[iwar] More dangerous worm...
From: Fred Cohen
From: fc@all.net
To: iwar@egroups.com
Fri, 12 May 2000 06:30:31 -0700 (PDT)
fc Fri May 12 06:32:15 2000
Received: from 207.222.214.225
by localhost with POP3 (fetchmail-5.1.0)
for fc@localhost (single-drop); Fri, 12 May 2000 06:32:15 -0700 (PDT)
Received: by multi33.netcomi.com for fc
(with Netcom Interactive pop3d (v1.21.1 1998/05/07) Fri May 12 13:32:07 2000)
X-From_: sentto-279987-346-fc=all.net@returns.onelist.com Fri May 12 08:31:06 2000
Received: from hm.egroups.com (hm.egroups.com [208.50.144.92]) by multi33.netcomi.com (8.8.5/8.7.4) with SMTP id IAA20665 for ; Fri, 12 May 2000 08:31:06 -0500
X-eGroups-Return: sentto-279987-346-fc=all.net@returns.onelist.com
Received: from [10.1.10.36] by hm.egroups.com with NNFMP; 12 May 2000 13:31:13 -0000
Received: (qmail 516 invoked from network); 12 May 2000 13:30:33 -0000
Received: from unknown (10.1.10.26) by m2.onelist.org with QMQP; 12 May 2000 13:30:33 -0000
Received: from unknown (HELO all.net) (24.1.84.100) by mta1 with SMTP; 12 May 2000 13:30:32 -0000
Received: (from fc@localhost) by all.net (8.9.3/8.7.3) id GAA04345 for iwar@onelist.com; Fri, 12 May 2000 06:30:32 -0700
Message-Id: <200005121330.GAA04345@all.net>
To: iwar@egroups.com
Organization: I'm not allowed to say
X-Mailer: don't even ask
X-Mailer: ELM [version 2.5 PL1]
From: Fred Cohen
MIME-Version: 1.0
Mailing-List: list iwar@egroups.com; contact iwar-owner@egroups.com
Delivered-To: mailing list iwar@egroups.com
Precedence: bulk
List-Unsubscribe:
Date: Fri, 12 May 2000 06:30:31 -0700 (PDT)
Reply-To: iwar@egroups.com
Subject: [iwar] More dangerous worm...
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
> Portability works across platforms.
It's been done.
> Invisibility stays undetected.
They should mean 'stealthy' - invisibility is not really feasible.
> Independence spreads itself without user intervention.
It's been done.
> Learning learns new techniques and tells other worms.
I've looked at this and it's rather complex to do as it means that the
worms need to communicate - which limits stealth.
> Integrity difficult to trace, modify or destroy.
Trace - yes - all viruses are - modify/destroy - No way.
> Polymorphism changes frequently.
Evolution has existed since the first viruses.
> Usability does its work easily and disappears. . .
A dream but not a reality.
> Some analysts, such as the Gartner Group, have
> suggested that companies employ a content firewall,
> quarantining executables, scripts and macros at the e-mail
> server or firewall level. Several companies have products
> that claim to do that for e-mail, such as GFI=92s Mail
> Essentials and Content Technologies=92 MimeSweeper.
The problem is that we depend on this as our 'enabler' for e-commerce
because the programmers are too lazy to do it a better way. Time to
market... it will change when the economy falls over.
As to getting ahead of the attackers, I have done this for my whole
career, but the market doesn't want it. Trusted systems are one of th
key examples of how the market has turned its back on prevention.
FC
------------------------------------------------------------------------
There's still time to order Calyx & Corolla flowers for mom.
These fresh and elegant bouquets are available for delivery
by Mother's Day. To order, please visit
http://click.egroups.com/1/4103/11/_/595019/_/958138272/
------------------------------------------------------------------------
------------------
http://all.net/