IP: Outlook 2002 -- we ARE told and CAN peek

[David Farber <dave () farber net>]

> X-Sent: 1 Nov 2001 18:07:52 GMT
> Reply-To: <bporter () theideasgroup com>
> From: "Bob Porter" <bporter () theideasgroup com>
>
> Dave,
> Just a short note to set a couple of points straight.
> I seem to recall always being able to "view source" using Outlook 2000
> on email that was sent as HTML email.
> It is certainly possible on Outlook 2002. I use that feature all the
> time, mostly to view how others have constructed their new and ever
> cleverer versions of HTML email. I just right clicked and did it moments
> ago on an HTML email. That is, of course, not available in a non-HTML
> email as you are already looking at the source.
> Outlook 2002 is very well protected and won't run any macros or
> attachments without you specifically clicking on them and then choosing
> to run them.
> In its current iteration it actually blocks many file types completely
> (.exe, .vbs, etc.)
> Methods to add even more control in your options menu of what it blocks
> are outlined here: http://www.slipstick.com/outlook/esecup/getexe.htm
>
> As a web developer I certainly have my issues with Microsoft. I just
> filed a official complaint with them last week on two issues. I firmly
> believe the proposed remedies for the Microsoft settlement are deserved
> and possibly don't go far enough.
> That being said, limiting yourself to the MAC and/or Eudora thus leaving
> you running on a platform that is used by only 4% of the population out
> of fear is just plain silly.
> Of course there are more viruses designed for Windows. If you wanted to
> write damaging virus software, would you write them for the most used
> operating system or the least used operating system?
>
> Installing patches and keeping virus software up-to-date is now mostly
> automated and trivially simple.
> When the Nimba virus hit, we had no problem with four MIIS servers, even
> in the face of over 300,000 attempts. This is with no hardware firewall
> by simply having up-to-date patches. The most recent patches at that
> time were over three months old, by the way. This is not a daily, or
> even weekly, event as suggested by Gene.
>
>
> Bob Porter
> CTO
> The Ideas Group
> 640 Bryant St.
> San Francisco, CA 94107
> bporter () theideasgroup com
> Direct line: 415-2869-8802
>
>
> -----Original Message-----
> From: owner-ip-sub-1 () admin listbox com
> [mailto:owner-ip-sub-1 () admin listbox com] On Behalf Of David Farber
> Sent: Wednesday, October 31, 2001 7:19 AM
> To: ip-sub-1 () majordomo pobox com
> Subject: IP: Re: Outlook 2000 -- we aren't told and cannot peek
>
>
> >Date: Wed, 31 Oct 2001 09:45:48 -0500
> >To: farber () cis upenn edu
> >From: Gene Spafford <spaf () cerias purdue edu>
> >Subject: Re: IP: Outlook 2000 -- we aren't told and cannot peek
> >
> >Simple answer -- don't use Outlook.
> >
> ><Step up on soapbox>
> >
> >We all have choices.   Some involve paying a little more money, and
> others
> >involve investing time in learning something new to take the place of
> what
> >we were using.
> >
> >If security is a concern, or quality is an issue, then try using
> something
> >else.   Use market forces to effect a change -- reward those vendors
> who
> >do things you want, and penalize those vendors who don't seem to "get
> it."
> >
> >Let me give you an example.
> >I run Eudora on an Apple Macintosh under MacOS 9.2.   I've used Macs
> for
> >15 years, and I have NEVER had a computer virus on my machines (that I
> >didn't download for study knowing what it was).   Not one of the
> >approximately 50,000 viruses that have been reported for DOS/Windows in
>
> >the last decade spreads on a Mac (for comparison, there are only about
> 50
> >native for the Mac in the same time period, and they are almost all
> >extinct).   By not using Word, I also don't get bothered by any of the
> >macro viruses there.   Eudora on the Mac (at least; on the Windows
> >version, too, I think) has settings to allow me to decide whether to
> run
> >attachments, and to see plain MIME code as characters, so I can see the
>
> >cruft stuffed into infected spam email for unsuspecting Outlook users.
> I
> >don't have to devote 40% of my machine's CPU time to running anti-virus
>
> >software, either.
> >
> >I have also never had a break-in to any of my  Macs.   Under MacOS 9x,
> it
> >doesn't run any services that would enable a break-in. Simple.
> >
> >As to people who complain about software not being available, a lot of
> >software that is on Windows but isn't available on the Mac is either
> games
> >or garbage.   In all my time using the Mac, I've written 3 books,
> nearly
> >50 research papers, and handle daily email correspondence loads of over
>
> >250 messages.   I program in Perl, I write and maintain WWW pages, and
> I
> >am able to open X windows to my Unix machines.  My assistant and I
> share a
> >calendar and address book with no problems.   All the software I need
> is
> >available.   That there are 10,000 other things I can't run doesn't
> matter
> >-- there are 10,000 books in other languages I can't read either, but
> I'm
> >doing just fine as is, thank you.
> >
> >I am not anti-Microsoft.  As Mike O'Dell indicated, they have done some
>
> >important things in computing and in bringing computing to the
> >masses.   Microsoft has done a lot of good work, and has helped shape
> the
> >industry.  (As an academic, I'd be lost without Powerpoint, and I
> >definitely use Excel on occasion.  Both run on the Mac, btw.) However,
> I
> >am very much troubled by Microsoft's long history of poor code quality
> and
> >security.    There are places where a Windows environment is
> >appropriate.   But I wouldn't have it my first choice for any safety or
>
> >security critical application. So, I make a conscious decision to use
> >something else in those situations where security is important to me --
>
> >such as my personal desktop.
> >
> >There are other decisions you can make, if you are interested in issues
> of
> >security and quality.  For instance, it was noted here that Gartner has
>
> >said people ought to stop using IIS.   One of my staff went through the
>
> >ICAT database maintained by NIST and found over 80 security patches
> >released for IIS in the last 3 years.   He found only 1 for Apache.
> Which
> >one are you using and why?
> >
> >And there are yet more alternatives for systems and software for
> general
> >use, and reasons they should be considered.  This includes various
> >versions of free software (note that  Linux is not necessarily more
> secure
> >than Windows -- I think the *BSD systems are much better quality and
> more
> >stable, OpenBSD in particular) and commercial systems such as Solaris
> and
> >HP/UX (which have a much better recent history of security and
> stability
> >IF you have an administrator who knows what he/she is doing).
> >
> >The best solution is not always to buy the cheapest piece of commodity
> >hardware and install the same old software everyone else is using.   If
>
> >security is important, one shouldn't base decisions solely on the
> up-front
> >acquisition and training costs.   Applying patches every few days,
> using
> >up a large fraction of your CPU running anti-virus software, and
> cleaning
> >up after malware and break-ins has cost too.  I'm also told that help
> desk
> >costs are lower for Mac shops than Windows, and over time that more
> than
> >makes up the initial purchase difference.
> >
> >Recent events have shown us that we shouldn't take security for
> >granted.   Being informed, wise consumers willing to spend a little bit
>
> >more for quality is an important part of the process.
> >
> ></Step down from soapbox>
> >
> >The security curmudgeon,
> >--spaf
>
>
> For archives see:
> http://www.interesting-people.org/archives/interesting-people/


For archives see:
http://www.interesting-people.org/archives/interesting-people/