SMTP activity

Archived from groups: comp.security.firewalls (More info?)

I noticed a lot SMTP activity from a workstation that should not be sending
that much email. When I asked the user about it, they reported that they
had not been sending email at all. I have scan the machine for viruses, and
it appears to come up negative.

Is there another explanation for this activity?

John
24 answers Last reply
More about smtp activity
  1. Archived from groups: comp.security.firewalls (More info?)

    John wrote:
    > I noticed a lot SMTP activity from a workstation that should not be sending
    > that much email. When I asked the user about it, they reported that they
    > had not been sending email at all. I have scan the machine for viruses, and
    > it appears to come up negative.
    >
    > Is there another explanation for this activity?
    >
    > John

    OK. Let's see.

    1. The machine is doing outbound connects to port 25.
    2. The machine is a workstation, and should not be doing outbounds
    to 25.
    3. The user reports that HE's not running any processes that
    would go outbound to 25.


    4. Therefore, it's VERY likely that there's a NON-user process
    (ie, server) doing outbounds to 25.


    5. But, server processes on workstations going outbound to 25
    are almost ALWAYS trojans / viruses / or rogue servers
    controlled by third parties.
    6. Therefore, your user's workstation almost certainly has
    "trojans / viruses / or rogue servers controlled by
    third parties".


    7. But, your virus scanner isn't finding anything.
    8. However, most virus scanners will NOT detect trojans or
    installed rogue servers, AND many times will not detect
    recently discovered viruses. Further, much recent malware
    mucks around with any security processes you have running.
    9. Therefore, your user's workstation is VERY likely infected
    and / or controlled by a virus or third party process
    your scanner doesn't detect, or has been prevented from
    detecting.


    10. Consequently, most likely you don't need another "explanation
    for this activity", you just need other scanning methods
    or tools. ZoneAlarm, Kerio or whatever, will often detect
    any outbound malware processes IF installed after the
    malware is -- safemode installation is your best bet. The
    Sysinternals "autoruns" program will allow you to ID anything
    that's autoloaded at startup. Knoppix will let you boot,
    and examine the drive for files that shouldn't be there.
    If the drive has an FAT32 filesystem, you can also delete
    the alien files; if you have NTFS filesystems, you may be
    able to install and run the recovery console, etc.
  2. Archived from groups: comp.security.firewalls (More info?)

    Bluto wrote:

    > John wrote:
    >
    >> I noticed a lot SMTP activity from a workstation that should not be
    >> sending
    >> that much email. When I asked the user about it, they reported that they
    >> had not been sending email at all. I have scan the machine for
    >> viruses, and
    >> it appears to come up negative.
    >>
    >> Is there another explanation for this activity?
    >>
    >> John
    >
    >
    > OK. Let's see.
    >
    > 1. The machine is doing outbound connects to port 25.

    1 - How do you know this machine is doing outbound connects to port 25.
    Ever hear of source address spoofing?

    > 2. The machine is a workstation, and should not be doing outbounds
    > to 25.

    2 - Any email client that sends messages makes outbound SMTP connections
    unless it's using IMAP. POP3 doesn't accept messages. I can configure
    mozilla to send SMTP to any number of hosts.

    > 3. The user reports that HE's not running any processes that
    > would go outbound to 25.
    >
    >
    > 4. Therefore, it's VERY likely that there's a NON-user process
    > (ie, server) doing outbounds to 25.
    >
    >
    > 5. But, server processes on workstations going outbound to 25
    > are almost ALWAYS trojans / viruses / or rogue servers
    > controlled by third parties.
    > 6. Therefore, your user's workstation almost certainly has
    > "trojans / viruses / or rogue servers controlled by
    > third parties".
    >
    >
    > 7. But, your virus scanner isn't finding anything.
    > 8. However, most virus scanners will NOT detect trojans or
    > installed rogue servers, AND many times will not detect
    > recently discovered viruses. Further, much recent malware
    > mucks around with any security processes you have running.

    8 - Any virus scanner that doesn't find a trojan is worthless. You pay
    for them to detect these things, don't you?

