PlanetCrap 6.0!
Front Page (ATOM) • Submission Bin (2) • ArchivesUsersLoginCreate Account
You are currently not logged in.
T O P I C
With Outlook you're safe from... almost everything
May 16th 2000, 19:21 CEST by andy

According to this story from the BBC, Microsoft has announced that Outlook will be updated with security measures intended to reduce the threat from viruses.



The patch will by default prevent users from opening 37 different executable file types. It will also warn users when a program tries to access the Outlook address book and will set the default security mode to "restricted", disabling the scripting used by the ILOVEYOU virus.

One interesting quote from the story:

Microsoft was keen to point out that it was only limiting the functions within Outlook, not closing a security hole.

"Given the global impact of the ILOVEYOU virus and the growing threat of malicious hackers, we strongly believe we must take the unprecedented step of limiting certain popular functionality in Outlook to provide a significant, additional security option for our customers," said Steven Sinofsky, senior vice president of Microsoft Office.

"It's a rare occasion of Microsoft reducing functions to help defeat viruses," said Graham Cluley, a spokesman for anti-virus company Sophos, "It is surprising but it is good news."

Because the patch will still allow users to open Word .doc files it will not by default do anything to stop macro viruses such as Melissa.

In addition to welcoming the new patch, Graham Cluley of Sophos echoes the sentiment that has been put forward by the technical community:

Although the patches may stop some viruses spreading, Mr Cluley said, technology was never going to solve the problem once and for all.

More important, he said, was educating people to be more suspicious: "People need to practise safe computing."

The patch will only be available for Outlook, not the cut-down Outlook Express. It should be available within the next week. More information is available on the Microsoft web site.

C O M M E N T S
Home » Topic: With Outlook you're safe from... almost everything

|«« - Previous Page - Next Page - »»|
#1 by "Rantage"
2000-05-16 19:38:58
rantage@hotmail.com http://www.steelmaelstrom.org
<QUOTE>
The patch will only be available for Outlook, not the cut-down Outlook Express.
</QUOTE>

Brilliant.  Not only is Microsoft's solution half-assed, but so is its implementation.

<B>Microsoft:</B> Fueling Innovation, Litigation and Exploitation.<I><B></B></I><I></I><I></I>
#2 by "Jafd"
2000-05-16 19:40:02
jafd@whatthefuck.com
Uhm...... DUH.

Why not release another patch for Word at the same time that restricts .doc macros by default?

I guess those are too 'popular.' Whatever.

I'll say this though; MS is certainly a lot more sensitive these days. ;) Maybe, instead of splitting up the company, they can just strap a C4 package to Billy's ass and install the detonation button on Reno's desk.<I><B></B></I><I></I><I></I>
#3 by "El Asso Wipo!"
2000-05-16 19:53:32
dickcheese@hotmail.com http://www.bluesnews.com
The idOS !!  Is this the next big thing?

http://www.3ag.net/item_display.php/idos/1
#4 by "RedLine"
2000-05-16 20:09:43
redline@omegaforge.com http://www.omegaforge.com/pod/
Heh heh heh... you know, if people took the time to evaluate their applications instead of just using stuff that is laying around, this kind of thing wouldn't happen... there are alternatives to Microsoft e-mail packages, and those alternatives fortunately don't allow ActiveX controls to run in the backgound without you knowing, and they don't run attachements inline without asking you either... some of them even have a "preview" mode that let you see the raw text of an e-mail and totally ignore any attachements... who would have thought it, eh ?

But the security guys are right, the real answer is to educate people... but unfortunately there are a lot of people out there who use a computer on a daily basis and just about know how to switch it on... and for some reason, they don't <I>want</I> to <B>learn</B> how to use it, but they want it to "just work"... ookkkk...

These are the same kind of people that don't read the instructions for their new TV and VCR, then wonder why they set something up to record and they get a totally different program...

The point being, technology is complex... you don't have to be a "geek" but you should at least have some idea of what you are doing.

One of the people at Apple said that computers should be as easy to use as toaster ovens, and that really made me want to hunt him down and kick crap out of him... Dumbing down the computer to the point where it looses all its power and functionallity is NOT the answer... the answer is to educate people... and hopefully to shoot those people who refuse to learn. ;-)
#5 by "RandoM"
2000-05-16 20:12:40
random1@speakeasy.org http://www.clan51.com
I think blaming MS for email trojans is pretty damned ridiculous.

I could have just as easily written a bourne script, attached it to e-mail and sent it to 1000 UNIX geeks.  Any of them dumb enough to run the script would've been just as hosed.  Any e-mail client that supported execution of attachments ( many of them do ) would've been susceptible.  Even those that weren't, you could still save to disk and then execute script.  Whether I use a built-in address book, local passwd file, nis/nis+ passwd map, I can still automagically send out a copy of the email with virus payload to a ton of addresses, without you knowing it.... wintel, unix, doesn't matter.

People are blaming Microsoft for adding features to the product that were REQUESTED by many of their customers.

