I recently discovered, whilst trying to send a link from my laptop to my desktop machine, that Microsoft have evidently decided to finally do something about the Messenger worms that spread by sending links in instant messages. You might think that it's great that they've finally done something - that is, until you find out what they've actually done.
So, what have they done, you ask? Did they fix the hole(s) that the worms were using? I'm not sure, but what I do know they've done is block all messages containing a URL containing "download.php" - if you try to send one, the message will be bounced immediately by the Messenger servers. Even if they have fixed the holes which the worms have been exploiting, this is a ridiculous move - I shudder to think just how many legitimate messages are being bounced because of this.
To make matters even worse, there's nothing to say why it bounced - it just gives the standard "the following message could not be delivered to all recipients" message, which is used when a message can't be delivered for a legitimate reason. Pidgin is a little more helpful than Microsoft's own client, stating that the "message may have not been sent because an unknown error occurred" - with other causes giving different messages (similar to that, but with "unknown error" replaced with something more specific). The correct response to a threat such as a self-propagating worm is never to use easily-bypassed filtering to attempt to detect the worm's behaviour and block it - especially if such a filter is going to also block large amounts of legitimate usage.
So, what have they done, you ask? Did they fix the hole(s) that the worms were using? I'm not sure, but what I do know they've done is block all messages containing a URL containing "download.php" - if you try to send one, the message will be bounced immediately by the Messenger servers. Even if they have fixed the holes which the worms have been exploiting, this is a ridiculous move - I shudder to think just how many legitimate messages are being bounced because of this.
To make matters even worse, there's nothing to say why it bounced - it just gives the standard "the following message could not be delivered to all recipients" message, which is used when a message can't be delivered for a legitimate reason. Pidgin is a little more helpful than Microsoft's own client, stating that the "message may have not been sent because an unknown error occurred" - with other causes giving different messages (similar to that, but with "unknown error" replaced with something more specific). The correct response to a threat such as a self-propagating worm is never to use easily-bypassed filtering to attempt to detect the worm's behaviour and block it - especially if such a filter is going to also block large amounts of legitimate usage.
Currently listening to: The Flame of Youth - Dragonforce
No comments have been posted on this entry.
Post a comment:
Sorry, comments have been disabled.
Sorry, comments have been disabled.