Thread: computer clocks
View Single Post
  #36   Report Post  
John Rumm
 
Posts: n/a
Default
Mary Fisher wrote:

their personal appearance. In this case I consider that I was justified.
If you can criticise others' choice of utility you're leaving the field
open to criticism of the way you post.

It was not a criticism of their choice, just a recommendation they try
something different because it may solve the problem they are having.


But you didn't. You said:
"(Loosing OE would help as well)"
You have a point in that there might be other systems which are better for
certain uses but you didn't suggest what they were or in what precise ways
they were better.

Well to an extent, pretty much any of the applications designed as news
posting/reading clients will tend to do a better job.

However if you would like a specific recommendation, then I would
suggest that for people used to OE or Outlook they might like
Thunderbird. It has a nice (but not too different) UI, and you get a
number of advantages like good junk mail detection, ability to disable
running any active content in news/mail messages, support for RSS news
feeds etc.

If you don't mind paying for usenet software, then "The Bat" gets very
good reviews.

Ports of traditional Unix usenet software like Tin can also be good.
Forte Agent seems popular among many usenet users.

To be fair to OE, the more recent patches have started to add some more
security aware additions to that as well e.g. ability to block retrieval
of images not hosted on the sending site. It still has one major
achilles heel however in that it uses IE as a backend for rendering
HTML and hence inherits any vulnerabilities present in that.

But who was posting to say that s/he was having difficulty with OE? No-one.

The OP had a problem with jumbled message ordering. This could have been
attributed to OE's limited threading ability - there is an option buried
in the later versions to select whether this is done based on posting
time or thread IDs. (having found it the other day however, I can't find
which dialogue they have hidden it in today!)

The damning of OE by posters IS boring in that it's a constant moan. We
know how the moaners feel about OE, we choose to continue using it. ...

I am sure you are diligent enough (and sufficiently aware of the issues)
to keep your computer patched up to date, run current anti virus and
firewall software/hardware,


I am. MS helpfully suggests those things.

It does, alas many do not even read the suggestions (e.g. the recent
very sensible change to turn on the firewall in XP SP2 by default. This
was necessary simply because the majority of users did not bother to
enable it even though it was installed and ready to go).

keep your preview pane turned off,


I have NEVER used a preview pane, I can't see the point. It's never been the
default, I've never even tried to find out how to put it on. Don't bother
telling me :-)

I was under the impression (certainly for email) that the default window
layout in OE still has the message preview turned on. (i.e. the three
pane layout, inbox and other folders to the left, message titles top
right, preview bottom right).

and most importantly be selective as to what emails you open rather than
delete.


I certainly am. And I block those which I find offensive. But I still read
yours G

Note to self, must try harder ;-)

My experience would suggest however that a good many users are not. Unless
someone tells them, how will they know?


MS does give positive advice and help in telling people about security. You
didn't.

(Sadly the answer is usualy once their computer is spending 90% of its CPU
time as a part of a script kiddies botnet, slugging internet performance
carrying out DDoS attacks, sending spam, and hosting dodgy porn)


I don't understand the construction of that sentence, could you look at it
and explain it better, please? It might be interesting.

Apologies if you are already aware of some of the stuff that follows,
but it gives a fuller description of some of the above mentioned topics:

Much of the focus of computer "malware" in general has shifted in the
last couple of years. There was a time when computer viruses etc. ranged
in their unpleasantness, but they usualy shared a common goal of causing
some form of loss or disruption to the computer user, and propagating
copies of themselves. I don't pretend to understand the motivation of
the people who wrote these things, but I expect recognition among their
peer group was a big factor.

More recently things have taken a turn for the more sinister. Organised
crime has moved in, and opportunities for developing these technologies
into hard cash generating activities have grown.