The only way to make software totally idiot proof is to remove all of its features.  Once it doesn't do anything at all, you don't have to worry about some dork blowing his foot off with it.
#6 by "None-1a"
2000-05-16 20:25:02
none1a@home.com
<QUOTE>The patch will by default prevent users from opening 37 different executable file types</QUOTE>

Wow 37 different types, um last I know thre where only five major types used by virues, com, bat, exe, vbs and what ever the hell Active X controls go under what the hell are the others doing in there. Also the simplets solution woulbe to restrict addressbook access only (we all still get our features but morons don't go speding this crap around).
#7 by "PiRaMidA"
2000-05-16 20:46:38
piramida@usa.net http://www.agsm.net
<b>#5</b> "RandoM" wrote...
<QUOTE>The only way to make software totally idiot proof is to remove all of its features. Once it doesn't do anything at all, you don't have to worry about some dork blowing his foot off with it. </QUOTE>

Yeah, it's all been said already (look for the LOVE thread earlier on PC); I recall many people have proposed that the best solution is to do the kind of thing MS is doing now - protect the dumb at least to some extent.

As for MS being targeted by virus-inspired flames - I also don't think that's fair, but they produce the most widely used OS and they are the only ones who can protect dummies which are honestly thinking that Windows equals PC (as in personal computer). Many people blindly rely on the OS to do all the stuff for them, and it's a good thing that MS is taking steps to protect people from possible fuckups.

(If I would be using Outlook as my working environment I might have been bitching about the impact on my productivity that this new restriction would introduce; luckily I'm not an Outlook user anymore, so what the heck).<I><B></B></I><I></I><I></I>
#8 by "PainKilleR-[CE]"
2000-05-16 21:18:46
painkiller@planetfortress.com http://www.planetfortress.com/tftech/
<b>#2</b> "Jafd" wrote...
<QUOTE>Why not release another patch for Word at the same time that restricts .doc macros by default? </QUOTE>

umm macros are disabled by default in Word...
#9 by "Serpwidgets"
2000-05-16 21:39:27
serpwidgets@hotmail.com http://people.ce.mediaone.net/serpwidgets/index.ht
<QUOTE>It will also warn users when a program tries to access the Outlook address book</QUOTE>

At least this will help keep something from being spread around.

Wow, 8 posts and nobody has yet claimed that this is an admission by MS that they had huge security holes. I'm impressed. ;-)<I><B></B></I><I></I><I></I>
#10 by "crash"
2000-05-16 22:00:03
crash@planetcrap.com http://www.gamecenter.com
Serp:
<i>Wow, 8 posts and nobody has yet claimed that this is an admission by MS that they had huge security holes. I'm impressed. ;-)</i>

two reasons, i think:

1. they denied it in the story
2. nobody believes a word that MS says anyway

so whether or not MS are admitting it or not is kind of irrelevant. if they did, or didn't, no one would believe them. :)
#11 by "Andy"
2000-05-16 22:08:30
andy@planetcrap.com
Can you imagine the flood of law suits is MS admitted to a security flaw in Outlook? Sheesh. Everyone hit by the love bug would be going after them.

I'd love to see Microsoft standing in court, waving an EULA at every lawyer on the planet and hoping it would hold water. Of course, if MS could put the case off until next year and have it heard in Virginia, they'd have a good chance of winning.

That's UCITA again. :)
#12 by "Bad_CRC"
2000-05-16 22:22:44
<b>#8</b> "PainKilleR-[CE]" wrote...
<QUOTE>umm macros are disabled by default in Word... </QUOTE>

ummm, since when?
 



_______________________________________
<i>"Every time I see Bill Gates or Steve Ballmer on television, spouting the Microsoft party line  about the 'freedom to innovate,' I can't help but think of Inigo Montoya in the movie the Princess Bride, saying "You keep using that word... I do not think it means what you think it means."</i><I><B></B></I><I></I><I></I>
#13 by "RedLine"
2000-05-16 22:33:58
redline@omegaforge.com http://www.omegaforge.com/
[5] RandoM

<quote>The only way to make software totally idiot proof is to remove all of its features.</quote>

Ummm, no.  What you do is <B>remove all the idiots</B>, not the features.

<quote>I think blaming MS for email trojans is pretty damned ridiculous.</quote>

Oh, but it isn't <B><I>just</I></B> e-mail trojans, it's all the security holes in Windows NT, Internet Information Server, ActiveX controls, FrontPage Extensions and all the other tools that Microsoft releases without reasonable testing.

The example I use is look at WinNT4... almost every piece of software these days <B>requires</B> Service Pack 3 to be installed... newer SPs are of course recommended, but they actually require Number 3.  What does this tell us ?  It tells us that up until SP3, NT was still a beta product... and MS were using the public to test their product, while claiming it was finished.

For UNIX... it is complex enough that anyone able to use it usually has the sense it takes to not run foreign attachements.  Usually.  In my experience anyway.