    > 9. Therefore, your user's workstation is VERY likely infected
    > and / or controlled by a virus or third party process
    > your scanner doesn't detect, or has been prevented from
    > detecting.
    >
    >
    > 10. Consequently, most likely you don't need another "explanation
    > for this activity", you just need other scanning methods
    > or tools. ZoneAlarm, Kerio or whatever, will often detect
    > any outbound malware processes IF installed after the
    > malware is -- safemode installation is your best bet. The
    > Sysinternals "autoruns" program will allow you to ID anything
    > that's autoloaded at startup. Knoppix will let you boot,
    > and examine the drive for files that shouldn't be there.
    > If the drive has an FAT32 filesystem, you can also delete
    > the alien files; if you have NTFS filesystems, you may be
    > able to install and run the recovery console, etc.

    10 - My suggestion - run a packet sniffer (ethereal works nicely) and
    check the packets. Look for the MAC that's sending the messages. Then,
    if your switch is manageable, look up the port(s) that are using that
    MAC address. That will identify which workstation is sending the
    traffic. Then, start debugging the workstation. Chances are that it's
    not the machine you might think it is.
  3. Archived from groups: comp.security.firewalls (More info?)

    Thanks for that clear analysis. <g> I suppose I can't deny the facts.
    I'll check out your suggestions, and hopefully get this cleaned up.

    Thanks again,

    John


    "Bluto" <arf-arf@doubleclick.net> wrote in message
    news:ke-dnckyJoSmJvTdRVn-hg@comcast.com...
    > John wrote:
    > > I noticed a lot SMTP activity from a workstation that should not be
    sending
    > > that much email. When I asked the user about it, they reported that
    they
    > > had not been sending email at all. I have scan the machine for viruses,
    and
    > > it appears to come up negative.
    > >
    > > Is there another explanation for this activity?
    > >
    > > John
    >
    > OK. Let's see.
    >
    > 1. The machine is doing outbound connects to port 25.
    > 2. The machine is a workstation, and should not be doing outbounds
    > to 25.
    > 3. The user reports that HE's not running any processes that
    > would go outbound to 25.
    >
    >
    > 4. Therefore, it's VERY likely that there's a NON-user process
    > (ie, server) doing outbounds to 25.
    >
    >
    > 5. But, server processes on workstations going outbound to 25
    > are almost ALWAYS trojans / viruses / or rogue servers
    > controlled by third parties.
    > 6. Therefore, your user's workstation almost certainly has
    > "trojans / viruses / or rogue servers controlled by
    > third parties".
    >
    >
    > 7. But, your virus scanner isn't finding anything.
    > 8. However, most virus scanners will NOT detect trojans or
    > installed rogue servers, AND many times will not detect
    > recently discovered viruses. Further, much recent malware
    > mucks around with any security processes you have running.
    > 9. Therefore, your user's workstation is VERY likely infected
    > and / or controlled by a virus or third party process
    > your scanner doesn't detect, or has been prevented from
    > detecting.
    >
    >
    > 10. Consequently, most likely you don't need another "explanation
    > for this activity", you just need other scanning methods
    > or tools. ZoneAlarm, Kerio or whatever, will often detect
    > any outbound malware processes IF installed after the
    > malware is -- safemode installation is your best bet. The
    > Sysinternals "autoruns" program will allow you to ID anything
    > that's autoloaded at startup. Knoppix will let you boot,
    > and examine the drive for files that shouldn't be there.
    > If the drive has an FAT32 filesystem, you can also delete
    > the alien files; if you have NTFS filesystems, you may be
    > able to install and run the recovery console, etc.
    >
  4. Archived from groups: comp.security.firewalls (More info?)

    On Tue, 30 Mar 2004 13:10:43 -0800, Bill spoketh

    >> 1. The machine is doing outbound connects to port 25.
    >
    >1 - How do you know this machine is doing outbound connects to port 25.
    >Ever hear of source address spoofing?

    There are other means of identifying a computer than IP address.
    Matching IP address, MAC address and interface on switch will pretty
    much narrow it down to one source...

    >
    >> 2. The machine is a workstation, and should not be doing outbounds
    >> to 25.
    >
    >2 - Any email client that sends messages makes outbound SMTP connections
    >unless it's using IMAP. POP3 doesn't accept messages. I can configure
    >mozilla to send SMTP to any number of hosts.

    Most corporate solutions does not have clients that uses SMTP. They hand
    of the message to the server, and then the server sends it out using
    SMTP. Since this appears to be a corporate environment, I wouldn't
    expect a mail client on a computer to send any outbound SMTP unless the
    user has configured a secondary mail client...

