MozillaZine

email virus scanning unnecessary and dangerous

Discussion of general topics about Mozilla Thunderbird
American Finn
 
Posts: 555
Joined: September 25th, 2003, 2:16 am

Post Posted May 23rd, 2004, 12:59 am

Why pay for something that's known to cause problems like slowing down the puter and making things disappear such as Norton?! Just use AVG Free and make sure it's *not* set up to check email, which some people have been clamoring for.

It's an old, well-known fact that scanning email causes problems (e.g. continual threads about destroyed inboxes) and provides no benefits. All you want is an antivirus program that stops you or anyone or anything else from *opening*, i.e. *executing*, an unknown, dangerous attachment (which anyone sane shouldn't try to do anyhow). Dowloading messages with attached viruses does not in any way endanger your computer more than trying to zap them on the way, on the contrary.

If you get your first letter from someone you've fallen in love with and whose computer is infected and therefore attaches a virus to the email, do you want to never know about it? Do you want to have the letter destroyed, or would you rather read the letter and then call him/her up to suggest dropping by for a computer cleanup and a nice long chat?!
Last edited by American Finn on May 25th, 2004, 6:27 am, edited 1 time in total.

Dunderklumpen
 
Posts: 16224
Joined: March 9th, 2003, 8:12 am

Post Posted May 23rd, 2004, 1:13 am

American Finn wrote:It's an old, well-known fact that scanning email causes problems (e.g. continual threads about destroyed inboxes) and provides no benefits. All you want is an antivirus program that stops you or anyone or anything else from *opening*, i.e. *executing*, an unknown, dangerous attachment (which anyone sane shouldn't try to do anyhow). Dowloading messages with attached viruses does not in any way endanger your computer more than trying to zap them on the way, on the contrary.


Says who? You?

I have been using antivirus software for years - with several e-mail clients including Thunderbird and Mozilla and never had this type of problem. I just intentionally downloaded an infected e-mail today to see what happens. The attachment got deleted - other than than that - nothing.

American Finn
 
Posts: 555
Joined: September 25th, 2003, 2:16 am

Post Posted May 23rd, 2004, 1:19 am

see http://forums.mozillazine.org/viewtopic ... 494#541494 and many others

I'll soon post the address of some reputable tech guru sites where i saw the injunction against active scanning during downloading.

Dunderklumpen
 
Posts: 16224
Joined: March 9th, 2003, 8:12 am

Post Posted May 23rd, 2004, 1:33 am

I know people have had some problems, sure. The problem is that NetScape and Mozilla stores incoming mail in one file - but you are assuming that everyone is using Mozilla Mail or Thunderbird wich is not the case.

There are virus/trojans and dangerous software out there that can infect you just by being downloaded (if you have not updated your system) - in e-mail. We have seen that more than once. Not scanning incoming mail would/could get you infected in such cases.

Keeping a system clean involves scanning incoming and outgoing files. In my mind at least. Scanning any executed files is the second best if you prefer that method. So I am not saying that you are completely wrong. Just that I would not recommend it.

And if you excuse me - a link to some tech guru will not change my mind. I have been working in this field too long. :-)

American Finn
 
Posts: 555
Joined: September 25th, 2003, 2:16 am

Post Posted May 23rd, 2004, 1:52 am

You forget about the thousands using Outlook Express who have also had this problem. That's how i first heard about it being better to only scan after downloading or at the latest when trying to execute. The main problem is of course design flaws in Norton, the main cause of disapearing and corrupted inboxes in OE.

Why wouldn't an up-to-date AV stop a trojan attachment from being executed automatically after download, asks the non-guru (-:

And since you're a guru, i'd think you'd enjoy getting my link, once i dig up my old OE info, so you can have a nice duel (-:

Dunderklumpen
 
Posts: 16224
Joined: March 9th, 2003, 8:12 am

Post Posted May 23rd, 2004, 1:55 am

American Finn wrote:You forget about the thousands using Outlook Express who have also had this problem. That's how i first heard about it being better to only scan after downloading or at the latest when trying to execute. The main problem is of course design flaws in Norton, the main cause of disapearing and corrupted inboxes in OE.


