[Date Prev][Date Next] [Chronological] [Thread] [Top]
Re: (erielack) Re: Viruses - Any virus protection for Linux?

Subject: Re: (erielack) Re: Viruses - Any virus protection for Linux?
From: gelwood <gelwood_@_dnaco.net>
Date: Tue, 14 May 2002 09:14:32 -0400 (EDT)
In-Reply-To: <20020514124519.4020.qmail_@_web14305.mail.yahoo.com>
If you use a basic mail system like PINE, you won't have any problem. The
virus problems target MS systems and not LINUX or UNIX. I use PINE on both
the LINUX and UNIX systems I have. When I get an email which I think is
bad, I can save it on the UNIX system and then poke around with it without
a problem.

George Elwood
http://www.dnaco.net/~gelwood

On Tue, 14 May 2002, Bob Mitchell wrote:

> George: Good suggestions! For most of my normal email
> I use a Yahoo account (it's free). This is also the
> account I use when ordering anything over the
> Internet.
>
> My private email address is the email account from my
> web site and I use an old version of Eudora to get
> email. I have given it out to only a few friends. Even
> so, I get about one of those 'Klez' viruses a week
> from addresses I don't know.
>
> I recently set up one of my home computers for dual
> boot to Win98 or Linux. Does anyone know a good way to
> set up virus protection on a Linux box?
>
> Bob Mitchell
> ELHS 899
>
>
>
> --- gelwood <gelwood_@_dnaco.net> wrote:
> > I received the following message from a friend who
> > is also in computer
> > security. I am passing it along as food for thought.
> >
> > Another point - remember, the bad guys are also
> > trying to get into your
> > computer to get personnel information. Even though
> > you use a dialup, your
> > system can still be and probably is being probed.
> > One of the people in our
> > office runs a personnel firewall and receives 3-5
> > probe alerts DAILY form
> > source in Asia (China, Korea, Singapore). If the bad
> > guys get access to
> > your computer, they will be looking for SSN and
> > other personnel data.
> >
> > --- Bill's message --
> >
> > DON'T GET KLEZED
> >
> -------------------------------------------------------------------
> >
> > I don't know about you, but I'm getting Klezed on an
> > hourly basis. In
> > fact, after a huge drop-off of email worms and
> > viruses for several
> > months, I'm suddenly being inundated by email
> > messages containing
> > malicious W32.Klez attachments again. So much so
> > that I'm beginning to
> > feel like it's only a matter of time before one of
> > them gets me.
> >
> > Perhaps the worst offender is a message I've
> > received repeatedly whose
> > subject line reads: "W32.Klez.E removal tools." That
> > subject couldn't
> > be further from the truth; if you open this
> > attachment, you're
> > unleashing the W32.Klez.gen_@_mm virus on your PC. The
> > subjects of
> > similar messages say "Worm Klez.E immunity" and
> > "W32.Elkern removal
> > tools." Other notable message subjects containing
> > virtual bombs include
> > "Look my pretty girlfriend" (sic), "A special powful
> > tool" (sic), "A
> > WinXP patch," and "IE 6.0 Patch." It seems clear
> > that you don't need to
> > be great with the English language to send out Klez.
> > And also that you
> > think you have a sense of humor. I even got one that
> > read: "Hello,
> > scot,eager to see you." Yeah, right.
> >
> > By and large, my antivirus program (I'm currently
> > using Norton
> > AntiVirus 2002 -- because of something I'm testing
> > -- even though I
> > recommended against it) is keeping up with the Klez
> > barrage. But I have
> > found some messages that Norton missed with
> > suspicious attachments
> > (like Setup.exe) from people I didn't know. That's
> > why I say it's only
> > a matter of time.
> >
> > There are things you can do to prevent disaster on
> > your PC in these
> > strange times. The most important ones are at the
> > top:
> >
> > 1. Buy, install, and regularly update (at least
> > weekly) a top-notch
> > antivirus program. I like the products from Trend
> > Micro, Norton, and
> > Panda. Be sure to renew your annual subscription to
> > the antivirus
> > updates. That's money well spent.
> >
> > 2. Outlook and Outlook Express users, you must
> > install all the security
> > patches for your version of Windows, Office, and
> > Internet Explorer.
> > Windows Update handles Windows and Internet
> > Explorer. Outlook users in
> > particular need to visit the Office Product Updates
