d_l
Barsoom
Premium,MVM
join:2002-12-08
Reno, NV
| reply to koma3504
Re: Mail Changes Coming!
Are you saying that your A/V scanner won't handle an SSL connection? You can handle that problem by piping the email request through stunnel. so that it looks like this:
email client <-- A/V scanner <-- stunnel <-- POP3 server
It looks complicated and unwieldy. Even though the initial set up can be difficult, once configured the arrangement is set and forget. I've used this for five years connecting to Worldnet with SAProxy in place of the A/V scanner with nary a problem.
The A/V program just needs a configurable hostmap file to set the incoming POP3 port to something other than the standard port 110. |
|
koma3504
Advocate
Premium
join:2004-06-22
North Richland Hills, TX
| The average user would not even have a clue on how to do that. Like most older folks as a example.
What if it was a exicuteable that would have normaly been detected by the software of Their choosing that They pay for for just that reason. And now you get infected because it can't scan it as it downloads.
By default most leave outlook express to send and recieve at start up. which I personally prefer to have to click on send and recieve.
So Now you will have more infected machines infecting countless other machines on a daily basis.
--
† Koma †
If YOu Don't Think It's Possable!! It's Acually A Reality!! The best way to predict the future is to invent it. Alan Kay!!
Ya Don't Know The signal Till Ya Ride It!!
Voice Break's There's Trouble!! |
|
manfmmd
Premium
join:2003-01-14
Earth
clubs:
| Not if the AV has active scanning ( I believe that most , if not all of them do if they are running in the background). Like nwrickert  stated, when it tries to load into memory, the AV will stop it.
--
huh? | AIM | Speaker Pelosi?!?...OH THE HUMANITY! |
|
koma3504
Advocate
Premium
join:2004-06-22
North Richland Hills, TX
| Some malaware is desighned when clicked on to disable your A/V So you would still be SOL. when it would be caught before it could attempt to exicute it. as it is now detected with the POP scanner as it downloaded it and Quarantine or disable access to said file. |
|
d_l
Barsoom
Premium,MVM
join:2002-12-08
Reno, NV
| Well hey, if there is really a hard and fast deadline of March 30, 2007, and some people can't reconfigure their A/V scanner for the new ports and SSL, then they won't be getting ANY mail so they won't be infecting countless other machines on a daily basis. Problem solved. 
Frankly the problem falls back on the A/V programmers for not permitting the use of 995 and SSL for POP3 connections! All email clients have been able use those for the past several years. This change is for email security when people are using their email clients off the AT&T network, e.g. when traveling. Heck, Worldnet instituted this security for travelers years ago.
Maybe AT&T will leave a backdoor server such as pop.sbcglobal.net for those who can't use SSL and won't be leaving the AT&T network? |
|
koma3504
Advocate
Premium
join:2004-06-22
North Richland Hills, TX
| Yes your probally correct on it falls back to the A/V Venders.
But that doesnt mean Att should make the internet less secure for all of us.
Those same people will call support on how to change the ports and were right back at Sqare one. They will be infecting countless other computers on a daily bases |
|
nwrickert
sand groper
Premium,MVM
join:2004-09-04
Geneva, IL
 ·AT&T U-Verse
 ·AT&T Midwest
| reply to d_l
Frankly the problem falls back on the A/V programmers for not permitting the use of 995 and SSL for POP3 connections! I'll have to disagree with that.
The way A/V does the email scanning, is to setup a proxy and redirect the mail through the proxy. That allows it to view the data stream from the email client.
The trouble with port 995 and SSL, is that the A/V would only see an encrypted data stream. Thus it would be unable to detect any virus because the encryption would hide it.
It would require the email client not use encryption, and then have the A/V proxy handle the SSL encryption. Setting it up that way is a bit complex for the average user, even if the A/V provides such encryption support.
Simplest is to just turn off the incoming email scanning, and let the A/V catch the virus if there is an attempt to load it into memory. |
|
nwrickert
sand groper
Premium,MVM
join:2004-09-04
Geneva, IL
·AT&T U-Verse
·AT&T Midwest
| reply to koma3504
Some malaware is desighned when clicked on to disable your A/V. The malware still has to be loaded into memory before it can disable A/V.
The only way clicking on malware can disable properly functioning A/V, is if that malware is not currently recognized in the A/V virus tables. In such a case, incoming mail scanning provides no additional benefit, since the malware would not be recognized there either. |
|
koma3504
Advocate
Premium
join:2004-06-22
North Richland Hills, TX
1 edit | said by nwrickert :Some malaware is desighned when clicked on to disable your A/V. The malware still has to be loaded into memory before it can disable A/V. The only way clicking on malware can disable properly functioning A/V, is if that malware is not currently recognized in the A/V virus tables. In such a case, incoming mail scanning provides no additional benefit, since the malware would not be recognized there either. I'll have to disagree with this I have seen where the a/v did catch it but it still disabled the A/V and the task manager and regedit.
It's better to catch it as its downloading so it will disable access or Quarantine/Strip the file out of the email.
Giving the User the protection of not even being able to click on it.
--
† Koma †
If YOu Don't Think It's Possable!! It's Acually A Reality!! The best way to predict the future is to invent it. Alan Kay!!
Ya Don't Know The signal Till Ya Ride It!!
Voice Break's There's Trouble!! |
|
d_l
Barsoom
Premium,MVM
join:2002-12-08
Reno, NV
| reply to nwrickert
I implied that the A/V would handle the SSL encryption when I blamed the programmers for not permitting the use of 995 and SSL. The A/V program would make the SSL connection on 995, do its checking, and pipe the email to 127.0.0.1 or localhost. The A/V programs are doing this now only connecting unsecured on port 110 instead of 995.
The email client would then simply connect to 127.0.0.1 or localhost using port 110 instead of directly to the AT&T POP server. It really isn't that complicated! Especially if the A/V programmers would finally get their programs up-to-date! |
|
nwrickert
sand groper
Premium,MVM
join:2004-09-04
Geneva, IL
·AT&T U-Verse
·AT&T Midwest
| AT&T tells its customers to set their email client POP settings to use port 995 with SSL.
The customer is expected to read that as "don't touch the email client POP settings, but go into your A/V settings, and set port 995 and SSL for POP in your A/V."
Sorry, but non-technical users will find that quite confusing. |
|
d_l
Barsoom
Premium,MVM
join:2002-12-08
Reno, NV
| The directions/instructions for this SSL change over do not HAVE to be restricted just email client POP and SMTP settings. There CAN be alternative setting changes listed for other situations. Geez, Worldnet has an incredible array of elaborate set up instructions for almost every possible situation. AT&T (SBC) owns Worldnet now and wouldn't have to start their instruction set from scratch.
That is unless Yahoo is writing these help instructions. Then maybe there is a reason for the limits of these help pages.  |
|
