From: "Rod Gasson" 


"Bob Lawrence" 
wrote in message
news:1080804470{at}p12.f610.n712.z3.ftn...

> RG> The point I was trying to make is that cookies are NOT
> RG> executable files
>
> > a point well made.
>
> RG> OK, so now all we have to do is convince Bob of this fact.
>
>  I said "cookies and other crap" or words to that effect. I know
> cookies don't run, but they do have access to the system

They DON'T have access to the sytem (where the fuck did you get this idea
from)?

> and are
> loaded anywhere the cookie-sender chooses to put them.

Utter crap!!!!

> It gives
> another way in for a virus.EXE (or any of the many extensions that
> Windows recognises and will try to run). I've lost track of what
> runs, or where Windows puts them...

You've actually lost track of reality.

>  I talk to Americans in the SF echo, and they don't think like us
> human beings. They actually feel threatened by insane things. They

Don't forget I'm married to an American.

> RG> distinction then you are going to be in the Bob Lawrence camp
> RG> in thinking that ZIP files are also "executable for virus
> RG> purposes", and hopefully you know better.
>
>  I don't think *you* understand, Rod. What is the difference between
> a self extracting ZIP file and an EXE file? From memory, six bits in
> the header. Not a lot of protection... is it?

But Bob, you should know as well as the rest of us, it only takes ONE
incorrect bit to make the difference between whether a file/program will run
or not.
Six bits is more than enough protection.

You are still missing an important point though Bob,  it really doesn't make
a damn bit of difference to me whether someone sends me a .doc file an .exe
file or a .zip file - NONE of them are to be trusted, and as such, I simply
will NOT run/execute any of them unless I know for sure they are what they
say they are, and that they are confirmed to be virus free.

This is called 'healthy paranoia' - not to be confused with the paranoia
that suggests that any network access WILL cause a virus infection.

> RG> The Internet, Zip files, doc files with embed macro's, and so
> RG> for are still nothing more than transport mechanisms - the
> RG> virus code STILL needs to be executed before an infection can
> RG> take place.
>
>  But Windows makes it *automatic!*

   ONLY IF YOU LET IT.

> RG> DON'T open attachments unless it is something I was expecting,
> RG> and never ever run executables of unknown origin. These two
> RG> simple rules is all it takes to remain virus free.
>
>  So, what if I ring you up and tell you I'm sendign you a great
> picture of big tits? And I send it but there's a Bob-virus embedded?
> That does nothing just then...?

I know how to distinquish the difference between a REAL piccy and one that
pretends to be a piccy.  I also know that piccys are safe to view (even the
animated GIFs), so if it were a piccy I'd see it instantly simply by opening
it with QVP, and likewise if it weren't a real picyy QVP would let me know
that too.  If it turned out to not be a piccy, it'd be deleted, and I'd be
phoning you to ask why you are sending me viruses.
I would NOT be fooled simply because it came from someone I know.
>
> RG> simple rules is all it takes to remain virus free.
>
>  Sure it is... and what if those updates you check daily from
> Microsoft are what's infecting your PC?

That is a risk I'm prepared to take.

> Except it hasn't been
> activated yet? You download megabytes, and you don't have a clue
> what's there!

That's true,  and frankly I don't really care.  If MS started sending out
viruses with their updates then the repercussions from it would be far more
serious on a global scale than just the damage caused to my pissy lil home
computer.

I don't care if my phones are tapped either, and I certainly don't give a
damn about those spy satelites that are capable of zooming in close enough
to read a car numberplate.
I am but an insignificant mortal.

I CAN however protect myself from script kiddies trying to upload god knows
what to my computer though.

> RG> I then use Explorer to view the email as plain text - This
> RG> eliminates the possiblty of anything actually being executed
> RG> and that is usually enough to satisfy my curiosity about the
> RG> actual contents.
>
>  You use explorer!!! I use a plain DOS text editor. How can you
> possibly trust Explorer?

Because I have it set to NOT execute files/programs all by itself.
Quite simple really.
As I said, after 10 years I'm still virus free.

> RG> The SIDE effect of this is that the actual viral message then
> RG> gets stored in my cache directory (harmless), but, when I do
> RG> run the online virus checker (housecall, by trend micro) it
> RG> never fails to report all of these virus tucked away in the
> RG> cache.
>
>  I love the logic behind that. It "never fails to report..." how do
> you know? That's the problem with a virus checker... you never know
> until someone else finds the super-clever virus.

OK, I'll accept your arguement, there are quite probably DOZENs of viruses
sitting in my cache folder that simply haven't been picked up by the virus
detectors, BUT, they can sit there for as long as they like, they can't harm
me or the computer unless I explicitly go and run them.

I've probably also deleted THOUSANDS of LEGITATE (non virus) graphics,
executable, doc file and god knows what that have been sent to me by friends
and rellies over the years.

The fact remains, I don't trust these files any more than you do, the only
difference is that I'm not foolish enough to perform the actions required in
order to actually become infected.
And no, they DON'T run 'automatically'.  I won't allow it.

> RG> Oh yeah, I *could* (and do) often "inspect" virus infected
> RG> emails simply by using "view source" (CTRL-F3) often combined
> RG> with "Quick view plus" (in order to view the contents of any
> RG> zip files) - This has the same immunity as viewing them via the
> RG> webserver but it means viewing them one at a time as I come
> RG> across them. Those that are viewed via the browser have been
> RG> automatically filtered and saved as the mail arrives. :-)
>
>  How do you know they are viruses? Maybe they're just pictures of big
> tits.

They may be big tits, in which case, QVP will show them to me when *I*
choose to do so (and not before), and if QVP displays the file as anything
other than a graphic I simply ASSUME its a virus and delete it.  It's as
easy as that.

Rgds,
Rod






--- ifmail v.2.15