North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Misplaced flamewar... WAS: RE: in case nobody else noticed it, there was a mail worm released today
On Wed, Jan 28, 2004 at 12:07:36PM -0500, Patrick W.Gilmore said something to the effect of: > > On Jan 28, 2004, at 11:56 AM, james wrote: > Not sure why that is the case. Web browsers know better than to > execute things, or at least to execute them in a sandbox, and there > seems to be much more "abuse" capabilities in IE / Netscape than > $RandomMailReader. > > How hard is it to tell a mail reader "NEVER execute a binary"? If w00t. > someone really wants to run a program that was e-mailed to them, they > can save the attachment and run it outside the mail reader or > something. So things like "virus.doc.exe" won't get executed by $luser > who thinks it was a word doc. I don't think it's that it's hard, so much as inconvenient. C-level-officer types ;) want point-and-click to open and launch, not to be ordered to port and manipulate attachments to access them. And since that might be too much effort...heck...why not give users a peep-hole preview function that allows them to split the screen and peak into the email without clicking on anything at all? Back-office IT heads would roll if that went away... We _can_ thank M$ for setting the bar on this one; no one expected irresponsible features like instant access to attached goodies until the Internet-for-Idiots and SMTP-for-the-generally-challenged revolutions were ushered in to the sounds of "Where do you want to go today, and how much do you want to break/spend/consume while you're there?" I wish I could end this with "Friends don't let friends use Outlook," but I have to agree that the fault still lies primarily in the users that continually refuse to heed the warnings of A) shut that preview pain^N^Nne shee-yit off B) don't execute attachments in email, even/especially if it looks like it might be a really k00l screen saver... Long live mutt. ;) ymmv, --ra -- K. Rachael Treu, CISSP [email protected] ..this email has been brought to you by the letters 'v' and 'i'.. > > There are ways around this (copy/paste an executable into a word doc, > then type "Click here!" in the Word doc), but it might help. > > Might.... :) > > -- > TTFN, > patrick
|