Vulnerability Development mailing list archives
Re: Why not a changeling?
From: Michael.Wojcik () MERANT COM (Michael Wojcik)
Date: Tue, 23 May 2000 14:45:12 -0700
-----Original Message----- From: White Vampire [mailto:whitevampire () mindless com] Sent: Tuesday, May 23, 2000 12:17 PM On Mon, May 22, 2000 at 10:24:15AM -0700, Michael Wojcik
(Michael.Wojcik () MERANT COM) wrote:
: There's no easy fix for this, but there is an obvious one: don't allow
: attachments, and put reasonable restrictions [on] executable content and : downloads in general. Unfortunately, users would rather endure periodic : bouts of malicious-software-induced trauma than give up a few toys.
Not necessarily give up attachments. That is an excessive solution for a pretty simple problem.
Excessive in what way? I've *never* received an attachment that couldn't have been better delivered in another manner, and I receive several every day, from co-workers and customers and others. The world went along just fine in the days before MIME.
Simply do not parse superfluous data. My mail client does not parse HTML or any other MIME types unless I /tell/ it to. (And even then, it would be doing it externally.)
Same here, and I've yet to suffer - directly - the depredations of an email virus, or any other malicious software. Unfortunately, every time some yahoo writes one of these things, a few dozen less-vigilant fellow employees set it off, and down go the shared resources, which affects my work.
I do not really understand why so much debate, attention, and concern is directed to things such as this. They live and depend upon stupid software, stupid lusers, and stupid implementations.
And stupid facilities, like email attachments. Yes, you could greatly reduce the problem by eliminating one of the four. Eliminating stupid software and stupid implementations doesn't look likely to happen anytime soon, and it's illegal to eliminate stupid users. Disabling unnecessary toys - like MIME - is quite a lot simpler. By the way, since I'm on the VULN-DEV list, you needn't send me messages you're sending there as well. Michael Wojcik michael.wojcik () merant com MERANT Department of English, Miami University
Current thread:
- Conserver Overflow, (continued)
- Conserver Overflow James Snow (May 23)
- Re: Why not a changeling? Jeff Bachtel (May 23)
- Re: Why not a changeling? Michael H. Warfield (May 24)
- Re: Why not a changeling? Michael Wojcik (May 22)
- Re: Why not a changeling? White Vampire (May 23)
- Re: Why not a changeling? Dick St.Peters (May 25)
- Re: Why not a changeling? White Vampire (May 25)
- Re: Why not a changeling? White Vampire (May 23)
- Re: Why not a changeling? sigipp () WELLA COM BR (May 22)
- Re: Why not a changeling? Michael Wojcik (May 22)
- Re: Why not a changeling? Maxime Rousseau (May 23)
- Re: Why not a changeling? Michael Wojcik (May 23)
- Re: Why not a changeling? White Vampire (May 25)
- Re: Why not a changeling? rain forest puppy (May 23)
- Re: Why not a changeling? Michael Wojcik (May 25)
- Re: Why not a changeling? prole (May 25)
- Re: Why not a changeling? Maxime Rousseau (May 25)
- Re: Why not a changeling? sigipp () WELLA COM BR (May 29)