Email Security Test!

Discussion in 'privacy general' started by godzillex, May 27, 2005.

Thread Status:
Not open for further replies.
  1. godzillex

    godzillex Registered Member

    Joined:
    May 28, 2004
    Posts:
    57
    Guys (& Gals),

    Please check the following website and see how many of its tests your email client can pass:
    http://www.windowsecurity.com/emailsecuritytest/
    I use TDS-3 and NOD32, and could not pass the majority of its tests.
    Once requested, WindowSecurity.com will send you these tests by email to check if your email system is vulnerable to the following email threats:

    o VBS file vulnerability test
    o CLSID extension vulnerability test
    o MIME header vulnerability test
    o ActiveX vulnerability test
    o Malformed file extension vulnerability test (for Outlook 2002 - XP)
    o CLSID extension vulnerability test (for Outlook 2002 - XP)
    o GFI's Access exploit vulnerability test
    o Object Codebase vulnerability test
    o Iframe remote vulnerability test
    o Eicar anti-virus test
    o Fragmented Message test
    o Long Subject Attachment Checking Bypass (for Outlook Express 6)
    o Long Subject Attachment Checking Bypass (for Outlook 2000)
    o Attachment with no filename vulnerability test
    o Long Filename vulnerability test
    o Popup Object Exploit vulnerability test
    o Double File extension vulerability test

    Any ideas how to protect oneself from these intrusions?

    Thanks.
    Godzillex
     
  2. Vikorr

    Vikorr Registered Member

    Joined:
    May 1, 2005
    Posts:
    662
    Well, my system just passed these tests 100%

    Many of the test attachments were filtered out by my ISP <a part of the test>
    Wormguard caught a heap of them
    ZoneAlarm free caught one of them
    And, I'm guessing, my IE settings prevented the rest from running.


    Now, I suppose the website could have been dodgy as I didn't know of it, but what are PG/PrevX/RD for if not protecting us...didn't get any alerts whatsoever from them, nor my AV or AT, so a safe test as far as I can see.

    Fun Stuff
     
    Last edited: May 27, 2005
  3. godzillex

    godzillex Registered Member

    Joined:
    May 28, 2004
    Posts:
    57
    Interesting!
    I have my NOD32, and TDS-3 setup at their highest level of protection. NOD32 managed to catch 4 of these incoming emails; no other warnings came from TDS-3.
    I have a question for you: Did any of the emails end up in your INBOX? If so, did you execute the attachments? Remember, if you manage to execute any of these attachments, it means that the current protections in your system are not sufficient.

    Thanks.

    ~godzillex
     
  4. godzillex

    godzillex Registered Member

    Joined:
    May 28, 2004
    Posts:
    57
    * An Update *

    I enabled Wormguard, and it stopped dead all of the remaining attachments from executing. Needless to say, I am very impressed.
    Two of the tests, tried to connect to the Web using Internet Explorer (IE), but could not since I have set my firewall (Sygate) to ask me for permission everytime IE tries to access the Web.

    *** Kudos to Wormguard ****

    ~godzillex
     
  5. Vikorr

    Vikorr Registered Member

    Joined:
    May 1, 2005
    Posts:
    662
    Most tests ended up in my Inbox, I executed everything I could :
    8 attachments were removed by my ISP (incl 2 long subject tests)
    5 eicar.com ended up in my deleted mail box (only just found them - I then ran them - all blocked by wormguard)
    5 others were stopped by wormguard
    1 was stopped by zonealarm
    3 'ran', but these 3 stated to fail the test you needed to see a *.txt file appear on your desktop. I didn't have any of these appear (they seem to be internet related - activeX etc related which I have turned of in IE internet zone settings)

    sorry if that figure doesn't add up properly, was counting them all at once in my head.

    and yes I agree, very impressed with wormguards performance
     
    Last edited: May 28, 2005
  6. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Well, I passed all of them pretty easily because

    1) I don't use OE nor IE

    2) My email program (Forte Agent) is text-based, doesn't auto-run anything, and prompts if you attempt to launch an attachment except those MIME types that I've put into the trusted list. So, I just denied the launch prompt for all of the attachments.

