road, when the 'old style' methodology can be turned off. How do you convince folks to adopt 'new and different' technology, *NOW*, that won't shoe appreciable benefits till, say, ten years down the road? You "don't know what you don't know" about how email is actually handled. |
Robert Bonomi wrote:
You "don't know what you don't know" about how email is actually handled. I do know that the entire e-mail system is a kludge of outdated bits and pieces of very simple software that were thrown in place with the belief that no one would ever abuse their crappy system. Guess what! They were morons, and the system is a piece of crap. As far as implementing new protocols, the longer they wait, the longer it will take to make the change. There should be little or no problems to implement a new system along side of the old one. Make it obvious at a glance that any e-mail address uses the new or old protocols, so you know which to send. Even better, develop better E-mail clients to automatically direct it to the proper system. If a user doesn't want to use the old protocol, they shouldn't be forced to. ISPs and other mail providers who refuse to implement new protocols would die off fairly fast, and it will be a moot point. Just like the planned changes to provide more IP addresses, the current E-mail and usenet delivery systems are broken, and all aspects of the internet, e-mail and usenet must be fixed before it collapses like a 75 year old piece of machinery that spends more time being welded back together or machining repair parts that haven't been made in 45 years., than turning out salable product. -- Michael A. Terrell Central Florida |
Robert Bonomi wrote:
You "don't know what you don't know" about how email is actually handled. I do know that the entire e-mail system is a kludge of outdated bits and pieces of very simple software that were thrown in place with the belief that no one would ever abuse their crappy system. Guess what! They were morons, and the system is a piece of crap. As far as implementing new protocols, the longer they wait, the longer it will take to make the change. There should be little or no problems to implement a new system along side of the old one. Make it obvious at a glance that any e-mail address uses the new or old protocols, so you know which to send. Even better, develop better E-mail clients to automatically direct it to the proper system. If a user doesn't want to use the old protocol, they shouldn't be forced to. ISPs and other mail providers who refuse to implement new protocols would die off fairly fast, and it will be a moot point. Just like the planned changes to provide more IP addresses, the current E-mail and usenet delivery systems are broken, and all aspects of the internet, e-mail and usenet must be fixed before it collapses like a 75 year old piece of machinery that spends more time being welded back together or machining repair parts that haven't been made in 45 years., than turning out salable product. -- Michael A. Terrell Central Florida |
Chuck Harris wrote:
Michael A. Terrell wrote: I do know that the entire e-mail system is a kludge of outdated bits and pieces of very simple software that were thrown in place with the belief that no one would ever abuse their crappy system. Guess what! They were morons, and the system is a piece of crap. Wow! For you to make a statement like that, you must have been quite a programmer back in the 1970s. How much of DARPANET did you implement? These guys invented an e-mail system where there was none before. The sheer fact that the system is still in common use 30+ years later shows me that these "morons" were pretty smart. How much of what you did in the 1970s is still in common use today? -Chuck, WA3UQV Either you're thick headed, or you just like to argue. The original software for E-mail, usenet and the backbone of the internet never anticipated the size it is today. Insecure protocols, limited addresses on networks that are running out, and not doing a damn thing to fix the problems. The information super highway is quickly turning into another two lane gravel road with big chuck holes that make it harder and harder to keep patched. I am sure none of the software I wrote years ago is in use anywhere. I was more involved in hardware, and 95% of my software was to test hardware that is obsolete. The rest was for personal use, and is long gone, too. Now, tell me, how do they access the internet on the ISS? Don't bother, I built part of the equipment. It provides a data and video system with a 20 MHz bandwidth on KU band. -- Michael A. Terrell Central Florida |
Chuck Harris wrote:
Michael A. Terrell wrote: I do know that the entire e-mail system is a kludge of outdated bits and pieces of very simple software that were thrown in place with the belief that no one would ever abuse their crappy system. Guess what! They were morons, and the system is a piece of crap. Wow! For you to make a statement like that, you must have been quite a programmer back in the 1970s. How much of DARPANET did you implement? These guys invented an e-mail system where there was none before. The sheer fact that the system is still in common use 30+ years later shows me that these "morons" were pretty smart. How much of what you did in the 1970s is still in common use today? -Chuck, WA3UQV Either you're thick headed, or you just like to argue. The original software for E-mail, usenet and the backbone of the internet never anticipated the size it is today. Insecure protocols, limited addresses on networks that are running out, and not doing a damn thing to fix the problems. The information super highway is quickly turning into another two lane gravel road with big chuck holes that make it harder and harder to keep patched. I am sure none of the software I wrote years ago is in use anywhere. I was more involved in hardware, and 95% of my software was to test hardware that is obsolete. The rest was for personal use, and is long gone, too. Now, tell me, how do they access the internet on the ISS? Don't bother, I built part of the equipment. It provides a data and video system with a 20 MHz bandwidth on KU band. -- Michael A. Terrell Central Florida |
Ed Price wrote:
At work, I am getting ZERO Swens. But at home, that's completely different. I have a cable connection through Cox, and I'm getting 75 to 100 Swens per day. (The first couple of days, I had over a hundred per day.) You guys got it easy. I'm still getting several hundred per day. I have my email program set to download every two minutes- only way to keep the server from bouncing good emails. Then my filters dump the garbage. Is this thing just local to radio-related usenet users? I'd think if it were global, you'd hear more news stories about it. |
Ed Price wrote:
At work, I am getting ZERO Swens. But at home, that's completely different. I have a cable connection through Cox, and I'm getting 75 to 100 Swens per day. (The first couple of days, I had over a hundred per day.) You guys got it easy. I'm still getting several hundred per day. I have my email program set to download every two minutes- only way to keep the server from bouncing good emails. Then my filters dump the garbage. Is this thing just local to radio-related usenet users? I'd think if it were global, you'd hear more news stories about it. |
"David Stinson" wrote in message ... Ed Price wrote: At work, I am getting ZERO Swens. But at home, that's completely different. I have a cable connection through Cox, and I'm getting 75 to 100 Swens per day. (The first couple of days, I had over a hundred per day.) You guys got it easy. I'm still getting several hundred per day. I have my email program set to download every two minutes- only way to keep the server from bouncing good emails. Then my filters dump the garbage. Is this thing just local to radio-related usenet users? I'd think if it were global, you'd hear more news stories about it. I noticed the Swen within a few hours of its start. I knew something must be up, because my company's IT admin had sent an 8PM notice of his intent to shut down the corporate email servers in ANTICIPATION of a net attack. (I gotta find out who he talks to!) As soon as I saw that slick graphic, I knew this was going to be a big deal. I watched the various TV newscasts over the next few days. Near total ignorance. And the few vague mentions seemed to confuse Swen with the earlier SoBig. As far as I could tell, all the major news outlets were at least 3 or 4 days behind the curve on the Swen attack. And even now, few mentions have been given to the one problem that is bugging me, and that's the simple byte volume that fills your mailbox till it gags. Anyway, it's only gonna be a short time till the next attack of whatever hits. And Swen will be down in the noise level, and almost as forgotten as Melissa. Ed WB6WSN |
All times are GMT +1. The time now is 03:36 PM. |
|
Powered by vBulletin® Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
RadioBanter.com