<quote>Once it doesn't do anything at all, you don't have to worry about some dork blowing his foot off with it.</quote>

As one famous security expert said (Paraphrased) "The only truly secure computer is one in a sealed room with no external connections, that no-one actually uses and has no software on it"

His point, I believe, was to hilight the emportance of educating users to not do daft things... on the one side, no software can protect against everything, but on the other, it can go a long way to help.

[8] PainKilleR-[CE]

<quote>umm macros are disabled by default in Word...</quote>

Actually they are not.  The dubiously named "Macro Virus Protection" option is <B>disabled</B> (Turned off) by default -- default being when you install Word for the first time.

And all the MVP does is pop a box up which asks the user if they want to run the macro or not... and the amount of times I have seen people just click the "yes" box without even reading the dialog is enough to let me know that the option has exactly zero value in the real world in any case.
#14 by "RedLine"
2000-05-16 22:38:14
redline@omegaforge.com http://www.omegaforge.com/
[13] RedLine

Oops... "emportance" should be "importance" and the line that goes "The example I use is look at WinNT4... almost every piece of software these days" should of course have "for Windows NT" inserted between the "software" and "these days" bit.

Just for the anal retentive amongst us. ;-)
#15 by "Bad_CRC"
2000-05-17 01:06:35
testing
#16 by "Rantage"
2000-05-17 01:15:32
rantage@hotmail.com http://www.steelmaelstrom.org
<b>#15</b> "Bad_CRC" wrote...
<QUOTE>testing </QUOTE>

Roger, roger, good test.  You're five-by-five, over.<I><B></B></I><I></I><I></I>
#17 by "RahvinTaka"
2000-05-17 01:59:44
donaldp@mad.scientist.com
<b>#4</b> "RedLine" wrote...
<QUOTE>
The point being, technology is complex... you don't have to be a "geek" but you should at least have some idea of what you are doing.

One of the people at Apple said that computers should be as easy to use as toaster ovens, and that really made me want to hunt him down and kick crap out of him... Dumbing down the computer to the point where it looses all its power and functionallity is NOT the answer... the answer is to educate people... and hopefully to shoot those people who refuse to learn. ;-) </QUOTE>

yay ... yet another one of these threads. Go back a few days to see eveyones opions on this idea. It basically came down to the following points. People are stupid, will not learn and will continue to do damage their own system and other peoples system. One skill of thought is "they deserve it, they are stupid". The other school is "reduce likelihood of these stupid people doing dumb ass things". I belong to the second school because these dumb asses also harm me. Others (Valeyard, Phil Scot and Serpwidgets) belong to other school.

now can we stop rehashing this over and over now that thats out of the way ?<I><B></B></I><I></I><I></I>
#18 by "Vengeance[CoD]"
2000-05-17 02:03:27
rhiggi@home.com
<b>#11</b> "Andy" wrote...
<QUOTE>Can you imagine the flood of law suits is MS admitted to a security flaw in Outlook? Sheesh. Everyone hit by the love bug would be going after them.

I'd love to see Microsoft standing in court, waving an EULA at every lawyer on the planet and hoping it would hold water. Of course, if MS could put the case off until next year and have it heard in Virginia, they'd have a good chance of winning.

That's UCITA again. :) </QUOTE>

Ok, thats enough teasing.  What exactly is UCITA praytell?

V<I><B></B></I><I></I><I></I>
#19 by "Vengeance[CoD]"
2000-05-17 02:03:34
rhiggi@home.com
<b>#11</b> "Andy" wrote...
<QUOTE>Can you imagine the flood of law suits is MS admitted to a security flaw in Outlook? Sheesh. Everyone hit by the love bug would be going after them.

I'd love to see Microsoft standing in court, waving an EULA at every lawyer on the planet and hoping it would hold water. Of course, if MS could put the case off until next year and have it heard in Virginia, they'd have a good chance of winning.

That's UCITA again. :) </QUOTE>

Ok, thats enough teasing.  What exactly is UCITA praytell?

V<I><B></B></I><I></I><I></I>
#20 by "Vengeance[CoD]"
2000-05-17 02:07:02
rhiggi@home.com
Sorry about the double post.  CrapSpy said I hadn't posted yet though I thought I did, so I tried it again.  Damn buggy software.  I want my money back, and no I won't be fooled into "store credit" like last time.

V<I><B></B></I><I></I><I></I>
#21 by "McGrew"
2000-05-17 02:07:21
mcgrew@famvid.com http://TheFragfest.com
I had a quote up last week by some security guy whose name I can't remember (sorry), who said "Outlook Express is a security hole that can also be used as an email client".

At any rate, there are two things wrong with Microsoft products: One, everybody uses 'em. Write a virus for Intel and 95% of PCs are vulnerable. Two, microsoft products make swiss cheese look solid.

My wife had to get Word Perfect for school, and I'm happy with it (considering I usually use notepad). It reads and writes Word files like a native, as well as a lot of other file types including (bad) HTML. Word viruses can't touch me.

