Click here to receive your FREE subscription to Campus Technology
Current News
Picking at a Virus-Ridden Corpse, Part II
9/24/2003
2. Issues with E-mail
Am I the only one who's fed up with receiving non-delivery notices about virus-infested e-mail that I didn't send?
If an antivirus gateway is smart enough to detect the type of virus that's present in a message it receives, it should also be smart enough to identify virus strains which are known to always forge the "From" header. Do not report non-delivery of virus infested e-mail to forged "senders!"
If you must report non-delivery of a message to someone, do header analysis and report it to the abuse-reporting contact for the net block that handed you the message. Don’t bug an innocent party who had the bad luck to get forged into a virus-laden message as the putative sender!
And if you do send a non-delivery notice, don’t include a complete 140K copy of the dang virus (even if you do "defang" it)!
While we're on the topic of e-mail, remind users that:
- Some e-mail programs (particularly ones which are closely tied to the underlying operating system, like Outlook and Outlook Express) have historically been more vulnerable to virus attacks than other e-mail programs, and
- Plain-text e-mail tends to be elegantly small in size and universally readable, unlike bloated html-ified e-mail, or attachments prepared in some proprietary word processing program
Rediscover the quiet efficiency and invulnerability of command-line plain-text
e-mail! (Frank da Cruz of Columbia University d'es an eloquent job of making
the case for returning to plain text e-mail in his Safe Network Computing: Windows
Desktop" page.
3. Everyone's a System Administrator (And most of us discharge
"our duties" poorly!)
Our most recent viral adventure made it pretty clear that everyone who has a
computer is a system administrator, whether we want to be one or not, and that
most of us aren't very good at that job.
Consider the user's side of a typical post-compromise security debriefing:
- No, a strong password wasn't put on the administrator account.
- No, routine backups weren't taken.
- No, critical security patches weren't applied.
- No, unneeded services weren't disabled.
- No, shared disks and directories had not been secured.
- No, we didn't all subscribe to security notification mailing lists (and even if we had, we wouldn't have understood the subtle security vulnerabilities which would get discussed, anyway).
The list of ways that press-ganged amateur system administrators failed to perform
is long and depressingly varied, but those failures should hardly be a surprise
or a disappointment: users really aren’t system administrators!
The customary solution to the problem of end-user-as-crummy-sysadmin is to suggest
substitution of some level of central IT automation: "We'll use just one
model of workstation, and then have central IT remotely update all those systems
when they need it." Right.
Recommended Reading
- Web 2.0 :: Wednesday, October 8, 2008
:::::: THE BUZZ
: The Institutional Path For Change in This Age: Andragogy, not Pedagogy
:::::: PRODUCTS AND APPS
: College Students Find WiFi Essential to Education, Survey Reports
: Digital Arts Alliance Adds Fordham U
: Amazon To Host Microsoft Solutions in the Cloud
: Online University Aims To Boost Rural Math and Science Teachers - News Update :: Tuesday, October 7, 2008
:::::: NEWS
: Coming to Terms with Cloud Computing
: IBM Aims To Boost Mainframe Competency with Scholarship Program
: Microsoft's 'Dublin' App Server Tied to .NET 4.0
: Payment Card Security Toughens with DSS 1.2 Release
: 6 Universities Join NASA Astrobiology Institute
: Amazon To Host Microsoft Solutions in the Cloud
: CRM Pushing into New Areas of Higher Ed
: U Washington Aims To Streamline Data Access with Amalga
: Silverlight 2 Release Candidate Available - IT Trends :: Thursday, October 2, 2008
:::::: INTERVIEW
:: CRM Pushing into New Areas of Higher Ed
:::::: IT NEWS
:: Integrated Collaborative Environment Leverages Web 2.0
:: You Say You Want a Runtime Revolution?
:: Visual Studio To Include jQuery Library
:: Browser Makers Seek Clickjacking Fix
:: China's Southeast University Upgrades Wireless LANs Across 6 Campuses
:: Aruba To Increase Wireless Performance with ARM 2.0
:: More Universities Sign with Hothand Wireless To Deliver Mobile Marketing - SmartClassroom :: Wednesday, October 1, 2008
:::::: ELEARNING TIPS
: Avoiding the 5 Most Common Mistakes in Using Blogs with Students
:::::: NEWS and PRODUCT UPDATES
: Stanford Testing iPhone Application Suite
: North Seattle CC Adds Plato Online Algebra Course to Math Formula
: Second Life Mashup Helps Boost Distance Ed Retention at Huntington JC
: DePaul Weaves SS&C Tech Finance Material into Hybrid Graduate Course
: Serena Acquisition Takes Aim at Microsoft Project - Web 2.0 :: Wednesday, October 1, 2008
:::::: THE BUZZ
: The Generative Nature of the Digital Economy and Its Challenge to Educators
:::::: ELEARNING TIPS
: Avoiding the 5 Most Common Mistakes in Using Blogs with Students
:::::: PRODUCTS AND APPS
: College Crime Gets Google Maps Mashup at UCrime.com
: Second Life Mashup Helps Boost Distance Ed Retention at Huntington JC
: UW-Stout Taps Echo360 Lecture Capture To Connect with Distance Students
: Turnitin Integrates Plagiarism Tool into New Online Writing Service - News Update :: Tuesday, September 30, 2008
:::::: NEWS
: Second Life Mashup Helps Boost Distance Ed Retention at Huntington JC
: Seton Hall Monitors Recruitment Dollars with Coremetrics
: Universities Tackle Mainframes in IT Courses
: Windows 7 Bits To Be Released at PDC'08
: Serena Acquisition Takes Aim at Microsoft Project
: United States Tops List of Sources for Botnet Attacks
: Malicious Code Hidden in Rich Content Files Tough To Detect, According to Finjan Report
: Purdue Team Driving SiCortex Low-power Supercomputer in 2008 Cluster Challenge
: U Arizona To Optimize Wireless Networks on Campus
