(Full) Agent and Pegasus safety questions

[Nick FitzGerald]

In some of my recent reading of Microsoft's Technet articles I have
seen mention of vulnerabilities in IE and a mention of the fact that
the vulnerability still exists if you are not actually using IE but are
using an alternate browser. ...

Correct.

Some third-party, "enhanced" browsers are really just wrappers around the
ActiveX controls and "core OS" DLLs that make up the bulk of IE's HTML
parsing, scripting, etc, etc functionality. This is equally so of many
third-party Email programs, just as it is of Outlook and Outlook Express
-- wrappers with the appearance of MUAs but with IE's rotten, security
clueless core.

... It seems odd that it is identified as an IE
vulnerability rather than an OS vulnerability if this is the case, but
that is how I remember it.

Yes, odd how MS forgets "the DoJ defense" -- IE _is_ part of the OS -- when
it is not particularly convenient for it to do so...

 

[null]

Thanks for that explanation.
Graeme

BTW, I responded quickly and forgot to point out that Pegasus uses a
file extension exclusion list. Actually, it doesn't allow you to _Run_
a long list of file extensions such as .EXE, .BAT, .COM, .SCR, etc. It
does allow you to _Open_ files such a .JPG in a viewer of your choice,
for example. I failed to make the Open versus Run distinction.


Art
http://www.epix.net/~artnpeg

 

[Graeme]

:: On Thu, 9 Oct 2003 12:12:04 +1000, "Graeme" <graeme23@go.[remove
:: invalid]com> wrote:
::
::::: Have been following this thread with interest so I am not trying
::::: to be smart when I ask what actual process is required to open
::::: an attachment in Pegasus if it cannot be opened by clicking on it
::::: . Perhaps I am missing something here .
::::
:::: You can't Open an attackment in Pegasus. You have to Save it to
:::: some folder and then either minimize Pegasus or Exit Pegasus. Then
:::: you must Open Windows Explorer, find the folder and file
:::: attackment and then double click to get infested with malware. You
:::: see, nothing's impossible for idiots to accomplish. But Pegasus
:::: makes it difficult for them. You see? That's what sane
:::: applications do.
::
::: Thanks for that explanation.
::: Graeme
::
:: BTW, I responded quickly and forgot to point out that Pegasus uses a
:: file extension exclusion list. Actually, it doesn't allow you to
:: _Run_
:: a long list of file extensions such as .EXE, .BAT, .COM, .SCR, etc.
:: It does allow you to _Open_ files such a .JPG in a viewer of your
:: choice, for example. I failed to make the Open versus Run
:: distinction.
::
::
:: Art
:: http://www.epix.net/~artnpeg
Thanks for that .
Graeme

 

[Elly Byrne]

You can't Open an attackment in Pegasus.

Yes you can. But they do not open automatically as in OE.
You have to double click it to open it.



Tinnitus is a pain in the neck
Elly's Tinnitus Resources
http://www.eebee.net/
http://www.tinnitusrelief.net/

For email: elly at eebee.cjb.net

 

[null]

Yes you can. But they do not open automatically as in OE.
You have to double click it to open it.

As I've explained, there is a difference between Opening a .jpg in
your viewer of choice and Running a executeable. Pegasus allows the
former but not the latter. There is no way you can Run a .EXE (for
just one example) while in Pegasus.


Art
http://www.epix.net/~artnpeg

 

[Frans Meijer]

Please always try to encourage Windows users to get AV software.
Most people use OE (Open Entry) which has never seen a
worm it didn't like

Ok. good point.

Also, some Windows RPC vulerabilites allow worms to self-install,
so it doesn't matter what mailreader you use.

True. I could point at disabling services, or limiting access to them,
but the same as above about most people would apply.

 

[cquirke (MVP Win9x)]

You can't Open an attackment in Pegasus. You have to Save it to some
folder and then either minimize Pegasus or Exit Pegasus. Then you must
Open Windows Explorer, find the folder and file attackment and then
double click to get infested with malware.

I have a client with a new XP PC that's using a new version of
Pegasus, and that is certainly blocking attachments - but not, I
suspect, in the way intended?

When she clicks the Attachments tab, she sees no attachments at all,
so the question of saving or opening does not arise.

When she uses the Raw tab (nice feature, that!) we can see the
attachments within the message text.

This was a test message I sent her (on her request) with; a .txt, an
..htm, a .com, .exe and .bat, and a .gif file attached. All of these
did not appear at all in Attachments and did appear in Raw.

Is this the by-design appearance of this protection? I saw no
settings in Tools, Options to adjust this, BTW.

--------------- ------- ----- ---- --- -- - - - -

Sucess-proof your business! Tip #37
When given an NDA to sign, post it on your web site

 

[null]

I have a client with a new XP PC that's using a new version of
Pegasus, and that is certainly blocking attachments - but not, I
suspect, in the way intended?