Use Outlook Express? That's an invitation to trouble! I'm glad they finally implimented changing those defaults, though. You can't expect somebody who just bought a PC last week (yes, there still are some) to know jack about security, especially when windows gets rid of the ugly door locks on your new home.

When you sell a PC or any other weapon, <b>please</b> make sure the customer knows how to use it safely! It's up to you minimum wage sales clerks to educate the public!

...and it's up to the news media to sensationalize it and make matters worse.

-Steve
#22 by "McGrew"
2000-05-17 02:10:03
mcgrew@famvid.com http://TheFragfest.com
The UTICA is a consumer's nightmare and a software salesman's dream.
#23 by "None-1a"
2000-05-17 02:15:26
none1a@home.com
Vengeance[CoD] I posted a link in one of the id ELUA threads about the UCITA, it's worth a read to see what the BSA has in store for you.

And Andy in Virgina MS could sue every moron that spred Iloveyou for improper use of the software, ot at the very lest take away there right to use outlook and clam all of there e-mail was the property of Microsoft. See fun for all :)

O and for any one that missed it the article on UCITA can be found <a herf="http://www.zdnet.com/zdnn/stories/bursts/0,7407,2459882,00.html>here</a>
#24 by "None-1a"
2000-05-17 02:16:24
none1a@home.com
Vengeance[CoD] I posted a link in one of the id ELUA threads about the UCITA, it's worth a read to see what the BSA has in store for you.

And Andy in Virgina MS could sue every moron that spred Iloveyou for improper use of the software, ot at the very lest take away there right to use outlook and clam all of there e-mail was the property of Microsoft. See fun for all :)

O and for any one that missed it the article on UCITA can be found <a herf="http://www.zdnet.com/zdnn/stories/bursts/0,7407,2459882,00.html">here</a>
#25 by "None-1a"
2000-05-17 02:17:34
none1a@home.com
Ok well that didn't work right, the article is here

http://www.zdnet.com/zdnn/stories/bursts/0,7407,2459882,00.html
#26 by "Serpwidgets"
2000-05-17 02:29:20
serpwidgets@hotmail.com http://people.ce.mediaone.net/serpwidgets/index.ht
<b>#17</b> "RahvinTaka" wrote...
<QUOTE>One skill of thought is "they deserve it, they are stupid". The other school is "reduce likelihood of these stupid people doing dumb ass things". I belong to the second school because these dumb asses also harm me. Others (Valeyard, Phil Scot and Serpwidgets) belong to other school. </QUOTE>

Huh? I agree with both of the above mentioned schools of thought. They are by no means mutually exclusive. Excuse me while I spit out the words you shoved into my mouth. :P<I><B></B></I><I></I><I></I>
#27 by "Vengeance[CoD]"
2000-05-17 02:45:40
rhiggi@home.com
<b>#23</b> "None-1a" wrote...
<QUOTE>Vengeance[CoD] I posted a link in one of the id ELUA threads about the UCITA, it's worth a read to see what the BSA has in store for you.

And Andy in Virgina MS could sue every moron that spred Iloveyou for improper use of the software, ot at the very lest take away there right to use outlook and clam all of there e-mail was the property of Microsoft. See fun for all :)

O and for any one that missed it the article on UCITA can be found <a herf="http://www.zdnet.com/zdnn/stories/bursts/0,7407,2459882,00.html>here </QUOTE>

OMG, thats more than a little scary.  I hate it when the technical "have nots" make the technical decisions, but thats just ridiculous.  Thx for the link btw.
Theres two ways to look at that though None-1a:
Hell, in Virginia MS could charge extra for systems "equiped" with the ILOVEYOU "feature."   What 'cha goina do, we never said it would work right?  Sure we have an add on for that feature that fixes any bugs might have present with it, but its gonna cost you.....

V<I><B></B></I><I></I><I></I>
#28 by "VeeSPIKE"
2000-05-17 03:02:48
appliedavoidanc@triton.net
<b>#21</b> "McGrew" wrote...
<QUOTE>Use Outlook Express? That's an invitation to trouble! I'm glad they finally implimented changing those defaults, though. </QUOTE>

Well, they haven't released the patch yet, and it will not be for Express, only Outlook.<I><B></B></I><I></I><I></I>
#29 by "McGrew"
2000-05-17 03:09:45
mcgrew@famvid.com http://TheFragfest.com
The patch to Outlook Express is called "a different mail client that microsoft didn't write.".
#30 by "McGrew"
2000-05-17 03:12:12
mcgrew@famvid.com http://TheFragfest.com
<a href="http://http://www.zdnet.com/zdnn/stories/news/0,4586,2569930,00.html" target="spitshit">Here's</a> a better link than the BBC's story
#31 by "McGrew"
2000-05-17 03:14:48
mcgrew@famvid.com http://TheFragfest.com
<a href="http://www.zdnet.com/zdnn/stories/news/0,4586,2569930,00.html" target="dammit"let's try that again.../a>
#32 by "McGrew"
2000-05-17 03:16:19
mcgrew@famvid.com http://TheFragfest.com
<a href="http://www.zdnet.com/zdnn/stories/news/0,4586,2569930,00.html" >DAMMIT</a>
#33 by "None-1a"
2000-05-17 04:28:24
none1a@home.com
yeah I guess they could do that, but it's a hell-of-a lot more fun to thing that MS would take all the e-mail any one sent or reviced using outlook, which would of course include the virus. There are a lot of direction you could take using the UCTIA, for example a game company gets a bad review because of buggy software can demand that every copy of the magazine be recalled and new copys printed that do not have comments on the bugs (remember the UCITA makes it a violation of the agreement to point out bugs publicly).

