At 09:53 PM 03/12/2003, Jamie Reid wrote:
If an attacker can convince a user to do anything, all bets are off.
It is conceptually similar to using SSL to evade a network IDS.
This is also an intrusion test trick. As system owners, there is only so much we can do to prevent and detect compromises. What matters is how we respond.
True enough. However, we also have to protect naive and vulnerable users to some degree. Think about elderly folk. They are not necessarily as quick to spot the scam. The ability to stop the virus before it gets to them is important. The other thing that worries me is that those who rely on their ISP to scan for viruses, a false sense of security can come into play. In the case of these types of email viruses, the user might think the file is OK because it was scanned. ---Mike