Re: PGP and Norton AntiVirus
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
"C.Schlehaus" <carlhermann.schlehaus@t-online.de> wrote in
news:de0tk8$hcq$00$1@news.t-online.com:
[color=blue]
> Hi,
> now that I'm aware of the different behaviour of PGP 9.0 (thanks
> to all responding to my last post), I get annoying errors from
> Norton Antivirus 2005. It states that Norton (with automatic email
> check activated) had encountered an encrypted mail service, which
> is not supported by Norton (I think this is PGP's email proxy).
> While the support states you can get rid of this by "ignore this",
> the referenced checkbox is not available...
> The only solution is to disable automatic email checking, now I'm
> not sure whether this is a serious impact regarding Viruses sent by
> mails no longer detected or not...[/color]
If you do real time scanning of all accessed files (which I firmly believe
is what should be done), you lose nothing by not scanning email (which I
see as unnecessary redundancy).
-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.2 (Build 2424)
Comment: PGP FAQ: [url]http://www.mccune.cc/PGP.htm[/url]
iQEVAwUBQwRsSWDeI9apM77TAQJCSwf+KLz1tLUhqyLmfCKHpm9V/2sM7dnCe6zq
64M2xKgnRg0XX68GeOvQDdYSge3SgHDPy8PzUoIEUVxE2D8rXsYF09FYB5PeH15w
kyeW0MQWCJIk6b3334frwL9gd15/W0++v26Mlx1ZAvSsGABIfUpLMwnirSvXWssm
Vcae0iT+MoJdNn2f9auiU5Wjltd+M1AAcTkCQ0v03v80FLcv4MzRfEffV724HfKq
J3xuffw0lTl+jPp4zWWTr9UYv/J3DsDGmYFHXSX3tvyCi1VXXkflC9Mg6t8wrHM7
WmUeeJZXkuF+RSA6+sBUGLEDsg/Dd+bM4GObAAH66m55n7ADCMBENw==
=nW5w
-----END PGP SIGNATURE-----
Re: PGP and Norton AntiVirus
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[color=blue]
> (which I see as unnecessary redundancy)[/color]
Actually, I see it worse than redundancy. When doing email scanning, I
think way too many people start thinking that when the email scanning
reports a virus, that they received a virus (which is probably correct).
But after awhile, they start thinking that if the email software does not
report a virus, that they didn't receive a virus (which is a very risky
assumption). After awhile, the less sophisticated user is likely to
conclude that since they didn't receive a virus (the email scanning didn't
detect and report any), that is okay to open this unexpected attachment,
thus contracting this new virus that is not yet in the virus definitions.
-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.2 (Build 2424)
Comment: PGP FAQ: [url]http://www.mccune.cc/PGP.htm[/url]
iQEVAwUBQwRvC2DeI9apM77TAQJBkgf+MdOdxMNtvXHDX9S69WGStn4C+acK+uEU
Bie4ej7yDCpKZySj31vp2rWBjobrQG27eqH9VsPhY8KU7nhLRDs4yq6w9QcDx5hh
xsNdrA2eRH4JwjDWOmsvhzCEFVO/Kf2GzLvLPX6BKWrp4tWWM8AHeiSuslB0ApCR
90zFWLTfuhnlEXx66nvjjitdOUqgTrq9TGbr3Sa+h8aVLvukD6bC+YQZztfCQ39l
q8YeaZd3ASUB4gIe6Aeu0r7pUwEofvNSAGTq2FDC9zyHHHa5VgkKkv6ZXZ7jCcbN
uq4MuSuLfROKYqYkIbvbSYoinLCP2aiz+A2ZTkkOHccMphHarm4VLQ==
=9oqx
-----END PGP SIGNATURE-----
Re: PGP and Norton AntiVirus
Tom McCune wrote:[color=blue]
>[color=green][color=darkred]
>>>(which I see as unnecessary redundancy)[/color][/color]
>
>
> Actually, I see it worse than redundancy. When doing email scanning, I
> think way too many people start thinking that when the email scanning
> reports a virus, that they received a virus (which is probably correct).
> But after awhile, they start thinking that if the email software does not
> report a virus, that they didn't receive a virus (which is a very risky
> assumption). After awhile, the less sophisticated user is likely to
> conclude that since they didn't receive a virus (the email scanning didn't
> detect and report any), that is okay to open this unexpected attachment,
> thus contracting this new virus that is not yet in the virus definitions.
