> On 9/17/06 1:37 PM, "Bryan Harris" <[EMAIL PROTECTED]> wrote: > >> Sure, but I don't want it turned off. Then other nefarious scripts could >> access my address book... > > Have you ever heard of one, let alone seen one? That warning is there (so > far) just for paranoids who know that such things have happened on Windows > PCs. There are only three ways that a "nefarious" - or any other - script - > can be run: > > 1) Via a compiled script that you yourself have put into your Entourage > script folder and run by selecting it in the script menu. (I.e. even if a > nefarious application downloads and and moves it to your script folder it > won't run unless you personally choose to run it.) > > 2) Via a compiled script that you yourself have set up to be run by a > Schedule or Rule. (Note: there is no way, not even by AppleScript > application, to set up a schedule or rule to run a particular script. No way > at all. You have to have done this yourself.) > > 3) Via a script application. But a script application - even if disguised as > something else - can only be run if _you_ double-click it. > > No. 3 is the only one that conceivably could be a danger. But, on the Mac - > unlike Windows - there are no self-executing applications. Whether appearing > by download from the net or as an attachment in an email, it CANNOT run > unless YOU double-click it. So the only danger is if you choose to > double-click an unknown, unexpected application file. Don't do that, and you > will not have a problem. If you want to be REALLY safe, OK, turn on that > warning pref if and only if you are afraid that some file you have received > may not be what it appears to be. > > Have you ever heard of such a script, ever?
No, I haven't -- and I didn't mean to imply that such things existed or plant any seeds of concern. But we do need to be security conscious, just because one doesn't exist now doesn't mean that one couldn't be written in a few hours (or minutes, in your case). Note, I download freeware games sometimes. One of those could, without my knowledge, poke through my Entourage address book and send all those addresses to some server in the .ru domain and I'd never know the difference. All it would take is a mildly addictive game. It's not so outrageous an idea -- and that's why I hate to turn off security measures like this one. - B -- To unsubscribe: <mailto:[EMAIL PROTECTED]> archives: <http://www.mail-archive.com/entourage-talk%40lists.letterrip.com/> old-archive: <http://www.mail-archive.com/entourage-talk%40lists.boingo.com/>
