[Esd-l] Filename mangling
Mark_Saunders at piucorp.com
Tue Jun 25 10:00:02 PDT 2002
This is a copy of an old posting which you may find useful.
[Esd-l] Re: web page for infected unsophisticated user?
Thu, 20 Dec 2001 11:51:20 -0500
Matt McNamara <mmcnamara at emed.com>
esd-l at spconnect.com
I've found the "Home Network Security" document at CERT to be a good
starting point for unsophisticated users. It answers many common
security questions including ones pertaining to viruses, worms and
CERT also has a page with "Computer Virus Resources" which makes another
good starting point.
Here is a good link from Symantec, obviously tilted towards Norton
What is the difference between viruses, worms, and Trojans?
I usually point inquisitive people to the CERT "Home Network Security"
document and the Symantec Antivirus Research Center http://www.sarc.com .
Hope you find these links useful.
> Does anybody know of a good web page that describes what email worms
> are, how you get infected, and how you clean up afterward, written at
> the level of the very casual (unsophisticated) computer user?
> One person who got a bounce notice contacted me. I suggested she get
> AV software. She just wrote back and said that it reported she was
> infected by seventeen (!) viruses.
> I'm spending more time than I really want to writing polite,
> informative replies to people who contact me and don't know what's
> going on. I'd like to be able to direct them to a website, if one
> already exists, for the bulk of the information they should have.
> John Hardin KA7OHZ ICQ#15735746 http://www.impsec.org/~jhardin/
> jhardin at impsec.org pgpk -a jhardin at wolfenet.com
> 768: 0x41EA94F5 - A3 0C 5B C2 EF 0D 2C E5 E9 BF C8 33 A7 A9 CE 76
> 1024: 0xB8732E79 - 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
> In 1998 more than three times as many people in the US were killed
> by incompetent physicians than were killed by handguns, yet the
> President of the A.M.A. is adopting "gun safety" as his platform.
> 1050 days until the Presidential Election
eMed Technologies Corp
Esd-l mailing list
Esd-l at spconnect.com
Scott Taylor wrote:
> At 06:09 AM 25/06/2002, you wrote:
> >Hi all,
> >One of the senior managers here has recieved a few complaints about
> >having to demangle attachments (a 5 second job at most, these people
> >don't know a good thing when they've got it...) and has (practically)
> >demanded that we stop mangling Word documents.
> I have that same discussion with my PHB. Get it in writing. Write a clear
> note why defanging is there simply to make people think before they open a
> document. If every company had this mentality things like "I Love You"
> virus would not have run so rampant. Then have him sign it and CC a copy
> to the owners/comity/board of directors/whatever and file a copy
> yourself. Then if someone opens up a bad DOC and doesn't have the Macro
> Protection on and blows up your network, you get his balls on a platter. ;)
> >Both myself and my manager (who does know a good thing when he sees
> >it, even though he's a bit of a PoB)
> Piece of Braughtworst?
> >have flatly stated that we are
> >*very* uncomfortable about doing this and are in the process of
> >drafting documents over why, but my question to the group is:
> Good choice. Cover your ass.
> >Given that my userbase has to use Outlook (our database software is
> >closely tied into it),
> >is there any way, other than filename
> >mangling, of preventing Outlook doing it's automagic evilness?
> Graham, already mentioned.
> >On a side note John, if we are forced to stop mangling documents (and
> >this will be a resignation matter for me) will that have any other
> >side effects I need to be aware of? I.e. is the macro scoring tied
> >into the mangler?
> Only need to not mangle DOC but you can continue to mangle DOT etc., it's
> very flexible and the macro check still works and will quarantine the files
> if you set it all up right.
> Turn the macro score down to 10 if you are as paranoid as I am about
> working for 3 days straight to repair a couple dozen infected workstations
> because of one lazy ass.
> If you need reassurance, send yourself a word doc with a self starting
> macro that creates and/or deletes a file, that should get you a high enough
> score to test it.
> Esd-l mailing list
> Esd-l at spconnect.com
mv $win /dev/null
More information about the esd-l