When she clicks the Attachments tab, she sees no attachments at all,
so the question of saving or opening does not arise.

Sometimes they're hard to find Pegasus can be "fiddly" in this
regard. Hard to explain, but I can usually "fiddle around" and find
them.

Or maybe there is a bug on XP.

When she uses the Raw tab (nice feature, that!) we can see the
attachments within the message text.

This was a test message I sent her (on her request) with; a .txt, an
.htm, a .com, .exe and .bat, and a .gif file attached. All of these
did not appear at all in Attachments and did appear in Raw.

Is this the by-design appearance of this protection? I saw no
settings in Tools, Options to adjust this, BTW.

Just fiddle-diddle to try to make them appear is all I can say.

BTW, we've had to abandon Pegasus since Peg started losing valuable
genealogy folders at random. Tried an earlier version and ran into the
same problem even though she never experienced the problem in many
years of using various versions. Tried getting Pegasus List server
advice but no joy. Disabled the OS write-behind caching to no avail.
Didn't happen at power fail anyway.

We've been using Mozilla's email lately and it's quite nice. Haven't
fully tested security aspects but I have sent myself .EXE attachments,
etc., and Moz won't let you Run them. It seems that if no app is
associated for Opening the attackment it just puts up a complaint
message. However, it might allow .DOC to Open in Word without question
or warning which wouldn't be nice IMO. Since we never receive DOC
files I haven't been concerned. And I just haven't bothered yet to
really try to "run it through the wringer" for security advice to
others.

By default, Java Script is disabled for email and news. And you can
also disable Java if you're paranoid. I suspect it's reasonably safe
for novices to use.

And you would be slightly happier with the way Moz email stores its
folders on the h.d. I think

Anway, it's been reliable so far and we have our fingers crossed that
it will stay that way. I'm in the habit now of backing up at least
daily, just in case.


Art
http://www.epix.net/~artnpeg

 

[Grayle]

I have a client with a new XP PC that's using a new version of
Pegasus, and that is certainly blocking attachments - but not, I
suspect, in the way intended?

When she clicks the Attachments tab, she sees no attachments at all,
so the question of saving or opening does not arise.

When she uses the Raw tab (nice feature, that!) we can see the
attachments within the message text.

This was a test message I sent her (on her request) with; a .txt, an
.htm, a .com, .exe and .bat, and a .gif file attached. All of these
did not appear at all in Attachments and did appear in Raw.

Is this the by-design appearance of this protection? I saw no
settings in Tools, Options to adjust this, BTW.

A similar query came up recently at comp.mail.pegasus-mail.ms-windows
Here's a reply I have not checked out, but which may help.

Try this first:

http://groups.google.com/groups?hl=en&lr=&ie=ISO-8859-
1&q=divider+attachment&meta=group%3Dcomp.mail.pegasus-mail.ms-windows

If that doesn't help, then try this:

http://groups.google.com/groups?hl=en&lr=&ie=ISO-8859-
1&q=scan+lines+attachments&meta=group%3Dcomp.mail.pegasus-mail.ms-
windows

 

[cquirke (MVP Win9x)]

(e-mail address removed) says...

Thanks - it wass fixed by ;commenting out a setting in a private
settings file (which wasn't the usual PMail.ini) - I'd have to look up
the details if you are interested, but can't right now.

Context quoted to message end...

A similar query came up recently at comp.mail.pegasus-mail.ms-windows
Here's a reply I have not checked out, but which may help.

If that doesn't help, then try this:


---------- ----- ---- --- -- - - - -

A dog will give its life to save yours.
A cat will be annoyed by all the yelling and sirens.

 

[cquirke (MVP Win9x)]

On Tue, 07 Oct 2003 02:27:31 GMT, "Francis Marsden"

I have on my system (win98)

{ the full registered version of Agent (not free agent) }.

We call that Fee Agent for short

For email I use Pegasus. If full Agent is used only for newsgroups,
not email, is it inherently safe, or is some special configuration
necessary? Same question for Pegasus: inherently safe, or needs to be
configured? Thanks

I think it's always worth looking though the settings, even as the way
to answer that very question (e.g. "[x] Swallow razor blades without
prompting" etc.). AFAIK, Fee Agent can offer a choice of mail storage
models; either hide attachments in mailboxes (sheilds them from
out-of-Agent use, but also from scannong and Find) or create as files
on arrival (thus facilitate on-demand av and Find management).

Agent has a "Warn on..." extension blacklist, which you may also wish
to extend as new .ext become recognised as exploitable, and exploited.
Pegasus has this feature as well; it's generally common in such apps.

---------- ----- ---- --- -- - - - -

A dog will give its life to save yours.
A cat will be annoyed by all the yelling and sirens.