O and just in case any PC readers happen to live in Virgina grab the phone right now and demand that the UCITA be droped (you still have time it doesn't go into effect untill next year)
#34 by "G-Man"
2000-05-17 04:55:06
jonmars@shiftlock.org http://www.shiftlock.org
<b>#33</b> "None-1a" wrote...
<QUOTE>remember the UCITA makes it a violation of the agreement to point out bugs publicly</QUOTE>
I interpreted (correctly I think) bugs to refer to exploits or loopholes. Not that that would mitigate the severity of the law.

 - [g.man]<I><B></B></I><I></I><I></I>
#35 by "Andy"
2000-05-17 05:00:58
andy@planetcrap.com
<b>#33</b>, None-1a:
<QUOTE>
(remember the UCITA makes it a violation of the agreement to point out bugs publicly)
</QUOTE>
Not quite. It allows licensing contracts to include a clause that prevents exposure of faults, and it makes that clause enforceable.
#36 by "None-1a"
2000-05-17 05:21:14
none1a@home.com
Andy yes I know it makes it a clause that can now be used and enforced, but you also have to look at the fact that most companies create buggy software do it time and time again and these companies are the ones most likly to use the clause.

G-Man yeah I would agree that it's intended to stop the loophole report with no fix thing but the UCITA doesn't say loophole's or security problems it's says bugs in general, which would need a suite to be filled to narrow the term bug down to loopholes only, combined with other wording that makes it nearly impossible to win a case this could be a problem.
#37 by "Jowr"
2000-05-17 07:09:11
Jowr@sdf.lonestar.org http://n/a
[Sup painkiller? You know me, actually :)]

I love Eudora pro. No love bug crap, no activeX shit, nothing M$ except the DLLs (Id chuck windows but halflife wont run worth crap on linux)

If you dislike outlook, piss on it and use PINE or eudora! Get an old version of eudora, or use your ISP's shell (get off AOL, it doesnt offer a shell).
#38 by "Phil Scott"
2000-05-17 07:32:47
phil@enkafan.com http://www.enkafan.com
From <a href="http://www.theregister.co.uk/000511-000024.html">theregister</a>:

<quote>US Congressman Anthony Weiner (Democrat, New York) blasted the anti-virus software industry for being humiliated by the Love Bug in a five-minute tirade during House Science Subcommittee hearings this week.

"There's an industry here that's come up to deal with viruses, and this looks to me like a ground-ball virus. Frankly, this is an utter, abject failure of an industry that has sprung up to deal with these types of things," Weiner told anti-virus outfit McAfee's Sandra England.

But that was just a warm-up. He next cast doubt on the damage estimates, implying that they're deliberately inflated by the industry to increase interest in protective software. "I mean the numbers here are little bit absurd, you know, 'billions'. We don't know how much it cost; it might not have cost anybody anything," he observed dryly.

Progressively working himself up with his own rhetoric, he turned openly sarcastic. "A teenager in the Philippines whips the McAfee company so badly that you come before Congress and say, 'hundreds of millions of dollars in damage has been done, because, oh, we were so surprised it came across Outlook Express. We were shocked [to see that] it looked like Melissa...'"

"It isn't going to get any easier than this. I mean, [virus authors] aren't going to knock on your door with a disk [in hand] and say, 'this virus is going out on Monday morning,'" he said scornfully.

He hammered England relentlessly. "You're supposed to deal with viruses. What form do [viruses] usually come in? An announcement? A memo? They come in the form of something that you've got to anticipate from past experiences."

And then the kicker: "Why did your stock prices go up after this?" </quote>

The best part is they close the article by saying that microsoft is to blame.  Gotta love theregister...
#39 by "Phil Scott"
2000-05-17 07:49:54
phil@enkafan.com http://www.enkafan.com
why you gotta be playa hating me too, RahvinTaka?

My school of thought is that even dumb users knew enough to have virus scanners, and their network admins get PAID not to be dumb and protect their users so they also had virus scanners running on their servers.  WHICH SUCK ASS, and microsoft takes the fall.

I saw some numbers last week (sorry I can't link, so take my memory for what its worth) that said that 30% of corporate users got hit and 5% of home users got hit.

