Re: Opinion re an interesting article on Linux security in Linux Journal

[Richard Moore <rich () westpoint ltd uk>]

Disclosure: I'm part of the KDE core team

Kenneth R. van Wyk wrote:
Case in point, I just got KDE 3.2 on my PC over the weekend (thanks to the 
Debian-Sid distribution), and I'm seeing the email/PIM environment appearing 
more and more like Outlook.  I can open an email attachment straight into its 
respective app with just 2 clicks of the mouse (although that's actually been 
possible for some time).  That's not to say that doing so is a good idea, but give 
the common desktop user the _opportunity_ and...


A few things to note about this:

1. The PIM environment is actually a container that embeds the same 
kmail/kontact/addressbook code as that used in the standalone apps. The 
aim here is to bring them together into a single UI for those who want 
to work in that outlook-like way. (Note that you can still use 
everything standalone).


2. While you can open things in their apps, what you can't do is make 
anything directly execute - that takes an addition step (eg. using 
konqueror or the command line to set the executable flag, then running 
the attachment). Since we do not let macros run on document openning, 
the risks of opening things are minimised.


3. We do not display HTML email by default which drastically reduces the 
risk of information leakage, and when you do enable HTML java and 
javascript are disabled.


Unlike Microsoft, we aim to make things secure in the default 
configuration (even at the expense of a little convenience). If anyone 
does find a problem, please use [EMAIL PROTECTED] to notify us.


Cheers

Rich. (speaking for himself not the kde-pim team).