Slash Boxes
NOTE: use Perl; is on undef hiatus. You can read content, but you can't post it. More info will be forthcoming forthcomingly.

All the Perl that's Practical to Extract and Report

The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
More | Login | Reply
Loading... please wait.
  • by ajt (2546) on 2003.06.26 5:31 (#21438) Homepage Journal

    I think it's fair to say that Windows is very broken, and Microsoft made a number of very poor design decisions along the way. In hind sight I think even they wish they wish they had dome some things differently now.

    The ORA book Malicious Mobile Code [], though somewhat overtaken by event is a very good and frightening read. Not that I used IE or Outlook before, but I'm now very anti these products now.

    However engineering aside, Microsoft and others encourage a culture of trust, easy of use, and poor security practice, that is far more damaging. It's more important to them that something is easy and automatic than it is that it's safe, and the result is what we see, lots of business for anti-virus vendors.

    If there were the same number of ill-educated BSD/Linux users as there are Windows users, then there would be lots of problems with these systems too. Though I will grant that the problems would be different as nix systems are different at the core to Windows, but it's always easy to do stupid things....

    -- "It's not magic, it's work..."
    • Funny, that was the same culture that brought us rsh et all on early BSD and Unix workstations. It took years to convince vendors to not ship with that stuff turned on by default and to provide secure alternatives. I don't see Microsoft being any slower or quicker.


  • Interesting, so that'll be why I receieved this message this morning from a client:
    Please note that due to action taken by our IT colleagues, we will be unable to receive .zip attachements today (26/06/03). I apologise for any inconvenience.

    What kind of crappy software doesn't look inside container files for viruses. Even the abominable mailsweeper, which I thoroughly despise , handles this.


    • One of my clients is a big company. They have a even crappier mailscanner which silently deletes attachments it doesn't like. On the other hand it's perfectly fine with exe files inside zip files though, or exe files renamed to zip files!

      Somebody needs to invent some way of sending files too people without having to resort to email. It is way to low tech and inneficient.
      • I kind of know why they might wish to do this actually. There was a zip file floating around somewhere which expanded vastly in size, and contained more copies of itself. It was only about a hundred Kb. :-)


      • ...perhaps the web?

        You are what you think.
        • I couldn't either, but I could find it on my harddisk, so I put it here []. Beware - it expands to 5 levels of zip files, ultimately containing 1048576 copies of a 4294967295 byte file named 0.dll. Don't try downloading it if you think you may be behind a web proxy that attempts to scan passing traffic.

    • What kind of crappy software doesn't look inside container files for viruses.

      The kind that isn't written in Perl and can't use Archive::Zip, Archive::Tar, etc to interrogate the contents, perhaps? I'm not exactly sure how the MessageLabs [] product does it, but to date it has stopped every unknown virus in the wild that it's come across, including the attempts to hide inside multi-zipped files or the latest 3 level extensions.

      Its pretty cool to be considered one of the top anti-virus companies in the world

    • What kind of crappy software doesn't look inside container files for viruses. Even the abominable mailsweeper, which I thoroughly despise , handles this.

      More likely is that their AV vendor hadn't released updates to catch the virus by this point. And given that the vendors couldn't agree on what was the definitive list of .zip files that were likely to contain the virus, blocking all .zips isn't too bad an idea, at least until you're sure that the AV software is sufficiently up to date.