    >> 7. But, your virus scanner isn't finding anything.
    >> 8. However, most virus scanners will NOT detect trojans or
    >> installed rogue servers, AND many times will not detect
    >> recently discovered viruses. Further, much recent malware
    >> mucks around with any security processes you have running.
    >
    >8 - Any virus scanner that doesn't find a trojan is worthless. You pay
    >for them to detect these things, don't you?
    >

    Totally agree. Most virus scanners picks up most trojans. There may have
    been a discrepancy earlier regarding what was considered a trojan and
    what was not, but todays corporate anti-virus software picks up pretty
    much everything.


    Lars M. Hansen
    http://www.hansenonline.net
    (replace 'badnews' with 'news' in e-mail address)
  5. Archived from groups: comp.security.firewalls (More info?)

    You bring up a lot of good points, but I think they're aimed at the
    wrong target.

    If a corporate system gets infected, it's more the fault of the
    administrator and corporate policy than it is the AV software.

    All corporate anti-virus software has the ability to remove attachments
    from incoming e-mails based on extensions. That means that there are
    simple ways of effectively blocking all executable attachments before
    they reach the client.

    Lars M. Hansen
    http://www.hansenonline.net
    (replace 'badnews' with 'news' in e-mail address)
  6. Archived from groups: comp.security.firewalls (More info?)

    You bring up a lot of good points, but I think they're aimed at the
    wrong target.

    If a corporate system gets infected, it's more the fault of the
    administrator and corporate policy than it is the AV software.

    All corporate anti-virus software has the ability to remove attachments
    from incoming e-mails based on extensions. That means that there are
    simple ways of effectively blocking all executable attachments before
    they reach the client. Some companies even block non-executable
    attachments which are known to carry viruses (MS Word, MS Excel, etc).

    All virus signatures should be updated at least every 24 hours.
    Scheduling works fine on the corporate products I've used, so that's not
    an issue. Any administrator that hasn't set their AV software to update
    itself every night has greatly underestimated the threat of current
    viruses. I have not had any issues with the scheduling service on any
    NT4 server or W2K server, but maybe that's just me...

    There are little protection against day-zero viruses. You can secure IE
    by applying proper policy, which with AD is a fairly uncomplicated task.
    Blocking Active-X by policy is a simple matter, as is restricting
    Java/JavaScript.

    So, there are ways to limit your exposure to these threats. The fact
    that some companies still are infected just goes to show that some
    admins have more money than brains, or that upper management has no clue
    how expensive downtime is and how little it costs to protect against it.

    Lars M. Hansen
    http://www.hansenonline.net
    (replace 'badnews' with 'news' in e-mail address)
  7. Archived from groups: comp.security.firewalls (More info?)

    On Wed, 31 Mar 2004 12:24:35 GMT, Lars M. Hansen
    <badnews@hansenonline.net> wrote:

    >There are little protection against day-zero viruses. You can secure IE
    >by applying proper policy, which with AD is a fairly uncomplicated task.
    >Blocking Active-X by policy is a simple matter, as is restricting
    >Java/JavaScript.

    Would you recommend restricting Java/JavaScript and blocking
    Activex? I ask it because it seems that many corporate web sites are
    adopting all these techniques in their sites. For instance Canada Post
    (www.canadapost.ca) has argued with me that 'text-only' means 'with
    no graphics', but they can use Flash, Java, etc.

    Geo
  8. Archived from groups: comp.security.firewalls (More info?)

    On Wed, 31 Mar 2004 16:17:26 GMT, GEO Me spoketh

    >On Wed, 31 Mar 2004 12:24:35 GMT, Lars M. Hansen
    ><badnews@hansenonline.net> wrote:
    >
    >>There are little protection against day-zero viruses. You can secure IE
    >>by applying proper policy, which with AD is a fairly uncomplicated task.
    >>Blocking Active-X by policy is a simple matter, as is restricting
    >>Java/JavaScript.
    >
    > Would you recommend restricting Java/JavaScript and blocking
    >Activex? I ask it because it seems that many corporate web sites are
    >adopting all these techniques in their sites. For instance Canada Post
    >(www.canadapost.ca) has argued with me that 'text-only' means 'with
    >no graphics', but they can use Flash, Java, etc.
    >
    > Geo

    With the proper use of blocking ActiveX/Java/JavaScript and using Zones,
    one can ensure that untrusted sites doesn't get to run anything funky,
    yet trusted sites gets a little more leeway. So, yes, I would block it
    for sites in the "Internet Zone" (which equates to the "High" setting),
    and using a "Low" setting on the "Trusted Zone". Whether to trust
    CanadaPost.ca would be up to you :)

    Although I haven't used a text-only browser in about 15 years, I think
    text-only means "text-only" meaning that if it's not text, the browser
    ignores it.


