[TriLUG] How not to run a network
william at trilug.org
Wed Feb 16 10:17:45 EST 2005
The points are:
- If I can rename it anyway, then all that does is provide a slightly
higher barrier to the stupidity level, meaning I can still send some luser
a file labeled "your program.dat", tell them that it is useful in some way
or other, and have them wipe out their system.
- Likewise, it makes it a serious pain in my backside to send them
legitimate programs (the more so since the IS folks took away IM file
In other words, it puts a crimp in my ability to do my job and doesn't (as
far as I can analyze the situation) do anything beyond stop Outlook from
being stupid. Frankly that's not a sufficient reason to me.
Of course the fact that I have to use Windows to do UNIX development work
is a whole other sore point...
I should also like to point out that can/can't and will/won't are very
different things. I agree that "can't" is probably indicative that
someone shouldn't be using a computer. "won't" is debatable. "doesn't
want to" is a whole other option that you left out in what sounded like a
targeted attack :)
On Wed, 16 Feb 2005, Dan Monjar wrote:
> William Sutton wrote:
> > - any files with extensions (it seems) other than .txt or .dat are banned
> > from email attachments (but you can rename them to .dat if you like...)
> I am a corporate IS security geek and I do this... actually I strip 10
> or so attachments from mail messages. Anything executable like .cmd,
> .exe, .bat, .scr, etc.... If you want to send it out then rename it to
> something innocuous. It prevents dumbasses from clicking on unknown
> attachments and prevents *helpful* programs from running things auto
> magically. Haven't had an email virus since the Kournikova one.
> Since W2K added native zip handling I strip those as well.
> If you can't or won't rename a file then your computer should be taken away.
More information about the TriLUG