>[/color]
Unless it's a good program and uses heuristics, and then it probably
will trap even a new virus. If they don't scan the e-mail they're going
to open the attachment anyway, so any e-mail scanning is better than
none, and good e-mail scanning is a major safety factor.
Regards,
Bob
---
avast! Antivirus: Inbound message clean.
Virus Database (VPS): 0533-3, 17/08/2005
Tested on: 18/08/2005 12:25:37
avast! - copyright (c) 2000-2004 ALWIL Software.
[url]http://www.avast.com[/url]
--
Remove "x" from address to reply by email
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (MingW32)
Comment: Using GnuPG with Thunderbird - [url]http://enigmail.mozdev.org[/url]
iD8DBQFDBHF+/yGczvugYoIRAuRIAJ94xR2WtQSPMVO6V3UfahqqPLxUVACfYzl3
1jhzMgXe/tQ2lvQ13Y7ZMTA=
=vxat
-----END PGP SIGNATURE-----
Re: PGP and Norton AntiVirus
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Bob Henson <news@galenx.org.uk> wrote in
news:de1rht$akp$1@bananasplit.info:
[color=blue]
> Unless it's a good program and uses heuristics, and then it probably
> will trap even a new virus. If they don't scan the e-mail they're going
> to open the attachment anyway, so any e-mail scanning is better than
> none, and good e-mail scanning is a major safety factor.[/color]
You have a lot more faith in heuristics than I do. I've never heard of a
single case in which it actually caught a new virus.
When I first heard the idea of email scanning being more likely to produce
a virus infection, I thought it was a pretty crazy idea. However, it is
obvious that after giving it a lot of thought, I now see it otherwise. In
my experience, it is pretty easy to teach others to never open an
unexpected email attachment. I admit that it is annoying for my wife to
call me to her computer when she receives attachments, but that is proof to
me that anyone can learn to fear attachments. :-)
And, of course, real time scanning will protect against any attachment with
a virus, if the email scanning would have found it.
-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.2 (Build 2424)
Comment: PGP FAQ: [url]http://www.mccune.cc/PGP.htm[/url]
iQEVAwUBQwUa82DeI9apM77TAQLTQQf/ZH7VWpocXlSU+L/rrrRV5eQ+LbPFU4TH
y/zXP2KYXp4UICOsXIwZjeOSqQiYisRc5SPpKY8dqpv2reTWTIATAx1N3RMTyjgi
xjmRv+ffSgI3i0AkkEOrfvPixY20KtbeZAzaPzIaDgXQ3Q8bXzNUsppy3o9jtrN8
vwhqj/dYuF5aIkG3GdBKFyRSVILmquZXOsZFvQJisEBV6SotZn/zAU+pviQqDYvE
hcaTkLGzeOVRlhg6JqNNJiEPPhq25PoF/+Zx5ffM/WlwCsE0zuGs/fWc6JI8mwNj
cRfvH2ZqK07YCRDc4aDsHjFNDqncLYTPem5A7dNLY8JtBzWcR9cVWg==
=w8KJ
-----END PGP SIGNATURE-----
Re: PGP and Norton AntiVirus
Tom McCune <news1@DELETE_THISmccune.cc> wrote:
[color=blue]
> You have a lot more faith in heuristics than I do. I've never heard of a
> single case in which it actually caught a new virus.[/color]
So I have to tell you that F-Prot-Win did it on my PC in at least one
case. In the morning I received an email with an attachment which F-Prot
classified as "probably a virus". Although normally I erase all suspect
files, I let it stay on my PC just being curious whether it would be
identified later. After they issued new virus definition data in the
afternoon, the suspect file was classified as a virus.
--
email me: change "nospam" to "w.hennings"
Wilfried Hennings c./o.
Forschungszentrum (Research Center) Juelich GmbH, MUT
<http://www.fz-juelich.de/mut/index.php?index=3>
All opinions mentioned are strictly my own, not my employer's.
Re: PGP and Norton AntiVirus
Tom McCune wrote:[color=blue]
> Bob Henson <news@galenx.org.uk> wrote in
> news:de1rht$akp$1@bananasplit.info:
>
>[color=green][color=darkred]
>>>Unless it's a good program and uses heuristics, and then it probably
>>>will trap even a new virus. If they don't scan the e-mail they're going
>>>to open the attachment anyway, so any e-mail scanning is better than
>>>none, and good e-mail scanning is a major safety factor.[/color][/color]
>
>
> You have a lot more faith in heuristics than I do. I've never heard of a
> single case in which it actually caught a new virus.
