|
Firewall Wizards
mailing list archives
Re: The Morris worm to Nimda, how little we've learned or gained
From: Ryan Russell <ryan () securityfocus com>
Date: Fri, 4 Jan 2002 20:21:36 -0700 (MST)
On Thu, 3 Jan 2002, Richard Johnson wrote:
Some organizations have made progress on #3. Outlook and Outlook
Express came close to being banned at ucar.edu due to the severe time
drain caused by always having to clean up after the latest
Outlook-enabled virus. Sadly, the entrenched convenience argument was
used in conjunction with the lack of enforceability cop-out to water the
ban idea down to a "we disrecommend the use of Outlook and Outlook
Express."
Note that is a pretty poor excuse (the unenforcability part.) Every mail
client announces what is is every time mail is sent. Use your favorite
NIDS to RST the connections and/or correlate them to usernames when they
use the same IP to get POP/IMAP mail.
I'm not faulting you... I'm faulting people who assuming something is a
social problem when there's a dandy technical solution.
(Or I just misunderstand the problem... there is a risk just having
Outlook/OE installed, even if you don't use it. I don't think you can
take it off nowadays without going to a lot of trouble to make a Windows
Lite.)
Ryan
_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards
 By Date 
By Thread
Current thread:
|
Intro
