Misplaced flamewar... WAS: RE: in case nobody else noticed it, there was a mail worm released today
Rachael Treu
rara at navigo.com
Wed Jan 28 18:44:34 UTC 2004
On Wed, Jan 28, 2004 at 12:07:36PM -0500, Patrick W.Gilmore said something to the effect of:
>
> On Jan 28, 2004, at 11:56 AM, james wrote:
> Not sure why that is the case. Web browsers know better than to
> execute things, or at least to execute them in a sandbox, and there
> seems to be much more "abuse" capabilities in IE / Netscape than
> $RandomMailReader.
>
> How hard is it to tell a mail reader "NEVER execute a binary"? If
w00t.
> someone really wants to run a program that was e-mailed to them, they
> can save the attachment and run it outside the mail reader or
> something. So things like "virus.doc.exe" won't get executed by $luser
> who thinks it was a word doc.
I don't think it's that it's hard, so much as inconvenient.
C-level-officer types ;) want point-and-click to open and launch,
not to be ordered to port and manipulate attachments to access them.
And since that might be too much effort...heck...why not give users
a peep-hole preview function that allows them to split the screen and
peak into the email without clicking on anything at all? Back-office
IT heads would roll if that went away...
We _can_ thank M$ for setting the bar on this one; no one expected
irresponsible features like instant access to attached goodies until
the Internet-for-Idiots and SMTP-for-the-generally-challenged
revolutions were ushered in to the sounds of "Where do you want to go
today, and how much do you want to break/spend/consume while you're
there?"
I wish I could end this with "Friends don't let friends use Outlook,"
but I have to agree that the fault still lies primarily in the users
that continually refuse to heed the warnings of
A) shut that preview pain^N^Nne shee-yit off
B) don't execute attachments in email, even/especially if it looks
like it might be a really k00l screen saver...
Long live mutt. ;)
ymmv,
--ra
--
K. Rachael Treu, CISSP rara at navigo.com
..this email has been brought to you by the letters 'v' and 'i'..
>
> There are ways around this (copy/paste an executable into a word doc,
> then type "Click here!" in the Word doc), but it might help.
>
> Might.... :)
>
> --
> TTFN,
> patrick
More information about the NANOG
mailing list