1. Not all outlook or Microsoft users are connected to the internet and thus are not susceptible to miscreants taking advantage of built-in capabilities of the software.. 2. Scripting features have been around for quite awhile, and what may well be considered as dangerous of some, under certain circumstances, for others scripting support has been a "gee-whiz" feature, that is relatively simple to implement, and assists software in doing great things. 3. Even of the software publisher delivers software with all these "features" defaulted of OFF, there will always be the potential for error by those who choose to turn them on. For instance in the latest versions of MS software (Win2k, Win2003, etc). scripting support must be proactively selected to even install the capability. 4. A greet deal of damage has been done, and is still being done with "features" such as _javascript_, Java, Active-X and VBScript. Which one do you wish to pick on? I have added VBScript applets to my Outlook program to gather complete header information in one pass, (spamsource), and scripting to prevent html rendering and simple sender blocking, (Cloudmark) , as well as much more. Incidentally, VBScript is being used all across the MS product line, especially
Office, which enables the user to do many automated procedures. Of course, all code, no matter what the name it is marketed under, can be used to do harm, and to blame the publisher for supporting the features and capability is not making good sense. Is active-x good because it will launch Flash player to entertain, or bad because it also can be used to install a high toll auto dialer to connect you to a filthy Porn web site?. Of course system attacks by miscreants are inconvenient, as well as very costly, but the blame rightfully belongs to the miscreant, and not the publisher. As long at it remains common to point the finger at the publisher, instead of the offender, little will be accomplished to reduce or prevent the misuse of computer capabilities, or the use of its advanced features. I must actually laud software publishers who have raised the level of security on their radar screens, and are implementing new security features just about as fast as they can, but at the same time trying to keep their products usable, and to make the "gee-whiz" features available to those who would ethically implement them. This provides value to the end-user, and is not necessarily product dependent. In order to implement security, they have the consideration of not having the implementation break their software, or to limit its use by legitimate and ethical users. Computer and communication technology has come a long way in the past 15 years, and is continuing to move ahead at an ever increasing pace. This requires administrators to not only constantly improve their skills, but to actually make up for the ignorance of "appliance users" that are part of the community. You have the inherent obligation to not only stay sharp, but to continually educate less skilled users. A few years back I could innocently send out to a large number of recipients, electronic holiday greeting email, with embedded animations, music, and other nifty "tricks" that were enjoyed and entertaining. I likewise received many of these, and liked the features which make computing so enjoyable. Due to the miscreants, I can no longer send these, and am afraid to open the ones that I receive. Whose fault is this? Excuse me if I do not point finger at software publishers. ====================================== Stop spam on your domain, use our gateway! For hosting solutions http://www.clickdoug.com Featuring Win2003 Enterprise, RedHat Linux, CFMX 6.1 and all databases. ISP rated: http://www.forta.com/cf/isp/isp.cfm?isp_id=772 Suggested corporate Anti-virus policy: http://www.dshield.org/antivirus.pdf ====================================== If you are not satisfied with my service, my job isn't done! ----- Original Message ----- From: Claude Schneegans To: CF-Talk Sent: Tuesday, September 23, 2003 9:02 AM Subject: Re: [ OT] Special security Alert! >>You would think that after 3, 4, 5, 20 virii make their way to your Outlook inbox and infect your machine that you would take the time necessary to learn how to protect yourself, First I don't use Outlook, second, I didn.t get infected. Again my problem is the volume of garbage I receive from others. It fills up my mail box. 18.5 meg just in 10 hours! >>It's somewhat unfair to blame Microsoft for the virii being passed around, although it's typical of society. The point is that the soft was delivered (I know it is not so now) with far too dangerous features all activated BY DEFAULT. 1. the ability to execute scripts form mail. Who needs that? 2. the ability to do almost everything from a script. MS definitely forgot about elementary Intenet security rules. 3. the ability to use functionalities like the SMTP functions or get the mail ad dreses list in Outlook from any external program or script. THIS is the main reason why so many viruses are spread and the fact that they ha ve corrected the situation does not eliminate their responsability for the effects that are still going on.~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
