I received a suspect mail and sent it off to the virus scan site. 
(scan@virsutotal.com : Subject SCAN. This is what they sent back)

The interesting thing is not that there was a virus there: I was almost 
sure the was..but how many sites *didn't* find it..

  Complete scanning result of "WW_671282.zip", processed in VirusTotal 
at 08/12/2008 14:39:39 (CET).

[ file data ]
* name..: WW_671282.zip
* size..: 49434
* md5...: aefa2457dce9214b1349403bba664d12
* sha1..: c4aa3c90299e783113bb5c97d830f15a618bb226
* peid..: -

[ scan result ]
AhnLab-V3	2008.8.12.0/20080812	found nothing
AntiVir	7.8.1.19/20080812	found [TR/Spy.ZBot.DPI]
Authentium	5.1.0.4/20080812	found [W32/Downldr2.DIFW]
Avast	4.8.1195.0/20080811	found nothing
AVG	8.0.0.156/20080812	found [Pakes_c.SH]
BitDefender	7.2/20080812	found [Trojan.Spy.Wsnpoem.GH]
CAT-QuickHeal	9.50/20080811	found nothing
ClamAV	0.93.1/20080812	found [Trojan.Zbot-1936]
DrWeb	4.44.0.09170/20080812	found nothing
eSafe	7.0.17.0/20080811	found nothing
eTrust-Vet	31.6.6027/20080812	found [Win32/Kollah.NG]
Ewido	4.0/20080812	found nothing
F-Prot	4.4.4.56/20080812	found [W32/Downldr2.DIFW]
F-Secure	7.60.13501.0/20080812	found [Trojan-Spy.Win32.Zbot.dvy]
Fortinet	3.14.0.0/20080812	found nothing
GData	2.0.7306.1023/20080812	found [Trojan-Spy.Win32.Zbot.dvy]
Ikarus	T3.1.1.34.0/20080812	found [Win32.Outbreak]
K7AntiVirus	7.10.412/20080812	found nothing
Kaspersky	7.0.0.125/20080812	found [Trojan-Spy.Win32.Zbot.dvy]
McAfee	5358/20080811	found nothing
Microsoft	1.3807/20080812	found [PWS:Win32/Zbot.gen!G]
NOD32v2	3348/20080812	found [Win32/Spy.Agent.PZ]
Norman	5.80.02/20080812	found nothing
Panda	9.0.0.4/20080812	found nothing
PCTools	4.4.2.0/20080812	found nothing
Prevx1	V2/20080812	found nothing
Rising	20.57.12.00/20080812	found nothing
Sophos	4.32.0/20080812	found [Troj/Dloadr-BPX]
Sunbelt	3.1.1542.1/20080812	found [Trojan-Spy.Win32.Zbot.gen (v)]
Symantec	10/20080812	found [Trojan.Wsnpoem]
TheHacker	6.2.96.396/20080812	found nothing
TrendMicro	8.700.0.1004/20080812	found [TROJ_DLOADR.IM]
VBA32	3.12.8.3/20080811	found nothing
ViRobot	2008.8.12.1333/20080812	found nothing
VirusBuster	4.5.11.0/20080811	found nothing
Webwasher-Gateway	6.6.2/20080812	found [Win32.NewMalware.PU!59392]

On Tue, 12 Aug 2008 13:50:11 +0100, The Natural Philosopher <a@b.c>
wrote:

>I received a suspect mail and sent it off to the virus scan site. 
>(scan@virsutotal.com : Subject SCAN. This is what they sent back)
>
>The interesting thing is not that there was a virus there: I was almost 
>sure the was..but how many sites *didn't* find it..

Interesting, but not surprising.  Did you read this article
<http://resources.zdnet.co.uk/articles/features/0,1000002000,39440184,00.htm>:

----- Begin Quote -----

Eva Chen, chief executive of Trend Micro, has strong views about how
effective the antivirus industry has been over the past 20 years.
Show related
articles

According to Chen, the security industry has over-hyped how effective
its products are — and so has been misleading customers — for years.

Chen believes that no single company can offer adequate protection
against the sheer volume of new viruses that are being churned out by
cybercriminals. According to the security industry, five and a half
million new samples were detected in 2007.

----- End Quote -----
-- 
Martin Jay

The Natural Philosopher wrote:
> I received a suspect mail and sent it off to the virus scan site.
> (scan@virsutotal.com : Subject SCAN. This is what they sent back)
>
> The interesting thing is not that there was a virus there: I was
> almost sure the was..but how many sites *didn't* find it..

Not that surprising really.  If it's a new one, I imagine it'll take a few 
days before all the companies become aware of it and update their virus 
definition files.  Probably if you resubmitted it tomorrow, there would be a 
far higher detection rate.

At the end of the day, common sense is your first line of defence against 
viruses.  You'd have to be a real dweeb to imagine that a file with a name 
like "WW_671282.zip" attched to an email *wasn't" a virus.

Tim

Tim Downie wrote:
> The Natural Philosopher wrote:
>> I received a suspect mail and sent it off to the virus scan site.
>> (scan@virsutotal.com : Subject SCAN. This is what they sent back)
>>
>> The interesting thing is not that there was a virus there: I was
>> almost sure the was..but how many sites *didn't* find it..
> 
> Not that surprising really.  If it's a new one, I imagine it'll take a few 
> days before all the companies become aware of it and update their virus 
> definition files.  Probably if you resubmitted it tomorrow, there would be a 
> far higher detection rate.
> 
> At the end of the day, common sense is your first line of defence against 
> viruses.  You'd have to be a real dweeb to imagine that a file with a name 
> like "WW_671282.zip" attched to an email *wasn't" a virus.
> 
> Tim
> 
> 
trouble is the Dweebs live amongst us ,I am working with 300+ 
programmers and professionals for a Major credit card company and last 
week alone we have had 6 different viruses caused by them opening dodgy 
emails or surfing weird sites during lunch breaks

-- 
Kevin R
Reply address works

"Kevin"  wrote in message
news:eYgok.152193$dz3.151909@newsfe20.ams2...
 >
> trouble is the Dweebs live amongst us ,I am working with 300+
> programmers and professionals for a Major credit card company and last
> week alone we have had 6 different viruses caused by them opening dodgy
> emails

I just don't see them. I don't know what virus filtering services my ISP
(34sp) uses but pretty well nothing at all ever gets through.

Look, hardly any email uses actually *want* to receive these viruses, surely
to goodness, so why doesn't *every* ISP just silently dump them by default?

-- 
Tim Ward
Brett Ward Limited - www.brettward.co.uk

On Tue, 12 Aug 2008 13:50:11 +0100, The Natural Philosopher <a@b.c>
wrote:

>I received a suspect mail and sent it off to the virus scan site. 
>(scan@virsutotal.com : Subject SCAN. This is what they sent back)

I'm surprised it reached there at all...LOL


>The interesting thing is not that there was a virus there: I was almost 
>sure the was..but how many sites *didn't* find it..

Tim Downie wrote:
> The Natural Philosopher wrote:
>> I received a suspect mail and sent it off to the virus scan site.
>> (scan@virsutotal.com : Subject SCAN. This is what they sent back)
>>
>> The interesting thing is not that there was a virus there: I was
>> almost sure the was..but how many sites *didn't* find it..
> 
> Not that surprising really.  If it's a new one, I imagine it'll take a few 
> days before all the companies become aware of it and update their virus 
> definition files.  Probably if you resubmitted it tomorrow, there would be a 
> far higher detection rate.
> 
> At the end of the day, common sense is your first line of defence against 
> viruses.  You'd have to be a real dweeb to imagine that a file with a name 
> like "WW_671282.zip" attched to an email *wasn't" a virus.
> 

Oh, I totally agree.

But this is not a particularly new one I think.
> Tim
> 
>

Trouble is, they are designed to look like something else.

