Email virus protection

Karsten W. Rohrbach karsten at rohrbach.de
Wed Aug 20 22:12:34 UTC 2003


just me(matt at snark.net)@2003.08.20 14:41:02 +0000:

> Please don't pretend that your MUA-de-jour is somehow invulnerable by
> design, unless you've audited every line of code yourself.

I don't.

Mutt and similar MUAs are prone to misconfiguration, which makes them
vulnerable to some degree, but this fact alone does not expose enough
surface for implementation of an internet-wide worm attack ;-)

Perhaps, Outlook is a secure and performant email solution - in, say, 3
to 4 years from now, but this means a drastic change of course for the
vendor.

In end-user application design, finding the right mix between security
and and convenience (which tend to be mutually exclusive, in one way or
the other) is a critical design decision.

You get the point.

>   On a different angle, the apparent problem of a software product being
>   vulnerable to an exploit is not solved by deploying a - albeit
>   well-patched - application monoculture worldwide. Risk is lowered by
>   using more well-designed software packages out there. Diversity is the
>   name of the game, it's nature's solution and it seems to work quite
>   well.
> 
> I completely agree. Which is why I discourage people from using
> Outlook Express as well as Mutt.

So the interesting question in context of this email thread is: what do
you encourage them for?

Regards,
/k

-- 
> Horngren's Observation:
>     Among economists, the real world is often a special case.
webmonster.de -- InterNetWorkTogether -- built on the open source platform
http://www.webmonster.de/ - ftp://ftp.webmonster.de/ - http://www.rohrbach.de/
GnuPG:   0xDEC948A6 D/E BF11 83E8 84A1 F996 68B4  A113 B393 6BF4 DEC9 48A6
Please do not remove my address from To: and Cc: fields in mailing lists. 10x



More information about the NANOG mailing list