nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Misplaced flamewar... WAS: RE: in case nobody else noticed it, there was a mail worm released today

From: Rachael Treu <rara () navigo com>
Date: Wed, 28 Jan 2004 12:44:34 -0600

On Wed, Jan 28, 2004 at 12:07:36PM -0500, Patrick W.Gilmore said something to the effect of:


On Jan 28, 2004, at 11:56 AM, james wrote:
Not sure why that is the case.  Web browsers know better than to 
execute things, or at least to execute them in a sandbox, and there 
seems to be much more "abuse" capabilities in IE / Netscape than 
$RandomMailReader.

How hard is it to tell a mail reader "NEVER execute a binary"?  If 


w00t. 


someone really wants to run a program that was e-mailed to them, they 
can save the attachment and run it outside the mail reader or 
something.  So things like "virus.doc.exe" won't get executed by $luser 
who thinks it was a word doc.


I don't think it's that it's hard, so much as inconvenient.  
C-level-officer types ;) want point-and-click to open and launch, 
not to be ordered to port and manipulate attachments to access them.  
And since that might be too much effort...heck...why not give users 
a peep-hole preview function that allows them to split the screen and 
peak into the email without clicking on anything at all?  Back-office 
IT heads would roll if that went away...

We _can_ thank M$ for setting the bar on this one; no one expected 
irresponsible features like instant access to attached goodies until 
the Internet-for-Idiots and SMTP-for-the-generally-challenged 
revolutions were ushered in to the sounds of "Where do you want to go 
today, and how much do you want to break/spend/consume while you're 
there?"

I wish I could end this with "Friends don't let friends use Outlook,"
but I have to agree that the fault still lies primarily in the users
that continually refuse to heed the warnings of 
  A) shut that preview pain^N^Nne shee-yit off
  B) don't execute attachments in email, even/especially if it looks
        like it might be a really k00l screen saver...

Long live mutt.  ;)

ymmv,
--ra
-- 
K. Rachael Treu, CISSP     rara () navigo com
..this email has been brought to you by the letters 'v' and 'i'..




There are ways around this (copy/paste an executable into a word doc, 
then type "Click here!" in the Word doc), but it might help.

Might.... :)

-- 
TTFN,
patrick
Previous By Date Next
Previous By Thread Next

Current thread: