[Dshield] FriendGreetings Worm is back

James C Slora Jr Jim.Slora at phra.com
Thu Oct 31 01:36:58 GMT 2002


FriendGreetings invitation messages have been trickling in here all
afternoon.

Proof that "no download" policies should be enforced in the workplace. And
maybe a good argument for having qualification tests before allowing folks
to have an electronic contact list.

Symantec's writeup at
http://www.sarc.com/avcenter/venc/data/w32.friendgreet.worm.html
pretty well lays it out: "Payload Trigger: Accept two End User License
Agreements ". How can AV products possibly protect against this kind of
reckless user behavior?

And how can AV vendors hope to win the legal shoving contest that will
inevitably come from them blocking software with clear EULAs authorizing the
behavior of the installed product? This stuff is not buried in the fine
print or legalese - the software installation process makes it very clear
what it will do, and gives the user plenty of chances to abort the install.

I hate FriendGreetings and I'll block them through every available means,
but I can't say that they have done anything any worse to anyone than the
Honor System Virus does.

Gotta go. I wanna see my e-cards.




More information about the list mailing list