Re: Misplaced flamewar... WAS: RE: in case nobody else noticed it, there was a mail worm released today

[Patrick W.Gilmore <patrick () ianai net>]

On Jan 28, 2004, at 11:56 AM, james wrote:

> : So?  Had the virii been an application compiled for RedHat and
> : everyone ran RedHat instead of Windows and they downloaded it using
> : Evolution and double clicked on it, it would suddenly be RH's fault
> : instead of MIcrosoft's?
>
> I suspect the skill set/clue of RH users is at least an order
> higher that windows users.
>
> The main problem I see is many e-mail readers default to having
> the preview plain open and this will then run any app it finds.
> No clicking required.

Not sure why that is the case.  Web browsers know better than to 
execute things, or at least to execute them in a sandbox, and there 
seems to be much more "abuse" capabilities in IE / Netscape than 
$RandomMailReader.

How hard is it to tell a mail reader "NEVER execute a binary"?  If 
someone really wants to run a program that was e-mailed to them, they 
can save the attachment and run it outside the mail reader or 
something.  So things like "virus.doc.exe" won't get executed by $luser 
who thinks it was a word doc.

There are ways around this (copy/paste an executable into a word doc, 
then type "Click here!" in the Word doc), but it might help.

Might.... :)

--
TTFN,
patrick