Never seen it happen - not once.

American Finn wrote:Why wouldn't an up-to-date AV stop a trojan attachment from being executed automatically after download, asks the non-guru (-:


It will not be downloaded since it will never be allowed to be stored in the system.

American Finn wrote:And since you're a guru, i'd think you'd enjoy getting my link, once i dig up my old OE info, so you can have a nice duel (-:


I never claimed to be a guru - I just said that I have been working in the field for quite some time.

American Finn
 
Posts: 555
Joined: September 25th, 2003, 2:16 am

Post Posted May 23rd, 2004, 3:08 am

Well, even if you were a guru you'd have difficulty claiming the makers of Norton, the program most famous for causing this and other serious problems, were wrong in saying the same as i did:

"Disabling email protection does not leave you vulnerable to viruses and malicious software in email. It is a separate layer of protection in addition to Auto-Protect. Auto-Protect scans any incoming files, including email, as they are saved to your hard drive. As long as you keep your virus definitions up to date with LiveUpdate, and keep Auto-Protect enabled and set to scan files as they are created or downloaded, your system is fully protected."
http://www.mcse.ms/message616024.html

So i guess you're wrong about what you were saying abou trojans too, as far as i understand the Norton quote.

And it's a well-documented and very common OE problem, even if you've never heard of it.

And if you want to do some dueling, a "turn off email scanning" Google search should keep you busy for quite a while (-:

Here are some tidbits i found for you:

http://www.tek-tips.com/gviewthread.cfm ... qid/815393
Steve Cochran noted: "Norton's email scanning is known to interfere with OE's operations. You have to turn off email scanning in Norton. Its not necessary and is redundant, as there is already sufficient protection. If you open something that has a virus in it, Norton will intervene whether or not you have email scanning enabled or not. So turn off email scanning."

http://www.mcse.ms/message557180.html
Antivirus software invades the Outlook Express program to try and intercept (incoming and, in some cases, outgoing) messages that might contain virus.

The problem with this approach is that the antivirus software can trigger the destruction of an entire message folder or the entire message store, when it attempts to remove a message containing a potential virus.

To prevent the possibility of such destruction occuring, turn off email scanning in your antivirus software. You will still be protected against infection. If you attempt to open a message attachment containing a potential virus, then your antivirus software will recognize that your are attempting to infect your system, and will block you from doing so. The best practice on the user's part is to save an attachment to disk and then scan it with the antivirus software prior to opening it. Messages opened themselves (if you have the latest security updates from Windows Update) will not infect your system -- only attachments.

You do not need additional email scanning on top of your system being continuosly scanned by antivirus software, so turn off email scanning to prevent destruction of your message store.

From a post by Frank Saunders:

From=20
http://service1.symantec.com/SUPPOR..86852567ac0063=
608c/65434372961d321d8825687f000003f8?OpenDocument&src=3Dtr&Highlight=3D0=
,email,protection

Disabling email protection does not leave you vulnerable to viruses and malicious software in email. It is a separate layer of protection in addition to Auto-Protect. Auto-Protect scans any incoming files, including email, as they are saved to your hard drive. As long as you keep your virus definitions up to date with LiveUpdate, and keep Auto-Protect enabled and set to scan files as they are created or downloaded, your system is fully protected.

http://www.adminlife.com/247reference/m ... 23470.aspx

http://www.fjsmjs.com/OE/blnkmess.htm
contains some help for erased OE folders that was new to me.

http://www.uninets.net/~blaisdel/IE_7.html#OEProblems

But
http://www.scotsnewsletter.com/17.htm
shows that even gurus can be wrong, so don't take this long proof that you're wrong personally (-:

Dunderklumpen
 
Posts: 16224
Joined: March 9th, 2003, 8:12 am

Post Posted May 23rd, 2004, 3:15 am

Ok, I am wrong and you win.

End of Line.

jem7

User avatar
 
Posts: 98
Joined: September 22nd, 2003, 6:44 am

Post Posted May 23rd, 2004, 12:26 pm

American Finn wrote:Why pay for something that's known to cause problems like slowing down the puter and making things disappear such as Norton?! Just use AVG Free and make sure it's *not* set up to check email, which some clueless people have been clamoring for.

