Scope of security - trick or treat?

Discussion in 'other security issues & news' started by Mrkvonic, Dec 1, 2006.

Thread Status:
Not open for further replies.
  1. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    10,215
    Hello,

    I got my answer. Outlook. This means your anti-virus scanned attachments for incoming email. Nothing special. That's NOT what I call a threat. That's not even nuisance. That's background noise.

    When you said web-based, I assumed you accessed your email through the browser - at yahoo mail or other - and BitDefender warned of a drive-by-download - which is not something possible in FF, and I have yet to see one.

    You did not stir me up. I am merely asking for accuracy when reporting about problems / threats.

    There's a huge difference between receiving a mail that contains some stupid attachment and a visit to a website that tries to unpack a load onto your machine. Furthermore, your AV scans locally - this means that the files must be on their way to the hard drive or already there for the AV / email component to warn about.

    The second part to happen in FF means a malicious file dropping into the cache and trying to execute, without user intervention - and this is quite impossible in FF. I have never seen a drive-by-download in FF, only in IE.

    BTW, if my explanation is INCORRECT, please pm the website and I'll test and tell you what happens.

    Mrk
     
  2. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    The moral of the story: don´t put too much confidence in a clean report generated by malware scanners and don´t worry when infected files are deleted. View it this way:
    -Infected files are deleted. Good, less work to do (lazy mind :D). Also, don´t become paranoid, you are not under attack in almost all cases.
    -Clean files. DANGER, they could be infected with unknown malware. Use common sense/best practices and manipulate those files with care and, better yet, in a virtual environment.
     
  3. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    10,215
    Hello,
    Very good, lucas. After all, Troy was breached from within.
    Mrk
     
  4. Ice_Czar

    Ice_Czar Registered Member

    Joined:
    May 21, 2002
    Posts:
    696
    Location:
    Boulder Colorado
    but these days its more like Invasion of the body snatchers :cautious:
     
  5. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    When I log on to the ISP it is via user id and psw. From there they provide Yahoo internet search news, etc etc. You click on their mail tab to access my web mail. They scan at their end for spam on web mail and if any slips through I tag it spam to prevent that one from reoccuring.

    Yes, I have a pop3 personal account as well, which I access via Outlook. This is the one Bitdefender scans. So I guess you are suggesting that is the source of the warning re virus not the ISP web site?

    That's all I can tell you on that.
     
  6. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    10,215
    Hello,
    Yes, indeed. That was local scan. Local AV with resident email scanner can be configured to check incoming email - and if there are bad attachments or such - it will flag, warn and possibly disinfect.
    Nothing special or something to worry about.
    I would trade Outlook for Thunderbird, though.
    Mrk
     
  7. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    Yes, I'm interested in Thunderbird.
    It would need a way to move all my addresses contacts and stored email to it with little aggravation. Perhaps I could keep both?
     
  8. eyes-open

    eyes-open Registered Member

    Joined:
    May 13, 2005
    Posts:
    721
    Thunderbird has import wizards to help the move from Outlook Express. It's been a while and I don't remember, but I read that as a new user you are presented with the wizards by default.

    Yes - same as with browsers, you choose the one that you want to be your default program.

    FWIW and to keep the focus on security, as it stands at the moment Secunia gives these vulnerability reports:-

    re: Outlook Express Outlook Express 6
    re: Thunderbird Thunderbird 1.5.*
     
    Last edited: Jan 7, 2007
  9. Ice_Czar

    Ice_Czar Registered Member

    Joined:
    May 21, 2002
    Posts:
    696
    Location:
    Boulder Colorado
    thunderbird also has a Allow HTML temporary addon so you can maintain a more secure text only setting as a default but still easily view a selected (trusted) message in html
     
  10. Long View

    Long View Registered Member

    Joined:
    Apr 30, 2004
    Posts:
    2,295
    Location:
    Cromwell Country
    I'm not sure what is supposed to be so bad about Outlook ?
    My e-mail Provider https://www.netaddress.com/ picks up e-mail for all over the place for me, checks and removes most spam, removes nasty attachments etc and then passes it all on to Outlook for storage and filing.
    http://www.attensa.com/ feeds news to Outlook and I can then spend most of my day thinking about what to do with those undone items on my to do list.

    Outlook works for me.
     
  11. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    Thanks Guys:

    Just for the record, I use a licensed MS Outlook NOT Outlook Express.

    It is part of MS Office Basic edition 2003 11.8010.8107 SP2. Fully updated.

    I have no reasons as yet to go to Thunderbird. I'm interested but why should I do this? What are the advantages? Faster? More secure? More features?

    This is not a "challenge" just some questions for you!:)
     
  12. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    Faster?
    Not sure.
    More secure?
    I would say yes, less and more quickly fixed bugs. More secure default settings.
    More features?
    Definitively.

    The only good paid mail client is The Bat! It is the best of the market
     
  13. eyes-open

    eyes-open Registered Member

    Joined:
    May 13, 2005
    Posts:
    721
    Sorry Escalader - then your ratings just improved:-

    Microsoft Outlook 2003 has just the 1 unpatched item, rated moderately critical.