When I think of the stupid users harming themselves I think of the home users.  Granted, these stupid users from home have a job (unless they are really, really stupid of course), but they go into an enviroment where a company has probably forked over $1000 plus on virus scanning software and $100,000 a year on technicians to keep these stupid users from costing the company more.  

I'm probably on 10 people's contact list on my home account.  At work, I'm on 100+.  At school I'm on 2000+.  Work and school have large amounts of money invested in server side virus protection that rolled right past it, onto the servers then to me.  2 days straight of the damn thing.  You'd think after, oh, 30 minutes these highly paid network admins and virus protection professionals could have kept the stupid users from gettings the virus by oh, filtering any message with a .vbs attachment or updating their virus scanning software.

Limiting the software won't protect the user.  Its wonderful that microsoft now brings up a message that tells you when your address book is being opened.  But I bet you that if you are on a corporate network (which was largest hit), you have some sort of database.  Which probably stores an e-mail address.  It's relatively easy to go through every database on your harddrive looking for e-mail address.  And you know anyone who would open this virus also makes it quiet easy for themselves to open a password encrypted database because they can't remember the password.  

So with this you can do two things.  Corrupt a database (which is a hell of a lot more important than fucking .dlls and .mpgs) and propagate farther.  Don't tell you I didn't warn you, this will happen within a year.  

And people will scream "why did microsoft make it so easy to connect to a database, its so insecure!" while the virus scanner sits there with your 50 dollar check for their software and a thumb up their ass watching their stock go up.
#40 by "Phil Scott"
2000-05-17 08:31:46
phil@enkafan.com http://www.enkafan.com
here's a list of extension's this patch updates, along with a link.  I'm glad to see I'm protected from the deadly photoCD virus.

ADE Microsoft Access Project Extension
ADP Microsoft Access Project
BAS Visual Basic® Class Module
BAT Batch File
CHM Compiled HTML Help File
CMD Windows NT® Command Script
COM MS-DOS® Application
CPL Control Panel Extension
CRT Security Certificate
EXE Application
HLP Windows® Help File
HTA HTML Applications
INF Setup Information File
INS Internet Communication Settings
ISP Internet Communication Settings
JS JScript® File
JSE JScript Encoded Script File
LNK Shortcut
MDB Microsoft Access Application
MDE Microsoft Access MDE Database
MSC Microsoft Common Console Document
MSI Windows Installer Package
MSP Windows Installer Patch
MST Visual Test Source File
PCD Photo CD Image
PIF Shortcut to MS-DOS Program
REG Registration Entries
SCR Screen Saver
SCT Windows Script Component
SHS Shell Scrap Object
URL Internet Shortcut (Uniform Resource Locator)
VB VBScript File
VBE VBScript Encoded Script File
VBS VBScript Script File
WSC Windows Script Component
WSF Windows Script File
WSH Windows Scripting Host Settings File
<I><B></B></I><I></I><I></I>
#41 by "Phil Scott"
2000-05-17 08:36:28
phil@enkafan.com http://www.enkafan.com
my posting extavaganza continues!

I use pine so I'm invincable?

a possible vulnerability that causes pine to execute arbitrary shell scripts included inside HTML files attached to emails: <a href="http://www.securiteam.com/exploits/Pine_remote_exploit_source_code_released.html">HHP-Pine remote exploit</a>

there is a patch to fix this I believe, but I luckily don't use pine so I don't have to worry.  <I><B></B></I><I></I><I></I>
#42 by "Phil Scott"
2000-05-17 08:39:36
phil@enkafan.com http://www.enkafan.com
someone should exploit the security hole in word that lets you use their spell checker in other apps and put it into crapspy.  it sure would make me look a lot less stupid at the wee hours of the night.<I><B></B></I><I></I><I></I>
#43 by "Seth Krieg"
2000-05-17 08:44:01
sdk@rosenet.net http://ihavenohomepage
The point I was trying to make in the other thread is totally vidicated with the MS press release. Computer virus' can't be stopped, but the means, transportation, and communicabity can. The later of those three were all MS responsibilites in this instance, if a virus exploited another well known program, say for instance (*chuckles*) Lotus notes - I would be hanging them out to dry. Which collides headon  directly with my initial post that Vale (and Phil) took exception to, the damage this virus has done can be directly attributed to the Microsoft monopoly in the home computer market.

Sure, gaming industry's practical side will tell you splitting MS up is a real bad thing  because they've <i>been getting better</i> and the system will be diluted - and I whole heartedly concur. But this system would have been much, much farther along today if we had 6 different OS companies MS had sublicensed using the same baseline operating structure and each making various improvements and the consumer would be inherintly more educated, because in the end - if Joe Consumer <b>has the option to</b> he will look for that ZDNet 5 star rating on the package he buys. When was the last 5 star MS operating system? Win 3.1?  This is where the beauty linux users find in their OS that anti-linux people don't: Choice is a good thing. You can, as I write this - walk into Wal-Mart and pick up 2 differen't kinds of Linux off the shelf, Turbo and Redhat. And it <i>actually matters</i> which one you buy because one has more functionality. But every single piece of software will run on either.

