Full Disclosure mailing list archives
RE: 9/11 virus
From: "Rainer Gerhards" <rgerhards () hq adiscon com>
Date: Thu, 11 Sep 2003 15:39:53 +0200
actually, as an advise to microsoft, it may be a good idea to not follow the doubleclick paradigm if a) it is any kind of executable AND b) it has two dots in it The later could also specifically look at .jpg.exe and such. We filter many of these constructs at the gateway level. It's easy and it works. The only thing is that you must always catch up with those 20+ year old file extensions that turn out to be executable... A complete list from Microsoft would be very helpful. A partial list compiled by us is here (a German page, but I bet you get the idea ;)) <http://www.exchange-antivirus.de/Support/Empfehlung-zu-sperrende-Dateie rweiterungen.asp> And, yes, this is an ugly long URL and it will most probably be broken by your mail client. So be sure to reassmble it before entering it into the browser ;) Rainer
-----Original Message----- From: vogt () hansenet com [mailto:vogt () hansenet com] Sent: Thursday, September 11, 2003 2:42 PM To: full-disclosure () lists netsys com Subject: AW: [Full-disclosure] 9/11 virusAdd the inevitable batch of new 9/11 viruses to the heap of avoidable-but-commonplace user-dependent vulnerabilities.It ain't a user-dependent vulnerability. It exploits shortcomings in the interface. It exploits the fact that what the machine does is not what the user wants or expects it to do. User: "I want to see this picture." Machine: Ok... ...oh, it isn't a picture, it's an executable... ...so, let's execute it. The user never wanted to execute a file, he wanted to see a picture. It's a miscommunication issue, not stupidity of users. A better interface would prevent it. For example, imagine for one second that there were no implicit actions, i.e. there is no "doubleclick and the right thing will happen", but you always have to state WHAT you want to do.(*) It's not a user issue. Users aren't stupid, they just have a limited need to know. You'd be shouting at your car mechanic if he told you that it's your fault that the car burst into flames because that's just what it does when you open the trunk while the headlights are on and the gear is in reverse. But hey, it's not like we haven't known this ever since the first Outlook worm, and it could've been solved for years. Tom Vogt (*) And don't tell me users wouldn't accept that. Every other electronic device works that way. You don't press POWER on your TV and expect it to know which channel you want. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- 9/11 virus Bassett, Mark (Sep 10)
- Re: 9/11 virus l8km7gr02 (Sep 10)
- RE: 9/11 virus Byron Copeland (Sep 10)
- <Possible follow-ups>
- RE: 9/11 virus Rainer Gerhards (Sep 11)