    -----------------
    EDIT: meant to include that the long name, etc., attachments were deleted at the ISP end.
    -----------------

    Also, MIME types *.doc, etc are configured to open in MS WordViewer instead of MSWord. WordViewer will not run any code (Macros, etc).

    Tomorrow, I may fire up OE and set it as default and try the tests again just to see.

    I don't use WormGuard, but WSH is disabled and Javscript is OFF except when I permit it, so it will be interesting to see what happens.

    regards,

    -rich
     
    Last edited: May 28, 2005
  7. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
    As this is nothing to do with TDS and a test of your System security settings and antivirus I am moving this to a more approprite forum

    TDS does not check incoming emails
     
  8. CN232

    CN232 Guest


    I hope your system can pass even WITHOUT wormguard /content filtering by ISP,firewall etc.

    A properly patched and hardened system would be completely immune without the use of all these tools. If you need WG to save your ass from these common (some are old patched exploits) , I think you really need more security software :)
     
  9. tuatara

    tuatara Registered Member

    Joined:
    Apr 7, 2004
    Posts:
    772
    After using uucp mail in the early 80's i switched over to POP in the 80's
    in the 90-s i started to use IMAP and after we came in the next millenium
    i switched to SSL / WEBMAIL 40 Dollars per GIG is not that expensive
    (including Sophos anti virus solutions for this mail)
    (mail can be read from every place in the world/ and is crypted)

    Mail is backupped via IMAP to (local) or on another WEBMAIL server.

    Never had virusses via E-mail on my clients this way.

    Most platforms i use don't give problems if a windows Virus
    was found on them.
    (FreeBSD/Solaris/HP-UX/Linux).

    But if you like living on the Edge, you have to use

    Windows Xp with Outlook (has still the same security bugs in it since version 0.00 Beta) and don't use a SPAM filter.

    There are lots of free alternatives (Linux/Mozilla/Thunderbird etc.)
    that will prevent you these problems.

    ;)
     
  10. Vikorr

    Vikorr Registered Member

    Joined:
    May 1, 2005
    Posts:
    662
    umm...in fact no I don't need more security. my frontline email security software passed the mark.

    Had it not been picked up by them (ie my ISP, WG, or ZA), then it still had to pass my regular security systems.

    And yes my system internet settings are hardened, and my system is properly patched. It was still interesting to see wormguards performance though :)
     
  11. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    Don't try kidding us into thinking you're a real old timer - why I remember when we had to send network packets without wires! :D
     
  12. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma


    Thats good :D
     
  13. tuatara

    tuatara Registered Member

    Joined:
    Apr 7, 2004
    Posts:
    772
    LOL ROF :D

    P2K wrote:

    Yes, i remember it very good those days we used Pigeons!

    But that was already later, in the old days, we could not use them because it was to dark in our caves, so we used bats.

    And i must say that i still like 'THE BAT' as the best E-mail client !

    :>)
     
    Last edited: May 29, 2005
  14. Vikorr

    Vikorr Registered Member

    Joined:
    May 1, 2005
    Posts:
    662
    Pfft...even the bats got viruses :D
     
  15. Vikorr

    Vikorr Registered Member

    Joined:
    May 1, 2005
    Posts:
    662
    doh...double post

    oh yeah....that bat virus got me...<nods> that's it !!!
     
  16. tuatara

    tuatara Registered Member

    Joined:
    Apr 7, 2004
    Posts:
    772
    If a bat is ill because of a virus, it usally only gets 'batter' eh better.

    :D
     
  17. beetlejuice69

    beetlejuice69 Registered Member

    Joined:
    Mar 16, 2005
    Posts:
    780
    I just looked at them through MailWasher Pro and they never see my harddrive...but I guess that`s cheating huh? :)
     
Loading...
Thread Status:
Not open for further replies.