If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#21
|
|||
|
|||
Outlook Express Irritating Cleanup Dialog
On Wed, 8 Jul 2009 09:30:40 -0500, Pete B wrote:
I know that's why it is called a zero-day virus, you're the one that emphasized the term. Guess what? Day zero is past, and it is doubtful that any AV software worth its salt has not been updated of that particular danger at this point. Let me guess, though: you think that once the virus is in the AV databases, it goes away never to be seen again; yeah, right, like that'll happen.... Silly boy. Virus writers are constantly writing new code in attempts to get around the current AV definitions. It is like an arms race. Sooner, or later, you are going to lose. And here's an astounding, absolutely mind-blowing fact that you seem totally oblivious of: NO virus or malware, of any kind or form, that has never been seen before will be detected by ANY security system in the universe, NO MATTER what the source of the attack. Silly boy. That is exactly what I have been saying. What you seem to be willfully ignoring is that virus writers are always working on the next "zero day exploit". Scanning emails detects such viruses, but most viruses come through web-based attacks that do not involve email. Silly boy. AV email scanning requires a Rube Goldberg kludge with MSOE, in particular, tends to choke on. And is a redundant measure, to boot, considering that the on-access, memory resident scanner will still alert on the potential infection. In any case, detecting the **source** of the attack is what matters, and Kaspersky's and other AV software programs already do that, by detecting web sources that are not certified safe to begin with, whether they are likely to be infectious or not. And they do so quite effectively without have to scan the email. There are thousands of varieties of malware that are attacking PCs every hour ... Cite, please. I don't see even tens of attacks per day against my PC. But you go ahead and ignore the second largest source of viral attacks on the net last year. Not me, I like to catch things BEFORE they do damage, not after the damage is done. Silly boy. E-mail borne viruses can't do any damage without active participation of the user. I will say it again: NOTHING you or anyone else said in this thread justifies refraining from scanning incoming email traffic to my PC. Silly boy. You can do any damned thing that pleases you. You can even call a dog's tail a leg, if it pleases you: But that won't make a dog a five legged creature. For the rest of us, reality is all that matters. But you go ahead and sit there in your little security blanket bubble doing nothing, waiting until doomsday strikes. It is you who is living inside a bubble. It may even burst on you some day. One way, or the other. -- Norman ~Oh Lord, why have you come ~To Konnyu, with the Lion and the Drum |
#22
|
|||
|
|||
Outlook Express Irritating Cleanup Dialog
"N. Miller" wrote in message
On Wed, 8 Jul 2009 09:30:40 -0500, Pete B wrote: .... I will say it again: NOTHING you or anyone else said in this thread justifies refraining from scanning incoming email traffic to my PC. Silly boy. You can do any damned thing that pleases you. You can even call a dog's tail a leg, if it pleases you: But that won't make a dog a five legged creature. Silly is right. Aside from a few obvious but mostly irrelevant statement you made and which I'm not commenting on, there certainly can be considerable value to scanning incoming e-mails for viruses. It's possible to catch them that way while they're still in buffers and before they've even touched the hard drive which is infinitely more efficient than waiting for them to trigger after they've landed on the disk surface. In fact, you've touched on sort of a pet peeve of mine: Scanning of outgoing e-mails is something that can, not does, create situations where e-mails can appear to have been sent but were in reality dropped into the ether. It's an understood mechanism that's been described and defined many times over by many people and easy to understand without a lot of technical knowledge. But ... the damage allegedly done by scanning incoming e-mails is not well understood, is not a known mechanism, and nowhere does any web site or paper I've ever found describe how and why an incoming e-mail can be damaged or cause any damage to anything because an AV is scanning incoming mails. There are some who claim anecdotal evidence of it happening but not with any sureness or credibility that I can understand. I've asked several times on various groups for someone to explain the mechanism of the damage done to me, but no one to date can do it. I don't deny that it's possible, but I can't find anything that proves the point, making me think that it is no more likely to occur than any other file corruption anywhere else in a computer system. I scan all of my incoming e-mails and always have since I gained the ability to do so, and have never experienced a problem or I might have a different opiniong. I monitor and receive e-mails from 12 different accounts on a daily basis and depending on what's going on at any specific time, that has been as high as 22 different accounts. That's quite a few e-mails, so apparently at least in my case, it's not going to be a problem, ever. As with scanning outgoing mails though, it's possible for some people to also never experience the timing situation that results in losing mails to the ether. In that direction it's all timing dependent. Thus, I understand it could be "my case" that's never going to have a problem, but ... I'd really love to know whether it's just "my case" or all cases. If anyone can provide any citation of the mechanism of scanning incoming e-mails causing damage to anything, I would certainly appreciate seeing it. Please, NOT the instructions to just turn off e-mail scanning or "all" email scanning; I'm looking for verifiable, credible information about how it happens, why it happens, and basically, whether it really happens with incoming e-mails. Woof! Sorry for the long tangent. To synopsize: Outgoing e-mails, yes, scanning can definitely cause problems and it's well defined. But what about with incoming? I suspect it creates no problem and all the original hoopla was because many programs didn't separate in/out so you use/kill both or nothing at all. Then the "myth" didn't keep up with technology. Regards, Twayne For the rest of us, reality is all that matters. But you go ahead and sit there in your little security blanket bubble doing nothing, waiting until doomsday strikes. It is you who is living inside a bubble. It may even burst on you some day. One way, or the other. |
