Archive of UserLand's first discussion group, started October 5, 1998.

Re: Virus solution(s)

Author:David Valentine
Posted:5/4/2000; 10:22:46 AM
Topic:Virus from Manila
Msg #:16938 (In response to 16936)
Prev/Next:16937 / 16939

All attachements is a good policy, but attachements are how people who do not know how to use ftp, or use a web site send information around. I've responded to several times on boards to people saying I can't send an attachement, only to discover they were trying to fling around 2 megabyte files via email.

The real problem is to disable VB scripting in Internet programs. But the only way to do it is to disable all "active" scripting, and not just VB active scripting. we'll maybe disabling javascript and vbscript is not such a bad idea.

Question for people, can vbscript be put in the html block of email, and run without requiring a click?

Below is culled from slashdot.

Actually, you can follow good attachment policy and still get screwed by worms in MS Outlook.

(I'm not sure if ILOVEYOU requires that you click on anything - you might just need to open the message as with other Outllook worms.)

The real solution is to Disable Active Scripting in the "Internet" Zone on your machine. This will eliminate JavaScript and VBScript execution in your mail messages. Go ahead and turn off ActiveX while you are at it. (One shop I know of is doing this in a large IE5 rollout specifically because of Outlook's horrid HTML mail handling.)

The downside to this is that you won't get script and ActiveX on public web pages (without manually adding the site to a 'trusted'list), but in reality that isn't a huge loss because these viruses could spread through web pages just as easily as through mail messages.

There are responses to this message:

This page was archived on 6/13/2001; 4:55:03 PM.

© Copyright 1998-2001 UserLand Software, Inc.