Why e-mail security means more than installing antivirus software

Discussion in 'other security issues & news' started by Trooper, Jul 11, 2005.

Thread Status:
Not open for further replies.
  1. Trooper

    Trooper Registered Member

    Joined:
    Jan 26, 2005
    Posts:
    2,825
  2. richrf

    richrf Registered Member

    Joined:
    Dec 11, 2003
    Posts:
    1,907
    Hi all,

    Does anyone know whether products such as DiamondCS WormGuard are current enough to stop the type of worms that are described in this article? If not, are any other similar type of products more up-to-date? Thanks for any info.

    Rich
     
  3. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Yes, IGNORING and DELETING ALL spam-emails is extremely difficult for curious users.
    I never considered spam-emails as a problem. Just get rid of them, don't even open spam-emails.
    A good spam-email is a deleted spam-email. Case closed.
     
  4. Trooper

    Trooper Registered Member

    Joined:
    Jan 26, 2005
    Posts:
    2,825
    Rich,

    I guess that is hard to say, but I know your setup and imo, you are very nicely protected.

    As for these new variants, your guess is as good as mine. Altho being cautious about opening spam e-mails (or even some trusted ones at times) as ErikAlbert has mentioned, seems to be a good fix.

    However, you have to realize that not everyone is as tech or security savvy as the users who run and visit this site. For them, I feel bad because there is always that one user(s) that just HAS TO OPEN every e-mail or even ones that may seem suspect. :doubt:

    Sadly enough for them, they are now infected and have to jump through hoops of fire or in some cases, reformat. It would be nice if Windows were stronger out of the box (wishful thinking I might add) so that the average Joe would not be hit (or hit as hard) even if they did click on a suspect e-mail.

    I would imagine that if this happens to someone, they might look to see that they can do to protect themselves and get in the game so to speak.

    Sorry for the rambling, but just a few thoughts off the top of my head.

    Jag

    EDIT: You know Rich I just thought of something. I think Notok has mentioned this before. What about Attack Shield or even Safe 'n' Sec? Both of which I have been thinking about trying out. ;) Maybe he could chime in if he sees this post.
     
  5. richrf

    richrf Registered Member

    Joined:
    Dec 11, 2003
    Posts:
    1,907
    Hi Jaguar,

    I looked at Attach Shield, and it seems to primarily address worms that utilize buffer overflow type attacks. I could be wrong since the information is a bit sketchy on their website.

    I also had some questions about Safe N' Secure. Right now I am just investigation. WormGuard seems to work very well, but the product has not been updated in a while, and I was wondering whether its technology is current enough to address the kind of worm attacks that were mentioned in the article.

    Cya around,
    Rich
     
  6. Tassie_Devils

    Tassie_Devils Global Moderator

    Joined:
    May 8, 2002
    Posts:
    2,514
    Location:
    State Queensland, Australia
    Also why not use a filtering proggy like MailWasher to at least first get rid of crap directly from servers without it being downloaded via your email client.

    There are some free ones out there, just that I have used MailWasher forever and got the Pro version.

    I know that some 'friends' emails could still contain malware but at least you would get rid of 70% if like me, probably more as I don't get that many compared to some. See my stats for past week, and as I said, I would be considered a light email receiver.

    Cheers, TAS
     

    Attached Files:

    • 075.GIF
      075.GIF
      File size:
      4.6 KB
      Views:
      75
  7. James Taylor

    James Taylor Guest

    I don't know why you guys panic over the "latest worms". Read the article, it doesn't do anything new in terms of how it infects people.

    Sometimes I wonder if the reason people post these articles is to spread FUD. "OMG a new worm, I wonder if my superduper security setup running a gabazillion security defenses can handle it." LOL

    As long as you are not dumb enough to open the attachment and run it, the worm can do nothing.

    Those of us running wormguard, even have a second backup, since even if we were dumb enough to run it, wormguard would pop up and us ask if we were sure.

    If you were dumb enough to ignore wormguard, then ...

    Well then, our regdefend, processguard, not to mention antivirus and antitrojans would get to justify their presence then!

    There is nothing NEW at all about this worm that allow it to infect users. Stop making a mountain out of a molehill.
     
  8. James Taylor

    James Taylor Guest

    Tassie_Devils that's not the point.

    Seems to me every overhyped article seems to be a good excuse to go looking for new technological solutions, even when the article is just the same old nonsense already more than well handled with the half dozen top notch security programs we all have.

    It seems to me that if you don't even have the slighest understanding of computer security products (suprisingly, lots of people here seem to be in that class), you are always at the mercy of FUD articles.
     
