Guys (& Gals), Please check the following website and see how many of its tests your email client can pass: http://www.windowsecurity.com/emailsecuritytest/ I use TDS-3 and NOD32, and could not pass the majority of its tests. Once requested, WindowSecurity.com will send you these tests by email to check if your email system is vulnerable to the following email threats: o VBS file vulnerability test o CLSID extension vulnerability test o MIME header vulnerability test o ActiveX vulnerability test o Malformed file extension vulnerability test (for Outlook 2002 - XP) o CLSID extension vulnerability test (for Outlook 2002 - XP) o GFI's Access exploit vulnerability test o Object Codebase vulnerability test o Iframe remote vulnerability test o Eicar anti-virus test o Fragmented Message test o Long Subject Attachment Checking Bypass (for Outlook Express 6) o Long Subject Attachment Checking Bypass (for Outlook 2000) o Attachment with no filename vulnerability test o Long Filename vulnerability test o Popup Object Exploit vulnerability test o Double File extension vulerability test Any ideas how to protect oneself from these intrusions? Thanks. Godzillex
Well, my system just passed these tests 100% Many of the test attachments were filtered out by my ISP <a part of the test> Wormguard caught a heap of them ZoneAlarm free caught one of them And, I'm guessing, my IE settings prevented the rest from running. Now, I suppose the website could have been dodgy as I didn't know of it, but what are PG/PrevX/RD for if not protecting us...didn't get any alerts whatsoever from them, nor my AV or AT, so a safe test as far as I can see. Fun Stuff
Interesting! I have my NOD32, and TDS-3 setup at their highest level of protection. NOD32 managed to catch 4 of these incoming emails; no other warnings came from TDS-3. I have a question for you: Did any of the emails end up in your INBOX? If so, did you execute the attachments? Remember, if you manage to execute any of these attachments, it means that the current protections in your system are not sufficient. Thanks. ~godzillex
* An Update * I enabled Wormguard, and it stopped dead all of the remaining attachments from executing. Needless to say, I am very impressed. Two of the tests, tried to connect to the Web using Internet Explorer (IE), but could not since I have set my firewall (Sygate) to ask me for permission everytime IE tries to access the Web. *** Kudos to Wormguard **** ~godzillex
Most tests ended up in my Inbox, I executed everything I could : 8 attachments were removed by my ISP (incl 2 long subject tests) 5 eicar.com ended up in my deleted mail box (only just found them - I then ran them - all blocked by wormguard) 5 others were stopped by wormguard 1 was stopped by zonealarm 3 'ran', but these 3 stated to fail the test you needed to see a *.txt file appear on your desktop. I didn't have any of these appear (they seem to be internet related - activeX etc related which I have turned of in IE internet zone settings) sorry if that figure doesn't add up properly, was counting them all at once in my head. and yes I agree, very impressed with wormguards performance
Well, I passed all of them pretty easily because 1) I don't use OE nor IE 2) My email program (Forte Agent) is text-based, doesn't auto-run anything, and prompts if you attempt to launch an attachment except those MIME types that I've put into the trusted list. So, I just denied the launch prompt for all of the attachments. ----------------- EDIT: meant to include that the long name, etc., attachments were deleted at the ISP end. ----------------- Also, MIME types *.doc, etc are configured to open in MS WordViewer instead of MSWord. WordViewer will not run any code (Macros, etc). Tomorrow, I may fire up OE and set it as default and try the tests again just to see. I don't use WormGuard, but WSH is disabled and Javscript is OFF except when I permit it, so it will be interesting to see what happens. regards, -rich
As this is nothing to do with TDS and a test of your System security settings and antivirus I am moving this to a more approprite forum TDS does not check incoming emails
I hope your system can pass even WITHOUT wormguard /content filtering by ISP,firewall etc. A properly patched and hardened system would be completely immune without the use of all these tools. If you need WG to save your ass from these common (some are old patched exploits) , I think you really need more security software
After using uucp mail in the early 80's i switched over to POP in the 80's in the 90-s i started to use IMAP and after we came in the next millenium i switched to SSL / WEBMAIL 40 Dollars per GIG is not that expensive (including Sophos anti virus solutions for this mail) (mail can be read from every place in the world/ and is crypted) Mail is backupped via IMAP to (local) or on another WEBMAIL server. Never had virusses via E-mail on my clients this way. Most platforms i use don't give problems if a windows Virus was found on them. (FreeBSD/Solaris/HP-UX/Linux). But if you like living on the Edge, you have to use Windows Xp with Outlook (has still the same security bugs in it since version 0.00 Beta) and don't use a SPAM filter. There are lots of free alternatives (Linux/Mozilla/Thunderbird etc.) that will prevent you these problems.
umm...in fact no I don't need more security. my frontline email security software passed the mark. Had it not been picked up by them (ie my ISP, WG, or ZA), then it still had to pass my regular security systems. And yes my system internet settings are hardened, and my system is properly patched. It was still interesting to see wormguards performance though
Don't try kidding us into thinking you're a real old timer - why I remember when we had to send network packets without wires!
LOL ROF P2K wrote: Yes, i remember it very good those days we used Pigeons! But that was already later, in the old days, we could not use them because it was to dark in our caves, so we used bats. And i must say that i still like 'THE BAT' as the best E-mail client ! :>)
I just looked at them through MailWasher Pro and they never see my harddrive...but I guess that`s cheating huh?