Off: virus from list member

[Paul Mather]

On Mon, 10 Dec 2001, Guido Vacano wrote:

=> I was wondering when you'd pipe up and do the anti-Intel, anti-Micro$oft
=> soapbox thingy. :-)

Hey, I want people to buy bucketloads of Intel products!  In fact,
anyone that isn't running a P4 system should feel DEEPLY ashamed and
upgrade to one immediately as pennance.  (It'll drive up the share price
and increase my meagre dividends.:)

=> Another effective method (I think, I haven't tried it), should you be
=> foolish enough to use Intel/Micro$oft ccombinations :-) , is to get a
=> firewall (like ZoneAlarm), and set it so Outlook has to ask before
=> acting as a server. That would give some indication of worm activity,
=> and help prevent transmission to folks you email.

Sadly, though, if the virus infects Outlook itself, then ZoneAlarm won't
help you with those nasties that spread via e-mail, because that's what
programs like Outlook are supposed to do (send e-mail).  (Unless you
force it to be okayed for every outgoing connection, in which case it
would start to become a hassle pretty quickly.)  It does protect against
the payload activity, though, as you say, because you'll get an alarm
about Outlook trying to connect to a weird port when it's trying to ship
your keystroke log off to someone somewhere.  (Unless, horrors, it ships
it to a server listening on one of the mail ports, or, damn its eyes, it
e-mails it to the bad guy...:)

I've found the Norton antivirus "real-time file system protection" to be
really effective in picking up viruses that come in through e-mail.
(Well, not me, but a person I know who uses Windows 2000.)  Its
"liveupdate" makes it very easy in keeping current with known viruses,
too.  That person also uses the less-targeted Eudora instead of Outlook.

Cheers,

Paul.

e-mail: paul at gromit.dlib.vt.edu

"Without music to decorate it, time is just a bunch of boring production
 deadlines or dates by which bills must be paid."
        --- Frank Vincent Zappa