[Esa-l] Outgoing Mail

Hisashi T Fujinaka htodd at twofifty.com
Tue Aug 14 01:17:15 PDT 2001


If you're calling other people wrong for being careful, you're being naive
if not stupid.

Consider a certain large chip manufacturer who had the same feeling you
do. They can download patches to their users when the users log on. They
thought their filtering rules on their internet firewall were good
enough to keep the users from getting infected.

Many of the users are called "road warriors" who carry laptops home or,
more usually, or on their many business trips. All a user has to do is to
plug the laptop into a network that isn't quite filtered to get hit by a
virus like Code Red. And so it happened. This chip manufacturer had to
shut down all their web access, and for a time all their internet access,
because they were hit by Code Red.

Now I can think of ways to get email to someone that has a laptop. Also,
remember viruses that propogated through floppy disks? What about a combo
virus that uses floppies and email?

Remember, a clever virus writer can bypass the antivirus program long
enough to hit all your sites. If you happen to be on the head end of
an outbreak, you could be the one everyone is pointing at.

And don't tell me your outbound mail server is so weak that it can't
handle the extra load.

On Mon, 13 Aug 2001, Lee Howard wrote:

> At 04:50 PM 8/13/01 -0500, Floyd Pierce wrote:
> >-----Original Message-----
> >From: Lee Howard [mailto:faxguy at deanox.com]
>
> >>And if we cannot assume that our users are clean, then wouldn't it be
> >>better to nip the problem in the bud rather than somewhere downstream?
> >
> >Good idea. How?
>
> Any desktop system with any internet connectivity should be running and
> updating antivirus software.  True, that doesn't give us 100% certainty
> against being infected because we may get infected via downloads or webmail
> (for example) before the signature is added to the definitions, but it's
> pretty darn close.
>
> To utilize an outbound mail filter in lieu of an antivirus program running
> on the desktop is absurd.  And, my orignial comments were to say that IMHO
> to run an outbound mail filter in addition to an antivirus program running
> on the desktop is obsessive and wasteful in exchange for the very small
> degree of added security it gives us.
>
> Filtering incoming mail is a whole different issue, yet there's still a
> small degree of insecurity, because an attachment may arrive, not being
> poisoned, the recipient may defang it and may still get infected.
>
> I seem to get the impression that people believe this degree of insecurity
> to be less than the insecurity posed by very new viruses in webmail or
> wherever.  Filtering outgoing mail is not so much wrong as it is wastefully
> guarding users against their own stupidity.


-- 
Hisashi T Fujinaka - htodd at twofifty.com
BSEE (6/86) + BSChem (3/95) + BAEnglish (8/95) + $2.50 = mocha latte



More information about the esd-l mailing list