Retuned undeliver emial. Not posted to. The attachment looks link a VIRUS to me.
Do not open
Mailer Daemon Your message delivery has been failed.
undelivered.hta .hta file
Their are also other attachments.
In recent memory, this has been a version of more than one virus/worm/trojan.
The .hta extension is a give-away, since this stands for "Hypertext Application", I believe, and is in any case a desognation for an application (aka program) which is going to try to execute some sort of code on your system.
Among other things, a good reason to uncheck the default Windows setting "hide known file types". It's also a reason to turn off the preview panel in your email reader.
And, above all, as a minimum, get a real-time antivirus checker and keep it up to date.
You'll get no argument from me when it comes to those settings.
If people were not so gung-ho about the out-of-the-box experience, MS would be at more liberty to harden the settings and let the user soften them up, instead of the other way around.
I get no end of grief in trying to convince inexperienced users to learn safe practices and strong settings. We tend to make MS out as the Exxon Valdez of the internet, when really, all they're trying to do is offer up the experience that everyone wants.
It would seem that MS would like everything to run as problem free as possible for the new, novice owner so they have deliberately left as many things out of the way as possible to ensure that end.
We've heard talk before about people being required to earn some level of user certification before we allow them to connect to the internet. A bit draconinan, in one sense, and we will never see that happen, I'm sure. but it would sure make the internet a safer place.
Experience tells us that about 90% of people are not self-learners, and even fewer will 'dig' for information that can benefit them. They want it on a plate. I've dealt with hundreds of people and never yet have I found someone who did not object to me hardening their system and requiring them to learn how to adapt to this stricter environment or usage. They just won't buy it.
When I get someone that actually WANTS to understand the reasoning behind all the strict settings I think I'll drop dead from surprise.
The saddest thing is that once a person adapts to a stricter policy, it enhances their experience, rather than hampers it, wouldn't you agree?
Well, I could go on and on with this discussion, I'm sure, but on this board I think I'm preaching to the choir.
One more setting in Outlook Express that I strongly recommend to users is in the Security Tab of the Tools..Options property sheet:
"Do not allow attachments to be saved..."
For us, this may be less necessary because we DO have our eye on what's happening, we DON'T open attachments, we DO preview using the Properties instead of the Preview Pane, we DO recogniae the value of seeing every file extension, and we're not click crazy. But for new users, it's another game entirely.
Most people will find ways to undo most of my security settings, eventually, or so I've found. The only thing I do now is coax them to give it a whirl and give themselves enough time to get used to the stricter environment.
The problem is not MS. I think Bill hit it right on the head when he said it is the USERS who are at fault, and not Windows, or any other OS for that matter. Now if Bill would put some of his money where his mouth is, I have just the idea for him to promote:
DON'T deliver that new computer until the customer has attended a few hours of FREE training in security settings, safe internet practices and proper maintenance of their systems. It's either this, or the alternative: shove it down their throat and don't allow them to turn off ANY automatic updating features in Windows, their COMPULSORY anti-virus and their COMPULSORY firewall. It would help if XP's firewall would block outgoing connections, too. There I go, dreaming again. All of these measures would put a damper on the OOBE.
Someone needs to make the first move, and we all know it's not going to be the users. Sad but true.
You make some good points, but I think this one can be a problem even for novices:
There are a lot of file types included in what Microsoft decided to place in the "unsafe to save" category (it's a very long list), including ".doc". That's not exactly an uncommon file type to be sending someone. I recently sent some requested Word documents to a colleague, who acknowledged receipt. A couple of days later, she wrote back saying, "I don't know where they went - I did get them but now when I went to retrieve them, the emails are there but the files are gone."Originally Posted by weegillis
I told her how to uncheck that "security setting" and re-sent them. I guess my point is that, like many spam filters, that as a security strategy is overkill. Having a decent real-time antivirus checker is a much better option and I think a better and more comprehensive strategy to be promoting to new computer users.
I have to agree wholeheartedly with you, Minstrel. What I failed to point out is that what I recommend to users is that if they feel the attachment is one they can trust, they can quickly change their settings and open the attachment, without it being re-sent.
But I can see what you mean, this puts me on the spot. Darn.
My thinking is based on 'overkill security strategy,' to be sure, and it comes from not trusting anyone.
Just today I received an e-mail with an attachment that had a .safe extension. Checking the properties I found it to be a screen saver in disguise. I do trust my anti-virus--but only as a backup to my own judgement, not as a frontline defense.
My point to users is that their greatest defense is their ability to put the brakes on and look a little deeper before placing themselves in jeopardy. Like Bill says, it really is the users who are culpable for the security morass that the internet has become today.
Somehow, we need to educate users of their roles and responsibilities for their own protection.
Yes but, in reference to your "education" comment below, naive users need to be educated not only about the security risks but also about the defaults for the remedies for those risks, which can sometimes be almost as inconvenient as the original risk.Originally Posted by weegillis
My apologies - not my intention at all... and I don't blame anyone for being distrustful these days - if I send something as an attachment to my brother in Dallas, I know I'll get an email back saying, "before I open this, can you verify that you actually sent it?".But I can see what you mean, this puts me on the spot. My thinking is based on 'overkill security strategy,' to be sure, and it comes from not trusting anyone.
No apology needed, it is I who walked into that one.
We really are in a catch-22 situation when trying to assist new and less experienced users in understanding the hazards of the net; this on top of helping them to learn their way around their system, how to organize their files, install programs, update defense systems and OS, &c., &c.
The point you make is sooo true--sometimes the cure is worse than the condition. I'm slowly beginning to see why computer vendors are reluctant to offer any sort of familiarization assistance for fear of getting in too deep with their customer, and not being able to back out (like I'm trying to do right now, no fault of yours :-).