RE: Outlook 2007: one step forward, two steps back?

[Nick FitzGerald <nick () virus-l demon co uk>]

Richard M. Smith to me:

> How does Pegasus Mail for Windows handle attached executable files?  Does it
> probably block them so they can't be run?  I'm asking because attached
> executable files have been historically the number one method for
> transmitting email worms from one user to the next.

When it became apparent to the author of PMail that "folk in general" 
were not, in fact, anywhere near as savvy as the earlier generations of 
users of his MUA, he changed the default behaviour of the next version 
so that a user could not automatically run (execute binaries, open 
files that could carry active content like Word documents, etc, etc) 
attachments -- you could only choose to "detach" (extract, decode) 
them.  This behaviour was configurable, so those who preferred the 
"allow me to shoot off my feet without even thinking" default approach 
(for about the next four years) in MS MUAs could have it -- I think 
about four people on the planet actually made that config choice).  


Regards,

Nick FitzGerald

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.