    Lars M. Hansen
    http://www.hansenonline.net
    (replace 'badnews' with 'news' in e-mail address)
  9. Archived from groups: comp.security.firewalls (More info?)

    On Wed, 31 Mar 2004 18:53:57 GMT, Lars M. Hansen
    <badnews@hansenonline.net> wrote:

    >With the proper use of blocking ActiveX/Java/JavaScript and using Zones,
    >one can ensure that untrusted sites doesn't get to run anything funky,
    >yet trusted sites gets a little more leeway. So, yes, I would block it
    >for sites in the "Internet Zone" (which equates to the "High" setting),
    >and using a "Low" setting on the "Trusted Zone". Whether to trust
    >CanadaPost.ca would be up to you :)
    >
    >Although I haven't used a text-only browser in about 15 years, I think
    >text-only means "text-only" meaning that if it's not text, the browser
    >ignores it.

    Thank you very much.
    With a dial-up conection some of these Flash/Java/JavaScript sites
    become very slow to load.

    Geo
  10. Archived from groups: comp.security.firewalls (More info?)

    Lars M. Hansen wrote:

    >With the proper use of blocking ActiveX/Java/JavaScript and using Zones,
    >one can ensure that untrusted sites doesn't get to run anything funky,

    With XP's IE, "zones" are completely worthless. Any website can
    execute code on your machine in your "trusted zone". No patch from
    MotherShip yet.

    I'd like to hear how the famous "I've never been compromised" crew
    handles that. Oh yeah, I guess they never use "ActiveX/Java/
    JavaScript". In that case, the only difference between IE and lynx is
    the pretty pictures.
  11. Archived from groups: comp.security.firewalls (More info?)

    On 1 Apr 2004 00:02:15 -0600, Micheal Robert Zium spoketh

    >Lars M. Hansen wrote:
    >
    >>With the proper use of blocking ActiveX/Java/JavaScript and using Zones,
    >>one can ensure that untrusted sites doesn't get to run anything funky,
    >
    >With XP's IE, "zones" are completely worthless. Any website can
    >execute code on your machine in your "trusted zone". No patch from
    >MotherShip yet.
    >

    Really? Any references to this anywhere?

    Lars M. Hansen
    http://www.hansenonline.net
    (replace 'badnews' with 'news' in e-mail address)
  12. Archived from groups: comp.security.firewalls (More info?)

    On 1 Apr 2004 00:02:15 -0600, Micheal Robert Zium spoketh

    >Lars M. Hansen wrote:
    >
    >>With the proper use of blocking ActiveX/Java/JavaScript and using Zones,
    >>one can ensure that untrusted sites doesn't get to run anything funky,
    >
    >With XP's IE, "zones" are completely worthless. Any website can
    >execute code on your machine in your "trusted zone". No patch from
    >MotherShip yet.
    >
    >I'd like to hear how the famous "I've never been compromised" crew
    >handles that. Oh yeah, I guess they never use "ActiveX/Java/
    >JavaScript". In that case, the only difference between IE and lynx is
    >the pretty pictures.

    Sites added by a user to the trusted zone are there so that the special
    features on the site in question will indeed run. So, that's a "by
    design feature" and doesn't require a fix. If you (or others) feel that
    the policy for the "trusted zone" are too lax, you are free to edit the
    rules to better suit your needs.

    Lars M. Hansen
    http://www.hansenonline.net
    (replace 'badnews' with 'news' in e-mail address)
  13. Archived from groups: comp.security.firewalls (More info?)

    Lars M. Hansen wrote:

    >On 1 Apr 2004 00:02:15 -0600, Micheal Robert Zium spoketh
    >
    >>Lars M. Hansen wrote:
    >>
    >>>With the proper use of blocking ActiveX/Java/JavaScript and using Zones,
    >>>one can ensure that untrusted sites doesn't get to run anything funky,
    >>
    >>With XP's IE, "zones" are completely worthless. Any website can
    >>execute code on your machine in your "trusted zone". No patch from
    >>MotherShip yet.
    >>
    >
    >Really? Any references to this anywhere?

