[Dshield] Countermeasures, was: Re: mass mailing worm

Jens Knoell jens at ing.twinwave.net
Mon Oct 1 16:41:21 GMT 2001

Essentially, that would only be a speed bump for such scripts. I tend to
agree though - there should be a default installation which only installs
minimal features. I mean, come on, how many people use scripts on their
local box. And webpages shouldn't have access to anything on your local
machine anyway - they should not even know what OS you use, even less be
able to script anything pertaining to your address book.

How hard would it be to drop all the unneeded crap (no scripts in the office
suite per default, no WSH, add a reasonable mechanism to disallow programs
certain actions) and make it an optional installation. Heck, even make it so
that if a program needs it, it has to ask the user to be allowed to use it.
They've gone to great lengths to create a sandbox for java. I don't see any
good reason not to use a sandbox for programs.

If there are enough speed bumps, it might deter the black hats for a while.

Question is: how does one tell a giant like M$ to change their stuff from
"hopelessly insecure" to "fortress - as long as the user doesn't change it"?


----- Original Message -----
From: "Samuel" <Samuel at socal.rr.com>
To: <dshield at dshield.org>
Sent: Friday, September 28, 2001 6:45 PM
Subject: Re: [Dshield] mass mailing worm

> I'm confused. Are you saying that no versions of that suggested solution
> work or are you syaing that the modified versions do not work?
> I received a message like that one and I was skeptical enough that I
> essentially ignored it.
> Anyone know what interface is used to "read" the address book? Do they use
> the Windows IAddrBook and/or IWABObject interface(s) obtained using
> That is the only mechanism for accessing the address book that I am aware
> and I have seen questions from other programmers asking how to interface
> the address book. Assuming that it is the interface they use, then Outlook
> Express (and Outlook?) could be modified to show a warning dialog box when
> that interface is used. For most users, the dialog box would be displayed
> only when unauthorized mail is being sent. Of course, the format of the
> address book has been partially determined by at leat one programmer, so
> perhaps another option (or part of the option for the dialog box) would be
> to encrypt the address book.

More information about the list mailing list