I suspect the OP may have received the same or a similar email to the
one I got this morning, which claimed to be from UPS concerning a
package I had posted a month ago.  What I presume was a payload
pretended to be some sort of form 'UPS' wanted me to complete, in a
zip.  Fortunately, I haven't posted anything via UPS recently, so I
knew straight away it was spam, and killfiled it.

Recently, I have also received spam pretending to be from Microsoft in
conjunction with one of the phone companies, or perhaps it was the
other way round, saying that I had won a draw for Microsoft website
users.  As I do have a Microsoft website ID, and Microsoft do have
some form of relationship with that company, this was potentially
quite convincing, especially as I need the money!  Nevertheless I
forwarded the letter to the phone company's CS department to ask if it
was genuine.  As I had no reply, I eventually presumed it was fake and
killfiled it.

There have been a number of other such recently, but I can't remember
details now.  I think one concerned the National Lottery, or Premium
Bonds, or perhaps there was one of each.

AFAICR the one thing they all had in common was that the email address
of the sender didn't appear to be connected with the company being
impersonated.  Accordingly I would advise anyone that receives an
unexpected email to check
1)	That the sender's email address is from a domain controlled by the
company/ies purporting to be contacting you  -  in the Microsoft
example, does it actually come from microsoft.com, or the actual phone
company's domain, rather than just a superficially similar domain
name.
2)	Try and learn to check out and understand email headers, so you
can get some sort of idea of the route the mail took to reach you.

Anything you are not convinced of, try and obtain local expert advice.

Anything that definitely doesn't add up, leave well alone.

Also emails are sent unencrypted, and can be trawled as they cross the
net.  Never give out anything like bank or other such details to
anyone in an email.

I've even had my mobile number trawled like that  -  when I emailed it
to someone a few months ago, I started to receive porno texts within
24 hours.  I contacted both my phone company's CS and some overview
umbrella organisation explaining the illegal way the number must have
been obtained, and the texts stopped without my ever having to reply
to them, or my being charged for them.

On Tue, 12 Aug 2008 15:26:23 +0100, "Tim Ward" 
wrote:
> 
> Look, hardly any email uses actually *want* to receive these viruses, surely
> to goodness, so why doesn't *every* ISP just silently dump them by default?

The Natural Philosopher  wrote:
>
>But this is not a particularly new one I think.

Oh the payload attached to the UPS emails has been changing pretty
rapidly, far faster than some AV vendors update their virus
definitions.  Once a day doesn't really cut it any more.

The advice not to follow links or open attachments unless you've
confirmed in some way that they are genuine is much more useful.
Especially as the scam ones like this are getting more convincing.

-- 
eleanor@the-blairs.co.uk                          http://lnr.livejournal.com/

Tim Ward wrote:
> "Kevin"  wrote in message
> news:eYgok.152193$dz3.151909@newsfe20.ams2...
>  >
>> trouble is the Dweebs live amongst us ,I am working with 300+
>> programmers and professionals for a Major credit card company and last
>> week alone we have had 6 different viruses caused by them opening dodgy
>> emails
> 
> I just don't see them. I don't know what virus filtering services my ISP
> (34sp) uses but pretty well nothing at all ever gets through.
> 
> Look, hardly any email uses actually *want* to receive these viruses, surely
> to goodness, so why doesn't *every* ISP just silently dump them by default?
> 
thats ok if your ISP knows its a virus, how it differentiates between an 
unknown virus and your friend emailing you a holiday video Zipped up is 
where the problem lies, do you want your ISP to filter out a wanted 
emails because it might be a virus?

-- 
Kevin R
Reply address works

"Java Jive"  wrote in message 
news:oga3a4leekcl31fr06f06mfg35tgscrrut@4ax.com...
> Trouble is, they are designed to look like something else.
>
> I suspect the OP may have received the same or a similar email to the
> one I got this morning, which claimed to be from UPS concerning a
> package I had posted a month ago.  What I presume was a payload
> pretended to be some sort of form 'UPS' wanted me to complete, in a
> zip.  Fortunately, I haven't posted anything via UPS recently, so I
> knew straight away it was spam, and killfiled it.
>

>>>>>>>>>>

OH S!!T

I recd. that a few days ago and I opened it as I WAS expecting a 
dellivery...

I realised what it was too  late ......    :-((((

I then updated AVG and did a full scan which found nowt.
Everythins _seeeeems_ OK, but....

Now what?
Is my Dell going toturn into a pumpkin next Friday the thirtenth?

(Currently rescanning all with updated AVG again....<X's fingers>

Grrrrrrrrrrrrrr

-- 

¦zulu¦

The Natural Philosopher wrote:

> I received a suspect mail and sent it off to the virus scan site.
> (scan@virsutotal.com : Subject SCAN. This is what they sent back)
>
> The interesting thing is not that there was a virus there: I was almost
> sure the was..but how many sites *didn't* find it..

That happened to me once. It was a 'rare' virus. Had to do a manual removal
based on a method from one its cousins !

Graham

On Tue, 12 Aug 2008 15:26:23 +0100
"Tim Ward"  wrote:

> "Kevin"  wrote in message
> news:eYgok.152193$dz3.151909@newsfe20.ams2...
>  >
> > trouble is the Dweebs live amongst us ,I am working with 300+
> > programmers and professionals for a Major credit card company and last
> > week alone we have had 6 different viruses caused by them opening dodgy
> > emails
> 
> I just don't see them. I don't know what virus filtering services my ISP
> (34sp) uses but pretty well nothing at all ever gets through.
> 
> Look, hardly any email uses actually *want* to receive these viruses, surely
> to goodness, so why doesn't *every* ISP just silently dump them by default?
> 

What happens when a weird attachment arrives that you need just happens
to resemble a virus and is silently binned?

Twice in the last year part of an IM program used here was sent to the
virus vault by AVG, at least because it was done locally it was
possible to resurrect it and put in an exception until AVG corrected
the error.

-- 

Brian Morrison

bdm at fenrir dot org dot uk

   "Arguing with an engineer is like wrestling with a pig in the mud;
    after a while you realize you are muddy and the pig is enjoying it."
    
GnuPG key ID DE32E5C5 - http://wwwkeys.uk.pgp.net/pgpnet/wwwkeys.html

As long as you didn't open the zip, I *think* you should be ok ...

On Tue, 12 Aug 2008 18:07:02 +0100, "zulu"
 wrote:
> 
> I recd. that a few days ago and I opened it as I WAS expecting a 
> dellivery...

[snip]
 
> (Currently rescanning all with updated AVG again....<X's fingers>

"Java Jive"  wrote in message 
news:dpk3a4hukro5umc50ul8v8lbgj6031ngoj@4ax.com...
> As long as you didn't open the zip, I *think* you should be ok ...


Darned if I can remember now... :o)

AVG is still scanning.
<gulp>


-- 

¦zulu¦

"Kevin"  wrote in message 
news:rNiok.181324$Lw1.46903@newsfe29.ams2...
>
> thats ok if your ISP knows its a virus, how it differentiates between an 
> unknown virus and your friend emailing you a holiday video

Dunno, but they seem to be good at it.

> Zipped up is where the problem lies,

Ah, well, they've got this clever trick, see, have had for years, which is 
to look *inside* an archive. (Any worthwhile virus scanner does that.)

-- 
Tim Ward - posting as an individual unless otherwise clear
Brett Ward Limited - www.brettward.co.uk
Cambridge Accommodation Notice Board - www.brettward.co.uk/canb
Cambridge City Councillor

"Brian Morrison"  wrote in message 
news:20080812185244.47087629@peterson.fenrir.org.uk...
>
> What happens when a weird attachment arrives that you need just happens
> to resemble a virus and is silently binned?

Yup, a real risk.

Which so far as I know (and therefore so far as matters to me) has never 
happened.

So that's fine then.

