> -----Original Message----- > From: IBM Mainframe Discussion List > [mailto:[EMAIL PROTECTED] On Behalf Of Howard Brazee > Sent: Monday, November 13, 2006 1:47 PM > To: [email protected] > Subject: Re: remote support questions - curiousity > > > On 13 Nov 2006 11:16:06 -0800, [EMAIL PROTECTED] (Tom > Marchant) wrote: > > >Just as an example, why did Microsoft think it was a good idea > >that a document should contain executable code? Why would I want > >to run arbitrary code that you might include in a document that > >you send me? > > > Oh, it made lots of sense until we think about hackers. All of those > macros are powerful, and power is fun and useful - as long as we have > that power, not the hackers.
It was a good idea, so long as the documents were kept on and originated from only from a trusted, secure source. Pre-Internet this could be the local LAN (ignoring sneakernet viruses). Microsoft is not the only entity to assume a friendly ecosystem. Email originated in such an environment. That is why SPAM and UCE abounds. That is why the original ftp, telnet, rexec, and such don't do encryption and are being replaced. And remember that MS was late to really understand the impact of the Internet. Not that I like MS. I don't, in general (Linux bigot here). But they are not the only ones who made bad decisions about such things. If you want powerful, then consider <shudder> Emacs. A "text editor" which can be abused so badly that it isn't funny. If it were a wide spread as Word, then hackers would likely have learned LISP to send infected emacs documents. -- John McKown Senior Systems Programmer HealthMarkets Keeping the Promise of Affordable Coverage Administrative Services Group Information Technology This message (including any attachments) contains confidential information intended for a specific individual and purpose, and its content is protected by law. If you are not the intended recipient, you should delete this message and are hereby notified that any disclosure, copying, or distribution of this transmission, or taking any action based on it, is strictly prohibited. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
