Film-Tech Forum ARCHIVE: MS security patch email

my profile | my password | search | faq & rules | forum home

»	Film-Tech Forum ARCHIVE » Community » Film-Yak » MS security patch email

Author

Topic: MS security patch email

Michael Schaffer
"Where is the
Boardwalk Hotel?"

Posts: 4143
From: Boston, MA
Registered: Apr 2002

posted 07-05-2004 05:58 AM

Today I got an email about a security update from this email address: MS Corporation Technical Bulletin [pmxzrdcrt_qfqux@updates.microsoft.net]
I had never gotten an email from MS before, and I haven`t registered my (BTW legal) XP copy. Is this authentic or some kind of evil scheme? There is a 104kB attachment "pack291.exe".

quote:
MS Customer

this is the latest version of security update, the "July 2004, Cumulative Patch" update which fixes all known security vulnerabilities affecting MS Internet Explorer, MS Outlook and MS Outlook Express as well as three newly discovered vulnerabilities. Install now to help protect your computer from these vulnerabilities, the most serious of which could allow an malicious user to run executable on your system. This update includes the functionality of all previously released patches.

| IP: Logged

William Hooper
Phenomenal Film Handler

Posts: 1879
From: Mobile, AL USA
Registered: Jun 99

posted 07-05-2004 06:20 AM

It's someone sending you a virus that they're hoping you'll enjoy. That scheme has been running for at least a year; lots of different miscreants use it in different permutations, some even with lifted graphics from the Microsoft site to make it look official.

You've been lucky to have avoided them so far. At one time, my mailbox was getting about 60 of those things per week.

| IP: Logged

Steve Kraus
Film God

Posts: 4094
From: Chicago, IL, USA
Registered: May 2000

posted 07-05-2004 10:12 AM

It's simple. Don't use Outlook. Don't use HTML email. Don't open email attachments with unfamilar extensions.

| IP: Logged

Ron Yost
Master Film Handler

Posts: 344
From: Paso Robles, CA
Registered: Aug 2003

posted 07-05-2004 12:58 PM

Michael,

I'd suggest you register your XP. You'll then activate the update notification, which comes directly from MS. When there are updates available a little balloon pops up as notification, which you then read about and choose by clicking on an icon which appears in the toolbar at the bottom.

It does not automatically install any updates or patches, but does notify you and give you the choice of installing them or not (or you can choose to be reminded later). It has nothing to do with email, btw. As has been said those are -all- bogus.

I'm sure there are paranoid-types who don't like this 'feature', but I do. I've not found one negative aspect of registering XP.

Ron Yost

| IP: Logged

Bobby Henderson
"Ask me about Trajan."

Posts: 10973
From: Lawton, OK, USA
Registered: Apr 2001

posted 07-05-2004 01:27 PM

No computer software company ever sends out "security updates" to end users, especially Microsoft. You must download them directly from their web servers or make arrangements to order a CD.

Microsoft Outlook and Outlook Express can made relatively "safe" to use by turning off a number of features:

1. Like Steve said, do not read messages in HTML. Go to the Tools menu, choose Options, select the "Read" tab and check the box "read all messages in plain text." While you have that dialog box open, check the "Security" tab. Make sure the box is checked that says "do not allow attachments to be saved or opened that could potentially be a virus."

2. Disable the Preview Pane. Go to the View menu, choose "Layout," and uncheck "Show Preview Pane." That will get rid of one of the biggest security liabilities in Outlook Express. No e-mail client should ever quickly preview e-mails as the download from a server.

These two steps alone will not make a computer secure, but they're a good start. Internet Explorer has some Java Virtual Machine options that should be disabled. It goes without saying anti-virus, firewalls and anti-spyware tools are a must.

I still use Outlook Express, but not very often. Most ISP's and web hosting operations have web-based e-mail systems that aren't quite the security liability as Outlook Express. I'll sort through e-mail there, and then if there's something I want to keep I'll download it into Outlook Express after all the other stuff has been deleted. Sure, the duplication of effort can be kind of a pain. But it is a small price to pay until the large ISPs finally wake up and start deleting harmful e-mails when the arrive on their servers.

Server side anti-viral efforts are really the only way to beat spam and malware. We're getting nowhere with it all being put off to the responsibility of end users. I really don't understand why large ISPs like SBC cannot run active anti-viral filters on their mail servers. They're having to deal with all kinds of lost bandwidth and money due to virus infected zombie computers barfing up millions of pieces of spam.

I know the argument against doing server side anti-viral filtering, "the ISPs cannot choose what content to delete." Content? I'm sorry but that is just bullshit. Absolute bullshit. Whose rights are getting infringed is a mail server deletes 100,000 pieces of mail infected with Nimda or MyDoom? If someone wants to mail someone copies of existing viruses or new proof of concept viruses for the sake of discussion, they can burn a damned CD and send it snail mail. Tough shit. We would see a lot of spam and malware disappear overnight if the big ISPs did the sensible thing.

But really I suspect companies like SBC and others are getting paid off by the likes of Symantec, McAfee, etc. If mail servers deleted viruses on their end, companies like Symantec would not sell as many copies of Norton Anti Virus.

| IP: Logged

Ron Yost
Master Film Handler

Posts: 344
From: Paso Robles, CA
Registered: Aug 2003

posted 07-05-2004 01:58 PM

Bobby,

XP Pro does, though being automatically notified of available security updates is probably a choice one makes during the registration process?? I don't remember. It's been quite a while. I upgraded from XP Home (which came installed on my machine) to XP Pro. Don't know if that has anything to do with it or not.