-- 
Tim Ward - posting as an individual unless otherwise clear
Brett Ward Limited - www.brettward.co.uk
Cambridge Accommodation Notice Board - www.brettward.co.uk/canb
Cambridge City Councillor

On Tue, 12 Aug 2008 19:59:40 +0100, Tim Ward passed an empty day by
writing:

> "Kevin"  wrote in message
> news:rNiok.181324$Lw1.46903@newsfe29.ams2...
>>
>> thats ok if your ISP knows its a virus, how it differentiates between
>> an unknown virus and your friend emailing you a holiday video
> 
> Dunno, but they seem to be good at it.
> 
>> Zipped up is where the problem lies,
> 
> Ah, well, they've got this clever trick, see, have had for years, which
> is to look *inside* an archive. (Any worthwhile virus scanner does
> that.)

A great many gateway scanners use clamav - no doubt because it is free, 
and it's been looking in archives for a long time. AFAIR it is also able 
to deal with password protected archives and even tell the difference 
between a spoofed file extension because of the mime type (that is a .exe 
that has been rename to .jpg). It does depend on how the gateway scanner 
is set up mind you.

Only problem is Trend have been trying to make a few people shit the bed 
as far as clamav is concerned, but that is a different story.

The thing is malware (or Window$ self-distributing freeware as I call it) 
should not be the responsibility of your ISP. Even the best scanners can 
be spoofed by telneting directly into an ISP's server and dumping a virus 
on in for a local user by injecting it in base64. You need to be guarding 
at your own gateway for this.


-- 
powered by Linux - bastardized by Window$ - 
givemespam@wibblywobblyteapot.co.uk

"Klunk"  wrote in message 
news:48a1e43d$0$2516$da0feed9@news.zen.co.uk...
>
> The thing is malware (or Window$ self-distributing freeware as I call it)
> should not be the responsibility of your ISP.

That, surely to goodness, is a matter for grown-ups to arrange between 
themselves. My ISP chooses to offer this service, and I choose to buy it. 
Neither of us needs anybody else telling us that it's "not [his] 
responsibility".

-- 
Tim Ward - posting as an individual unless otherwise clear
Brett Ward Limited - www.brettward.co.uk
Cambridge Accommodation Notice Board - www.brettward.co.uk/canb
Cambridge City Councillor

Tim Ward wrote:
> "Kevin"  wrote in message 
> news:rNiok.181324$Lw1.46903@newsfe29.ams2...
>> thats ok if your ISP knows its a virus, how it differentiates between an 
>> unknown virus and your friend emailing you a holiday video
> 
> Dunno, but they seem to be good at it.
> 
>> Zipped up is where the problem lies,
> 
> Ah, well, they've got this clever trick, see, have had for years, which is 
> to look *inside* an archive. (Any worthwhile virus scanner does that.)
> 
trouble is most users have no idea what a virus is or can do and don't 
use firewalls or virus scanners, they think that the windows must be 
safe as Microsoft would not sell a insecure system would they???, and 
these people do exist as I have been asked to fix their pc's

-- 
Kevin R
Reply address works

On 12 Aug 2008 17:05:02 +0100 (BST), Eleanor Blair
 wrote:

>The Natural Philosopher  wrote:
>>
>>But this is not a particularly new one I think.
>
>Oh the payload attached to the UPS emails has been changing pretty
>rapidly, far faster than some AV vendors update their virus
>definitions.  Once a day doesn't really cut it any more.
>
>The advice not to follow links or open attachments unless you've
>confirmed in some way that they are genuine is much more useful.
>Especially as the scam ones like this are getting more convincing.

But security is all about defense in depth.

Most useful one i know is to run the PC by default as a "normal user"
rather than the default sysadmin that M$oft sets up by default, a lot
of these payloads dont get past the OP Sys security restrictions.

mind you - so many tools dont work properly that i dont do it on my
home machine.......
-- 
Regards

stephen_hope@xyzworld.com - replace xyz with ntl

> The interesting thing is not that there was a virus there: I was almost 
> sure the was..but how many sites *didn't* find it..

For everyone else, there are a couple of similar sites that do 
comparative testing, such as...

http://virusscan.jotti.org

http://www.av-comparatives.org is also useful for checking out the 
relative strength of an updated and un-updated machine.

> trouble is the Dweebs live amongst us ,I am working with 300+ 
> programmers and professionals for a Major credit card company and last 
> week alone we have had 6 different viruses caused by them opening dodgy 
> emails or surfing weird sites during lunch breaks

I'd have to query the accessibility of the machines if it's that 
prevalent - let me guess, your site uses IE, allows activex, and uses 
an old version of java ?

Perhaps it's time to treat them like babies - given the offenders a 
linux box, and add site filtering software to everything else (like K9 
web protection)

> AVG is still scanning.
> <gulp>

If you're stuck, check out some of the links on my site - 
http://www.coreutilities.co.uk

Start with Sysclean (kill AVG temporarily first), and scan with Spybot 
S&D as well once you're done.

If you're not sure if the system is clean, try to stay offline for 2-3 
days to let the virus signatures catch up, then download the latest 
sigs / spyware definitions from another machine and install them with 
your main system remaining offline.

I've just had to do this for a colleagues' fathers laptop - an initial 
scan showed 18 viruses, mainly of the bank account stealing sort, and 
another 20 traces of the same appeared in Spybot S&D.

A scan a couple of days later came up with a couple more things, but 
these seemed to have been rendered useless by the earlier scans.

"Colin Wilson"  wrote 
in message news:MPG.230c169fc76c2d589898e6@news.motzarella.org...
>
> let me guess, your site uses ... an old version of java ?

Given that there are different bugs in different versions of Java, and even 
when there aren't "bugs" that can be proven as such there are 
incompatibilities, you sometimes need different versions of Java in order to 
be able to run different applications.

If you're *very* unlucky this means each machine needs several versions of 
Java, and each user needs to be adept at spotting when an application is 
trying to run with the wrong version and fixing it. More common is the 
situation that you find a version of Java that works for most of your users 
most of the time ... but it's quite likely not the latest one, given the 
application development and upgrade cycle times, hence people using "an old 
version of Java" for extremely good reasons is not going to be uncommon.

-- 
Tim Ward - posting as an individual unless otherwise clear
Brett Ward Limited - www.brettward.co.uk
Cambridge Accommodation Notice Board - www.brettward.co.uk/canb
Cambridge City Councillor

> you sometimes need different versions of Java in order to be
> able to run different applications.

Although I don't use java heavily, I don't recall a single application 
written using the official (non-microsoft-bastardised-pseudo-java) 
version not working with the latest release :-}

Sadly, our place is keen to use activex and bastardised-non-java-java 
for almost everything from intranet to bespoke applications :-/

...and yes, now we find ourselves in the same situation where we need 
to have java switchers in place to run what I warned them about years 
ago.

Speak of the devil, and he comes and cr*ps on your shoulder ...


--- On Wed, 13/8/08, irishpromo@optonline.net
 wrote:

> -----Inline Attachment Follows-----
> From: irishpromo@optonline.net 
> Subject: Congratulation, You Have Won £800,000.00!!!
> To: 
> Date: Wednesday, 13 August, 2008, 12:31 AM
>
> Dear Winner,
>
> This is to officially notify you that youremail
> address officially emerged and wonthe sum of £800,000GBP
> (Eight HundredThousand British Pounds Sterling) in theOnline
> Irish Gaming Board Programme.
>
>For more information on how
> toredeem your prize, You are to replyto your claims agent
> with theinformation below as soon as you receive this
> notification.
> NAME: Mr. Terry 
> ColeE-mail: ir.terrycole@hotmail.co.uk
> INFORMATION FOR CLAIMS
> 1. Full Names:
> 2. Address:
> 3. Phone numbers:
> 4. Country:
>
>Your's Truly
> (Promotions Co-ordinator)Copyright © 2008 Irish
> NationalLottery Inc.

Note:

eMail purports to be from Irish Gaming Board, but comes from
optonline.net domain, which is just another ISP, and I should reply to
hotmail domain, which one of the most easily abused online email
systems, in that they make only minimal, if any, provenance checks.

