funsec mailing list archives
RE: Outlook 2007: one step forward, two steps back?
From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Wed, 11 Apr 2007 02:29:46 +1200
Richard M. Smith to me:
How does Pegasus Mail for Windows handle attached executable files? Does it probably block them so they can't be run? I'm asking because attached executable files have been historically the number one method for transmitting email worms from one user to the next.
When it became apparent to the author of PMail that "folk in general" were not, in fact, anywhere near as savvy as the earlier generations of users of his MUA, he changed the default behaviour of the next version so that a user could not automatically run (execute binaries, open files that could carry active content like Word documents, etc, etc) attachments -- you could only choose to "detach" (extract, decode) them. This behaviour was configurable, so those who preferred the "allow me to shoot off my feet without even thinking" default approach (for about the next four years) in MS MUAs could have it -- I think about four people on the planet actually made that config choice). Regards, Nick FitzGerald _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Outlook 2007: one step forward, two steps back? rms (Apr 09)
- RE: Outlook 2007: one step forward, two steps back? Larry Seltzer (Apr 09)
- Re: Outlook 2007: one step forward, two steps back? Nick FitzGerald (Apr 09)
- RE: Outlook 2007: one step forward, two steps back? Richard M. Smith (Apr 09)
- RE: Outlook 2007: one step forward, two steps back? Nick FitzGerald (Apr 09)
- RE: Outlook 2007: one step forward, two steps back? Richard M. Smith (Apr 10)
- RE: Outlook 2007: one step forward, two steps back? David Harley (Apr 10)
- RE: Outlook 2007: one step forward, two steps back? Nick FitzGerald (Apr 10)
- RE: Outlook 2007: one step forward, two steps back? Richard M. Smith (Apr 09)
- Message not available
- Re: Outlook 2007: one step forward, two steps back? Nick FitzGerald (Apr 10)