#23
|
|||
|
|||
Outlook Express Irritating Cleanup Dialog
On Wed, 8 Jul 2009 18:31:43 -0400, Twayne wrote:
"N. Miller" wrote in message On Wed, 8 Jul 2009 09:30:40 -0500, Pete B wrote: ... I will say it again: NOTHING you or anyone else said in this thread justifies refraining from scanning incoming email traffic to my PC. Silly boy. You can do any damned thing that pleases you. You can even call a dog's tail a leg, if it pleases you: But that won't make a dog a five legged creature. Silly is right. Aside from a few obvious but mostly irrelevant statement you made and which I'm not commenting on, there certainly can be considerable value to scanning incoming e-mails for viruses. It's possible to catch them that way while they're still in buffers and before they've even touched the hard drive which is infinitely more efficient than waiting for them to trigger after they've landed on the disk surface. Do you realize that by the time your AV is scanning that attachment, it is already on your hard drive? That is an unavoidable fact of life. Your AV can't touch that attachment until after it is downloaded from the server. But ... the damage allegedly done by scanning incoming e-mails is not well understood, is not a known mechanism, and nowhere does any web site or paper I've ever found describe how and why an incoming e-mail can be damaged or cause any damage to anything because an AV is scanning incoming mails. There are some who claim anecdotal evidence of it happening but not with any sureness or credibility that I can understand. I've asked several times on various groups for someone to explain the mechanism of the damage done to me, but no one to date can do it. I've not scanned incoming email in years, so I don't have a way to examine the mechanism. But I will begin with one common symptom: The email client POP3 server name is changed from 'pop.server.com' to '127.0.0.1'. I've never had the opportunity to examine the Advanced properties, to check the port number, but I'll wager it is also changed: From '110' to 1110', or similar. The mechanism is actually simple to guess at from that symptom. AV email scanner interposes as a proxy, becoming a POP3 server in its own right, listening on port 1110 for incoming connections, while interacting with the actual mail server through port 110. So MS Outlook Express connects with '127.0.0.1:1110' and waits for the POP3 transaction to proceed. AV scanner puts MSOE "on hold" while it connects with 'pop.server.com:110', and downloads the email to a local temp folder on the local HDD. Normal POP3 commands, so the server clears the mailbox, and all the email is now in temp folder somewhere on the local HDD. AV now starts scanning the contents of that temp folder. More time elapses than MSOE expects, so MSOE throws up a "server not responding" error, and closes the connection. Now, if this had been the connection to the actual mail server, that server would not delete any email from the mailbox, because the PO3 session did not advance that far. But who knows what the AV "mail server" will do with the temp files when the client closes the connection? I scan all of my incoming e-mails and always have since I gained the ability to do so, and have never experienced a problem or I might have a different opiniong. I can't say I have experienced corruption, but I have experienced oddness that stopped when I stopped scanning the incoming email. Since the AV is still running, whether it is scanning email, or not, it will alert on any attempt to manipulate a malicious attachment. I've discovered that it is damned hard to manipulate the EICAR file locally, for email tests, without the AV barking. Not that EICAR is malicious: It is not, it is a text file, which is included as a signature in AV scanners. The AV scanner is supposed to recognize the signature of the EICAR file, and alert as if it was malicious. So you can know the AV is actually doing its job. So, because just moving the EICAR file around brings up alerts, I know the AV scanner will alert when trying to manipulate an infected file. Woof! Sorry for the long tangent. To synopsize: Outgoing e-mails, yes, scanning can definitely cause problems and it's well defined. But what about with incoming? I suspect it creates no problem and all the original hoopla was because many programs didn't separate in/out so you use/kill both or nothing at all. Then the "myth" didn't keep up with technology. OTOH, since, in my experience, the AV scanner barks whenever it encounters an infected file, whether it is scanning email, or not, I have decided that email scanning is, essentially, wasteful redundancy. I follow the "KISS" principle: "Keep It Simple, Stupid". Email scanning violates "KISS", without demonstrably enhancing protection. So I'll not be scanning incoming email. At least until somebody can demonstrate how a virus can get past the local, memory resident, on access scanner, if the email scanner doesn't catch it first. -- Norman ~Oh Lord, why have you come ~To Konnyu, with the Lion and the Drum |
Thread Tools | |
Display Modes | |
|
|