> Of course, one can always put some malicious code into the zip archive, but > running this is a three-step task (save attachment, open it, run the program) > - little bit harder than just clicking on the attachment but a good excuse > for the Microsoft. And it really is - if you had to be dumb to blindly > open an attachment from an unknown person, you have to be a bit dumber to > do it with a zip archive
It's unfair to call a user dumb in this case, as it's more a lack of education. They've more or less been told, by Microsoft (those know-all computer guys), that Outlook 2002 has been updated to take care of those nasty email viruses and trojans. They can't get an executable virus now, because Outlook wont let them. So why shouldn't they unzip and run the program from their friend? (Should anyone feel the need to answer that, it IS rhetorical, and I do already know why they shouldn't... but they don't) > Rant No.1 : It seems that Microsoft forgot the fact that PDF files can also > contain malicious code that will execute simply by opening the file in the > reader. I never belived in Microsoft's claim that they take great care of the > security of their systems (except for the NT technology part), I see it as > another marketing cliche. Such "security" as that above might help improve > Joe Average's desktop security, but as soon as more PDF viruses hit the > road, it will be rendered quite useless. To add insult to an injury, they > block 43 different file types, including .url and a myriad of Microsoft > proprietary document formats, but no .pdf. I don't know if you meant to do it, but you've just shown exactly why blocking by extension is brain damaged. Let's block PDFs too, so that you need to zip them to send them. Sh1t, why don't we block every file extension - they could ALL have viruses in them. Let's make ZIP the only valid extension! The virus or viral-like code may still exist in the file, but at least it takes the user an extra five minutes to infect their system. At least they can't infect their system from within Outlook, and I guess that's the important thing... to Microsoft.
