Loading ...
Sorry, an error occurred while loading the content.

17751Re: pedit6.01_beta and LapTopHack6.01_beta are here... - OT

Expand Messages
  • rvanderwoning
    May 1 12:21 AM
    • 0 Attachment
      Gary,

      Subject marked off topic as per your (valid) request. :)

      I know about the problem you're referring to. I will never claim that
      Microsoft's products are air tight. Yes, they do have issues, as does
      all other software.

      Also, you are specifically referring to an un-patched version of
      Outlook. If you buy a house and after 6 months, the contracter tells
      you that they've been notified of a design flaw in the windows (no
      pun intented) which makes it easy for a burglar to break in, are you
      going to categorically ignore that warning? Microsoft has security
      bulletins that you can subscribe to, they have a good support site,
      they have Windows update and critical update notification. If you
      choose to ignore the lot of them, you risk running into a problem
      sooner or later. Especially because software with such a large market
      penetration is under constant attack on one side, and scrutiny on the
      other.

      I work at a bank where we use multimillion dollar mainframe systems
      with equally priced key software products (such as database systems).
      You wouldn't believe the kind of bugs we still report to IBM for
      those, some are just too transparant and fatal to get your head
      around.

      And I remember a case when global player Sun Microsystems was not
      only pointed out a glaring bug in one of their file servers which
      could cause massive loss of data, they also tried to cover it up and
      went as far as paying off large customers in order to keep them quiet
      about it. When this eventually came out, there was a big scandal
      about it.


      Fact is that the lot of them have their fair share of royal screw-
      ups. Why isn't this known to hardly anyone? Because average Joe
      doesn't have IBM mainframes or Sun hard/software at home. And because
      he expects all his software to be cheap, user friendly, packed with
      gadgets and gizmos and ultimately safe and bug free starting at
      version 1.0 without any action on his part. Unfortunately, that's now
      how it works anymore in this hostile world of computing.

      Roy.

      --- In peditors@y..., "Gary" <gvansant@q...> wrote:
      > Roy,
      >
      > The latest KlezG worm attachment can be executed by merely VIEWING
      the e-mail message in un-patched OE or Outlook! Please see:
      >
      >
      http://www.esecurityplanet.com/trends/article/0,,10751_1013781,00.html
      >
      > Cheers,
      >
      > Gary
      >
      > ----- Original Message -----
      > From: "rvanderwoning" <rvanderwoning@y...>
      > To: <peditors@y...>
      > Sent: Tuesday, April 30, 2002 04:13 AM
      > Subject: [peditors] Re: pedit6.01_beta and LapTopHack6.01_beta are
      here...
      >
      >
      > > --- In peditors@y..., Ian Soboroff <ian.soboroff@n...> wrote:
      > > > "rvanderwoning" <rvanderwoning@y...> writes:
      > > >
      > > > > Did it ever occur to you that virii can be spread through
      email
      > > by
      > > > > other ways than exploiting a mail reader vulnerability?
      > > >
      > > > Not virii per se... there have been exploits in e.g. sendmail,
      of
      > > > course, so that's a vulnerability in a mail server, not a
      client.
      > > But
      > > > since the mail server doesn't actually run code received by
      email,
      > > > there haven't been virii.
      > > >
      > > > I don't consider that MS bashing (although they are the biggest
      > > > perpetrators...), bad software design just bugs me. It would
      have
      > > > been silly enough in a mail client back in the days before spam
      and
      > > > the big bad 'net. But when you know that for most email users,
      > > > upwards of 90% of their email is unsolicited and possibly
      > > adversarial,
      > > > to blindly run and/or install code received via email is
      insane.
      > > It's
      > > > like shipping a car with neither steering wheel nor brakes, and
      > > > telling people that they'll be fine as long as they keep the
      doors
      > > > closed.
      > > >
      > > > Do users of such clients consider the convenience of
      automatically
      > > > running unchecked code received via email with broad
      permissions
      > > worth
      > > > the risk?
      > >
      > > That depends on what you call "automatically running unchecked
      code".
      > > I have been using Outlook for about as long as it's been around
      and I
      > > never ran into a single virus problem because of it. In fact, my
      > > virus scanner, which I do have installed just for peace of mind,
      has
      > > been pretty much idle over its lengthy lifespan.
      > >
      > > If you mean that it's possible for an Outlook user to receive a
      mail
      > > message with a virus infected attachment which he could then
      detach
      > > and run on his computer, then yes, that's possible. But that also
      > > goes for non-Microsoft platforms. Only those don't have the kind
      of
      > > market share among "ordinary" users and hence less exposure to
      the
      > > kind of problems we're talking about. That also makes these
      platforms
      > > less interesting to be targeted with virii and other sorts of
      attacks
      > > in the first place.
      > >
      > > Also, the "unordinary" (aka more advanced) users are more
      > > knowledgable about things they should and shouldn't do with their
      > > computers. Most of the virus-problems that occur these these
      result
      > > from the inane desire at the part of the user to blindly run and
      > > install everything he's being sent. If we're going to use
      analogy's,
      > > that would be like not putting on your seatbelt, running your car
      > > into a brick wall and then blaming the car manufacturer for it
      > > because you expected the car to be safe under all circumstances.
      > >
      > > Yes, Outlook does have its vulnerabilities, and possibly more
      than
      > > other mailers. But this comes with the functionality it offers
      and
      > > which definitely serves a very clear purpose. The fact that
      someone
      > > doesn't exercise some common sense in using those features (see
      the
      > > car analogy) doesn't constitute bad software design in my opinion.
      > >
      > > Roy.
    • Show all 14 messages in this topic