>
> When I first heard the idea of email scanning being more likely to produce
> a virus infection, I thought it was a pretty crazy idea. However, it is
> obvious that after giving it a lot of thought, I now see it otherwise. In
> my experience, it is pretty easy to teach others to never open an
> unexpected email attachment. I admit that it is annoying for my wife to
> call me to her computer when she receives attachments, but that is proof to
> me that anyone can learn to fear attachments. :-)
>
> And, of course, real time scanning will protect against any attachment with
> a virus, if the email scanning would have found it.[/color]
The latter point is valid on systems that use real time scanning, but
many systems in industry don't (mind you, they don't necessarily use
e-mail scanning either), but rely on central servers picking out the
problems before they reach the end users - perhaps largely because real
time scanning would slow the terminals down so much. It doesn't work - I
know of two big industrials brought to a standstill recently when the
central checking failed. My other half doesn't have your faith in the
learning ability of other users - she works in a large call centre, and
she tells her colleagues over and over again not to open attachments,
and over and over again they open them anyway. I think the main problem
is the irrationally compulsive curiosity that people have - they are
psychologically incapable of leaving an attachment unexamined and
hitting the delete key.
Anyway, we're a long way from PGP now, so I'll shut up on virus checking
- but I'm sure we can agree on the fact that *any* effective virus
scanning is better than none. Actually, continuing with commercial
users, and to bring the topic back to PGP, using PGP/Mime (and even
S/Mime sometimes) tends to throw them altogether. If the message
actually get past the security checking undeleted, the staff have not
got the faintest idea what the attachments that they see actually are,
and if they follow their instructions and delete messages with
attachments, PGP/Mime is more than self defeating. If they use Outlook
Express (and they often do, of course), they can't read the messages
anyway. It's such a shame that there is so little general acceptance of
a system which could do so much to help stop virus and spam transmission.
Regards,
Bob
--
Remove "x" from address to reply by email
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (MingW32)
Comment: Using GnuPG with Thunderbird - [url]http://enigmail.mozdev.org[/url]
iD8DBQFDBYzV/yGczvugYoIRAvnUAJ93qN0W7WAG2PJu8VcYev1P8biBHwCfXGdL
asXfcg5/F3vf8D+B1nevs6E=
=afdm
-----END PGP SIGNATURE-----
Re: PGP and Norton AntiVirus
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Wilfried Hennings <nospam@fz-juelich.de> wrote in
news:402bg1pim5hjokqa56ubdig27njjv7hr6m@4ax.com:
[color=blue][color=green]
>> You have a lot more faith in heuristics than I do. I've never heard of
>> a single case in which it actually caught a new virus.[/color]
>
> So I have to tell you that F-Prot-Win did it on my PC in at least one
> case. In the morning I received an email with an attachment which F-Prot
> classified as "probably a virus". Although normally I erase all suspect
> files, I let it stay on my PC just being curious whether it would be
> identified later. After they issued new virus definition data in the
> afternoon, the suspect file was classified as a virus.[/color]
That's good to hear, and I'm not really surprised that sometimes it does
work. I do use activate heuristics "just in case." - I just don't expect
much from it.
-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.2 (Build 2424)
Comment: PGP FAQ: [url]http://www.mccune.cc/PGP.htm[/url]
iQEVAwUBQwW/ZmDeI9apM77TAQLl+Qf+Me44b/tQGnErvDixyqKC81438h0vMrfh
tWKCo32VshFaHDHJi8ewOEwBt9gOr+nHDZ1hKSEO26ZBqgcaVO2KRc+d4lVD1IO/
T7+R+E2/XtLn63GGk5rS280S3+TszUsPT5I4oR1cTpfWD+RyTvS7mGWWMvHmKqbx
1oAVwdbP0cJypWxiPpWGBwzdhPNKgwYq9Uxq18+7njKc9BZhL+DflkBo64mkm8Im
27Pamt7367i8qocHym+oFheheQAAZIScGeVNw2WX+N0wxNZZRW9ZPMNRdRmlhEwg
lJ2T/8abGS6JLcgKmm4PFhAACgEGGl9ZRWGHSCY7LOeFLiOE211PiA==
=CaYV
-----END PGP SIGNATURE-----
Re: PGP and Norton AntiVirus
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Bob Henson <news@galenx.org.uk> wrote in
news:de42ch$rjm$1@bananasplit.info:
<snip>[color=blue]
> The latter point is valid on systems that use real time scanning, but
> many systems in industry don't (mind you, they don't necessarily use
> e-mail scanning either), but rely on central servers picking out the
> problems before they reach the end users - perhaps largely because real
> time scanning would slow the terminals down so much. It doesn't work - I
> know of two big industrials brought to a standstill recently when the
> central checking failed. My other half doesn't have your faith in the
> learning ability of other users - she works in a large call centre, and
> she tells her colleagues over and over again not to open attachments,
> and over and over again they open them anyway.[/color]
<snip>
Hi Bob,
I would absolutely agree with you that email scanning is much better than
no scanning at all. After all, the greatest virus risk does come from
email, and either email scanning or real time scanning will find it if the
virus defintions cover that particular virus.
