Security News > 2004 > February > Re: .zip files putting the zap on antivirus products

Re: .zip files putting the zap on antivirus products
2004-02-13 14:19

Forwarded from: KUIJPERS Jimmy *.zip posses no real danger in my opinion. Winzip or similiar software was installed on many end user systems anyway. Embeding this functionality with Windows XP doesn't really increase the risk of virusses spreading at all. There are virusscanners that automaticly scan e-mails attachment, including the contents of zip files. One could also opt to have e-mails with a .zip extention quarantined so that the exchange admin can look at it and then foward it to the addressed person if he considers it safe. (An admin is much more resistant to social engineering as the average. (ofcourse this does not address the needs of home users) Zip files aren't self executing when viewed in the previeuw pane as *.scr and *.exe can be made to be. The suggestion that some people are starting to make, to block .zip attachments from outlook e-mail all together by adding it to outlook's hostile file list sound ridiculous to me. Think of all the practical applications that become impossible. Also I don't think that zipping a virus will make it spread that much faster simply because a few bytes of bandwith are saved. Any e-mail send is an e-mail send, fine, it's send 0.004246746 miliseconds faster then it would have been if it's send unzipped. What does it really matter in this age we're almost every internet user has a high speed connection and the virus itself is so small it doesn't really matter at all. Yes, even if you consider the fact that it might save this small increment of time every time a user opens. The bottle neck of the spread isn't so much bandwith, since this is plenty full, but rather the time the virus has to wait before the user decides to open the e-mails. What does it matter if the virus is there 0.004246746 sooner or even 5 seconds (oohh gosh!) if the user decides to open his/her e-mail once every 5 minutes or perhaps even less! In the end it all comes down to the question on how we reach this target group of users that remain ignorent and blindly open attachments from unknown people. In my opinion the ISP's nor the goverment can be held responsible for this, we, the security community itself. Should find a way to educate even those users that seem not to be awakened even when virus alerts reach the 11 o'clock news. So that's just my 2 cents of ranting on this subject... thanks for listening Cheers, Jimmy InfoSec News wrote:


News URL

http://www.computerworld.com/securitytopics/security/story/0,10801,89897,00.html