But the 'discouragement factor' MS used, and still uses is a cornerstone to this arguement, whether you want it to be or not.
#44 by "Phil Scott"
2000-05-17 09:12:46
phil@enkafan.com http://www.enkafan.com
I'll admit this; I don't know a damn thing about linux and I'm looking to learn.  So I go download the newest version of mandrake linux, which our head technical trainer at my company said was the easiest to get started with.  The vast majority of users if they had a choice would listen 1) to what their friends say is good 2) what they've heard of 3) what costs the least/most (depending on their finincial theories work).  I went with what my friends say.  I would have gone with red hat but I was told this version was red hat + easier to install.  I don't have the time nor do I care to learn about the different distros of linux and which one is perfect for me.  I

My point which probably seems unrelated to the previous story is that most users are going to buy a computer from gateway, dell, micron (if they even make machines still), or whoever has the neatest ads on tv.  I'm pretty sure a new computer user won't go to their friends house and log on to zdnet to find out which version of windows would be the best, they'd take gateways word for it.  And once gateway and dell have their distros, they become the defacto standard except some fringe users who don't use it because everyone else does.

The damage done is cause by the monopoly.  But I'll stick with my stupid highway anology from the other thread.  Everyone uses the highways (windows), and everyonce in a while a trucker falls asleep at the wheel or a drunk takes out a school bus (malicious l33t hax0rs).  You don't blame the highway for allowing many cars to go quickly from one place to another (outlook sucks).  You blame the trucker for falling asleep or the drunk for driving.  Sure there are some fringe users who take side roads everywhere and chuckle at people getting in wrecks on the expressway (*nix users), but most drivers don't know roads well enough to find their way on side streets (newbies).  You don't destroy the highway or put up speed bumps everywhere (cripple outlook, windows), you stop drunk drivers by better measures at the bars and harsh fines (antivirus and/or government intervention).  Sorry about the all the notes, but rereading my analogy made me realize it was really poorly written and needed explaining.

I wouldn't be surprised to see some sort of world wide policing organization develope because the internet crime demands it.  <I><B></B></I><I></I><I></I>
#45 by "RahvinTaka"
2000-05-17 10:16:54
donaldp@mad.scientist.com
<b>#44</b> "Phil Scott" wrote...
<QUOTE>The damage done is cause by the monopoly. But I'll stick with my stupid highway anology from the other thread. Everyone uses the highways (windows), and everyonce in a while a trucker falls asleep at the wheel or a drunk takes out a school bus (malicious l33t hax0rs). You don't blame the highway for allowing many cars to go quickly from one place to another (outlook sucks). You blame the trucker for falling asleep or the drunk for driving. Sure there are some fringe users who take side roads everywhere and chuckle at people getting in wrecks on the expressway (*nix users), but most drivers don't know roads well enough to find their way on side streets (newbies). You don't destroy the highway or put up speed bumps everywhere (cripple outlook, windows), you stop drunk drivers by better measures at the bars and harsh fines (antivirus and/or government intervention). Sorry about the all the notes, but rereading my analogy made me realize it was really poorly written and needed explaining. </QUOTE>

There is one significant problem with your analogy. One trucker can not take out 90% of the highways in the world within hours. Now if they could do that then I would choose to fly instead.<I><B></B></I><I></I><I></I>
#46 by "Seth Krieg"
2000-05-17 10:41:44
sdk@rosenet.net http://ihavenohomepage
Phil: I disagree with your point about 'logging on, going to ZDNet', mostly because you seemed to be confused about the point I was making. :)

Example: Warcraft II is the game that made me a hardcore RTS player - why? Because stamped on the front of the box was a quote with "Game of the Year" on it. Since then, this tactic has made Blizzard, Westwood, and Valve absolutely <b>insane amounts of money</b>. Why? Because the choice was made very clear to the consumer that they were better than the rest, and they had legitimate sources to back them up. Every damn person I've ever met has either heard "Warcraft II was awesome" or think Half Life "is one of the best games ever made." Not just because <i>they</i> thought it was, but because damn near <i>everyone</i> thought it was was. Tell me, when was the last time WinAnything had "of the year" on it?

And no, Age of Kings doesn't count.

If I walk into store to buy a drill, one drill is advertised "drill of the year by these publications" and the other drill isn't, guess what drill I'm going to buy? I don't want to spend 2 hours looking around online for reviews of a drill, to see if drillx will suit softer wood better than drier wood. I just want a good drill. This is the mindset our time strapped civilization has; and civilization rules, my friend. You spend hours a day on your computer, I spend hours of day on my computer, but that still doesn't give me enough time to educate myself about the correct way to walk through a door, get in my car and drive to work. Some things people just wing in life, and to a lot of people computers are one of those things that just can't afford a lot of to intimately know.
#47 by "Darkseid-[D!]"
2000-05-17 12:06:47
Darkseid@captured.com http://www.captured.com/boomstick
regards the comments about system admins.....

