Unfortunately, Microsoft is now including an unzipper program in their OS (XP), so it's much easier for a lay user to make a mistake. It used to be that if you wanted to deal with zip files you needed to download WinZip, PKZip or something similar, but now, thanks to Microsoft, all you have to do is double click.
Mind you, it will *still* prompt you for a location to put the archived files and you *still* have to go get those files and double click on them to run them. It's just a bit easier for the novice to get to them now. Paul Schmehl ([EMAIL PROTECTED]) Adjunct Information Security Officer The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu/~pauls/ > -----Original Message----- > From: Richard M. Smith [mailto:[EMAIL PROTECTED] > Sent: Thursday, June 26, 2003 7:44 AM > To: [EMAIL PROTECTED] > Subject: RE: [Full-Disclosure] A worm... > > > Hi Peter, > > Thanks for the background info. Because of the password > issue, any security protections for .ZIP files need to be > built into a unzipper program. As a minimum, Microsoft needs > to put a warning dialog in the Windows unzipper when > double-clicking on an executable file in a .ZIP file that > comes attached to an email message. Better yet, don't allow > .ZIP files to be opened from an email message. Force people > to save them first. Netscape had this second basic > protection scheme in Communicator years ago. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
