> > Someone has mentioned here on this list that one can get a virus (or worm, > > or trojan) just by opening e-mail. This is, I believe, one of the many > > unfounded, slightly paranoid, rumors about viruses. (Virii?) > > I assure you that both the statements made about being able to get > infected simply by opening mail were true. In fact in one case you > didn't even need to explicitly open the email - Microsoft Outlook > would automatically open the last email fetched from the post office. > I don't spread unfounded, inaccurate rumours. Assure me all you want. Just because you say something is true, doesn't make it so. I have never seen any proof anywhere, or any article, in PC World or any other such mags, that such sophisticated viruses exist anywhere outside of anyone's imagination. In fact, there's a website entirely devoted to denouncing such wild virus rumors (I'll see if I can get it's URL for you if you want), and they also claim that many of these so called super viruses are just so much BS.... > > Email comes through to a Microsoft O/S system (such as Windows) as the file > > extension, .eml, ONLY. Windows does nothing with .eml extensions except > > designate them as words for you to look at. > > There is nothing that tells it, "there is code here for the O/S to execute > > and do something with". The same holds true for .jpg extensions, which are > > designated as pictures for you to only look at. > > Much, much, misinformation. First of all ".eml" is an application- > specific file type (or extension); if you don't happen to be using > that specific email program you will never see .eml (Netscape > Messenger, for example, stores email in a completely different way) Yeah, ok, but I was only talking about Outlook Express (and specificially, version 5.0) here anyway, wasn't I? How are you helping things by talking about apples when I'm talking about oranges? > > On the other hand, .exe extensions are very dangerous (as are some others), > > as when opened they tell the Windows O/S that this is an operating program > > and you should do what it says... > > (There is a vast difference, within not only Microsoft but all computer > > O/S's, between simple readable or viewable data, and operational code.) > > Unfortunately this line has got very blurred. Email can contain embedded > HTML, which in turn can contain embedded JAVA or JavaScript. > It's rare to see a virus with a .exe payload extension, too. The recent > ones have been attacking other extensions (such as .vbs, .scr, or .pif). > Add to that the habit of hiding the real extension , and what looks like > an innocent file name like MeNude.jpg can really be MeNude.jpg.pif I did say other extensions besides .exe are dangerous too, although not specifying them, didn't I? Your .vbs, .scr, pif, warnings are true enough. But you won't be able to show me a virus that comes thru (to Outlook Express now, mind you) as an .eml or .jpg. The virus creators are not such super-brains that they can turn just plain viewable data into operational code... Also, O/S-5.0's pop-up box shows the entire file name, even if it be Nonsense.jpg.pif.exe.vbs...... > > In Outlook Express (version 5.0) there is an excellent option available. > > Whenever you dbl-click on an email extension a pop-up says, "All email > > extensions have the potential for danger" (or something similar to this) > > "-do you want to open this now or load it to disk?" (And when this question > > is asked, at this time, and only at this time, OE/5.0 then shows what the > > actual file extension is...) > > Outlook Express is actually rather less error-prone than full Outlook. > But the default install for either of them leaves some options set in > a way that leaves gaping security holes that script-kiddies are only > too eager to exploit. Not that Microsoft is the only culprit, by any > means; default install options from Eudora, Netscape, or iPlanet all > have similar weaknesses. It's just that Microsoft is particularly bad, > and is most frequently targetted by virus creators (often because that's > the mail system they are most familiar with, but sometimes simply > because Microsoft is viewed with contempt by the hacker community). Hackers are not virus creators. Hackers are avid computer geeks who sometimes like to break into top security sites (and sometimes leave messages that they did so) just to prove they have the wherewithall to do so. Most of them wouldn't be caught dead creating a "simple" virus that harms everyday people. Your labling of them (hackers) as virus creators betrays your one sided beliefs... > > > Always answering this question with "load it to disk" takes but an extra few > > seconds and allows any of the various virus killer programs (the good ones, > > anyway) to check out the file. If it is not a clean file, you should > > (depending upon which virus killer program you are using) get immediate (and > > pronounced ) bells, whistles, warnings, not to proceed with opening this > > extension, and sometimes even automatic deletions. If the file is judged > > clean, you get no further messages and can then open it in relative safety. > > > > (Nothing is ever perfect however; on very very rare occasions a new type > > virus comes along that the killer programs are not prepared for. (There was > > even a virus killer once, a Norton program I think it was, that was released > > with a virus in it!) But again, this kind of stuff is extremely rare. Also, > > most good virus killers have constant online update options to catch up with > > these occasional new things.) > > > I sometimes think there are more computer problems caused by virus rumors > > than there are by viruses... > > That may be true. Well, thanks for that much, anyway.... >But you don't do anyone any favours by spreading false > assurances that "this kind of thing can't happen", How dare you put quote marks around a statement like that! Where in the hell did I say anything like that? I love you people who make up your own interpretations as to what other people say, and then put quote marks around them...! >or by making unfounded > suggestions that people better informed than you are paranoid ignorami. That really upset you, did it? Why? (And if what I said really came across that way to everyone else too, I apologize...) > You could always check the claims, first, rather than simply pooh-pooing > them. There are several good sites that describe the various types of > virus attack, and just what weaknesses they exploit. McAfee and Norton > each have a site, which would be a good starting place. Don't believe > everything they tell you, of course - they always take the worst view of > things (they are, after all, trying to sell you there software). But the > facts (rather than their interpretation) are there if you care to look. Not so. The facts there are always worst case scenarios, as you yourself just said. They're selling software, right? Helps to scare you, right? > You can also get some information from the Microsoft site, by looking at > the program patches and updates they have made available. They don't > tell you the whole story, either - they downplay the risks, if they > even mention just why the patch is being made avaiable. They always say why the patch is being made available, if you can understand their jargon. I usually cannot... > > > Wishing you (and me) a virus free environment. (Which is a nice way of > > saying ,"down with these immature computer creeps!") > > > > Skip > > (An ex-systems programmer) > > But, sadly, a rather uninformed one on the subject of viruses. Maybe so Mr. Darth Vader, but at least not a paranoid one. (Which doesn't mean that you're paranoid. Only that I'm not. And if you think it means that you are..... Then maybe...?) And hey didn't you even stop to consider that your indiscriminate (and somewhat personal) pooh-poohing of my entire post might obscure the info I was trying to pass along about how to run the OE mail program fairly safely, without a lot of unneccessary fear? I've been running OE for 4 years, and have caught only one virus. And that was in the first year, before I had a good virus killer program. (Dr. Solomon sucked.) Since I've gotten a better one, in the past three years only one other virus tried to invade my system, and the virus killer program (InoculateIt) picked it right up and stomped it! (It also, along with the unpaid help of several InoculateIt telephone consultants, showed me how to effectively get rid of that first virus that Dr. Solomon completely missed..) Some people like to emphasize the problems. Others, the solutions... Skip - This message is from the Pentax-Discuss Mail List. To unsubscribe, go to http://www.pdml.net and follow the directions. Don't forget to visit the Pentax Users' Gallery at http://pug.komkon.org .