    Secunia Microsoft Outlook 2003
     
    Last edited: Jan 7, 2007
  14. Long View

    Long View Registered Member

    Joined:
    Apr 30, 2004
    Posts:
    2,295
    Location:
    Cromwell Country

    Interesting. Looks like nothing is really secure:

    Opera 2 vulnerabilities
    Firefox Multiple
    Thunderbird Multiple - including highly critical 2006 12 19

    Almost makes me too afraid to open my front door ;)
     
  15. Pedro

    Pedro Registered Member

    Joined:
    Nov 2, 2006
    Posts:
    3,502
    The last i heard about Opera's vulnerabilities, the solution was to upgrade to the recent version. So no issues?:D
     
  16. Ice_Czar

    Ice_Czar Registered Member

    Joined:
    May 21, 2002
    Posts:
    696
    Location:
    Boulder Colorado
    This makes a huge difference in the overall exposure level
    having had my "real" addy with earthlink\sprint(microwave broadband) for some 6 years left me a little shocked when I got a "raw" public email addy as the news poster of a popular website. I wouldnt touch that box without using a liveCD (Knoppix)
     
  17. eyes-open

    eyes-open Registered Member

    Joined:
    May 13, 2005
    Posts:
    721
    Hi Long View :)

    Sure you can mess with statistics. I'm trying hard to keep this all a valid part of Mrk's original thread and not turn it into a poll around e-mail clients. Therefore rather than answer Escalader with personal opinion, I chose to stick to the known state of security. Unfortunately working within the context of the thread, I hadn't thought to allow for Outlook2003 in my original answer to him - hence the comparative figures between Outlook Express & Thunderbird 1.5.* in my original answer to him. When it comes to relating the figures to the real World then:-

    Mozilla Thunderbird versions 0.* = 21 advisories . unpatched = 0
    Mozilla Thunderbird versions 1.* = 13 advisories . unpatched = 0
    Mozilla Thunderbird versions 1.5.* = 6 advisories . unpatched = 0

    Microsoft Outlook2003 = 10 advisories . unpatched = 1

    Microsoft Outlook Express = 30 advisories. unpatched = 7

    Reading around, rather than based on personal preference, I think the figures above reflect what on balance, is a popular view of the developing relationship between the different softwares. It isn't difficult now to find the view that Thunderbird has surpassed Outlook Express.

    If you were about to start Mrk's test and have to pick one of the above as your client, to be used in its present state, within a tight system - I think based on features, security and general support, it would be harder to argue for Outlook Express than any of the others.

    Similarly, in line with the figures, there is support for the view that Microsoft Outlook2003 is a reasonably secure client, It's more difficult to find the argument that if you already own this, that you should feel that there is an impetus to abandon Outlook2003. As spending unnecessary additional money on Microsoft products probably isn't one of Mrk's aims in this thread - it doesn't sit easily to maintain an active context for discussing Outlook2003 here, other than to support Escalader's question.

    Cheers e-o
     
    Last edited: Jan 7, 2007
  18. Long View

    Long View Registered Member

    Joined:
    Apr 30, 2004
    Posts:
    2,295
    Location:
    Cromwell Country

    Sorry Ice_Czar I'm not sure that I have really understood what you have written. I'm guessing that "this makes a huge difference" is sarcasm and "I wouldn't touch that box" means you are not impressed with Netaddress ?

    Unfortunately I don't keep records of how many e-mails I receive each day but after spam has been removed its approximately 100 per day. I have been using Netaddress exclusively for just under 6 years - and have not seen even one virus. So to my way of thinking either no one is sending me anything bad or I'm very lucky or the messages that I receive periodically saying that something bad has been removed are true.

    Anyway getting back to post #1 I guess all I'm saying is that there is more tricking going on than treating and that the difference, in practical security terms as opposed to theoretical, between say Outlook and Thunderbird or Firefox and Explorer is not all that important. I prefer Firefox but don't imagine that I will get pregnant just by visiting MSN using Explorer.
     
  19. Ice_Czar

    Ice_Czar Registered Member

    Joined:
    May 21, 2002
    Posts:
    696
    Location:
    Boulder Colorado
    nope just the opposite :D

    I too have led a sheltered life with a good ISP that filters emails
    up till I had that raw "homegrown" server forwarding everything it got.

    and that as you implied,
    what level of ISP filtering is occurring is really a variable left outside of this test ;)
     
  20. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    10,215
    Hello,
    Just a side thought, you won't believe me but I receive around 200 legit daily emails and only about 10-15 spams.
    Mrk
     
  21. Ice_Czar

    Ice_Czar Registered Member

    Joined:
    May 21, 2002
    Posts:
    696
    Location:
    Boulder Colorado
    thats about the proportion I get with earthlink they are damn good at filtering
    when I had the raw server however that was reversed
    about a hundred spam (or direct malware infected emails) per half dozen legit messages
     
  22. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    I receive 15-20 spams a day, almost all are mails with embedded images (CAPTCHA) that Thunderbird correctly flags as spam.
    I expect to reduce that number to 0 with the help of my UTM router.
     
  23. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    Thanks, guys. I must really be sheltered since in the last month I got zero spam.

    Mind you in fairness to Mrk etc I set my PC Tools Spam Monitor plus Outlook to aggressive and have any the filter finds automatically deleted. So I will never know on those.

    On the web mail I was getting a fair bit say 2-3 perday. Yahoo.

    Got ticked off and changed the option to if you think it is spam delete it.

    Gosh maybe I'm missing some salesmen messages!:'(

    Maybe we need an email tool thread?
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.