Full Disclosure mailing list archives
Re: [Fwd: Last Critical Update]
From: Damian Gerow <damian () sentex net>
Date: Tue, 23 Sep 2003 18:34:28 -0400
Thus spake Richard M. Smith (rms () computerbytesman com) [23/09/03 17:40]:
No user education is required. Any Windows email reader worth its salt should be automatically deleting all incoming attached files which are executable programs. Outlook has been doing this since the fall of 2000. Outlook Express 6 also has this option, but it was off by default until recently. :-(
And that action prompts not only user interaction, but administrator interaction. Think outside the scope of your happy little Corporation, with tightly controlled desktops. Think ... ISP. The Wild West of Computing. </daydream> See, the problem is, as an ISP, we have to provide multiple types of services -- spam scanning, AV scanning. content filtering, etc. So we do, both for our sanity, our customer's sanity, and the sanity of the 'Net as a whole. It's become a not-too-uncommon ocurrence for the end user to send us a message, demanding that we turn off the filtering on their account, because we're blocking their attachments. Yes, OE is popping up, saying, 'Hi! I've blocked access to an unsafe attachment. This is for your security.' It's too late to just *stop* all attachments in their tracks. End users have gotten far too used to having what they have, to go backwards. Especially those who 'upgrade' from Win95 to WinXP, and then claim that they don't have the same functionality that they used to have. And the burden of this often falls on /our/ shoulders; the Providers. At this point, I would suggest that instead of outright blocking it, a message comes up that says, 'Hi. You're about to run something unsafe. You shouldn't do this, no exceptions. If you really want to, you may permanently damange your computer. Click OK to heedlessly run this program.' And when that happens, pop up an exclamation box that says, 'Running unsafe attachment, possible system damange may occur'. Something straightforward and simple, that will scare the pants off of them. Make them /want/ to not run attachments, I say! Problem is, I know that users will just get used to those warnings, and start to ignore them. Just like people learn to ignore the oil warning light on older cars, or the funny sound that their wheel wells make, or the fact that every time they turn on their computer, they do a checkdisk ('Does it always do thi?' 'Oh yes, this is normal.'). IMHO, Microsoft has shoved the MUA market into a tight corner, with few readily visible roads out. And outright attachment blocking is /not/ one of them, unfortunately. </rant -- it's been a long day> _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- [Fwd: Last Critical Update] Ralf (Sep 23)
- RE: [Fwd: Last Critical Update] Richard M. Smith (Sep 23)
- Re: [Fwd: Last Critical Update] Damian Gerow (Sep 23)
- Swen Really Sucks Jason Coombs (Sep 23)
- Re: Swen Really Sucks Jonathan A. Zdziarski (Sep 23)
- Re: Swen Really Sucks Nick Price (Sep 24)
- Re: Swen Really Sucks Peter Busser (Sep 24)
- Re: Swen Really Sucks Evan Borgstrom (Sep 24)
- Re: Swen Really Sucks Justin (Sep 24)
- Re: Swen Really Sucks Evan Borgstrom (Sep 25)
- RE: [Fwd: Last Critical Update] Richard M. Smith (Sep 23)
- Re: Swen Really Sucks Brent J. Nordquist (Sep 24)
- Re: Swen Really Sucks christophe barbe (Sep 24)
- Re: Swen Really Sucks Thamer Al-Harbash (Sep 24)