As a result, the focus of much malware these days is to install itself
on a computer and *not* set out to do it any immediate harm. The desire
being to remain undetected. The majority of these applications open up
back doors into the computer. They will silently connect to a IRC
discussion channel, and await instruction from their master. This is a
"botnet". The back door will typically include a trojan downloader. This
is a program that can be instructed to download and execute any other
software at will. There are several common reasons for doing this:

1) The computers in the botnet can be instructed to perform a
Distributed Denial of Service attack. A recent example of this was a
Russian organised crime network that was targeting online casino sites.
Prior to a large sporting event they would threaten to take down their
web site unless it's owners paid up the requested extortion fee. If they
refused, they would find their web sites under attack from tens of
thousands of infected PCs. This would in effect knock them off the web
with their potential customers unable to reach them. DDoS attacks also
have a knock-on effect on other internet users as a result of the
bandwidth wasted by the attacks.

2) Estimates vary, but it is believed that over half of the worlds spam
is now relayed by compromised Windows PCs in this way. It is also much
harder to block small quantities of spam coming from large numbers of
hosts, than it is to block a large quantity of spam coming from a single
host.

3) Identity theft: Many botnets will have keyboard loggers installed.
These are designed to try and catch identity and other sensitive
financial data from the user of the PC. They can then "phone home" with
the information which can be used either for direct theft from online
bank accounts, or for identity theft etc.

4) Trojan diallers, another common technique it to compromise dial up
users so that there normal ISP connection is surreptitiously replaced
with a ISP service operating on a premium rate phone number. I have had
a couple of customers recently who had unexpected phone bills of several
hundred pounds more than they were expecting as a result of this.

5) Botnets are often assembled by script kiddies (i.e. relatively
unskilled "hackers" using tools, and virus construction sets built by
more expert developers). They also in themselves have a "value". Botnets
are now openly traded much like any other commodity. So if you were a
spammer, you could buy the services of say 25,000 computers for a
spamming campaign from the botnets "owner".

6) Hosting: your computer can be co-opted to host illegal content
(warez, pirated movies, kiddy porn etc) for later distribution.

Many of these activities can carry on undetected for months unless
something happens to draw the users attention to the matter. Typically
this is when too the computer gets compromised by too many separate
threats and is devoting so many of its resources to running these, it no
longer does what it's owner wants or expects. Alternatively some other
problem like a browser hijack forces the owner to attempt to scan and
remove the problem, and they stumble over the other stuff as well.

Pretty much all the email worms and viruses that I receive have at some
time been propagated as a result of a someone using IE/OE.


How on Earth did you receive them with all your protection? :-^

To be fair, I don't get many - most of the direct threats are removed by
our ISPs before I get to see them. Some spam still gets through, as do
copious bounce messages that indicate someone has got their PC
compromised and it is now sending spam pretending to come from one of
our domains!

The few nasties that get as far as the computer run into a compatibility
problem, in that the (Non PC, MS, or Intel) email system is not
compatible with them!

Every customer I go to see, who is complaining that their computer is
running slowly or misbehaving in some other way, has a machine loaded with
spyware and trojans that have arrived as a result of a lack of attention
to detail on their part, coupled with use of IE/OE. It is sometimes
difficult to get their attention, but you can change their software!


And you're saying that no-one who has whatever alternatives there are NEVER
get such nasties?

"No-one" would be going too far, since even if the alternative software
was invulnerable (which it isn't), the human element it still a weak
link. However I have yet to encounter any PCs that have been thoroughly
compromised in the same way, where the users have not been using IE/OE
as their primary internet suite. I am not sure how much statistical
significance you can draw from this, since if they are savvy enough to
actively seek out alternatives, they are already aware of many of the
risks.

You also have to be aware that an unpatched Win2K / XP system can get
compromised just being connected to the internet with no firewall. This
is irrespective of any software that runs on top for email/web access.

I'd find that very difficult to believe.

So would I. Part of the weakness of the MS applications is the nature of
the monoculture. I can see that if a significant proportion of users
ditch OE for a more secure alternative, then much of the black hat
effort will also shift in trying to find compromises for the alternative
platforms. However more diversity would help reduce the problem.

I support the responsible use of MS, it works well for me.

Glad to hear it, so do I. So long as it is not also at the same time
doing sterling service for a spotty teenager in Vladivostok, then carry on.



--
Cheers,

John.

/================================================== ===============\
| Internode Ltd - http://www.internode.co.uk |
|-----------------------------------------------------------------|
| John Rumm - john(at)internode(dot)co(dot)uk |
\================================================= ================/
Reply With QuoteReply With Quote