[pct-l] email worm

[gray_hiker at mindpoison.org (Gray)]

*yawn*

And if all the people who use Outlook and Office and IE start using these
products, they too will have just as many security bugs uncovered. MS is
targeted because a huge percentage of people use them.

But people are lazy, and will use what comes already installed on their
computer. 

> 1) Never send attachments and never open them.
>    Ever!   Get a free website and learn how to use
>    that to distribute non-text items.

A bit overkill. I'd say never open anything that arrives in an attachment
that you didn't expect to show up. .exes and other executables should never
be sent via email.

> 2) Never send html-formatted email.    It tends to
>    look like and be treated like spam.   email is
>    for plain text messages.

I'd agree with this, too bad most email clients come with HTML formatting as
the default. Though almost every spam I've gotten has been in plain text,
not HTML or rich text.

> 3) Don't use Internet Explorer except for sites
>    that are misdesigned to not work with anything
>    else (and if that's the case, why do you want
>    to go there?)   A free and easy-to-install
>    simple browser is Firefox from
>    http://www.mozilla.org

Why? I've used IE, Mozilla, Netscape... and IE simply is easier to use and
more stable than any of the others. I've not tried the new version of
Foxfire, so there may have been some changes that I am not aware of, but the
old Mozilla struck me as an "elite user" browser, and not really for Joe
Shmoe. But by all means, try it. 

> 4) Don't use Outlook or Outlook Express.
>    A free and easy-to-install simple mail client
>    is Thunderbird from http://www.mozilla.org

Well, at least you didn't recommend Pine. 
Some other options for the MS-phobic out there:
http://mail2web.com allows you to check and send email from the web,
removing the threat of virii/worms/Trojans.
Many webhosting sites have a web mail client. I host my sites thru Dreamhost
(http:/dreamhost.com/), and as part of the basic hosting, I can create as
many email addresses as I want on my domain, and use Squirrelmail for
webmail, simply allowing me to go to http://webmail.mydomain.com and check
and send mail. Makes it nice for when I am away from home, but want to check
mail.

> Many people feel that they are just naive simple
> computer users and don't understand all these
> directions and don't want to get involved.   These
> of course are exactly the target audience for
> viruses and worms.

And they've already tuned you out. 
Having worked in internet customer support off an on for the past several
years, I've given up trying to educate people. They simply don't want to be
educated. People are lazy, and many, many, many people are less intelligent
than a cat's hairball. These same people, IMHO, are responsible for 90% of
the email garbage, both spam and virii, in the world, and as long as they
are out there clicking on everything they see, using whatever is handed to
them on their computer, we will have problems. 

> Not all ills can be attributed to viruses and
> worms, of course.    Even without them, people
> would still attach
> an entire digest when responding to
> one posting in it, and other people would recurse
> on the error.

I've developed a pretty effective method of scanning incoming mails. If it
is more than a couple pages, and most of that is quoted, delete it.
If the person cannot use punctuation at least SOMEWHAT correctly, delete it.
If there are no periods in a paragraph of text, delete it.
If they use ,,,,,,, to separate their thoughts, delete it.
If they use "u", "4", instead of "you" and "for", or use other AOLisms,
delete it.
By the time I am done, I have a small collection of well-written and
sometimes usefull posts, and a deleted items folder of a bunch of useless
crap.

Gray