Incoming EMail
>I would appreciate it very much if you could review the enclosed
attachment.
>Name: PATENT~1.WPD
>Part 1.2 Type: unspecified type (application/octet-stream)
>Encoding: base64
The Response to the EMail
I don't open "unexplained" documents on my public pc system.
Send me a cover letter explaining its purpose and contents if you want it "reviewed".
If i don't receive such a cover letter from you within 24 hours, i'll copy your email with the doc attachment to a throwdown pc i have sitting next to me, open it, and hopefully find it is not virus- or worm-laden.
If i find it to be infected, a second, unopened copy will be forwarded to the FBI's NCCS with copies of these email threads containing the document. a copy of that will also be sent to the sysad of my ISP. both organizations will be thrilled to act on it themselves... as will i.
If you don't understand why i take these precautions, you're welcome to inquire further.
In-House Thread
ya know that if anyone sends ya wpd or doc's not to accept em?
macros... they are gettin' nastier, too. use to be the macro viruses
were stupid...
but now everyone is doin' em... so they are gettin' better. thats
why i don't
use wpd or doc software. better have a look at the product first.
tell me what i'm suppose to do?
you are the "pro's" on this stuff.
if you have the time/inclination/facilities to check the wpd file
safely, then great. is there available to us a mechanism which allows
us to accomplish this or not?
i don't know what hardware/software exists to root out such a thing...
but i know if i sent it to no such agency in mclean, they'd have a clear
procedure for handling it. same with most large corps tech support
departments.
how far "advanced" are the "e-security-experts" beyond the general
surfing public?
we can figger
email er to me and we can play with it...
you should be able to do it right where it sits with a check you should
be doing.
anyway... fprot you have fprot runnin'? you wanna get it runnin', if
not?
have fprot and mcafee both. run both regularly. but these are public
domain freebie anti-virus packages...
my asshole just slammed shut loud enough to hear it all the way from
blue balls pa.
does this mean that the e security experts have nothing more than the
average joe does
on their own lil pc? what if somebody corporate asked us to do a file
analysis er
sumthim like that under similar but larger scope conditions? we
equipped fer that?
i'm not sure what you mean? we equipped to test for each individual
hacker... ?
yup... if you were my employee, i'd:
this thing shouldn't have landed on your harddrive in the first
place... you should
have put it right to floppy... then you wouldn't have to worry so much
about
contamination
1) not allow attachments on email
2) have an ftp area that was monitored and checked and watched
3) the best virus software i know of is fprot
4) if someone invents a new virus, what software will be able to detect
it
5) not allow modems
of course... and we shouldn't have lost 9 or ten lives in a shuttle launch. but then, factory pc's and minimal e-security literacy don't give most of us dummies much of a grip on that... even AFTER a virus or two. come to think of it, this is the first time i've heard this much outta ya on the subject, despite the fact i lost a system to such a thing once before while in com with you.
there's more... 6) i'd burn all my important stuph to CDROM... can't write a virus to
ROM after the
fact the answer here was prevention... not crisis mngt., no?
or are we
pretendin'
one of the dummies in the secretaries pool downloaded it by mistake?
as to larger scope... S-man does a very large network at ohio-state...
and ya know
what happens if someone contaminatess the network? it ain't purty...
and it ain't
fast... that is what we are selling... email us b4 it is too late...
you are calling us
after you are shot and bleedin'... the budget to solve the delima if'n
ya were to call
us would be $500-1,000 for phase one of the "clean-up"
worst case, in this scenerio is you loose your harddrive and possibly
spread it
elsewhere... and ifn' you use floppies... every one you wanna keep...
fprot it or
through it away
i've had 3 virus clean ups here, one at the publishers network and
S-man's had
many
more good ideas so ya don't have to clean-up... use linux... avoid
microsoft...
really avoid word and wordperfect. you want more?
this was one of those "holy shit !" questions... trying to grasp the
market's vulnerability
issues the way a client might... and that's probabaly not far from how
they'd put it.
see, i know you been runnin an isp and a bunch of domains fer a time,
and i know S-man's runnin an .edu system... so, i figger whatever you
two come up with in a pretty simple situation like this, is probably the
kind of thing i need to get the best grip on: the
basics. and in this basic case, what i'm hearing is that there ain't no
"on the fly" prevention.
BUT MOST FOLKS DON"T KNOW THAT.
but back to the specifics... i know the popular position on wpd and word
docs is that it can't hurt you if you don't open it, and you even said
the same thing here in a previous send. BUT, as you imply here ("if
somebody comes up with a newbie" thing), i can't believe that's gonna
remain that way forever.
but another thing this brings up for my pea brain is that it would be
dynamite if you n S-man were able to create a little (said this before
several times) "digest version" of your perspectives on this stuff.
for want of that, i'm trying to do it myself... it'll no doubt be a
bastard wordsmith job, but i'll finish it in a few days or so and send
it you, so you can see the way i think its going to be asked for and
understood by clients, big and small alike... like an intelligible,
quickie entre on the subject, rather than one which convinces everybody
they're assholes for asking about it ( ahem).
when you talk with anybody but a seasoned pro (that's not me or klaus,
either) you gotta start at a level which, to you, is pre-cromagnon era,
and in baby steps. i have a feeling that if you can adjust yer pacing
in dialogues about this, you'll knock 'em all right outta their chairs,
and into your cash register.
i never have heard of an "emailed" virus taking off... usually the macro's grow in an office environment... people sharing spread sheets... i've seen people who know each other email viruses... ya know, one employee emails another one a spreadsheet
right... "usually"... which didn't apply at all in the case of the thing-a-ma-bob that hit my system and went straight to bios and the motherboard.
now, about our very large prospective client... firsst priority for
internet security -
see what they got... hardware, software, but most importantly...
bandwidth and
access the "gather info." period should also include seeing what other
resources
they have...like money... and talent... but the most important
resources you can
find are open minded ness and trust in us./
as long as their are cookies, cached pages, wpd docs, doc docs
(hehehe.. what if
they were your Word documents... would they be docs doc docs), floppy
discs,
modems, netscape, microsoft explorer, browsers running java or active
x, and a
few other things... we CAN NOT guarantee nuttin'
and, ya shouldn't get into solutions with em... cause that's why they
need to pay
us... but, the solutions are self-evident, no?
have an intranet that has no modems don't keep your most senstive doc's
on the
intranet
have a strong firewall that is monitored between you and da net don't
let
the employees use the most modern software cause it has the biggest
holes
don't let the employees use active x or java
BACK UP EVERYTHING run fprot daily for viruses make sure a human is
invovled in security keep financial transactions happin' away from
everything else