    Tons. How many do you want?

    Description:
    http://www.securityfocus.com/archive/1/355149/2004-02-24/2004-03-01/0
    http://www.securityfocus.com/archive/1/354447
    POC:
    http://ip3e83566f.speed.planet.nl/security/newone/exploit.htm

    MotherShip, where are you?
  14. Archived from groups: comp.security.firewalls (More info?)

    Lars M. Hansen wrote:

    >On 1 Apr 2004 00:02:15 -0600, Micheal Robert Zium spoketh
    >
    >>Lars M. Hansen wrote:
    >>
    >>>With the proper use of blocking ActiveX/Java/JavaScript and using Zones,
    >>>one can ensure that untrusted sites doesn't get to run anything funky,
    >>
    >>With XP's IE, "zones" are completely worthless. Any website can
    >>execute code on your machine in your "trusted zone". No patch from
    >>MotherShip yet.
    >>
    >>I'd like to hear how the famous "I've never been compromised" crew
    >>handles that. Oh yeah, I guess they never use "ActiveX/Java/
    >>JavaScript". In that case, the only difference between IE and lynx is
    >>the pretty pictures.
    >
    >Sites added by a user to the trusted zone are there so that the special
    >features on the site in question will indeed run. So, that's a "by
    >design feature" and doesn't require a fix. If you (or others) feel that
    >the policy for the "trusted zone" are too lax, you are free to edit the
    >rules to better suit your needs.

    MotherShip won't listen. 0-day is here to stay.
  15. Archived from groups: comp.security.firewalls (More info?)

    On 1 Apr 2004 00:02:15 -0600, Micheal Robert Zium
    <mrozium@XSPAMX-yahoo.com> wrote:

    >
    >I'd like to hear how the famous "I've never been compromised" crew
    >handles that. Oh yeah, I guess they never use "ActiveX/Java/
    >JavaScript". In that case, the only difference between IE and lynx is
    >the pretty pictures.
    >
    Win 3.1 and Luckman Mosaic work too. Can see some GIF.
    :)
    Geo
  16. Archived from groups: comp.security.firewalls (More info?)

    Lars M. Hansen wrote:

    >On 1 Apr 2004 00:02:15 -0600, Micheal Robert Zium spoketh
    >
    >>Lars M. Hansen wrote:
    >>
    >>>With the proper use of blocking ActiveX/Java/JavaScript and using Zones,
    >>>one can ensure that untrusted sites doesn't get to run anything funky,
    >>
    >>With XP's IE, "zones" are completely worthless. Any website can
    >>execute code on your machine in your "trusted zone". No patch from
    >>MotherShip yet.
    >>
    >
    >Really? Any references to this anywhere?

    What? No comments on the links I posted? I figured you'd at least
    say "Damn, you're right".
  17. Archived from groups: comp.security.firewalls (More info?)

    On 18 Apr 2004 16:35:06 -0500, Micheal Robert Zium spoketh

    >
    >What? No comments on the links I posted? I figured you'd at least
    >say "Damn, you're right".

    Appears to have been fixed 2 months prior to this thread:

    http://www.microsoft.com/downloads/details.aspx?FamilyID=90ae6b99-93aa-4eff-b97b-a72e336c3905&displaylang=en

    Lars M. Hansen
    www.hansenonline.net
    Remove "bad" from my e-mail address to contact me.
    "If you try to fail, and succeed, which have you done?"
  18. Archived from groups: comp.security.firewalls (More info?)

    Lars M. Hansen wrote:

    >On 18 Apr 2004 16:35:06 -0500, Micheal Robert Zium spoketh
    >
    >>
    >>What? No comments on the links I posted? I figured you'd at least
    >>say "Damn, you're right".
    >
    >Appears to have been fixed 2 months prior to this thread:
    >
    >http://www.microsoft.com/downloads/details.aspx?FamilyID=90ae6b99-93aa-4eff-b97b-a72e336c3905&displaylang=en

    Nope, the fix just came out last Wednesday.
  19. Archived from groups: comp.security.firewalls (More info?)