Edit:

It's not part of the registration process. It can be turned-on within XP .. Home or Pro. Here's the MS page telling how to do it:
Protect Your Computer, MS webpage

Ron Yost

| IP: Logged

Phil Hill
I love my cootie bug

Posts: 7595
From: Hollywood, CA USA
Registered: Mar 2000

posted 07-05-2004 02:15 PM

I have SBC and it does an excellent job of automatically deleting viruses and then notifying me via email of the offending email. It also sends me a "cleaned" copy with the details of the offender.

The automatic updates for XP is a user-selected option under the Control Panel/System/Automatic Updates tab.

>>> Phil

| IP: Logged

Adam Martin
I'm not even gonna point out the irony.

Posts: 3686
From: Dallas, TX
Registered: Nov 2000

posted 07-05-2004 04:35 PM

quote: Bobby Henderson
I really don't understand why large ISPs like SBC cannot run active anti-viral filters on their mail servers.

Because it would open up the ISP to countless lawsuits.

False-positives would have people claiming that the one deleted email was the crucial link in the success of their business (much like the sound going out while the single crucial line of dialogue in a movie is spoken).

And any malicious emails not caught by the software would bring lawsuits claiming that the ISP somehow guaranteed protection, even if it's the very first instance of a previously unknown virus.

It may be bullshit, but it's the unfortunate way of the world today.

| IP: Logged

Bobby Henderson
"Ask me about Trajan."

Posts: 10973
From: Lawton, OK, USA
Registered: Apr 2001

posted 07-05-2004 11:19 PM

With the amount of money ISPs like SBC and others would save by auto-deleting harmful files, I think it would be worth it to them to risk a few lawsuits. SBC likely loses a lot more money right now to lost bandwidth from spam and denial of service attacks than they would from a few lawsuits.

And regarding the legitimacy of a botched e-mail lawsuit, I've had e-mail get bounced before through various server glitches. Even then I don't think there is much fault to put off on a mail server. I'm not going to hire an attorney over it. I just send the note again, perhaps through a different account if I have to do so. If I have to send a graphics client some PDF files and it is important that he get the files by a certain time I will call to verify he received the files and was able to open them. Any other business should be able to do the same thing.

Also, if the ISPs would open themselves up to lawsuits for deleting e-mail that was "false positive" for virus infection then why aren't they being sued right now for this very thing happening in their spam filters? As subjective as spam filtering can be, it would seem the false positives would happen on a far greater basis.

When I check my personal e-mail account at SBC/Yahoo's web site, I have to check the "bulk" folder instead of just blindly emptying it since there are times where legit mail winds up there. I think if SBC can try to separate spam from legit mail they can certainly delete copies of known computer viruses when they come into the server.

Anti-viral tools detect viruses on a very specific basis. I think the amount of false positives would be very few at best. Like you said, Adam, it's probably bullshit. As competitive as the ISP business can be, it would seem like at least a few would tout their ability to stamp out malware instead of letting it pass freely in the wild.

quote: Phil Hill
I have SBC and it does an excellent job of automatically deleting viruses and then notifying me via email of the offending email.

Phil, I don't know which SBC mail server you access (SBC has several different locations), but the SBC Global servers in Dallas I access don't do squat for deleting malware. They may get some old outdated virii, but they don't block any of the newer ones. If I download my e-mail without proofing it first via the web, Norton Anti Virus will find lots of infected notes in the SBC account.

quote: Ron Yost
XP Pro does, though being automatically notified of available security updates is probably a choice one makes during the registration process??

With XP Home and Pro "activated" the OS will notify you about new updates that have become available. Still, you must go to Microsoft's web site and download via Windows Update. They'll never send such updates via e-mail.

| IP: Logged

Adam Martin
I'm not even gonna point out the irony.

Posts: 3686
From: Dallas, TX
Registered: Nov 2000

posted 07-06-2004 01:20 AM

quote: Bobby Henderson
When I check my personal e-mail account at SBC/Yahoo's web site, I have to check the "bulk" folder instead of just blindly emptying it since there are times where legit mail winds up there.

I see. Well, since you said "delete" and not "move to a suspect virus folder", that's how I based my comments.

| IP: Logged

Daryl C. W. O'Shea
Film God

Posts: 3977
From: Midland Ontario Canada (where Panavision & IMAX lenses come from)
Registered: Jun 2002

posted 07-06-2004 08:02 PM

We were sued for $250,000 for moving a corporate customer's email ATTACHMENT which contained a zip file containing legit files AND a virus to a web based filter folder WHILE still delivering a copy of the email with a HUGE notice on the top of it stating that the attachment had been removed, why it had been removed and how they could go about obtaining the removed file.

We eventually got it tossed because we were explicitly charging extra for the filtering service (only a dollar a month), meaning that the customer 'had to have' known that it was possible that we might do this. If we had have been providing the service for free we would certainly have lost. Of course this still cost us a [bs]

load of money to fight.

As for the "extra" bandwidth costs caused by virii. They are pretty much negligible compared to local loop costs, especially for larger ISPs with multiple peering arrangements.

In the event that the extra utilization is a problem, it's a matter of about 30 keystrokes by a netadmin to drop that data before it hits the network. Many ISPs won't even notice though, and others won't care (as long as they have adequate unused bandwidth capacity) since no serious ISP pays for data transferred, rather just a fixed cost based on the connection type.

| IP: Logged

All times are Central (GMT -6:00)

Printer-friendly view of this topic

The Film-Tech Forums are designed for various members related to the cinema industry to express their opinions, viewpoints and testimonials on various products, services and events based upon speculation, personal knowledge and factual information through use, therefore all views represented here allow no liability upon the publishers of this web site and the owners of said views assume no liability for any ill will resulting from these postings. The posts made here are for educational as well as entertainment purposes and as such anyone viewing this portion of the website must accept these views as statements of the author of that opinion and agrees to release the authors from any and all liability.