ISPs' willingness to take action

Scott Francis darkuncle at darkuncle.net
Mon Nov 3 23:37:51 UTC 2003 

Top posting self-reply: looks like a lot of what I've suggested may have
finally been acknowledged by MS, according to a recent Register.co.uk
article.
http://www.theregister.co.uk/content/56/33599.html

We can only hope ...
-- 
Scott Francis || darkuncle (at) darkuncle (dot) net
      illum oportet crescere me autem minui

On Mon, Nov 03, 2003 at 03:05:03PM -0800, darkuncle at darkuncle.net said:
[snip]
> The 3 things that would do the most to help eliminate this problem (millions
> of easily 0wned end-user hosts) right now are all things that lie in
> Microsoft's domain:
> 
> 1) enable Internet Connection Firewall by default;
> 2) enable automatic Windows Update patch installation by defuault; [*]
> 3) modify the HTML engine in Outlook/OE such that it can ONLY render HTML,
> and any active content is ignored - in other words, replace MSIE as a backend
> HTML rendering engine with, say, lynx. [**]
> 
> (and even if the above were all incorporated into all subsequent releases of
> Windows, it might take years before the old insecure hosts were finally
> replaced ...)
> 
> Nothing new to this crowd, I'm sure, but I sure wish there was a way to make
> this a priority to the folks at MS, who are really the only people with the
> ability to make this happen. Without their compliance, the problem will never
> improve (not as long as they're as dominant as they currently are).
> -- 
> Scott Francis || darkuncle (at) darkuncle (dot) net
>       illum oportet crescere me autem minui
> 
> [*] I'm well aware of the potential disaster were the WindowsUpdate site to
> be trojaned. However, corporate IT should be updating from a single server by
> the schedule of their windows admins, and for everybody else ... it couldn't
> be much worse than the current state of affairs.
> 
> [**] I've given up on hoping that email will return to the plain old text it
> was intended to be. I'm in the minority on that opinion, and I'm willing to
> settle for HTML in email if it can be rendered in a non-harmful manner (i.e.
> plain vanilla HTML only).


-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20031103/e7cb031f/attachment.sig>

More information about the NANOG mailing list