|
|
Rubrik: Virenwarnung/Aktuelle Meldungen Microsoft:
Information about Microsoft Policies on Software Distribution Microsoft
Never Distributes Software Directly Via E-Mail (24.08.03)
- An important key to safe computing is to never use software from unknown
sources. As pointed out in a CERT advisory, malicious users often use
"Trojan Horses" to deliver harmful software onto unwary users'
computers. A Trojan Horse is a piece of software that appears to do something
useful, but which actually performs hidden, usually damaging, action on the
user's computer. For example, a malicious user might develop a game program
that deliberately erases files on the user's computer while it runs, and
distribute it via a web site.
Anzeige
Another
Trojan Horse mechanism that is frequently used is to send malicious software
to users via e-mail, claiming that it is a product upgrade from a software
vendor. Recently, several people have done this, sending e-mails that contain
software attachments to wide audiences on the Internet. The e-mails claim
that the attachments are product upgrades from Microsoft or other software
vendors, but in fact they are harmful software that may damage the user's
software and files when they run the attachments. Microsoft never distributes software directly via e-mail. Microsoft
distributes software on physical media like CD ROMs and floppy disks. Microsoft
distributes upgrades via the Internet. When Microsoft does this, the software
will be available via Microsoft's web site, http://www.microsoft.com, or through http://www.microsoft.com/downloads/search.asp?. Microsoft
occasionally sends e-mail to customers to inform them that upgrades are
available. However, the e-mail will only provide links to the download sites
̵ Microsoft will never attach the software itself to the e-mail. The links
will always lead to either our web site or our FTP site, never to a
third-party site. Microsoft
always uses Authenticode to digitally sign our products and allow you to
ensure that they have not been tampered with. If you receive an e-mail that claims to contain software from Microsoft, do not run the attachment. The safest course of action is to delete the mail altogether. If you would like to take additional action, report the e-mail to the sender's Internet Service Provider. Most ISPs provide an "abuse" userid for this purpose. (ma) Microsoft Tel. (089)
3176-5000, Fax (089) 3176-5111 E-Mail: prserv@microsoft.com |
