Why e-mail security means more than installing antivirus software

Story Here

 

Hi all,

Does anyone know whether products such as DiamondCS WormGuard are current enough to stop the type of worms that are described in this article? If not, are any other similar type of products more up-to-date? Thanks for any info.

Rich

 

Yes, IGNORING and DELETING ALL spam-emails is extremely difficult for curious users.
I never considered spam-emails as a problem. Just get rid of them, don't even open spam-emails.
A good spam-email is a deleted spam-email. Case closed.

 

Rich,

I guess that is hard to say, but I know your setup and imo, you are very nicely protected.

As for these new variants, your guess is as good as mine. Altho being cautious about opening spam e-mails (or even some trusted ones at times) as ErikAlbert has mentioned, seems to be a good fix.

However, you have to realize that not everyone is as tech or security savvy as the users who run and visit this site. For them, I feel bad because there is always that one user(s) that just HAS TO OPEN every e-mail or even ones that may seem suspect.

Sadly enough for them, they are now infected and have to jump through hoops of fire or in some cases, reformat. It would be nice if Windows were stronger out of the box (wishful thinking I might add) so that the average Joe would not be hit (or hit as hard) even if they did click on a suspect e-mail.

I would imagine that if this happens to someone, they might look to see that they can do to protect themselves and get in the game so to speak.

Sorry for the rambling, but just a few thoughts off the top of my head.

Jag

EDIT: You know Rich I just thought of something. I think Notok has mentioned this before. What about Attack Shield or even Safe 'n' Sec? Both of which I have been thinking about trying out. Maybe he could chime in if he sees this post.

 

Hi Jaguar,

I looked at Attach Shield, and it seems to primarily address worms that utilize buffer overflow type attacks. I could be wrong since the information is a bit sketchy on their website.

I also had some questions about Safe N' Secure. Right now I am just investigation. WormGuard seems to work very well, but the product has not been updated in a while, and I was wondering whether its technology is current enough to address the kind of worm attacks that were mentioned in the article.

Cya around,
Rich

 

Also why not use a filtering proggy like MailWasher to at least first get rid of crap directly from servers without it being downloaded via your email client.

There are some free ones out there, just that I have used MailWasher forever and got the Pro version.

I know that some 'friends' emails could still contain malware but at least you would get rid of 70% if like me, probably more as I don't get that many compared to some. See my stats for past week, and as I said, I would be considered a light email receiver.

Cheers, TAS

 

I don't know why you guys panic over the "latest worms". Read the article, it doesn't do anything new in terms of how it infects people.

Sometimes I wonder if the reason people post these articles is to spread FUD. "OMG a new worm, I wonder if my superduper security setup running a gabazillion security defenses can handle it." LOL

As long as you are not dumb enough to open the attachment and run it, the worm can do nothing.

Those of us running wormguard, even have a second backup, since even if we were dumb enough to run it, wormguard would pop up and us ask if we were sure.

If you were dumb enough to ignore wormguard, then ...

Well then, our regdefend, processguard, not to mention antivirus and antitrojans would get to justify their presence then!

There is nothing NEW at all about this worm that allow it to infect users. Stop making a mountain out of a molehill.

 

Tassie_Devils that's not the point.

Seems to me every overhyped article seems to be a good excuse to go looking for new technological solutions, even when the article is just the same old nonsense already more than well handled with the half dozen top notch security programs we all have.

It seems to me that if you don't even have the slighest understanding of computer security products (suprisingly, lots of people here seem to be in that class), you are always at the mercy of FUD articles.

 

Have to agree with James Taylor on this one. I didn't see anything in that article that was new or really even interesting.

If ever a spam email manages to get past my ISP's filters (very rare), and I don't know who it's from, I just delete it - so no threat at all there.

The worms that are dangerous are the ones that use peoples address books to spread with disguised attachments types, or very well socially engineered ones.

 

And these already exist... I guess it's time to go looking for more protection.

 

Hi Vikorr,

The article in the second paragraph reads:

"The most recent manifestation involved a good deal of advanced technology: After creeping into vulnerable systems, the base Bagle variant downloads other dangerous components. Using this "multipart" approach, the worm blocks antivirus updates and disables firewalls and antivirus software."

Whether or not the "advance technology" is new or old is not clear. Only someone who has tested WormGuard against this variant (e.g. DiamondCS) could know for sure. I have noticed that software that is not updated regularly, often falls behind latest advances. For example, WormGuard comes with a pre-defined set of definitions of blocked filetypes and blocked filesnames but this list has not been updated (as far as I know) for a couple of years. Others have augmented this list by themselves with various filestypes, but I am not sure what the full definition list should look like nowadays. Are you using WormGuard? If so, did you add anything to your list? I put this question on the WormGuard forum but never received a reply from DiamondCS.

Cya,
Rich

 

To All,

I did not post this article to inherit people going out to purchase more security related software, or for anyone to test out there pc security setups.

I posted it for those who may not be aware of what's out there, as there are all levels of users who view this forum to gain knowledge. Then there are those who just like to lurk like James Taylor who decided to post as a guest and not even take the time to register (or log in if you are registered), to add in your two cents.

These forums are a place for people to ask questions, get help, and guess what maybe even learn something new or make a contribution of knowledge to other users.

As for these threats, yes there are ways to prevent them and yes a lot of it is up to user training and knowledge so that they can make an informed decision prior to opening emails with nasty attachments in them.

And as for saying this... "If ever a spam email manages to get past my ISP's filters (very rare), and I don't know who it's from, I just delete it - so no threat at all there."

This may be fine for you, but not every pc user falls into this category. Sometimes I think you need to take a few steps back and realize there are those out there that click on attachments and get infected and sometimes do not even realize it (unless it is completely apparent they have a nasty on there system).

Rich as for WormGuard I wish I had some info on that one but I am not a user of the product. Maybe try posting again in that forum?

Regards,

Jag

 

Hi Jaguar,

I agree with your sentiments, and thanks for referring me to the article. This is the kind of information I am looking for on this forum.

Cya around!
Rich

 

To Ronjor and Rich,

Thanks for your comments, it's much appreciated. I wish I had more time to spend here helping peeps out sometimes vs asking questions. I do try to balance things out here tho.

When I see more interesting articles come my way, I will continue to post them here for the benefit of other users.

Best Regards,

Jag

 

You misunderstood me Jaguar. The people who post these articles generally I think do it mostly out of good intentions. It's the 'pseudo-experts' who through ignorance after that who use it as an excuse to spread FUD.

Respectfully, if you have a problem with Wilder's policy of guest posting, feel free to make your views known to Paul and see if he agrees. Until then....

 

Rather than speculating over what "advanced technology" is, why not just read the description of the worm?

http://www.f-secure.com/v-descs/mitglieder_cn.shtml

Nope, zero mention of any new technology. The only thing that maybe looks semi interesting is that it upgrades itself.

To someone with the most basic computer knowledge and willing to take a closer look it's pretty clear. It infects you the same way like a zillion other worms out there.

Totally irrelevant to the situation at hand.