tiger... from what i understand zip files cannot autoexecute w/out premmision, or is it that they cannot run executable after the self-unzip w/ out premmssion... but in my experience it's one or the other...
i know arj can though...
Printable View
tiger... from what i understand zip files cannot autoexecute w/out premmision, or is it that they cannot run executable after the self-unzip w/ out premmssion... but in my experience it's one or the other...
i know arj can though...
You download an update for a driver for, lets say, a Dell. It will be a compessed file. You double click it, you may get a the *** directory does not exist prompt but after you confirm it will install. Giving the normal licence agreement and directory install info.
Replace that driver with malware, you are stuffed. Cuz you just acivated it.
One case where I have seen a "need" to send exe files via email is in a real-estate client of mine. It seems like EVERY lender/mortgage company has their own proprietary format for closing packages, and they email the viewers to the people who need them. This obviously could be handled in a better way, but this is the only time I've ever seen a need for exes. In the case of this client, exes are blocked, and I had to have the lenders send the viewers to me and I put them up on a webserver of my own to get them on the company network. Much safer. I think exe's should be disabled for all but admin, except of course in special situations that warrant them, but I would assume those are few and far between. This atleast allows someone with a bit of sense looking at the files. The added work would FAR outweight the work that would have been spent cleaning up a virus.
I don't have many virus encounters via email....they're all filtered for the most part. I'm afraid the days of 'don't open the email you won't get infected' have come to an end...you can now get a computer virus by simply clicking on a link.
In my opinion, spy-ware and ad-ware are the more prevalent problem, half the time they
're even harder to remove then acutual virii or worms.
I agree with that approach of limiting a person being able to download exe's. It seems to get down to how much a company is willing to spend upfront for the additional server or software and/or any additional training for personnel.Quote:
Originally posted here by zENGER
I think exe's should be disabled for all but admin, except of course in special situations that warrant them, but I would assume those are few and far between. This atleast allows someone with a bit of sense looking at the files. The added work would FAR outweight the work that would have been spent cleaning up a virus.
Companies I have seen don't feel the extra cost is warrented. But they don't understand not taking approaches like yours could cost them more in the long run.
Slightly off topic but curious what kind of viewers are being sent?
That doesn't seem like a good idea. If they start doing this then we'll start seeing false positives, etc. The AV's might be deleting files that you need. You can't tell your AV to go trigger happy, that's not the way to fight virii...Quote:
It doesn't seem like there are really "new" virii being produced as much as variations of ones that are already in the wild. Maybe they should stop looking for such specific stuff and generalize a little more in the definitions.
Hey Hey,
The problem with blocking executables is that it's a pretty big decision to be made... and it's a security decision... You need a top down commitment... find a non-IT manager that's going to say, sure.. block that attachment type.. It's not going to happen very often. So the CIO makes the decision to have executable files stripped from the emails... you implement it and send it out.. but the first time the President finds a cool little game that he wants to pass along (perhaps the whack-a-mole that was a netbus carrier?)... you're toast.. the policy is gone...
I think it's a pretty big jump to take in a company as a first step... unless it's a new company being built with the correct policies in place from the get go.
A better policy (to start with) may be the stripping of incoming emails with executables.. This way employees that insist on transfering .exe by email can still do it (to each other). At work we can't even email our access databases (my boss uses access still), we need to rename them.
Email should have a set of standard implementation guidelines
1. Filter at a minimum incoming executable attachments (exe, com, bat, vbs, etc).
2. Ensure virus and spam filtering before it reaches the client --> This can be accomplished freely using tools like Fluffy the SMTP Guard Dog which can run directly on the mail server. DNS Blacklists are vital too.
3. Convert all HTML emails to plain text at the server level... I'm unaware of freeware tools that do that.. but Policy Patrol Enterprise is capable of it.
4. Limit email size.. (where possible)... I can send 10MB attachments... and there's really no need for that (in my opinion).. If files that size need to be exchanged you can have share point, a file share or a simple web portal.
5. User Education... I'd love to see a social engineering test ran against my place of employment... There's no user training on end results.. It's pretty ridiculous..
Anyways... viruses are coming faster... and it's a matter of user being smarter. that's the only way to protect against them..
I'm just kind of curious and want to pose the quesiton to ams2d as to why he (she) thinks that larger companies are better suited to deal with these outbreaks. They rely on the same AV vendors that everyone else uses... Just a question to throw out there..
Now i'm off to finish studying for my CCNP3 Multi Layer Switching test.. yay! for VLANs, STP and InterVLAN Routing.
Peace,
HT
I don't allow email to be downloaded onto my pc at home, intenet email only. I've never had an email virus on the machine.
At work we have a Borderware MXtreme box scanning email, it seems toi do a good job, no viruses since I started (7 months).
I'm starting to think that a home users machine should be monitored at the ISP end. If it is detected as spewing viruses, spam etc it should be blocked off the network until it can be shown to be clean. Same for business PCs.
It wouldn't be popular and it's probably not that feasable but it would get the users motivated to clean up and possibly get a clue about what goes on inside those beige boxes.
Well lets say even if every ISP started doing something about every computer actively scanning other machines... this would be good agianst some current worms and trojans mass exploiting every machine it comes into contact with but what will that mean for the user?
Well for starters your average worm will be very destructive I mean considering the down-time would clearly increase. So besides the fact that I'd imagine what a great problem this would be network wise but lets consider the fact that malware most likely won't stop but slow down just enought to go un-noticed. People would really need to re-think network aware malware... thats all.
In my experience...since we have filtered the .exes out...we have greatly reduced email viruses...
There really is no need to transfer exes via email.....IMHO of course
As for zencoder....hahahahahahaha...LOL
...I can totally relate...... :rolleyes:
MLF