Misplaced flamewar... WAS: RE: in case nobody else noticed it, there was a mail worm released today
Patrick W.Gilmore
patrick at ianai.net
Wed Jan 28 17:07:36 UTC 2004
On Jan 28, 2004, at 11:56 AM, james wrote:
>
> : So? Had the virii been an application compiled for RedHat and
> : everyone ran RedHat instead of Windows and they downloaded it using
> : Evolution and double clicked on it, it would suddenly be RH's fault
> : instead of MIcrosoft's?
>
> I suspect the skill set/clue of RH users is at least an order
> higher that windows users.
>
> The main problem I see is many e-mail readers default to having
> the preview plain open and this will then run any app it finds.
> No clicking required.
Not sure why that is the case. Web browsers know better than to
execute things, or at least to execute them in a sandbox, and there
seems to be much more "abuse" capabilities in IE / Netscape than
$RandomMailReader.
How hard is it to tell a mail reader "NEVER execute a binary"? If
someone really wants to run a program that was e-mailed to them, they
can save the attachment and run it outside the mail reader or
something. So things like "virus.doc.exe" won't get executed by $luser
who thinks it was a word doc.
There are ways around this (copy/paste an executable into a word doc,
then type "Click here!" in the Word doc), but it might help.
Might.... :)
--
TTFN,
patrick
More information about the NANOG
mailing list