[ga] Reliability of the Internet - the silent battle

[Roeland Meyer <rmeyer@mhsc.com>]

Hello Ken,

Document distro, via email, is getting to be less reliable than it has in
the past. As more sites seek to protect themselves from the mistakes or
maliciousness of others, they are restricting the types of traffic flowing
in/out of their systems. The restrictions are being emplaced in layers of
permissions where near/local users can send attachements to each other, but
not to any one else. Likewise, inbound external messages are routinely
stripped of dangerous attachements (DOC, COM, EXE, XLS, XLW, etc). Part of
the reason is that the cost of cleaning up a virus infestation has become
seriously huge. 

What few realize is that, this is also happening on the outbound side. Wyrms
and virii not only spoof messages from the sites' users (creating liability
problems with other sites), but also try to send security critical files
like 'passwd'. Since these can be renamed to anything else before sending
(like passwd.doc, passwd.txt, or even funny.txt), some sites have taken to
stripping all outbound attachments regardless of file type.

William's suggestion is the correct one, for now. However, that will also be
blocked if said web-sites continue to post files that haven't been virus
scanned, as John has pointed out. Actually, since reading Johns message and
checking it out for myself, I have just directed that http file downloads be
prohibited, from the ICANN.ORG site, at my firewall, as well as those of my
clients. Anyone that clueless, does not get a second chance to infest
systems under my control. Not only have they been infested, but they are so
oblivious that they are a danger to others. There is a reason that most
non-techies are NOT allowed unfiltered posting rights to production systems.

It is a serious issue of trust. The Internet, as currently implemented, is
one of mutual trust. As that trust becomes violated, that will change. This
is what keeps me up at night and this is what has contributed to the demise
of many dot-coms. A "trust no one" policy is anathema to the very principles
of the internet. However, the "trust everyone" policy is failing to human
maliciousness, coupled with human stupidity. 

In some cases I think that, stupidity needs to become a crime and the ATA
goes in that direction. Those who post files like
http://ipc.dnso.icann.org/comments-archive/0006.html need to be held
financially liable, equal to the scum-bag that created the virus in the
first place. That would force/enable web-site administrators to practice
proper production processes like, filtering all content with virus scanners
prior to publication. Failing to take such basic precautions should incur
financial liability equal to the damages that such negligence causes. In the
example noted here, the PIF file reference should have been replaced with a
notice of why it was stripped and all attachments, to that archive, should
be virus scanned prior to posting. Some of us know enough to not download a
PIF file, but most do not.

Thank you

--
R O E L A N D  M J  M E Y E R
Managing Director
Morgan Hill Software Company
tel: +1 925 373 3954
cel: +1 925 352 3615
fax: +1 925 373 9781 
http://www.mhsc.com

|> -----Original Message-----
|> From: John Berryhill Ph.D. J.D. [mailto:john@johnberryhill.com]
|> Sent: Tuesday, November 06, 2001 9:20 AM
|> 
|> Roeland is correct.
|> 
|> Virus distribution is handled by the Intellectual Property 
|> Constituency, which provides a live SirCam virus attachment 
|> for download at:
|> 
|> http://ipc.dnso.icann.org/comments-archive/0006.html

|> -----Original Message-----
|> From: William X Walsh [mailto:william@wxsoft.info]
|> Sent: Tuesday, November 06, 2001 3:59 AM
|> 
|> Perhaps not using an attachment, and posting it in plain 
|> text, putting an html version up on a website, etc.
|> 
|> You can provide a word doc format for those who want it, save 
|> it in html (Word supports this), and in plain text, put them 
|> on a website and let the end users select which format they 
|> prefer.
|> 
|> This is how I did the letter from domain resellers regarding
|> the Verisign transfer policy.

|> -----Original Message-----
|> From: Ken Stubbs [mailto:kstubbs@digitel.net]
|> Sent: Tuesday, November 06, 2001 3:49 AM
|> 
|> as a "non tecchie" i would sincerely appreciate someone 
|> letting me know what format they suggest i should put 
|> attachments in to in order to provide reasonable assurance 
|> that the attachment won't get "re-routed"

|> ----- Original Message -----
|> From: "Roeland Meyer" <rmeyer@mhsc.com>
|> Sent: Monday, November 05, 2001 8:20 PM
|> 
|> > You over-react to a mis-understanding. No one is accusing 
|> > the task force of distributing a virus. What is, in fact, 
|> > being stated is that the distribution, BECAUSE it is a DOC 
|> > file, will be less than complete. That it will not reach 
|> > its intended audience. More and more sites re-route DOC 
|> > file attachment s to /dev/nul as a matter of course. As a 
|> > matter of fact, it is begining to become a real problem. 
|> > SirCam and Nimda both create DOC files and send them out 
|> > as file attachments. Without special software, it is
|> > impossible to know whether or not a DOC file contains a 
|> > virus until it is opened and activated. Once you have 
|> > done that, there is no way to prevent the infestation. 
|> > Many sites take the security precaution of deleting ALL
|> > attached DOC files. They also do this with EXE and COM  
|> > files. Some are also begining to do it with PDF files, 
|> > as well.

--
This message was passed to you via the ga-full@dnso.org list.
Send mail to majordomo@dnso.org to unsubscribe
("unsubscribe ga-full" in the body of the message).
Archives at http://www.dnso.org/archives.html