I do also agree that many people will just do what they want regardless of
knowing better. Actually, the only virus I ever contracted, years ago, was
for that very same reason. However, regardless of using email scanning,
real time scanning, or both, it doesn't matter in the end result. But, I
do think email scanning may lead to a false sense of security, and
therefore actually increase such risk taking.
BTW, even my employer, the State of New York, has real time scanning on all
employee assigned PCs (at least at my facility).
-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.2 (Build 2424)
Comment: PGP FAQ: [url]http://www.mccune.cc/PGP.htm[/url]
iQEVAwUBQwXBhWDeI9apM77TAQIH3QgAiIL7t/spt5zDFOKFte469J96DXdDg0s1
Py6dt0JgYojIy7c2TCtw/Jse4FgbwlZWIGyGiV6mEX8wpxDK4q0g2vaAxDCt2yc0
T7ITqy9n/kCXhJVBFW2AAntjiBg4u3+KHlYY3SP8GBcpUX1EdcCr3R7JH9a+KuX0
QFkpMKfvtkN3oOfqW4hDmWAGglOiptuq+U2e7irwqNuMFEU2ThKsRQMtVPgCipiw
GYe/W4cwtQFBgYPGfYbGrUNAUVrsBI4oMRZOlB6dVjjqs2imjqAU97VzoN8M7zvO
Tli3Mjl2Rbw6NhzIQdVjhux8h7oPrl35mwpKDIhkPQptVGYul0HcfQ==
=JzVX
-----END PGP SIGNATURE-----
Re: PGP and Norton AntiVirus
On Fri, 19 Aug 2005 11:24:57 GMT, Tom McCune
<news1@DELETE_THISmccune.cc> wrote:
<snip.[color=blue]
> After all, the greatest virus risk does come from
>email, and either email scanning or real time scanning will find it if the
>virus defintions cover that particular virus.[/color]
<snip>
In the alt.comp.virus group there is a thread on the fact that
antivirus programs cannot be fully relied on. Some of the regulars
don't use any real time scanning, but use on-demand scanning.
The thread is: pif files strange behaviour , and refers to the
problem caused by Windows hiding the extensions.
Geo
Re: PGP and Norton AntiVirus
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Virus scanning on e-mails is just a waste of CPU Cycles and I/O time.
If an attachment has a virus, guess what, it's going to get scanned when
you open/save it.
Just disable it
Matt Westfall
Owner / Operator
FiftyPounds Internet
[url]http://www.fiftypounds.com[/url]
This message is digitally signed with Pretty Good Privacy (PGP)
Info: [url]http://en.wikipedia.org/wiki/Pretty_Good_Privacy[/url]
C.Schlehaus wrote:[color=blue]
> Hi,
> now that I'm aware of the different behaviour of PGP 9.0 (thanks
> to all responding to my last post), I get annoying errors from
> Norton Antivirus 2005. It states that Norton (with automatic email
> check activated) had encountered an encrypted mail service, which
> is not supported by Norton (I think this is PGP's email proxy).
> While the support states you can get rid of this by "ignore this",
> the referenced checkbox is not available...
> The only solution is to disable automatic email checking, now I'm
> not sure whether this is a serious impact regarding Viruses sent by
> mails no longer detected or not...
>
> Thanks again,
> Carlhermann
>
>[/color]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (MingW32)
iD8DBQFESMxOb/8X6V5MpAURAr2bAJ9ESlxOaJyAPU+MbC8h+PMS5csQHgCghvx0
IjQ2o2dvMi46bmVO/0zI3Rk=
=o6rF
-----END PGP SIGNATURE-----
