[unisog] Dropping executables - who does it?
keith at uakron.edu
Tue Feb 3 14:18:43 GMT 2004
> -----Original Message-----
> From: Thomas DuVally [mailto:tduvally at brown.edu]
> Sent: Monday, February 02, 2004 1:01 PM
> To: UNISOG
> Subject: [unisog] Dropping executables - who does it?
> With the fun we are all having with viruses, we are wondering how many
> institutions are just dropping executable attachments all together.
> It's something that I know a lot of virus/mail gateway
> software can do,
> but are a lot of schools doing that?
> We have a policy to try and deliver as much as possible, but
> I think we
> are coming up against the practicality of having to protect users.
> Anti-virus companies can create defs pretty fast, but mydoom still
> infected thousands of machines worldwide before they were available.
> Dropping executables (exe, com, pif, scr, bat) would have been better
> insulated us, if not protected (zip).
> Anyone doing that?
> Thomas J. DuVally
> Lead Systems Prog.
> CIS, Brown Univ.
> GPG fingerprint = FB59 8265 0865 0CB8 94B5 FC26 F573 F09C 15F2 33F6
We have been refusing to deliver executable attachments for quite some
time, and there has been no real squawking from our users. In addition,
our virus scanners unzip compressed files in order to scan the contents.
I am a little concerned what might happen if it becomes common to secure
.zip files with passwords. Anyone have any thoughts on that issue?
Keith Hunt 330.972.7968 keith at uakron.edu
Internet & Server Systems
The University of Akron
More information about the unisog