> > site as well.
> >
> > Windows Update:
> > http://windowsupdate.microsoft.com/
> >
> > Office Product Updates:
> > http://office.microsoft.com/productupdates
> >
> > While you're at it, stay up to date on all things
> > Office-related with
> > Jim Powell's The Office Letter newsletter:
> > http://www.officeletter.com/
> >
> > 3. Never, ever open an attachment in an email
> > message from someone you
> > don't know. All sorts of file types can run
> > automatically when you
> > click them -- not just .EXE and .SCR files. Start
> > out by assuming any
> > file attachment is a program, not a file. And it's
> > sad to say, but
> > you're also better off assume it's a malicious file.
> >
> > 4. Never open an attachment from someone you do know
> > if anything about
> > the message or the attachment is surprising or out
> > of context. If you
> > have even the slightest doubt, don't open the
> > attachment. Contact the
> > sender, and ask him or her to verify that the
> > attachment was sent
> > intentionally.
> >
> > 5. Avoid opening messages whose topics sound too
> > good to be true, like
> > someone posing as someone you know or like Spam.
> > Most malicious code
> > borne by email requires you to click it. But there
> > are some variants
> > that begin to work on your PC as soon as you open
> > the message. The most
> > likely type of email to do that would be HTML or
> > other graphical or
> > animated mail, but there are no guarantees. And
> > using a mail preview
> > window is no protection either. In fact, with some
> > email programs, a
> > preview window may unleash the bad stuff without
> > notice.
> >
> > 6. If you use Outlook or Outlook Express, your
> > address book is
> > frequently targeted by email worm and virus creators
> > who use your
> > address book to proliferate their destructive seeds.
> > Even if you have
> > one of these programs installed but don't use it, it
> > can still be
> > harnessed to send out viruses without your
> > knowledge, so long as you
> > have email addresses in the address book. Your first
> > line of defense is
> > to add your own email address as a contact in your
> > Microsoft address
> > book. If the virus triggered a virus message from
> > your PC, you would in
> > all likelihood receive a copy of the message sent to
> > others. Hopefully,
> > that would alert you to the problem.
> >
> > 7. A variation on the same idea is a tip supplied by
> > SFNL readers Rasa
> > Petrovic and also Charlie and Jan Knutsen. I've
> > tested it, and the tip
> > works, though it makes assumptions about how email
> > worms or viruses
> > send email to replicate themselves. It's not going
> > to work with all
> > malicious code; it's not a panacea; but for Outlook
> > and Outlook Express
> > users, it's worth doing.
> >
> > Open your email address book and add a New Contact.
> > In the first name
> > field type *000 (that's an asterisk followed by 3
> > zeros). Two zeros,
> > four zeros, !000, or others -- so long as the new
> > entry appears at the
> > very top of your address book. (Varying this name is
> > preferable because
> > if everyone uses the same contact name, virus
> > writers may wise up and
> > delete a specific entry.)
> >
> > In the box where you would enter the email address,
> > type XXX_WormAlert,
> > replacing XXX with your own first name. Click Add,
> > and click OK when
> > the address book wonders whether you really want to
> > add an invalid
> > email address. Close your address book, and your
> > done.
> >
> > How it's supposed to work: When a virus attempts to
> > send out one
> > message to all the recipients on your contact list,
> > your email program
> > will halt the sending of the message because the
> > first (lowest
> > alphabetical) address is invalid. No messages will
> > go out at all, and a
> > dialog box will open showing you that XXX_WormAlert
> > is the address with
> > the problem. If you ever see that error message, you
> > know
> === message truncated ===
>
>
> __________________________________________________
> Do You Yahoo!?
> LAUNCH - Your Yahoo! Music Experience
> http://launch.yahoo.com
>

------------------------------
References:
- (erielack) Re: Viruses - Any virus protection for Linux?
  - From: Bob Mitchell <nebula07869_@_yahoo.com>
Prev by Date: (erielack) Re: Viruses - Any virus protection for Linux?
Next by Date: Re: (erielack) Hulett question
Index(es):
- Chronological
- Thread