Split infinitive, wouldn't mean anything the other side of the pond,
but bad English this side, capital Y in middle of sentence, Your's
instead of yours.

Mail contains attachment the purpose of which is not mentioned in
text.

So virus spam, I think.  Pity, I could have done with £800,000.

On Tue, 12 Aug 2008 16:58:21 +0100, Java Jive  wrote:

> Trouble is, they are designed to look like something else.
[snip]
> There have been a number of other such recently, but I can't remember
> details now.  I think one concerned the National Lottery, or Premium
> Bonds, or perhaps there was one of each.
> 
> AFAICR the one thing they all had in common was that the email address
> of the sender didn't appear to be connected with the company being
> impersonated.

The Natural Philosopher wrote:
> I received a suspect mail and sent it off to the virus scan site

Had the same, it's due to your computer being infected by a virus BEFORE 
the email.

Assuming your replies, this is a troll, but,

Boot a live CD and scan.

Ask for more help on this, or better yet, Google and learn a shit-load.

Cork Soaker wrote:
> The Natural Philosopher wrote:
>> I received a suspect mail and sent it off to the virus scan site
> 
> Had the same, it's due to your computer being infected by a virus BEFORE 
> the email.
> 
> Assuming your replies, this is a troll, but,
> 
> Boot a live CD and scan.
> 
> Ask for more help on this, or better yet, Google and learn a shit-load.

Oh dear.

This idiot isn't killfiled here.

Didn't you bother to see I was posting on a Mac, and it couldn't e 
infected with a windws virus?

"Colin Wilson"  wrote 
in message news:MPG.230c2129f6d0fb049898ea@news.motzarella.org...
>> you sometimes need different versions of Java in order to be
>> able to run different applications.
>
> Although I don't use java heavily, I don't recall a single application
> written using the official (non-microsoft-bastardised-pseudo-java)
> version not working with the latest release :-}
>
> Sadly, our place is keen to use activex and bastardised-non-java-java
> for almost everything from intranet to bespoke applications :-/

How are they doing that? M$ dumped their java like language years ago.
You can't download the engine or any fixes from M$.
You can't get a license to run their engine so its probably illegal if you 
are.
All the existing licenses were revoked IIRC.

>
> ...and yes, now we find ourselves in the same situation where we need
> to have java switchers in place to run what I warned them about years
> ago.

zulu wrote:
>
>I recd. that a few days ago and I opened it as I WAS expecting a 
>dellivery...
>
>I realised what it was too  late ......    :-((((
>
>I then updated AVG and did a full scan which found nowt.
>Everythins _seeeeems_ OK, but....

With the virus that was in the first batch of emails you'd have known if
you ran the program in the zip file as the machine would have
immediately rebooted.  It's not clear if the later ones work in exactly
the same way, but I suspect it's similar.

Spybot S&D is quite good at detecting and removing things, and you
probably need something like it to remove actual infections rather than
just relying on your usual AV software, which is better for detection
and prevention.

http://www.safer-networking.org/

-- 
eleanor@the-blairs.co.uk                          http://lnr.livejournal.com/

Eleanor Blair wrote:
> zulu wrote:
>>
>> I recd. that a few days ago and I opened it as I WAS expecting a
>> dellivery...
>>
>> I realised what it was too  late ......    :-((((
>>
>> I then updated AVG and did a full scan which found nowt.
>> Everythins _seeeeems_ OK, but....
>
> With the virus that was in the first batch of emails you'd have known
> if you ran the program in the zip file as the machine would have
> immediately rebooted.  It's not clear if the later ones work in
> exactly the same way, but I suspect it's similar.
>
> Spybot S&D is quite good at detecting and removing things, and you
> probably need something like it to remove actual infections rather
> than just relying on your usual AV software, which is better for
> detection and prevention.
>
> http://www.safer-networking.org/

I know it isn't free,  but how well to you rate Troan Hunter?
http://www.misec.net/trojanhunter/
-- 
Heard melodies are sweet, but those Unheard are sweeter
flyingnun@tiscali.co.uk FN 2°°8 +,  Mungo Brandybuck of Buckland

Flyiñg Ñuñ 2°°8 + wrote:
>
>I know it isn't free,  but how well to you rate Troan Hunter?
>http://www.misec.net/trojanhunter/

I don't know it personally, and it's not one of the ones explicitly
suggested by the University's Technical User Support team, but that may
just be because it's not free.  Sorry I can't help.

-- 
eleanor@the-blairs.co.uk                          http://lnr.livejournal.com/

On Tue, 12 Aug 2008 23:38:24 +0100, Colin Wilson wrote:

>> you sometimes need different versions of Java in order to be
>> able to run different applications.
> 
> Although I don't use java heavily, I don't recall a single application 
> written using the official (non-microsoft-bastardised-pseudo-java) 
> version not working with the latest release :-}

I've seen it happen a few times...

I can't help thinking something like VMWare would help with situations
like this, though - with disk space and memory being as cheap as it is,
it's easy to keep a few virtual images around with different
configurations and trivial to roll things back to a 'known-good' snapshot.
Run any untrusted apps under the virtual image, but save user data
somewhere under the host OS.

cheers

Jules

On Tue, 12 Aug 2008 20:00:58 +0100, Tim Ward wrote:

> "Brian Morrison"  wrote in message 
> news:20080812185244.47087629@peterson.fenrir.org.uk...
>>
>> What happens when a weird attachment arrives that you need just happens
>> to resemble a virus and is silently binned?
> 
> Yup, a real risk.

It seems acceptable to me though, providing such things aren't silently
binned but can be retrieved from the ISP on a case-by-case basis (in a
similar way I tend to scan my junk mail folder a couple of times a week
before clearing it out - every once in a while there's something
legitimate in there)

cheers

Jules

Brian Morrison  wrote:
>"Tim Ward"  wrote:
>> 
>> Look, hardly any email uses actually *want* to receive these viruses, surely
>> to goodness, so why doesn't *every* ISP just silently dump them by default?
>
>What happens when a weird attachment arrives that you need just happens
>to resemble a virus and is silently binned?

It's possible to set things up so that legitimate messages sent from
standards-compliant sites never disappear silently even when they trigger
the anti-virus filter, and without causing any collateral spam or backscatter.

Tony.
-- 
f.anthony.n.finch    http://dotat.at/
BISCAY FITZROY SOLE: WESTERLY 6 TO GALE 8, OCCASIONALLY SEVERE GALE 9 IN SOLE.
ROUGH OR VERY ROUGH, OCCASIONALLY HIGH. SQUALLY SHOWERS. MODERATE OR GOOD.

> > Sadly, our place is keen to use activex and bastardised-non-java-java
> > for almost everything from intranet to bespoke applications :-/
> How are they doing that? M$ dumped their java like language years ago.
> You can't download the engine or any fixes from M$.
> You can't get a license to run their engine so its probably illegal if you 
> are.
> All the existing licenses were revoked IIRC.

Who knows - sadly, I could care less right now, we've just been 
informed they're rolling out another image to all machines, which if 
it's anything like the last one they did, it'll kill all USB 
functionality (not a lot of use when you have users who need to get 
pictures off digital cameras regularly).

AFAIK I was the only one thinking straight and got a card reader a few 
years ago - they were still trying to force us to use smartmedia via 
one of the Sandisk Flashpath floppy device adaptors...

Hell, if it's anything like my existing install, it'll take 25-30 
minutes to boot minimum (it's not a particularly slow machine either)

> I can't help thinking something like VMWare would help with situations
> like this

Been there, suggested that.

