The logic, and therefore, posture taken by this "customer" is seriously flawed (IMHO). It only works with the "bigger gorilla" (e.g., the rich home user) and then, only if the gorilla publishes the posture and can gain market consensus. It fails completely in regards to commercial enterprise as any company that has done commercial/retail work on the internet must bend to the market, not the other way around, so we can assume that this customer is making a declaration only for a very minute audience that they control. As such, no technical or political statement can be claimed, only one of internal process, and such a "fix" will also be a process change only.
While it may be true that MS Outlook leakage is a [severe] irritant (but reasonably , I think it rational to understand that adverse impact (the goal sought by attackers) is measured in volume of incidents that can be triggered. Since it has been proven in court that MS has manipulated their dominant position illegally and thereby gained the significant market share they own by freely distributing their mail clients, it stands to reason that most of the threats will be targeted against their products.
But this "customer" should be aware that the only 100% successful way to avoid the problem is to demise all activity using e-mail period. That is, once they do away with MS Outlook, they then have to do away with MS Outlook Express, then Netscape, then ... da-da-da-da. One can take a good lesson from the game of Chess in which any opening sequence may easily be accomplished. It is the end game strategy that wins the day. And here, I step on the land mine by stating that this customer seemingly has no such end-game strategy nor is s/he being counseled to develop one.
Sometimes, logic trumps technology.
John Braden
Michael Cobb wrote:
Wil, et al,Thanks for the replies. To be sure, killing all inbound mail traffic from
a outlook user may seem extreme, but this customer is little concerned
about the "lack of communications". They are making a political and
technical statement. One exec told me "If Microsoft can't/won't fix
their security problems we will". Now, I take exception to the rich
home user statement. Fact is, these guys have the balls to do what
they need to do to secure their domain. I, once again, applaud these
people and wish more had the cojones to do the same. We, as
nation do not condone drunk driving, its endangers innocent people.
In my customers opinion so does outlook and Microsoft messaging
in general. They are fed up with the worms etc.Thanks all for the replies.
M
At 12:39 PM 11/28/2001 -0800, Wil Cooley wrote:
Also Sprach Henry Sieff:
> Well.
> The theory is that Microsoft's products are vectors for infection via
> worms. This is true; but blocking based on mail client is a
> superficial solution compared with the much better ones already
> available. Once you are parsing the headers and taking action based
> upon those, why not use the Content-Type header instead. Same number
> of processor cycles to do the parsing and pattern matching, plus you
> are not cutting off communications.
>
> I know of almost no corporation where blocking all outlook-generated
> email would be an acceptable solution*; quite frankly, anyone who
> "applauds" this decision as a "solution" to the risks associated with
> Outlook is remiss. We don't allow any email client to send a .scr file
> to our domain; neither should anyone.Maybe his client just doesn't want messages from Outlook users?
Maybe he's just a wealthy home-user that wants to pay someone to
do this for him?Wil
--
W. Reilly Cooley [EMAIL PROTECTED]
Naked Ape Consulting http://nakedape.cc
irc.linux.com #orlug,#pdxlug,#lnxs"There was a vague, unpleasant manginess about his appearence; he somehow
seemed dirty, though a close glance showed him as carefully shaven as an
actor, and clad in immaculate linen."
-- H.L. Mencken, on the death of William Jennings BryanMichael Cobb
President/CEO
Cobb Communications Corporation
760-443-9700
