Home page logo

nanog logo nanog mailing list archives

Re: Email virus protection
From: "Karsten W. Rohrbach" <karsten () rohrbach de>
Date: Wed, 20 Aug 2003 23:07:14 +0200

Christopher J. Wolff(chris () bblabs com)@2003.08.20 10:50:55 +0000:

What is the most common method for providing virus protection for your
hosted email customers?  Thank you in advance.

Making them switch to a software product that does not auto-execute
arbitrary chunks of code that come in via some network connection.

Ok, you got me, it is not the most common method "out there", but the
most common method for my customers ;-)

There's quite a lot of usable stuff out there. Many Win32 users have
switched to Mozilla which seems to solve 100% of the Outlook-specific
attacks which account for... hmmm... 100% of the malicious email
messages of the last 6 months.

Some switched to Mac. Many UNIX users are on mutt or similar MUAs which
do not bear the potential for execution of arbitrary code. Sure, this
does not apply for Exchange-driven installations that require Outlook,
but there are also alternatives available. Deployment cost causes a
certain lack of motivation to get rid of Exchange, but if you calculate
a potential impact of Microsoft worms and viruses (virii?) in terms of
damage to the company's data and infrastructure and also credibility,
it's worth it, quite often.

A bit more on the philosophical side of things, the international press
and media - and many people reading or watching those media - mix up the
terms "internet threat", "Microsoft-specific threat" and
"Outlook-specific threat" which leads to a totally twisted perspective
of the current events.

Fact is, that there's a broad base of installed and Microsoft-driven PCs
which are vulnerable. Customers often realize this after you explain it
to them step-by-step and they seem very happy with their new knowledge
about what actually caused the vulnerability of their company and
information infrastructure. Some of them - call them brave - take
immediate action and implement fallback or alternative solutions.


Parts that don't exist can't break. --Russell Nelson 
webmonster.de -- InterNetWorkTogether -- built on the open source platform
http://www.webmonster.de/ - ftp://ftp.webmonster.de/ - http://www.rohrbach.de/
GnuPG:   0xDEC948A6 D/E BF11 83E8 84A1 F996 68B4  A113 B393 6BF4 DEC9 48A6
Please do not remove my address from To: and Cc: fields in mailing lists. 10x

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]