Tom McCune wrote:

rely on your AV to tell you something is not infected, especially if
this e-mail is unexpected. Sometimes it takes the AV company a couple
days before something ITW gets added into their definitions file.

--
William

If it don't work, hit it.
If it still don't work, kick it.
If it works after that, than it doesn't matter if that helped, what's
important is it works.

"Big Will" wrote in message news:40bf6374$1@darkstar...
....or even five weeks. :O)

--
Rafter the instigator

On Fri, 04 Jun 2004 11:03:16 GMT, Tom McCune
<news@DELETE_THISmccune.cc> wrote:

You are beginning to wonder the right question. A sense of false
security is a problem with using realtime antivirus scanners. All
unsolicted email attackments should simply be deleted. Sane email apps
such as Pegasus, Agent, and Mozilla mail are safe from from plain mail
exploits. Any email app that's text-only is safe in this regard. Sane
email apps won't allow the user to Run attackments. So with such sane
email apps, there's no need for realtime antivirus. Users are far
better off using such apps and placing no reliance whatsoever on
realtime antivirus scanning.

Attachments the user has solicted can be Saved to a test folder. JPG
image files should be Opened in their viewer of choice (such as
IrfanView). Attachments such as screen savers should be scanned on
demand with a reliable scanner like KAV. The use of more than one
on-demand scanner is a very good policy.


Art
http://www.epix.net/~artnpeg

On Fri, 04 Jun 2004 21:45:32 GMT, Tom McCune
<news@DELETE_THISmccune.cc> wrote:

IMO, it's a shame that Pegasus bothers with it's crummy HTML. It's
safe (it uses its own rendering engine and doesn't depend on IE) but
lousy. The author should have stuck with plain text only. Similarly,
Viewing JPGs and GIFs is lousy in Pegasus IMO. IIRC, there is one
caveat though. If IE is the default browser <shudder> and you select
to View HTML, it will transfer control over to IE. Very bad. So that's
one setting in the preferences that should be set properly for
security in the case of IE users. I sometimes forget about that aspect
since I had IE eradicated on my old Win 98 PC for many years. So for
me it was never a issue.

I now use Mozilla email which is much nicer in many respects. It's
just as secure as Pegasus. Clueless users can use it safely. A portion
of Mozilla can be left in memory for fast startup. I ceated a separate
icon for email, so from the desktop I can zap almost immediately into
either the browser or email (900 mhz PIII with 128 RAM).

I can't seem to get away though from Free Agent for newsgroups. Been
using it since the Win 3.1 days. It's also quite safe for average
users. More recent versions have improved security for binary
downloads. But I think you may still have to pay attention to a
warning that pops up, and be careful to select Save rather than Open.
IOW, it may be possible (haven't checked lately, or on the latest
version) if you're clueless (or drunk ) to Run a binary while you're
using Free Agent. But maybe that's impossible now on the latest
version. It may be that the only option is to Save "executeable"
binaries (that aren't associated with a viewer or player). That would
be sane

Basically, there is no need for realtime scanning at all if you use
sane apps and just use your head a bit. Safe Hex gets to be a habit,
and after awhile you're not even aware that you're practicing it. So
any idea that safe hex means that you're continually "up tight" is
incorrect. Quite to the contrary, it's those who don't practice it and
don't use sane apps that should be up tight


Art
http://www.epix.net/~artnpeg

"Tom McCune" <news@DELETE_THISmccune.cc> wrote in message news:UFYvc.48638$j24.38711@twister.nyroc.rr.com...
Part of safe computing is having tools to help you to determine that
a program you wish to execute is free of malware. Anti-virus is one
such tool. It has become a crutch now as people use it on access to
allow themselves to ignore safe practices altogether. AV itself is at
least part of the malware problem as it exists today - they have now
catered to the (as Art has put it) "stupid user" part of the chain of
events to the extent that they are their own worst enemy.

Yeah, it *that* is faulty - who knows what else is.

Most of the new stuff is relying on the lag time, and it is fairly obvious
to me that the latter scenario is in full effect. It is not just the e-mail
scanning feature(s) either - I have AV so I can do whatever I want
and I'm protected - or - AOL has AV so...

<null@zilch.com> wrote in message news:98r0c01jeu8nu0rvgun2v8hia5567d9orf@4ax.com...

....and a cooling off period of five weeks and one day

On Fri, 4 Jun 2004 21:45:48 -0400, "FromTheRafters" <!0000@nomad.fake>
wrote:

Good point, but a bit pessimistic I think. By the time a user receives
a new and "unknown" malware, it's likely that several av vendors will
have detection in a day or two. So it depends on the av product(s) you
use and how often they update.


Art
http://www.epix.net/~artnpeg

<null@zilch.com> wrote in message news:kfb2c01hu345784ae51gae6vvj860kffrk@4ax.com...
Yep, but the early bird gets the worm, and the second mouse gets the
cheese. ;o)

Yeah, it was kind of a reference to Tom's difficulty with Hybris.
I used to think at least a couple of weeks would be okay, but
it depends on how short their usual "day zero" is. Usually, a
couple of update cycles was good enough for me.