Paul Lussier writes:
> Currently this is true, at least for Netscape. What happens in the future
> when the current Windows App development companies start shipping their
> prodicts for Windows? What happens when MS is forcibly broken up, and they
> start shipping Office/Outlook for Linux?
I think that user education will play a large part in solving this
problem. People need to be aware of rules of thumb like "Word macros
can be useful, but they can also propagate viruses" and "VBScript
might be useful, but it is dangerous as well". Heck, I've even heard
of exploits being written in Postscript (never forget that Postscript
is a programming language...).
I know dozens of users who aren't familiar with these common-sense
rules. In fact, I am looked upon as somewhat of a curmudgeon by some
of these people because I simply refuse to (for example) run the 8
megabyte executable/joke-movie that they just sent me (along with 40 of
their other closest friends). If I really want to see these joke
movies, I usually visit these people at their desks and ask them to
play them on their own computer. Sometimes people ask me ``why didn't
you play the movie on your own PC'' and I politely respond ``well, if
this executable has a virus or a trojan horse inside of it, you're
already infected and my PC is safe''. I usually get a sour look after
I say this...
Like I said before, education will go a long way towards solving this
problem.
However, this won't totally solve the problem, so I have two
additional comments:
Vendors who create products that automatically run untrusted code
without a robust sandbox are simply being irresponsible. Hint, hint:
I was unaffected by the recent exploit because I purposely don't use
such cruft.
Vendors who create products that ease the tedious processes of
certificate management, signing code, checking software fingerprints,
etc., will get my business.
--kevin
--
Kevin D. Clark | |
[EMAIL PROTECTED] | [EMAIL PROTECTED] | Give me a decent UNIX
Enterasys Networks | PGP Key Available | and I can move the world
Durham, N.H. (USA) | |
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
