nanog mailing list archives
Re: ISPs' willingness to take action
From: Scott Francis <darkuncle () darkuncle net>
Date: Mon, 3 Nov 2003 15:37:51 -0800
Top posting self-reply: looks like a lot of what I've suggested may have finally been acknowledged by MS, according to a recent Register.co.uk article. http://www.theregister.co.uk/content/56/33599.html We can only hope ... -- Scott Francis || darkuncle (at) darkuncle (dot) net illum oportet crescere me autem minui On Mon, Nov 03, 2003 at 03:05:03PM -0800, darkuncle () darkuncle net said: [snip]
The 3 things that would do the most to help eliminate this problem (millions
of easily 0wned end-user hosts) right now are all things that lie in
Microsoft's domain:
1) enable Internet Connection Firewall by default;
2) enable automatic Windows Update patch installation by defuault; [*]
3) modify the HTML engine in Outlook/OE such that it can ONLY render HTML,
and any active content is ignored - in other words, replace MSIE as a backend
HTML rendering engine with, say, lynx. [**]
(and even if the above were all incorporated into all subsequent releases of
Windows, it might take years before the old insecure hosts were finally
replaced ...)
Nothing new to this crowd, I'm sure, but I sure wish there was a way to make
this a priority to the folks at MS, who are really the only people with the
ability to make this happen. Without their compliance, the problem will never
improve (not as long as they're as dominant as they currently are).
--
Scott Francis || darkuncle (at) darkuncle (dot) net
illum oportet crescere me autem minui
[*] I'm well aware of the potential disaster were the WindowsUpdate site to
be trojaned. However, corporate IT should be updating from a single server by
the schedule of their windows admins, and for everybody else ... it couldn't
be much worse than the current state of affairs.
[**] I've given up on hoping that email will return to the plain old text it
was intended to be. I'm in the minority on that opinion, and I'm willing to
settle for HTML in email if it can be rendered in a non-harmful manner (i.e.
plain vanilla HTML only).
Attachment:
_bin
Description:
Current thread:
- Re: ISPs' willingness to take action Scott Francis (Nov 03)
- Re: ISPs' willingness to take action Scott Francis (Nov 03)
- Re: ISPs' willingness to take action Matthew Sullivan (Nov 03)
- Re: ISPs' willingness to take action Scott Francis (Nov 03)