From: "Rod Gasson" 
Reply-To: Fidonet AVtech Echo 

> Hi Rod.

Hi Jason,

>  RG> OK, this discussion now has the potential to be endless. Exactly
>  RG> what is it that distinguishes "text" from "data" ?
>
> In this context data could be binary,

As I said, this is going to be an endless discussion.  Text on a computer is
just as binary as any other data. ie, they are both nothing more than a
series of 0's & 1's.
It *could* be argued that the difference between text and data/binary is
that text only uses 7bits, where as data/binary uses 8bits, and in fact this
was quite a valid arguement 30 years ago.  These days, many 'text' documents
contain 8bit data so that distinction no longer holds water.

>  RG> The point I was trying to make is that cookies are NOT executable
>  RG> files
>
>  a point well made.

OK, so now all we have to do is convince Bob of this fact.

>  RG> If you are referring to a secondary infection, ie, if person 'a'
>  RG> sends person 'b' a doc file or spreadsheet with the virus already
>  RG> embeded, and person 'b' foolishly opens this file without first
>  RG> vetting it (thus infecting other files), then I really can't see
>  RG> how this is any different than if person 'a' simply sent person
>  RG> 'b' the virus executable in the first place.
>
> yeah, those dociuments are effectively executables for virus purposes...

No they are not.  The MACRO's that may be embeded within the files are
"effectively executables for virus purposes", but the document files
themselves aren't.  If you don't make this distinction then you are going to
be in the Bob Lawrence camp in thinking that ZIP files are also "executable
for virus purposes", and hopefully you know better.

Bob has taken this one step further though, he is of the impression that
simply being on the internet is enough to cause an infection, and I assume
he has come to this conclusion by working backwards -  ie, viruses exist,
they spread via a zip or a doc file, zip and doc files can be recieved by
email, email is sent via the internet, therefore accessing the internet is
going to cause a computer virus.

He does have a point though, if you don't have a computer, then you cannot
get a computer virus.  If you don't have internet access, then you can't get
a virus that is spread from the internet.  Problem is, he seems to forget
that computer virus's existed long before the 'net as we know it came into
being.

The Internet, Zip files, doc files with embed macro's, and so for are still
nothing more than transport mechanisms - the virus code STILL needs to be
executed before an infection can take place.

>  RG> As I keep saying, viruses don't 'just happen' - it takes user
>  RG> input of one sort or another in order for them to spread.
>
> In general yeah,  Microsoft juste relased another patch in attempt to make
> that true,
>
> It seems there was some way to get OE to run stuff wiothout asking and
> there was no way to block it.

Funny, I check for Mickysoft updates on a daily basis and there haven't been
any security updates for nearly a month now.   You must be WAY behind the
times.

Please send me a link to this so called patch so I can see how old it really
is.
I suspect that you may have read one of the recent 'slashdot' stories that
relates to a very old bug that was fixed a LOOONG time ago.

As I said at the outset of this discussion, I've been online 24/7 since
sometime last century. I use OE on a daily basis. I don't run any anti virus
software on a regular basis (I use an online virus checker once every few
months or so simply because it is the "right thing to do", and in all of
these years I've NEVER had a single virus infection.

The reason WHY I've never been infected isn't just because I keep up to date
with security patches (I know plenty of other people that also do this, and
STILL get infected on a regular basis), the reason why I've not had a single
infection is by doing what I tell other people to do all the time, namely, I
DON'T open attachments unless it is something I was expecting, and never
ever run executables of unknown origin.  These two simple rules is all it
takes to remain virus free.

The BIGGEST risk to Microsoft users doesn't come from Email anyway.  The
biggest risk, by far, comes from the Microsoft file shares (which used to be
enabled by default). If these fileshares are disabled then you've effectly
closed off the only remaining access point for an infection.

Oh, just incase you think I've been simply 'lucky' and that I've never been
sent a virus infected message, think again.  On average I recieve about 5-10
per day.  If you are wondering how I know these are virus infected
messages - I save (some) them out (to a shared folder) that has been made
accessable via our webserver, I then use Explorer to view the email as plain
text -  This eliminates the possiblty of anything actually being executed
and that is usually enough to satisfy my curiosity about the actual
contents.  The SIDE effect of this is that the actual viral message then
gets stored in my cache directory (harmless), but, when I do run the online
virus checker (housecall, by trend micro) it never fails to report all of
these virus tucked away in the cache.  As I said, these virus's are
'harmless' because they can't actually DO anything unless I execute them
(and I'm not silly enough to do that),  so if you ever want a nice
collection of virus's just ask, and I'll be happy to send them to you :-)

It is important to realise that simply having a virus on the computer is NOT
enough to cause the computer to be infected -  As I keep saying, the virus
code needs to be executed in order for the infection to occur.

Oh yeah, I *could* (and do) often "inspect" virus infected emails simply by
using "view source"  (CTRL-F3) often combined with "Quick
view plus" (in
order to view the contents of any zip files) -  This has the same immunity
as viewing them via the webserver but it means viewing them one at a time as
I come across them.  Those that are viewed via the browser have been
automatically filtered and saved as the mail arrives. :-)

Cheers
Rod




--- ifmail v.2.15