On Tue, 12 Aug 2008 20:38:56 +0100, Tim Ward passed an empty day by
writing:

> "Klunk"  wrote in message
> news:48a1e43d$0$2516$da0feed9@news.zen.co.uk...
>>
>> The thing is malware (or Window$ self-distributing freeware as I call
>> it) should not be the responsibility of your ISP.
> 
> That, surely to goodness, is a matter for grown-ups to arrange between
> themselves. My ISP chooses to offer this service, and I choose to buy
> it. Neither of us needs anybody else telling us that it's "not [his]
> responsibility".

It's your system and you are free as a 'grown up' to take you own 
approach. It is one thing to let a virus pass on to a customer, it is 
another for that customer to take responsibility for his or her actions 
on opening it.

-- 
powered by Linux - bastardized by Window$ - 
givemespam@wibblywobblyteapot.co.uk

On Wed, 13 Aug 2008 08:35:18 -0500
Jules  wrote:

> On Tue, 12 Aug 2008 20:00:58 +0100, Tim Ward wrote:
> 
> > "Brian Morrison"  wrote in message 
> > news:20080812185244.47087629@peterson.fenrir.org.uk...
> >>
> >> What happens when a weird attachment arrives that you need just happens
> >> to resemble a virus and is silently binned?
> > 
> > Yup, a real risk.
> 
> It seems acceptable to me though, providing such things aren't silently
> binned but can be retrieved from the ISP on a case-by-case basis (in a
> similar way I tend to scan my junk mail folder a couple of times a week
> before clearing it out - every once in a while there's something
> legitimate in there)

Well, you are of course free to do as you both please, and have
obviously considered whether the risk is acceptable to you.

I decided I was happy to run virus scanners on the mail server and on
the Windows PCs to give more defence in depth, so that's fine with me.

Everyone aware of their own risks, and happy.

Expect something to go wrong with the universe shortly.....

-- 

Brian Morrison

bdm at fenrir dot org dot uk

   "Arguing with an engineer is like wrestling with a pig in the mud;
    after a while you realize you are muddy and the pig is enjoying it."
    
GnuPG key ID DE32E5C5 - http://wwwkeys.uk.pgp.net/pgpnet/wwwkeys.html

On Wed, 13 Aug 2008 22:46:37 +0100, Brian Morrison wrote:

> On Wed, 13 Aug 2008 08:35:18 -0500
> Jules  wrote:
> 
>> On Tue, 12 Aug 2008 20:00:58 +0100, Tim Ward wrote:
>> 
>> > "Brian Morrison"  wrote in message 
>> > news:20080812185244.47087629@peterson.fenrir.org.uk...
>> >>
>> >> What happens when a weird attachment arrives that you need just happens
>> >> to resemble a virus and is silently binned?
>> > 
>> > Yup, a real risk.
>> 
>> It seems acceptable to me though, providing such things aren't silently
>> binned but can be retrieved from the ISP on a case-by-case basis (in a
>> similar way I tend to scan my junk mail folder a couple of times a week
>> before clearing it out - every once in a while there's something
>> legitimate in there)
> 
> Well, you are of course free to do as you both please, and have
> obviously considered whether the risk is acceptable to you.

Well, I would assume that any ISP-run scheme has a complete opt-out. It's
just that the OS vendors don't seem to be doing anything much to make
their products more secure, the end users seem to be, on the whole,
utterly clueless, and there are just so many new virus variations per day
that it's hard for them to keep up anyway. 

I just think that putting the technology in at the ISPs might be the only
route left - and that it might take quite a bit of effort initially,
but if every ISP were doing it the problem would eventually go away
anyway as there's be no incentive to write viruses (or spam) in the
first place.

> I decided I was happy to run virus scanners on the mail server and on
> the Windows PCs to give more defence in depth, so that's fine with me.

Not running Windows helps me a lot with the defence side of course, but
what really annoys me is that someone out there feels the need to send
me this crap in the first place - hence screening it further upstream
would seem like a nice idea...

> Everyone aware of their own risks, and happy.

Except that by and large, they aren't aware... :(

cheers

J.

Kevin wrote:

> trouble is the Dweebs live amongst us ,I am working with 300+ 
> programmers and professionals for a Major credit card company and last 
> week alone we have had 6 different viruses caused by them opening dodgy 
> emails or surfing weird sites during lunch breaks
> 

Which is probably why my Bank when ape-sh*t yesterday and called me to 
cancel my VISA card *even* due to the fact there had been no funny 
transactions recorded on it. Not convienient for me as I'm travelling 
soon :-(

-- 
Adrian C

> Kevin wrote:
> 
>> trouble is the Dweebs live amongst us ,I am working with 300+
>> programmers and professionals for a Major credit card company and last
>> week alone we have had 6 different viruses caused by them opening dodgy
>> emails or surfing weird sites during lunch breaks
>> 

Nice one. I have a very good friend who works for a very well known anti-
virus company. The support staff have a document to follow if a virus is 
sent in that has not been identified. Would you believe it reads;

"First of all confirm the file is a virus."

How do you think they have been doing this? Why, by opening them and 
running them on their windows desktops and looking to see if the AV 
(which never caught it in the first place, hence why the customer has 
submitted it) detects it.

You could not make this up if you tried.

-- 
powered by Linux - bastardized by Window$ - 
givemespam@wibblywobblyteapot.co.uk

The Natural Philosopher wrote:
> Cork Soaker wrote:
>> The Natural Philosopher wrote:
>>> I received a suspect mail and sent it off to the virus scan site
>>
>> Had the same, it's due to your computer being infected by a virus 
>> BEFORE the email.
>>
>> Assuming your replies, this is a troll, but,
>>
>> Boot a live CD and scan.
>>
>> Ask for more help on this, or better yet, Google and learn a shit-load.
> 
> Oh dear.
> 
> This idiot isn't killfiled here.
> 
> Didn't you bother to see I was posting on a Mac, and it couldn't e 
> infected with a windws virus?
> 


So what are you doing here?

On Oct 8, 10:40 am, Cork Soaker <Thunderb...@Hardy.invalid> wrote:
> The Natural Philosopher wrote:
> > Didn't you bother to see I was posting on a Mac, and it couldn't e
> > infected with a windws virus?
>
> So what are you doing here?

A lot more than you.

Cork Soaker wrote:
> The Natural Philosopher wrote:
>> Cork Soaker wrote:
>>> The Natural Philosopher wrote:
>>>> I received a suspect mail and sent it off to the virus scan site
>>>
>>> Had the same, it's due to your computer being infected by a virus 
>>> BEFORE the email.
>>>
>>> Assuming your replies, this is a troll, but,
>>>
>>> Boot a live CD and scan.
>>>
>>> Ask for more help on this, or better yet, Google and learn a shit-load.
>>
>> Oh dear.
>>
>> This idiot isn't killfiled here.
>>
>> Didn't you bother to see I was posting on a Mac, and it couldn't e 
>> infected with a windws virus?
>>
> 
> 
> So what are you doing here?

Here being one of cam.misc. uk.d-i-y and uk.telecoms.broadband, nothing 
in the posting implies either a PC, or a Linux setup.

And 'live CD' implies Linux, and I have yet to actually see a Mac 
infected by a virus. I am sure its possible, but they are as rare as 
hen's teeth. Viruses are largely a windows PC phenomenon.

And your advice was patntly wrong.

So?

The Natural Philosopher <a@b.c> writes:

> 
> And 'live CD' implies Linux, and I have yet to actually see a Mac
> infected by a virus. I am sure its possible, but they are as rare as
> hen's teeth. Viruses are largely a windows PC phenomenon.

I've seen them, but over 10 years ago and back in days of floppy-borne
beasties.  One of the joys of working for a university computer
service.


Paul
-- 
Paul Leyland         | Hanging on in quiet desperation is
Dept. of Genetics, Cambridge University   |     the English way.
Downing Street, Cambridge, CB2 3EH, UK    | The time is gone, the song is over.
Tel: +44-1223-333963 Fax: +44-1223-333992 | Thought I'd something more to say.

