The points are: - If I can rename it anyway, then all that does is provide a slightly higher barrier to the stupidity level, meaning I can still send some luser a file labeled "your program.dat", tell them that it is useful in some way or other, and have them wipe out their system. - Likewise, it makes it a serious pain in my backside to send them legitimate programs (the more so since the IS folks took away IM file transfer).
In other words, it puts a crimp in my ability to do my job and doesn't (as far as I can analyze the situation) do anything beyond stop Outlook from being stupid. Frankly that's not a sufficient reason to me. Of course the fact that I have to use Windows to do UNIX development work is a whole other sore point... I should also like to point out that can/can't and will/won't are very different things. I agree that "can't" is probably indicative that someone shouldn't be using a computer. "won't" is debatable. "doesn't want to" is a whole other option that you left out in what sounded like a targeted attack :) William On Wed, 16 Feb 2005, Dan Monjar wrote: > William Sutton wrote: > > - any files with extensions (it seems) other than .txt or .dat are banned > > from email attachments (but you can rename them to .dat if you like...) > > > > I am a corporate IS security geek and I do this... actually I strip 10 > or so attachments from mail messages. Anything executable like .cmd, > .exe, .bat, .scr, etc.... If you want to send it out then rename it to > something innocuous. It prevents dumbasses from clicking on unknown > attachments and prevents *helpful* programs from running things auto > magically. Haven't had an email virus since the Kournikova one. > > Since W2K added native zip handling I strip those as well. > > If you can't or won't rename a file then your computer should be taken away. > > -- TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug TriLUG Organizational FAQ : http://trilug.org/faq/ TriLUG Member Services FAQ : http://members.trilug.org/services_faq/ TriLUG PGP Keyring : http://trilug.org/~chrish/trilug.asc
