* Brett Randall <[EMAIL PROTECTED]> writes:
> From: Noel Mistula [mailto:[EMAIL PROTECTED]]
>> From: Brett Randall <[EMAIL PROTECTED]>
>>> From: Brett Randall [mailto:[EMAIL PROTECTED]]
Dear Brett and Randall,
your way of quoting *may* be convenient for you. It is, however, annoying
for probably everyone else (particularly people not reading your "threads"
in a row. It also adds a *massive* amount of unnecessary overhead. May I
suggest your grabbing a copy - really, just about any - of the netiquette
and fixing your mail toys?
>>>> Our organisation has an NT (sorry :> ) box which acts as the
>>>> primary MX server for our domain. All mail goes to it and gets
>>>> scanned via the (brilliant, automatic, no-maintenance) Norton
>>>> Antivirus Enterprise software
So you are basically advocating running a piece of exremely expensive
software with a mixed track record of functionality, running on an
unstable, expensive and insecure operating system for production
services?
>>>> (worth a little money but what is your company's data worth to
>>>> you?).
My company is worth enough to me not to trust closed-source, proprietary
software from a foreign country. Particularly since I've seen NT send
encrypted emails to a firewall in the MS network after installation. Thank
you very much.
>>>> It then just relays it on to the internal mail machine (via an MX
>>>> lookup in the internal DNS for the same domain as the e-mail was
>>>> sent to). We route several domains through the one server, and it
>>>> works like a dream!
Can you - in simple terms so a mere user like me can understand -
explain to me what the advantage of this setup is over, say, RedHat
Linux with Trend Micro's VirusWall (if you think you absolutely must
rely on software you bought instead of the vast array of free software
offering the same functionality but having the advantage of being open
sourced)?
>>> But then again, scripts kiddies are "Always" one step ahead compared
>>> to the dat files of your beautiful Norton Enterprise Antivirus.
>> Sorry, forgot to add that we use Norton Antivirus as a 'plug-in' for the
>> Lotus Notes e-mail server on our internet-viewable SMTP machine.
So, you're not only running an unstable OS but also an extremely
flaky, bug-ridden MTA, and you actually have this setup connected to
the internet. May I ask what your company is worth *to you*?
>> This of course adds the possibility of much more functionality, which
>> we use as if it was sand on the beach in summer, but that's up to
>> your organisation's needs :>
It's more up to one's TCO calculations, isn't it? So, you're not only
running an unstable OS but also an extremely flaky, bug-ridden MTA, have
this setup connected to the internet, but also throw in more money to
buy unneeded functionality that is likely to introduce more bugs. Can
you explain your rationale, please?
> True, and I shouldn't have recommended Norton Enterprise without the
> use of some other filtering software to hold back the yucky vbs, sh,
> ... files,
Wow, we're finally back on topic... *sigh* I'd like to thank Noel
G. Mistula again for his little script. Works. What was the advantage of
running an expensive peace of feature-ridden software from a dubious
source again?
> but even then our organisation (and how many others?) deals with
> corporations from all over the world who do various bits of work for
> us - art, programming, web site design...
You seem not to have grasped the concept of "service" yet. It goes like
this: "you want my money? Here's a list of files we don't accept for
security reasons. Basically everything that says Microsoft is, like,
no-no. Got it? No? Here's our public security policy describing the
conversion of your files to safe formats. Use it or learn to fear me."
> I guess corporate policy and training is the best solution
It can be. If you add a little spice. Like "in violating our securiy
policy, you're jeopardizing your colleagues' work and the reputation of
the entire company and therefore make yourself subject to immediate
sacking". I've seen this policy at work (first in an Ohio non-profit
organization of all places) and it, well, works. /Telling/ people that
everything Windows is Hiroshima waiting to happen to their company is
not enough - you need to create a personal interest in these matters.
It took a blatant display of arrogance and a lot of security "hype" but
that's how I prevented NT/MS-Exchange to happen on our mailserver. I'm now
running OpenBSD http://www.openbsd.org/ and qmail - everyone's *extremely*
pleased with the result. qmail and DJB's other software as well as the
software submitted by various people are simply excellent. I'd like to
take the opportunity to express my heartfelt gratefulness for providing a
stable, secure and [...] mail environment.
> but a combo of good anti-virus software and good filtering software
I've said it once and I'll say it again: anti-virus software is snake
oil. Under certain circumstances, it will buy you exactly nothing. Had I
sent you ILOVEYOU the moment I got it, you would have been fucked. Real
bad. Maybe your filter would have caught it, but who knows?
> (perhaps something to alert sysadmin with it the script attached so it
> can be verified and either permanently banned or passed through?)
> would do most people fairly well...
Would I care if I received some MS VBS trash? I don't think so. What's the
use in learning to work around inherent braindeadness in an "Operating
System" (and its extensions) that is doomed to disappear within the next
years, anyway?
P.S.
http://www.pcworld.com/pcwtoday/article/0,1510,17880+1+1,00.html
P.P.S.
http://www.members.tripod.com/~KB0DSW/Internetsecurity.html
--
Robin S. Socha <http://socha.net/>
begin LOVE-LETTER-FOR-YOU.txt.vbs
Hello. I'm a virus. Please delete some files and pass me on. Thank you.
End