In message , at 13:32:56 on Wed, 
8 Oct 2008, Paul Leyland  remarked:
>> And 'live CD' implies Linux, and I have yet to actually see a Mac
>> infected by a virus. I am sure its possible, but they are as rare as
>> hen's teeth. Viruses are largely a windows PC phenomenon.
>
>I've seen them, but over 10 years ago and back in days of floppy-borne
>beasties.  One of the joys of working for a university computer
>service.

Viruses today are mainly "drive by" attacks on browsers, having 
attracted the user to an infected website. The major anti-virus vendors 
no doubt have statistics for which platforms are most vulnerable.
-- 
Roland Perry

Roland Perry wrote:
> In message , at 13:32:56 on Wed, 
> 8 Oct 2008, Paul Leyland  remarked:
>>> And 'live CD' implies Linux, and I have yet to actually see a Mac
>>> infected by a virus. I am sure its possible, but they are as rare as
>>> hen's teeth. Viruses are largely a windows PC phenomenon.
>>
>> I've seen them, but over 10 years ago and back in days of floppy-borne
>> beasties.  One of the joys of working for a university computer
>> service.
> 
> Viruses today are mainly "drive by" attacks on browsers, having 
> attracted the user to an infected website. The major anti-virus vendors 
> no doubt have statistics for which platforms are most vulnerable.


Are you sure about that?

I thought they were mainly in email attachments..

Anyway I don't use IE at all, so that's mainly that.

"The Natural Philosopher" <a@b.c> wrote in message 
news:1223493649.3009.0@proxy01.news.clara.net...
>
> I thought they were mainly in email attachments..

Haven't seen one of those for years. Are there really still people who use 
ISPs who don't throw them away on the server?

-- 
Tim Ward - posting as an individual unless otherwise clear
Brett Ward Limited - www.brettward.co.uk
Cambridge Accommodation Notice Board - www.brettward.co.uk/canb
Cambridge City Councillor

"Tim Ward"  writes:

> "The Natural Philosopher" <a@b.c> wrote in message 
> news:1223493649.3009.0@proxy01.news.clara.net...
>>
>> I thought they were mainly in email attachments..
>
> Haven't seen one of those for years. Are there really still people who
> use ISPs who don't throw them away on the server?

Are there really still people who use their ISP for email?

-- 
But all I get is bitter and a nasty little rash

"August West"  wrote in message 
news:87k5ci6ccb.fsf@news2.kororaa.com...
> "Tim Ward"  writes:
>
>> "The Natural Philosopher" <a@b.c> wrote in message
>> news:1223493649.3009.0@proxy01.news.clara.net...
>>>
>>> I thought they were mainly in email attachments..
>>
>> Haven't seen one of those for years. Are there really still people who
>> use ISPs who don't throw them away on the server?
>
> Are there really still people who use their ISP for email?

Eh?? Don't get you. Do you mean "are there people who don't contribute more 
than their fair share to the carbon footprint by running their own server at 
home 24/7 just to pick up the occasional email"? In which case, as you know 
perfectly well, the answer is "yes, there are lots of such people".

-- 
Tim Ward - posting as an individual unless otherwise clear
Brett Ward Limited - www.brettward.co.uk
Cambridge Accommodation Notice Board - www.brettward.co.uk/canb
Cambridge City Councillor

In message , at 20:18:39 on 
Wed, 8 Oct 2008, The Natural Philosopher <a@b.c> remarked:
>>  Viruses today are mainly "drive by" attacks on browsers, having 
>>attracted the user to an infected website. The major anti-virus 
>>vendors  no doubt have statistics for which platforms are most vulnerable.
>
>Are you sure about that?

Yes, it's been like that for a year or more.

>I thought they were mainly in email attachments..

Not any more; the networks got too good at filtering them out, so the 
effort has gone into other avenues.
-- 
Roland Perry

"Tim Ward"  writes:

> "August West"  wrote in message 
> news:87k5ci6ccb.fsf@news2.kororaa.com...
>> "Tim Ward"  writes:
>>
>>> "The Natural Philosopher" <a@b.c> wrote in message
>>> news:1223493649.3009.0@proxy01.news.clara.net...
>>>>
>>>> I thought they were mainly in email attachments..
>>>
>>> Haven't seen one of those for years. Are there really still people who
>>> use ISPs who don't throw them away on the server?
>>
>> Are there really still people who use their ISP for email?
>
> Eh?? Don't get you. Do you mean "are there people who don't contribute more 
> than their fair share to the carbon footprint by running their own server at 
> home 24/7 just to pick up the occasional email"? In which case, as you know 
> perfectly well, the answer is "yes, there are lots of such people".

Eh?? I was thinking more of hotmail, gmail, and the like.

-- 
and you know it's righteous stuff

"August West"  wrote in message 
news:87fxn66bim.fsf@news2.kororaa.com...
>>>
>>> Are there really still people who use their ISP for email?
>>
>> Eh?? Don't get you. Do you mean "are there people who don't contribute 
>> more
>> than their fair share to the carbon footprint by running their own server 
>> at
>> home 24/7 just to pick up the occasional email"? In which case, as you 
>> know
>> perfectly well, the answer is "yes, there are lots of such people".
>
> Eh?? I was thinking more of hotmail, gmail, and the like.

Oh, I think you and I disagree about what "ISP" means. I think it means 
"internet service provider". I use several different internet services, and 
I use several ISPs for different purposes, quite often at the same time - 
just right now I'm using one for connectivity, one for usenet access, and 
one for both hosting my website and managing my email (which, like hotmail, 
gmail and the like, does have a webmail interface, but I don't use it very 
often). If I also used hotmail I would regard hotmail as a "provider" of one 
of my "internet services", ie one of my ISPs, and I would expect them to 
filter out email viruses for me.

If you think "ISP" means *just* the service of providing connectivity, and 
not all the other things that many of us unbundle these days, that would 
explain the confusion.

-- 
Tim Ward - posting as an individual unless otherwise clear
Brett Ward Limited - www.brettward.co.uk
Cambridge Accommodation Notice Board - www.brettward.co.uk/canb
Cambridge City Councillor

Tim Ward coughed up some electrons that declared:

> "August West"  wrote in message
> news:87k5ci6ccb.fsf@news2.kororaa.com...
>> "Tim Ward"  writes:
>>
>>> "The Natural Philosopher" <a@b.c> wrote in message
>>> news:1223493649.3009.0@proxy01.news.clara.net...
>>>>
>>>> I thought they were mainly in email attachments..
>>>
>>> Haven't seen one of those for years. Are there really still people who
>>> use ISPs who don't throw them away on the server?
>>
>> Are there really still people who use their ISP for email?
> 
> Eh?? Don't get you. Do you mean "are there people who don't contribute
> more than their fair share to the carbon footprint by running their own
> server at home 24/7 just to pick up the occasional email"? In which case,
> as you know perfectly well, the answer is "yes, there are lots of such
> people".
> 

We run our entire lives of our two servers: one RAID5 filestore (and soon to
be migrated Postgresql server) with secure remote access, the other (soon
to be upgraded on recycled equipment) general purpose server (web, calendar
(Horde), email (Exim + Dovecot), misc).

Without it, neither me nor the missus would have a clue what we're doing.

:)

Cheers

Tim

In message , at 22:15:06 on Wed, 8 
Oct 2008, Tim Ward  remarked:
>If you think "ISP" means *just* the service of providing connectivity, and
>not all the other things that many of us unbundle these days, that would
>explain the confusion.

Agreed. I'm currently using seven ISPs, only two of them for 
connectivity. And that's not counting niche services like Googlemail, 
Skype, MS-Messenger and another half dozen other providers of similar 
stuff. My Freeserve account finally expired recently, after many years 
of not using them for dial-up.
-- 
Roland Perry

On Wed, 8 Oct 2008 21:03:15 UTC, "Tim Ward"  wrote:

> Eh?? Don't get you. Do you mean "are there people who don't contribute more 
> than their fair share to the carbon footprint by running their own server at 
> home 24/7 just to pick up the occasional email"? In which case, as you know 
> perfectly well, the answer is "yes, there are lots of such people".

