> -----Original Message----- > From: Shawn Connelly [mailto:[EMAIL PROTECTED]] > Sent: Friday, November 09, 2001 6:50 PM > To: Exchange Discussions > Subject: RE: Outlook blocked access to the following > potentially unsafe - FOR THE LAST TIME! > > > >Subject: RE: Outlook blocked access to the following > potentially unsafe > >From: Chris Scharff <[EMAIL PROTECTED]> > >Date: Thu, 8 Nov 2001 13:54:00 -0600 > >>There are about 20 pages of material relating > >> to this patch and since I run a dept. with over 50 systems > > > >Ok... So of the pages you did read.. Which were the > compelling reasons > which > >caused you to apply the patch? What issue was it fixing for > you which > >made it a time critical installation? I don't install any patch from > >Microsoft > > Simply put, eliminate the nonsense about auto-running of vb > scripts and accident execution of like programs, yes > including .exe and .com. But damnit, I still wanted a way to > get those .exe and .com attachments from some workstations.
Microsoft provides a method for doing that. Had you read the help files and discussion on the subject completely before going off to install it, you could have had the mechanisms in place to do exactly what you want before the patch was installed on a single desktop. Microsoft finally sets the security on a product to high by default and now they're idiots for having done so?[1] Phleeze. > I never stated that I regret installing this patch, rather, > I'm annoyed that MS choose this as their solution to the vb* > scripting stupidity. Which scripting language stuipidity would this be? Examples? > The smarter solution would have been to remove the dangerous > capabilities of their scripting language. Is that so > difficult for some to understand? Yes, I'm completely flumoxed by it actually. Any /useful/ scripting language is inherently dangerous. Install perl on a users desktop and I'll happily send you a perl script which can wreck all kinds of havoc on their machine. > >There are certainly other solutions and Microsoft provided > >workarounds.. Analogies are so inaccurate when actual factual > >discussions would suffice. > > True, however, analogies are very effective when factual > discussions are not understood. Perhaps then you can do your research and get back with us? > >Well, that's about 30% short of what was needed. Since this was an > >Outlook patch, did you visit the FAQ's suggested resource for any > >Outlook > questions? > >If so, you would have found a ton of information on the subject. > > Again, I did understand the nature of this patch. 70% meant > that I skimmed through the documentation but I understood > what to expect. Ok, then if you understood what to expect why are we having this discussion? You knew then that files would be blocked and that there were tools to allow you to continue to give users access to them. > If you're referring to the FAQ advertised in this discussion > list, I just recently read it; my compliments to the > creator(s). Very well done! Yes, and for Outlook questions it references slipstick.com which is by far and away the best resource on Outlook information. > >This isn't a friendly discussion group, it's a professional > discussion > >group. The Outlook security patch has been discussed ad > infinitum here. > It's > >hardly new and if you'd wanted to know its value, you could have > >checked > the > >archives. > > A group of 'professionals'? Well, I'm not entirely convinced > by *some* of the responses I've received. > I'm new here, so I've only recently found the archives. Well, it's certainly not a friendly discussion list, since it isn't by invitation only I guess the level of professional skill varies greatly. > >The assumptions I see being made are that you didn't take > the time to > >thoroughly read up on the patch or research it, and that you > deployed > >it on > > Incorrect. I've already explained this several times. > Perhaps I wasn't clear about this in the beginning. > > In my original message, I did clearly demonstrate my > knowledge of the registration work-around to the patch's > intended limitations. I was simply inquiring about > alternative corrections. Well, the registry solution is certainly one... and could be implemented through a batch script quite easily... But the more secure solution is to use the Exchange forms method. You can also disable the association of wsh files and vbs files. > > Your proactive stance being to deploy the latest version without > > testing? > > Erroneous assumption. Then why deploy it if it didn't meet your needs? [1] Not that the security provided by the patch is adequate..... It's still trivial for someone who knows what they are doing to potentially exploit an Outlook 2000 SR2 machine. But that's not really the point of this discussion. _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]