Unless youre doing that for a living, you have no concept of just how bad the workload can be.

Its all very well to say they should be on top of every virus and alter the mail server. In practicality, not a fucking hope.  Often by the time you learn about the virus, youve been hit by it and the users are merrily spreading it as fast as they can.  Keeping patches and service packs up to date on 200+ machines, whilst keeping them all running is heartbreaking at times. Even more so when you have to deal with idiot users willfully doing stupid things (like cramming cds in between gaps in the blanking plates).

Fortunately I put in heavy hours and put Murphy plans into place. Murphy plans being contingency planning for _any bad shit_ that I can dream up.  Result ?  The 200 odd systems I look after personally still use Lotus notes, reject various attachments and could view the .vbs but not execute it (wouldnt let them save it either).  The other side of the company (with 20 staff to just me) got slaughtered and screamed at users over the PA whilst killing their lovely exchange and msmail system.

To use an analogy, a virus outbreak is like being punched from behind. Theres no real way you can anticipate it or see it coming, you just learn to roll with it so you take minimal damage.

oh and my companies estimate for lost productivity is a few thousand. Nearly all of thats on the other side of the company .... my side kept on quite happily ;)

Ds
#48 by ""
2000-05-17 13:14:57
Phil: just compare hackers to people thast throw big rocks on your highway...
sure... it's their fault, but I prefer driving under bridges with high railings, so that dumb kids can't throw rocks from them...
maiking changes to the bridge wouldn't change tha highway at all. Also it would be helpful to tell users when they are driving under well-known drop-off points, so that they can slow down if they care...

Redline: I myself am only starting with linux, but would your script do that much damage with me accessing my mail as a simple "user", not as "root". Even then, I should have to think(!!) about what to do with an attachment in bourne... .Exactly that is the problem with Outlook Express,etc...the programs try to take care of the thinking the user should do.
This is a nice way to educate people;-)

Seth ( d_k_denz@hotmail.com)
#49 by "VeeSPIKE"
2000-05-17 14:17:21
appliedavoidanc@triton.net
<b>#46</b> "Seth Krieg" wrote...
<QUOTE>If I walk into store to buy a drill, one drill is advertised "drill of the year by these publications" and the other drill isn't, guess what drill I'm going to buy? I don't want to spend 2 hours looking around online for reviews of a drill, to see if drillx will suit softer wood better than drier wood.</QUOTE>

If you are buying things just because of labels on the boxes, and not any other criteria, you deserve what you are going to get. Using your drill, lets say that while the magazine called it the "Drill of the Year" they also put a little paragraph in the review that says the motor in the drill heats up under hard use, and may seize from the heat. They then say that if your job requires prolonged use, you might be better served by another drill.  You, who buys the drill because of the sticker, take the drill home and start building your house or whatever. After drilling through four or five 2x6's, the motor seizes, and now you have paperweight of the year. You didn't do your homework, and got stung. Who's fault?<I><B></B></I><I></I><I></I>
#50 by "RedLine"
2000-05-17 14:46:14
redline@omegaforge.com http://www.omegaforge.com/pod/
[49] VeeSPIKE

Amen brudha... It's like the amount of magazines that give "Editor's Choice" to a graphics card this is either an ATi or a Matrox... sure ATi has great DVD playback and sure Matrox have by far the best image quality... but... they aren't exactly the best gaming cards on the market, and so the "Editor's Choice" award does not really reflect a truly well-rounded product (Cards before the ATi Rage Fury and Matrox G400 were total dogs at 3D... at least those two are a lot better)  And if you are buying your graphics card specifically for gaming, and go with an "Editor's Choice" award from my example, then you are gonna be pretty upset.  Of course that's not true of all magazines, but how are you gonna know what's what unless you read up about it...

It's like, if you are gonna drop two grand or more on something, you have to be pretty crazy to accept on faith someone elses judgement... for a start they could just be plain wrong, and even if they are "right" -- It might only be "right" from their perspective... you might have totally different needs and goals... but unless you understand a little about how a computer works, you are never going to be able to judge correctly what you need to buy to take care of your needs.
C O M M E N T S
Home » Topic: With Outlook you're safe from... almost everything

|«« - Previous Page - Next Page - »»|
P O S T   A   C O M M E N T

You need to be logged in to post a comment here. If you don't have an account yet, you can create one here. Registration is free.
C R A P T A G S
Simple formatting: [b]bold[/b], [i]italic[/i], [u]underline[/u]
Web Links: [url=www.mans.de]Cool Site[/url], [url]www.mans.de[/url]
Email Links: [email=some@email.com]Email me[/email], [email]some@email.com[/email]
Simple formatting: Quoted text: [quote]Yadda yadda[/quote]
Front Page (ATOM) • Submission Bin (2) • ArchivesUsersLoginCreate Account
You are currently not logged in.
There are currently 0 people browsing this site. [Details]