I'll confess to being one of those irresponsible people who increases 
their mythical 'carbon footprint'. I receive a LOT of email, and several
thousand spams each day, which I doubt an ISP would be as efficient at 
filtering.

My email server performs several other tasks, and consumes between 30 
and 35 watts.

-- 
Bob Eager
Use the BIG mirror service in the UK:
http://www.mirrorservice.org

"Bob Eager"  wrote in message 
news:176uZD2KcidF-pn2-mx3FHKTumuhE@rikki.tavi.co.uk...
>
> I'll confess to being one of those irresponsible people who increases
> their mythical 'carbon footprint'. I receive a LOT of email, and several
> thousand spams each day, which I doubt an ISP would be as efficient at
> filtering.

I used to receive thousands of spams but my ISP has fixed their systems and 
the spam no longer consume entropy and thus carbon by being sent down the 
wire to my house.

-- 
Tim Ward - posting as an individual unless otherwise clear
Brett Ward Limited - www.brettward.co.uk
Cambridge Accommodation Notice Board - www.brettward.co.uk/canb
Cambridge City Councillor

"Tim Ward"  writes:

> If you think "ISP" means *just* the service of providing connectivity,
> and not all the other things that many of us unbundle these days, that
> would explain the confusion.

I do. The ISP shifts the packets,a mail provider provides, mail, News
provider, news, and so on.  I really don't see any utulity in
overloading ISP.

-- 
a drunk in a midnight choir

"August West"  wrote in message 
news:87bpxu69el.fsf@news2.kororaa.com...
> "Tim Ward"  writes:
>
>> If you think "ISP" means *just* the service of providing connectivity,
>> and not all the other things that many of us unbundle these days, that
>> would explain the confusion.
>
> I do. The ISP shifts the packets,a mail provider provides, mail, News
> provider, news, and so on.  I really don't see any utulity in
> overloading ISP.

Oh, right. I use lots of different packet shifters, depending on where I am 
and what device I'm using, and quite often I don't even know what packet 
shifter I'm using[#], but only one of each of most of the others.

[#] After all you never need to. Apart from having to know their SMTP 
server. Which isn't *quite* enough of a pain for me to organise one of the 
many alternatives for myself.

-- 
Tim Ward - posting as an individual unless otherwise clear
Brett Ward Limited - www.brettward.co.uk
Cambridge Accommodation Notice Board - www.brettward.co.uk/canb
Cambridge City Councillor

On Wed, 08 Oct 2008 22:15:06 +0100, Tim Ward wrote:

> If you think "ISP" means *just* the service of providing connectivity, and 
> not all the other things that many of us unbundle these days, that would 
> explain the confusion.

That is what most people - both internet pros and the great unwashed -
mean by "ISP", in the absence of any further qualification.

-- 
One way ticket from Mornington Crescent to Tannhauser Gate please.

On Wed, 08 Oct 2008 21:50:12 +0100, August West wrote:

> "Tim Ward"  writes:
> 
>> "The Natural Philosopher" <a@b.c> wrote in message 
>> news:1223493649.3009.0@proxy01.news.clara.net...
>>>
>>> I thought they were mainly in email attachments..
>>
>> Haven't seen one of those for years. Are there really still people who
>> use ISPs who don't throw them away on the server?
> 
> Are there really still people who use their ISP for email?

You jest.

There's gazillions of people who still have no idea that their
browser's homepage doesn't have to be btinteryahoogle.com, let
alone that they can change browser, or get email from elsewhere...

-- 
One way ticket from Mornington Crescent to Tannhauser Gate please.

On Wed, 08 Oct 2008 22:00:34 +0100, Roland Perry wrote:

> In message , at 20:18:39 on 
> Wed, 8 Oct 2008, The Natural Philosopher <a@b.c> remarked:

[viruses]

>>I thought they were mainly in email attachments..
> 
> Not any more; the networks got too good at filtering them out, so the 
> effort has gone into other avenues.

Still plenty of viral emails kicking around: I have a relatively
unfiltered email feed, partly so's I can get a feel for what's
going on out there.

-- 
One way ticket from Mornington Crescent to Tannhauser Gate please.

Fevric J Glandules <fevric@invalid.invalid> writes:

> On Wed, 08 Oct 2008 21:50:12 +0100, August West wrote:
>
>> "Tim Ward"  writes:
>> 
>>> "The Natural Philosopher" <a@b.c> wrote in message 
>>> news:1223493649.3009.0@proxy01.news.clara.net...
>>>>
>>>> I thought they were mainly in email attachments..
>>>
>>> Haven't seen one of those for years. Are there really still people
>>> who use ISPs who don't throw them away on the server?
>> 
>> Are there really still people who use their ISP for email?
>
> You jest.

Not greatly; my entier extended family, from ages 10 to 84, have all
moved their email elsewhere, and all withut me suggesting it would be a
good idea.

-- 
the man up the spiral staircase

On Wed, 08 Oct 2008 18:22:23 +0100, Roland Perry wrote:

> Viruses today are mainly "drive by" attacks on browsers, having 
> attracted the user to an infected website. The major anti-virus vendors 
> no doubt have statistics for which platforms are most vulnerable.

<tangent>

It struck me a couple of days ago that the whole situation is like 
having one dominant car company that ships all its cars with bald
tyres and duff brakes.  As a result there's an enormous after-market
in five-point harnesses, roll cages, fire extinguishers and even
replacement air-bags.

</>

-- 
One way ticket from Mornington Crescent to Tannhauser Gate please.

On Wed, 08 Oct 2008 22:35:50 +0100, Roland Perry wrote:

> In message , at 22:15:06 on Wed, 8 
> Oct 2008, Tim Ward  remarked:
>>If you think "ISP" means *just* the service of providing connectivity, and
>>not all the other things that many of us unbundle these days, that would
>>explain the confusion.
> 
> Agreed. I'm currently using seven ISPs, only two of them for 
> connectivity. And that's not counting niche services like Googlemail, 
> Skype, MS-Messenger and another half dozen other providers of similar 
> stuff. 

Interesting - I don't think I've ever come across anyone using that
definition for ISP. By that meaning, presumably someone running a website
on a machine at home also qualifies as an ISP? (or is there some usage
level below which "providing an IP-based service on the public Internet"
doesn't apply?)

On Thu, 9 Oct 2008 00:20:21 +0200 (CEST), Fevric J Glandules
<fevric@invalid.invalid> wrote:

>On Wed, 08 Oct 2008 18:22:23 +0100, Roland Perry wrote:
>
>> Viruses today are mainly "drive by" attacks on browsers, having 
>> attracted the user to an infected website. The major anti-virus vendors 
>> no doubt have statistics for which platforms are most vulnerable.
>
><tangent>
>
>It struck me a couple of days ago that the whole situation is like 
>having one dominant car company that ships all its cars with bald
>tyres and duff brakes.  As a result there's an enormous after-market
>in five-point harnesses, roll cages, fire extinguishers and even
>replacement air-bags.
>
></>

Are there no viruses on Macs because no one uses them? Or maybe the
apps are too boring? Must be something.
(warm isn't it ) :-)

On Wed, 08 Oct 2008 17:50:26 -0500, Jules wrote:

[ISPs vs "internet service providers"]

> Interesting - I don't think I've ever come across anyone using that
> definition for ISP. By that meaning, presumably someone running a website
> on a machine at home also qualifies as an ISP? (or is there some usage
> level below which "providing an IP-based service on the public Internet"
> doesn't apply?)

'zackly.

"ISP" has come to mean "bit-provider" - even amongst professionals.
A bit like "broadband" has ended up meaning "anything faster than 
dial-up".

-- 
One way ticket from Mornington Crescent to Tannhauser Gate please.

