[Esd-l] Filename mangling

Mark_Saunders Mark_Saunders at piucorp.com
Tue Jun 25 10:00:02 PDT 2002 

This is a copy of an old posting which you may find useful.

Subject:
        [Esd-l] Re: web page for infected unsophisticated user?
   Date:
        Thu, 20 Dec 2001 11:51:20 -0500
   From:
        Matt McNamara <mmcnamara at emed.com>
     To:
        esd-l at spconnect.com




John,

I've found the "Home Network Security" document at CERT to be a good
starting point for unsophisticated users.  It answers many common
security questions including ones pertaining to viruses, worms and
trojan horses.

http://www.cert.org/tech_tips/home_networks.html

CERT also has a page with "Computer Virus Resources" which makes another
good starting point.

http://www.cert.org/other_sources/viruses.html

Here is a good link from Symantec, obviously tilted towards Norton
Antivirus:

What is the difference between viruses, worms, and Trojans?

http://service2.symantec.com/SUPPORT/nav.nsf/docid/1999041209131106


I usually point inquisitive people to the CERT "Home Network Security"
document and the Symantec Antivirus Research Center http://www.sarc.com  .

Hope you find these links useful.

> Does anybody know of a good web page that describes what email worms
> are, how you get infected, and how you clean up afterward, written at
> the level of the very casual (unsophisticated) computer user?
>
> One person who got a bounce notice contacted me. I suggested she get
> AV software. She just wrote back and said that it reported she was
> infected by seventeen (!) viruses.
>
> I'm spending more time than I really want to writing polite,
> informative replies to people who contact me and don't know what's
> going on. I'd like to be able to direct them to a website, if one
> already exists, for the bulk of the information they should have.
>
> --
>  John Hardin KA7OHZ    ICQ#15735746    http://www.impsec.org/~jhardin/
> jhardin at impsec.org pgpk -a jhardin at wolfenet.com
> 768: 0x41EA94F5 - A3 0C 5B C2 EF 0D 2C E5  E9 BF C8 33 A7 A9 CE 76
>  1024: 0xB8732E79 - 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
> -----------------------------------------------------------------------
>   In 1998 more than three times as many people in the US were killed
>   by incompetent physicians than were killed by handguns, yet the
>   President of the A.M.A. is adopting "gun safety" as his platform.
> -----------------------------------------------------------------------
>    1050 days until the Presidential Election
>
>

--
Matt McNamara
Information Technology
eMed Technologies Corp
_______________________________________________
Esd-l mailing list
Esd-l at spconnect.com
http://www.spconnect.com/mailman/listinfo/esd-l




Scott Taylor wrote:

> At 06:09 AM 25/06/2002, you wrote:
> >Hi all,
> >
> >One of the senior managers here has recieved a few complaints about
> >having to demangle attachments (a 5 second job at most, these people
> >don't know a good thing when they've got it...) and has (practically)
> >demanded that we stop mangling Word documents.
>
> I have that same discussion with my PHB.  Get it in writing.  Write a clear
> note why defanging is there simply to make people think before they open a
> document.  If every company had this mentality things like "I Love You"
> virus would not have run so rampant.  Then have him sign it and CC a copy
> to the owners/comity/board of directors/whatever and file a copy
> yourself.  Then if someone opens up a bad DOC and doesn't have the Macro
> Protection on and blows up your network, you get his balls on a platter. ;)
>
> >Both myself and my manager (who does know a good thing when he sees
> >it, even though he's a bit of a PoB)
>
> Piece of Braughtworst?
>
> >have flatly stated that we are
> >*very* uncomfortable about doing this and are in the process of
> >drafting documents over why, but my question to the group is:
>
> Good choice.  Cover your ass.
>
> >Given that my userbase has to use Outlook (our database software is
> >closely tied into it),
>
> Ew!
>
> >is there any way, other than filename
> >mangling, of preventing Outlook doing it's automagic evilness?
>
> Graham, already mentioned.
>
> >On a side note John, if we are forced to stop mangling documents (and
> >this will be a resignation matter for me) will that have any other
> >side effects I need to be aware of?  I.e. is the macro scoring tied
> >into the mangler?
>
> Only need to not mangle DOC but you can continue to mangle DOT etc., it's
> very flexible and the macro check still works and will quarantine the files
> if you set it all up right.
>
> Turn the macro score down to 10 if you are as paranoid as I am about
> working for 3 days straight to repair a couple dozen infected workstations
> because of one lazy ass.
>
> If you need reassurance, send yourself a word doc with a self starting
> macro that creates and/or deletes a file, that should get you a high enough
> score to test it.
> _______________________________________________
> Esd-l mailing list
> Esd-l at spconnect.com
> http://www.spconnect.com/mailman/listinfo/esd-l

--
mv $win /dev/null

More information about the esd-l mailing list