Vivien M. wrote:
Someone made the argument to me privately that the
problem is that MS lets you run attachments from
Outlook, while other clients would require you to
save the files to disk. That's not a solution: if
these people are like my parents used to be, they'd
dutifully save the attachment, open up a file
manager, and open it up to see the "cool new
screensaver" their best friend sent them ("hey,
even if it's a virus, I have an antivirus" is the
usual excuse). Sure, that's three steps instead of
one, but for as long as the HUMAN behind the
keyboard wants to open the attachments, whether it
takes two clicks or fifty keystrokes, that
attachment will get open.
Indeed. I remember the good old days when I was working with an OS
called Flex, which was designed mainly for S-100 machines running the
6809 processor (ISTR that it was a competitor to something called OS/9).
Anyway, when one wanted to delete a file or do something like that, it
asked "are you sure" and your had to type "y" and then it asked "are you
really sure" and you had to type "y" again.
After a while our brains rewired our fingers so whenever the "y" key was
required it was hit twice in a row, which eventually led to new words
(spell check was unknown at the time) such as yyankee, honeyy,
new-yyorker, and so on.
We ended up hacking the kernel so it did not ask twice....
and ISTR one patch for Outlook 2000 that blocked
your ability to save executables was released)
It default in Outlook XP and Outlook 2003, which has prompted large
numbers of persons to download Winzip, which as not stopped worms to be
propagated as you pointed out.
Michel.
Please pardon my ignorance, but I am *mightily* confused.
In a message from Michel Py is the following:
<snip>
> and ISTR one patch for Outlook 2000 that blocked
> your ability to save executables was released)
It default in Outlook XP and Outlook 2003, which has prompted large
numbers of persons to download Winzip, which as not stopped worms to
be
propagated as you pointed out.
Michel.
The bit I don't get is how a zip file is created such that launching it
invokes winzip and then executes the malware. When I open a normal .zip
file, winzip opens a pane that shows me the contents. After that I can
extract a file or I can "doubleclick" on a file to open it - which if it
is executable will cause it to execute. I haven't seen a case where
simply opening a zip archive causes execution of something in its
contents unless it is a self extracting archive in which case it unzips
and executes, but doesn't have the .zip suffix.
Would anyone explain to me how this occurs (and if RTFM with a pointer
to the M is the best way, then so be it!)
Thanks in advance
Chris
Christopher Bird wrote:
Please pardon my ignorance, but I am *mightily* confused.
In a message from Michel Py is the following:
<snip>
and ISTR one patch for Outlook 2000 that blocked
your ability to save executables was released)
It default in Outlook XP and Outlook 2003, which has prompted large
numbers of persons to download Winzip, which as not stopped worms to
be propagated as you pointed out.
Michel.
The bit I don't get is how a zip file is created such that launching
it invokes winzip and then executes the malware. When I open a normal
.zip file, winzip opens a pane that shows me the contents. After that
I can extract a file or I can "doubleclick" on a file to open it -
which if it is executable will cause it to execute. I haven't seen a
case where simply opening a zip archive causes execution of something
in its contents unless it is a self extracting archive in which case
it unzips and executes, but doesn't have the .zip suffix.
Would anyone explain to me how this occurs (and if RTFM with a pointer
to the M is the best way, then so be it!)
I don't think that was the point Michael was trying to make. I believe he
meant that MS stopped the ability to _even_ save executables attached to
emails to disk in some forms of Outlook, but this did nothing to stop the
spread of viruses. People simply sent executables as zipped files, which
people then had to extract to run. Dispite the fact that an external program
has to be used to get to to the executable, people still run them.
Sam