    On 18 Apr 2004 16:35:06 -0500, Micheal Robert Zium
    <mrozium@XSPAMX-yahoo.com> wrote:

    >Lars M. Hansen wrote:

    >>>>With the proper use of blocking ActiveX/Java/JavaScript and using Zones,
    >>>>one can ensure that untrusted sites doesn't get to run anything funky,

    >>>With XP's IE, "zones" are completely worthless. Any website can
    >>>execute code on your machine in your "trusted zone". No patch from
    >>>MotherShip yet.

    Do I understand this correctly? It sounds as if putting one's trust
    on Mother$ is not much of an assurance. Assurances that can be
    reversed in a few days or weeks?

    From 'Trust me, I am a doctor', to ' Trust me. I am a used car
    salesman' ?? <g>

    Geo
  20. Archived from groups: comp.security.firewalls (More info?)

    On Wed, 21 Apr 2004 03:07:10 GMT, GEO Me spoketh

    >
    > Do I understand this correctly? It sounds as if putting one's trust
    >on Mother$ is not much of an assurance. Assurances that can be
    >reversed in a few days or weeks?
    >
    > From 'Trust me, I am a doctor', to ' Trust me. I am a used car
    >salesman' ?? <g>
    >
    > Geo

    You always have a choice. If you're afraid that Internet Explorer is a
    threat to your computer, then download Mozilla, Opera or Netscape.

    A mitigating factor with the exploit that Michael mention is that you
    actually have to go to a web-site that uses this exploit to run code on
    your computer. For most people, exercising some common sense would
    prevent this from happening...


    Lars M. Hansen
    http://www.hansenonline.net
    (replace 'badnews' with 'news' in e-mail address)
  21. Archived from groups: comp.security.firewalls (More info?)

    On Wed, 21 Apr 2004 07:38:33 -0400, Lars M. Hansen
    <badnews@hansenonline.net> wrote:

    >> Do I understand this correctly? It sounds as if putting one's trust
    >>on Mother$ is not much of an assurance. Assurances that can be
    >>reversed in a few days or weeks?

    >You always have a choice. If you're afraid that Internet Explorer is a
    >threat to your computer, then download Mozilla, Opera or Netscape.

    Thank you. I'll keep your advice in mind.

    Geo
  22. Archived from groups: comp.security.firewalls (More info?)

    GEO Me wrote:

    >On 18 Apr 2004 16:35:06 -0500, Micheal Robert Zium
    ><mrozium@XSPAMX-yahoo.com> wrote:
    >
    >>Lars M. Hansen wrote:
    >
    >>>>>With the proper use of blocking ActiveX/Java/JavaScript and using Zones,
    >>>>>one can ensure that untrusted sites doesn't get to run anything funky,
    >
    >>>>With XP's IE, "zones" are completely worthless. Any website can
    >>>>execute code on your machine in your "trusted zone". No patch from
    >>>>MotherShip yet.
    >
    > Do I understand this correctly? It sounds as if putting one's trust
    >on Mother$ is not much of an assurance. Assurances that can be
    >reversed in a few days or weeks?

    It's not safe to trust any software, unless you've written it, or
    audited it yourself. However, trust and Microsoft have always been
    mutually exclusive. Who in their right mind would trust them?

    > From 'Trust me, I am a doctor', to ' Trust me. I am a used car
    >salesman' ?? <g>
    >
    > Geo

    Yeah, like "Trust me, I have your best interests in mine...er, MIND."
  23. Archived from groups: comp.security.firewalls (More info?)

    Lars M. Hansen wrote:

    >A mitigating factor with the exploit that Michael mention is that you
    >actually have to go to a web-site that uses this exploit to run code on
    >your computer. For most people, exercising some common sense would
    >prevent this from happening...

    Wrong, again. Outhouse Excess is also affected (surprised?). A
    specially-crafted e-mail could also ruin your day with no user input
    other than viewing it. MotherShip knew about this exploit for months,
    yet they dragged their feet until it was massively exploited.

    Also, "most people" and "common sense" appear to be mutually exclusive
    as well.
  24. Archived from groups: comp.security.firewalls (More info?)

    GEO Me wrote:

    >On Wed, 21 Apr 2004 07:38:33 -0400, Lars M. Hansen
    ><badnews@hansenonline.net> wrote:
    >
    >>You always have a choice. If you're afraid that Internet Explorer is a
    >>threat to your computer, then download Mozilla, Opera or Netscape.
    >
    > Thank you. I'll keep your advice in mind.

    Good idea, and sound advice.
Ask a new question

Read More

Firewalls Security SMTP Email Networking