It's an old, well-known fact that scanning email causes problems (e.g. continual threads about destroyed inboxes) and provides no benefits. All you want is an antivirus program that stops you or anyone or anything else from *opening*, i.e. *executing*, an unknown, dangerous attachment (which anyone sane shouldn't try to do anyhow). Dowloading messages with attached viruses does not in any way endanger your computer more than trying to zap them on the way, on the contrary.

If you get your first letter from someone you've fallen in love with and whose computer is infected and therefore attaches a virus to the email, do you want to never know about it? Do you want to have the letter destroyed, or would you rather read the letter and then call him/her up to suggest dropping by for a computer cleanup and a nice long chat?!


Not agree.

American Finn
 
Posts: 555
Joined: September 25th, 2003, 2:16 am

Post Posted May 23rd, 2004, 12:51 pm

That's a pretty ridiculous answer. If you don't agree, you should say why.

In any case, it looks like you didn't even bother to read the whole discussion before replying. I stated that i'm not a guru and quoted several gurus to back up my opinion. You should not be quoting my original statement (even though it's factually correct), but quoting a *specific* part of a guru's statement and *specifically* explaining why you think that claim is wrong.

jem7

User avatar
 
Posts: 98
Joined: September 22nd, 2003, 6:44 am

Post Posted May 23rd, 2004, 12:56 pm

Because not.

jem7

User avatar
 
Posts: 98
Joined: September 22nd, 2003, 6:44 am

Post Posted May 23rd, 2004, 12:57 pm

And not.

Michael Vondung

User avatar
 
Posts: 27
Joined: September 2nd, 2003, 7:46 am

Post Posted May 24th, 2004, 3:59 am

There is another aspect that might make it dangerous: A virus scanner can never offer flawless and guaranteed protection. There's always a risk, but not everyone is aware of it (if a scanner doesn't know a virus, it will not find it). The downside is that this may "trick" people into believing that they are well protected, with the result that they drop all other precautions, such as not opening suspicious file attachments.

I do not open any executables sent to me, not even if they are from people that I have known for years. I do have Avast running, and it does check everything that's incoming, but I don't have the illusion that I can switch off my brain and "trust the computer". Everyone who has played Paranoia years ago knows that trusting the computer can have rather fatal results. ;)

Anyway, I do not believe that there is a huge technical danger in running a virus scanner that checks email, but the question is how useful or necessary it is. I'd not pay for commercial virus scanners (used to, but Norton lost me as a customer when they added the product activation nonsense), but AVG and Avast (the latter works with Thunderbird) are great alternatives for no money. I'd really be happy if someone came up with an open source virus scanner for the Windows platform, but nothing that is properly maintained seems to exist. This would be such a popular project, if someone put in the work and had the resources.

American Finn
 
Posts: 555
Joined: September 25th, 2003, 2:16 am

Post Posted May 24th, 2004, 5:23 am

If http://vmyths.com/rant.cfm?id=242&page=4 is all true, it should be possible to make an almost flawless virusscanner, and using technology that was around a long time ago already! (It was 8 years old when the article was written in 1999.) There even seems to be one available, Integrity Master, that i will check out and even pay for, if it's really better than AVG. (Found it, but haven't checked it out yet. Incredible reviews: http://www.stiller.com/imreview.htm )

If TB were combined with such a profile-based virus detector that uses more than the typical emaciated "heuristics" offered by virus scanners today (and that therefore doesn't require daily or nowadays hourly updates!), *everyone* would switch to TB!
Last edited by American Finn on May 24th, 2004, 8:43 pm, edited 1 time in total.

Mitch Gant

User avatar
 
Posts: 282
Joined: February 9th, 2004, 9:33 pm

Post Posted May 24th, 2004, 10:07 am

I always turn email scanning off - the rare times 5% of the time that I receive an attachment, I simply anti-virus scan before opening - no reason to have all of my email scanned the other 95% of the time.

Return to Thunderbird General


Who is online

Users browsing this forum: No registered users and 0 guests