Re: Outlook/HTML "proggie"

[spepper () WLU CA (Shelagh Pepper)]

My point is that a lot of users (here at least) always click YES. In
addition, a number of users, tired of getting the warning messages, change
their security settings to avoid the warning messages, in which case it IS
transparent to the user. For example, my script ran on a Help Desk
technician's PC with no warning messages at all!

I do agree that for a lot (the majority?) of users, you might as well have
a vbs script attached. We were hit pretty hard by the IxxxxYOU   (key word
not spelled out to avoid all the postmaster mail I got yesterday) script,
and only a few days later users happily let my script run, so I don't
believe the warning messages provide much security, at least not here.

BTW, methodman's script is not effective if you have installed Microsoft's
patch for the "SCR" vulnerability , originally posted: August 31, 1999
see http://www.microsoft.com/technet/security/bulletin/ms99-032.asp

Shelagh

At 11:07 AM 6/1/00 -0400, Maxime Rousseau wrote:
> I have tested this a little bit here and I have not been able to use the
> FSO within an HTML message, unless the user explicitly clicks YES at the
> prompt for unsafe activex or has his security set to allow unsafe
> activex in html emails. Thats not so by default and if your 'CAN'
> involves the user clicking the YES box, then its not all that great, you
> might as well have a vbscript file attatched.
>
> My point was (and still is) you cant use a FSO in an html eMail in a
> transparent-to-user manner, sorry if i was unclear.

Shelagh Pepper                          (519) 884-0710 x3939
Multimedia Coordinator                  (519) 884-1970 x3939
Computing and Communication Services    (519) 884-1279 FAX
Wilfrid Laurier University                      spepper () wlu ca
Waterloo, Ontario, N2L 3C5                      webmaster () wlu ca