In news:6l4odnFaklurU1@mid.individual.net,
Tim Ward  typed, for some strange, unexplained 
reason:
: "Bob Eager"  wrote in message
: news:176uZD2KcidF-pn2-mx3FHKTumuhE@rikki.tavi.co.uk...
: >
: > I'll confess to being one of those irresponsible people who
: > increases their mythical 'carbon footprint'. I receive a LOT of
: > email, and several thousand spams each day, which I doubt an ISP
: > would be as efficient at filtering.
:
: I used to receive thousands of spams but my ISP has fixed their
: systems and the spam no longer consume entropy and thus carbon by
: being sent down the wire to my house.

I reduced my spam count from several thousand per day to around 15 or so 
simply by disabling the "catchall" facility on my domain name. Now I only 
ever even see mail for the 4 addresses I've told it about and what gets 
through is almost always weeded out by filtering it through a spare gmail 
account kept for the purpose.

Nothing unwanted has made it to the inbox for months.


Ivor

On Thu, 09 Oct 2008 01:08:13 +0100, Ivor Jones wrote:

> I reduced my spam count from several thousand per day to around 15 or so 
> simply by disabling the "catchall" facility on my domain name. Now I only 
> ever even see mail for the 4 addresses I've told it about and what gets 
> through is almost always weeded out by filtering it through a spare gmail 
> account kept for the purpose.
> 
> Nothing unwanted has made it to the inbox for months.

Lucky you.

A certain "MISTER BROWN" of "DOWNING STREET, LONDON" keeps offering
me "FOUR HUNDRED BILLIONS OF POUNDS" if I can only come up with some
bank details, like which ones I own.

-- 
One way ticket from Mornington Crescent to Tannhauser Gate please.

In message , at 
17:50:26 on Wed, 8 Oct 2008, Jules 
 remarked:
>>I'm currently using seven ISPs, only two of them for
>> connectivity. And that's not counting niche services like Googlemail,
>> Skype, MS-Messenger and another half dozen other providers of similar
>> stuff.
>
>Interesting - I don't think I've ever come across anyone using that
>definition for ISP.

It's very common, you must have led a sheltered like.

>By that meaning, presumably someone running a website
>on a machine at home also qualifies as an ISP? (or is there some usage
>level below which "providing an IP-based service on the public Internet"
>doesn't apply?)

There are various regulatory definitions, but the one I'm using involves 
offering a commercial service to specific subscribers (although 
sometimes free of obvious charges), including email, domain hosting and 
connectivity.

-- 
Roland Perry

In message , at 22:53:38 on Wed, 8 Oct 
2008, August West  remarked:
>The ISP shifts the packets,a mail provider provides, mail, News
>provider, news, and so on.  I really don't see any utulity in
>overloading ISP.

They all operate in the same commercial, regulatory and standards 
framework.

There's no point in trying to draw arbitrary lines between companies who 
offer (eg) connectivity and web hosting, and some of whose customers 
take just the connectivity, some take just the web hosting, and some who 
take both. To all three classes of customer they are simply "an ISP".
-- 
Roland Perry

In message , at 23:16:36 on Wed, 8 Oct 
2008, August West  remarked:
>>> Are there really still people who use their ISP for email?
>>
>> You jest.
>
>Not greatly; my entier extended family, from ages 10 to 84, have all
>moved their email elsewhere, and all withut me suggesting it would be a
>good idea.

I found that relatives were using Hotmail as the default, without even 
considering whatever their connectivity-ISP-that-week was offering 
(probably not a sufficiently useful webmail if my own experiences are 
anything to go by). One has since registered a domain name, which I 
organised for them, and the email is forwarded to their hotmail account.
-- 
Roland Perry

In message <gcjb6a$vfl$4@aioe.org>, at 00:11:22 on Thu, 9 Oct 2008, 
Fevric J Glandules <fevric@invalid.invalid> remarked:
>[viruses]
>
>>>I thought they were mainly in email attachments..
>>
>> Not any more; the networks got too good at filtering them out, so the
>> effort has gone into other avenues.
>
>Still plenty of viral emails kicking around: I have a relatively
>unfiltered email feed, partly so's I can get a feel for what's
>going on out there.

Of course there will be a few still going round, but the main action is 
elsewhere.
-- 
Roland Perry

Fevric J Glandules <fevric@invalid.invalid> wrote:

Re: spam

> Ivor Jones wrote:
>> Nothing unwanted has made it to the inbox for months.
>
> Lucky you.
> A certain "MISTER BROWN" of "DOWNING STREET, LONDON" keeps offering
> me "FOUR HUNDRED BILLIONS OF POUNDS" if I can only come up with some
> bank details, like which ones I own.

ROFL!

-- 
blj

In article ,
   August West  wrote:
> Are there really still people who use their ISP for email?

Whether they do or not, the service the ISP provides should work.

And yes, to judge by the mail we receive, the bulk of people use their
connectivity provider (ICP) for email.

Some ICPs (aol, bellsouth, att.net) are draconian in their rejection of
valid emails, because some spam has been forwarded via a legit server. 

hotmail is a problem too: any email written in hotmail purports to be
multipart/altenative. But the plain text version is completely unformatted
and essentialy unusable.

-- 
------------------------------------------------------------------
Richard Torrens. News email address is valid - for a limited time only.
http://www.Torrens.org.uk for genealogy, natural history, wild food, walks, cats
and more!

jake wrote:
> On Thu, 9 Oct 2008 00:20:21 +0200 (CEST), Fevric J Glandules
> <fevric@invalid.invalid> wrote:
> 
>> On Wed, 08 Oct 2008 18:22:23 +0100, Roland Perry wrote:
>>
>>> Viruses today are mainly "drive by" attacks on browsers, having 
>>> attracted the user to an infected website. The major anti-virus vendors 
>>> no doubt have statistics for which platforms are most vulnerable.
>> <tangent>
>>
>> It struck me a couple of days ago that the whole situation is like 
>> having one dominant car company that ships all its cars with bald
>> tyres and duff brakes.  As a result there's an enormous after-market
>> in five-point harnesses, roll cages, fire extinguishers and even
>> replacement air-bags.
>>
>> </>
> 
> Are there no viruses on Macs because no one uses them? Or maybe the
> apps are too boring? 

Both really ;-)

Actually its a minority target, and a harder target than windows.

So mostly viruses leave em alone.

> Must be something.
> (warm isn't it ) :-)

Tim Ward wrote:
>"The Natural Philosopher" <a@b.c> wrote in message 
>news:1223493649.3009.0@proxy01.news.clara.net...
>>
>> I thought they were mainly in email attachments..
>
>Haven't seen one of those for years. Are there really still people who use 
>ISPs who don't throw them away on the server?

Does your ISP throw away *all* attachments then, or just all attachments
containing executables?  Because there've been some very quickly
mutating ones lately which are getting through good AV software because
they change so quickly.  And they're much better at convincing social
engineering techniques to get people to open them.  We've had pretty
clued up people here caught out by a supposed message from UPS about a
delivery because they were *expecting* something with UPS.

-- 
eleanor@the-blairs.co.uk                          http://lnr.livejournal.com/

Eleanor Blair wrote:
> Tim Ward wrote:
>> "The Natural Philosopher" <a@b.c> wrote in message 
>> news:1223493649.3009.0@proxy01.news.clara.net...
>>> I thought they were mainly in email attachments..
>> Haven't seen one of those for years. Are there really still people who use 
>> ISPs who don't throw them away on the server?
> 
> Does your ISP throw away *all* attachments then, or just all attachments
> containing executables?  Because there've been some very quickly
> mutating ones lately which are getting through good AV software because
> they change so quickly.  And they're much better at convincing social
> engineering techniques to get people to open them.  We've had pretty
> clued up people here caught out by a supposed message from UPS about a
> delivery because they were *expecting* something with UPS.
> 
The key on any mail that tries to redirect you to a website is right 
click on the link  and see where it takes you.

On 2008-10-09, The