17751Re: pedit6.01_beta and LapTopHack6.01_beta are here... - OT
- May 1, 2002Gary,
Subject marked off topic as per your (valid) request. :)
I know about the problem you're referring to. I will never claim that
Microsoft's products are air tight. Yes, they do have issues, as does
all other software.
Also, you are specifically referring to an un-patched version of
Outlook. If you buy a house and after 6 months, the contracter tells
you that they've been notified of a design flaw in the windows (no
pun intented) which makes it easy for a burglar to break in, are you
going to categorically ignore that warning? Microsoft has security
bulletins that you can subscribe to, they have a good support site,
they have Windows update and critical update notification. If you
choose to ignore the lot of them, you risk running into a problem
sooner or later. Especially because software with such a large market
penetration is under constant attack on one side, and scrutiny on the
I work at a bank where we use multimillion dollar mainframe systems
with equally priced key software products (such as database systems).
You wouldn't believe the kind of bugs we still report to IBM for
those, some are just too transparant and fatal to get your head
And I remember a case when global player Sun Microsystems was not
only pointed out a glaring bug in one of their file servers which
could cause massive loss of data, they also tried to cover it up and
went as far as paying off large customers in order to keep them quiet
about it. When this eventually came out, there was a big scandal
Fact is that the lot of them have their fair share of royal screw-
ups. Why isn't this known to hardly anyone? Because average Joe
doesn't have IBM mainframes or Sun hard/software at home. And because
he expects all his software to be cheap, user friendly, packed with
gadgets and gizmos and ultimately safe and bug free starting at
version 1.0 without any action on his part. Unfortunately, that's now
how it works anymore in this hostile world of computing.
--- In peditors@y..., "Gary" <gvansant@q...> wrote:
> The latest KlezG worm attachment can be executed by merely VIEWING
the e-mail message in un-patched OE or Outlook! Please see:
> ----- Original Message -----
> From: "rvanderwoning" <rvanderwoning@y...>
> To: <peditors@y...>
> Sent: Tuesday, April 30, 2002 04:13 AM
> Subject: [peditors] Re: pedit6.01_beta and LapTopHack6.01_beta are
> > --- In peditors@y..., Ian Soboroff <ian.soboroff@n...> wrote:
> > > "rvanderwoning" <rvanderwoning@y...> writes:
> > >
> > > > Did it ever occur to you that virii can be spread through
> > by
> > > > other ways than exploiting a mail reader vulnerability?
> > >
> > > Not virii per se... there have been exploits in e.g. sendmail,
> > > course, so that's a vulnerability in a mail server, not a
> > But
> > > since the mail server doesn't actually run code received by
> > > there haven't been virii.
> > >
> > > I don't consider that MS bashing (although they are the biggest
> > > perpetrators...), bad software design just bugs me. It would
> > > been silly enough in a mail client back in the days before spam
> > > the big bad 'net. But when you know that for most email users,
> > > upwards of 90% of their email is unsolicited and possibly
> > adversarial,
> > > to blindly run and/or install code received via email is
> > It's
> > > like shipping a car with neither steering wheel nor brakes, and
> > > telling people that they'll be fine as long as they keep the
> > > closed.
> > >
> > > Do users of such clients consider the convenience of
> > > running unchecked code received via email with broad
> > worth
> > > the risk?
> > That depends on what you call "automatically running unchecked
> > I have been using Outlook for about as long as it's been around
> > never ran into a single virus problem because of it. In fact, my
> > virus scanner, which I do have installed just for peace of mind,
> > been pretty much idle over its lengthy lifespan.
> > If you mean that it's possible for an Outlook user to receive a
> > message with a virus infected attachment which he could then
> > and run on his computer, then yes, that's possible. But that also
> > goes for non-Microsoft platforms. Only those don't have the kind
> > market share among "ordinary" users and hence less exposure to
> > kind of problems we're talking about. That also makes these
> > less interesting to be targeted with virii and other sorts of
> > in the first place.
> > Also, the "unordinary" (aka more advanced) users are more
> > knowledgable about things they should and shouldn't do with their
> > computers. Most of the virus-problems that occur these these
> > from the inane desire at the part of the user to blindly run and
> > install everything he's being sent. If we're going to use
> > that would be like not putting on your seatbelt, running your car
> > into a brick wall and then blaming the car manufacturer for it
> > because you expected the car to be safe under all circumstances.
> > Yes, Outlook does have its vulnerabilities, and possibly more
> > other mailers. But this comes with the functionality it offers
> > which definitely serves a very clear purpose. The fact that
> > doesn't exercise some common sense in using those features (see
> > car analogy) doesn't constitute bad software design in my opinion.
> > Roy.
- << Previous post in topic Next post in topic >>