<![CDATA[Specifically only old versions of Outlook allow script to be run in this
way.
This is the same old argument AGAIN: are viruses targeting outlook
because it's vulnerable or because it's popular? Considering that it's
quite clear that virus writers wish to attack the most systems possible
it seems like there's at some credence to the latter.
The very argument claims the issue is a user (and thus a usability)
problem:
"the [problem] is with about 80% of idiots in the planet who beleive
that since the have a product published by the biggest software editor
it's got to be safe, and they have no idea what a security breach is,
nor what a patch is."
On that score MS has made this a priority and is doing a decent job:
Windows Update within the browser (as opposed to hidden in some control
panel), automatic downloads/reminders to check for patches,
user-accessible patching processes. Their software is being shipped
with safe defaults and easy to understand options (for example the
security zone concept) and warnings.
They've made great strides on the technical and, I think more
importantly, usability fronts of security. More than any other company
in my opinion.
Jim Davis
-----Original Message-----
From: Doug White [mailto:[EMAIL PROTECTED]
Sent: Monday, September 22, 2003 10:18 PM
To: CF-Talk
Subject: Re: [ OT] Special security Alert!
It is easy to turn off scripting support in Outlook.
But, on the other hand, ny who does not have a good and up to date A/V
program
running on their commuter is just being negligent. That is the real
reason
virus are being spread, not misconfigured Outlook set ups..
In my case there are several layers to get through before an email even
gets to
my Outlook or Outlook Express.
First it must pass the virus scanner on the mail server. if it makes it
past
that, it has to pass the different virus scanner on my POP mail server.
If it
gets past that one, then Zone Alarm will rename the extension on any
executable
before my NAV even sees it on the local machine. I also have all
scripting
support turned off on Outlook, thus even if I open a mail with iframe
code, it
will not execute.
======================================
Stop spam on your domain, use our gateway!
For hosting solutions http://www.clickdoug.com
Featuring Win2003 Enterprise, RedHat Linux, CFMX 6.1 and all databases.
ISP rated: http://www.forta.com/cf/isp/isp.cfm?isp_id=772
Suggested corporate Anti-virus policy:
http://www.dshield.org/antivirus.pdf
======================================
If you are not satisfied with my service, my job isn't done!
----- Original Message -----
From: "Claude Schneegans"
To: "CF-Talk"
Sent: Monday, September 22, 2003 7:06 PM
Subject: Re: [ OT] Special security Alert!
| >>I am not sure why everyone is blaming Outlook for this.
|
| Because only Outlook allows script to be executed just when opening
the
message.
| Outlook is the principal if not the only responsible for so many
viruses all
over the world.
|
| >>I use Outlook almost exclusively and have not been infected with any
virus.
|
| Good for you, because you know how to avoid being infected. The
problem is not
with people
| like you (or me) the people is with about 80% of idiots in the planet
who
beleive that since
| the have a product published by the biggest software editor it's got
to be
safe, and
| they have no idea what a security breach is, nor what a patch is.
|
| >>If you do not have a good antivirus application on you machine, no
matter
what you use,
| you stand a good chance of being infected.
|
| If you click on anything which looks sexy, yes, but with Outlook you
don't
even have to click.
|
| >>I have received dozens of these emails over the weekend, and all of
them
have a
| nice little text file attached telling me that Norton deleted the
virus from
the .exe that was originally attached.
|
| Big deal ! I don't even have Norton check my mail. it slows down and
I'm
perfectly able to
| delete the message by myself. The problem is not to delete the virus:
the
problem what it takes
| on my "bandwidth".
|
| >>Also, I do NOT have the preview pane opened just in case Norton
misses it.
|
| Again, good for you, but obviously, dozens of people do not take thes
precautions.
|
| >>Anyway, you cannot totally blame the mail client for getting
infected. The
| problem usually is somewhere between the keyboard and the chair.
|
| Wherever the problem is, if Microsoft made a safer program, we
wouldn't have
to discuss
| about where is the problem ;-)
|
|
]]>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
[
Todays Threads] [
This Message] [
Subscription] [
Fast Unsubscribe] [
User Settings]
![]()