  9. Vikorr

    Vikorr Registered Member

    Joined:
    May 1, 2005
    Posts:
    662
    Have to agree with James Taylor on this one. I didn't see anything in that article that was new or really even interesting.

    If ever a spam email manages to get past my ISP's filters (very rare), and I don't know who it's from, I just delete it - so no threat at all there.

    The worms that are dangerous are the ones that use peoples address books to spread with disguised attachments types, or very well socially engineered ones.
     
  10. James Taylor

    James Taylor Guest

    And these already exist... I guess it's time to go looking for more protection. :p
     
  11. richrf

    richrf Registered Member

    Joined:
    Dec 11, 2003
    Posts:
    1,907
    Hi Vikorr,

    The article in the second paragraph reads:

    "The most recent manifestation involved a good deal of advanced technology: After creeping into vulnerable systems, the base Bagle variant downloads other dangerous components. Using this "multipart" approach, the worm blocks antivirus updates and disables firewalls and antivirus software."

    Whether or not the "advance technology" is new or old is not clear. Only someone who has tested WormGuard against this variant (e.g. DiamondCS) could know for sure. I have noticed that software that is not updated regularly, often falls behind latest advances. For example, WormGuard comes with a pre-defined set of definitions of blocked filetypes and blocked filesnames but this list has not been updated (as far as I know) for a couple of years. Others have augmented this list by themselves with various filestypes, but I am not sure what the full definition list should look like nowadays. Are you using WormGuard? If so, did you add anything to your list? I put this question on the WormGuard forum but never received a reply from DiamondCS.

    Cya,
    Rich
     
  12. Trooper

    Trooper Registered Member

    Joined:
    Jan 26, 2005
    Posts:
    2,825
    To All,

    I did not post this article to inherit people going out to purchase more security related software, or for anyone to test out there pc security setups.

    I posted it for those who may not be aware of what's out there, as there are all levels of users who view this forum to gain knowledge. Then there are those who just like to lurk like James Taylor who decided to post as a guest and not even take the time to register (or log in if you are registered), to add in your two cents.

    These forums are a place for people to ask questions, get help, and guess what maybe even learn something new or make a contribution of knowledge to other users.

    As for these threats, yes there are ways to prevent them and yes a lot of it is up to user training and knowledge so that they can make an informed decision prior to opening emails with nasty attachments in them.

    And as for saying this... "If ever a spam email manages to get past my ISP's filters (very rare), and I don't know who it's from, I just delete it - so no threat at all there."

    This may be fine for you, but not every pc user falls into this category. Sometimes I think you need to take a few steps back and realize there are those out there that click on attachments and get infected and sometimes do not even realize it (unless it is completely apparent they have a nasty on there system).

    Rich as for WormGuard I wish I had some info on that one but I am not a user of the product. Maybe try posting again in that forum? :doubt:

    Regards,

    Jag
     
  13. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,722
    Location:
    Texas
    Nothing wrong with your post Jag. Information is always good to have on hand.
    There are all levels of computer users that come through these forums and any productive information that is posted here is a plus.
     
  14. richrf

    richrf Registered Member

    Joined:
    Dec 11, 2003
    Posts:
    1,907
    Hi Jaguar,

    I agree with your sentiments, and thanks for referring me to the article. This is the kind of information I am looking for on this forum.

    Cya around!
    Rich
     
  15. Trooper

    Trooper Registered Member

    Joined:
    Jan 26, 2005
    Posts:
    2,825
    To Ronjor and Rich,

    Thanks for your comments, it's much appreciated. I wish I had more time to spend here helping peeps out sometimes vs asking questions. I do try to balance things out here tho. :)

    When I see more interesting articles come my way, I will continue to post them here for the benefit of other users.

    Best Regards,

    Jag
     
  16. James Taylor

    James Taylor Guest

    You misunderstood me Jaguar. The people who post these articles generally I think do it mostly out of good intentions. It's the 'pseudo-experts' who through ignorance after that who use it as an excuse to spread FUD.

    Respectfully, if you have a problem with Wilder's policy of guest posting, feel free to make your views known to Paul and see if he agrees. Until then....
     
  17. James Taylor

    James Taylor Guest

    Rather than speculating over what "advanced technology" is, why not just read the description of the worm?

    http://www.f-secure.com/v-descs/mitglieder_cn.shtml

    Nope, zero mention of any new technology. The only thing that maybe looks semi interesting is that it upgrades itself.

    To someone with the most basic computer knowledge and willing to take a closer look it's pretty clear. It infects you the same way like a zillion other worms out there.

    Totally irrelevant to the situation at hand.
     
Loading...
Thread Status:
Not open for further replies.