WHY NOT STOP THIS UNNECESSARY THREAD , NOW
THEN!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
"Dave Watts" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> I apologize in advance for continuing this off-topic thread.
>
> > > Admittedly, the openness and interrelatedness of Microsoft
> > > Office, Outlook, IE, and WSH make it easy to write relatively
> > > powerful viruses, the ultimate responsibility for safe computer
> > > use, like safe driving and safe sex, lies with the one behind
> > > the wheel.
> >
> > This would be a valid comment if most people were aware of
> > the problems that exist hidden in their email client.
> >
> > They aren't.
> >
> > How many people do you know who are aware of the WSH, what it
> > can do and how to disable it if they want to?
> >
> > MS knows these features are insecure and they continue to
> > ship Outlook with them enabled by default.
> >
> > How is it then the end users fault when the software does
> > something untoward that they are not aware it can do?
>
> I don't expect every end user to understand WSH, or to know what it is.
>
> However, my guess is that nearly every computer user in an office with a
> network (and thus, a sysadmin) has heard this before:
>
> "If you get something in your email, and you don't know what it is, DON'T
> DOUBLE-CLICK ON IT!"
>
> This doesn't have anything to do with WSH, or Outlook, or Microsoft for
that
> matter. Malicious executable code may take many forms. A couple of years
> ago, virus writers did their work in assembler, because they didn't have
> WSH, and you had the same problems with email attachments - you couldn't
> double-click them!
>
> I think that, by this time, if you don't know that you can get viruses by
> double-clicking on an email attachment, the computer in your cave probably
> doesn't have a network connection anyway.
>
> > > How many people have received legitimate messages from
> > > someone they know (but aren't already in a relationship
> > > with) saying "I love you"? Are we all that desperate for
> > > love, that we'll just double-click blindly for it? How
> > > many people regularly receive salacious pictures of female
> > > tennis stars from their coworkers?
> >
> > This isn't really the point though. The fact remains that
> > some virus writer could put anything in the subject line. The
> > choice of subjects and attachment material reflects more on the
> > writer of the virus than anything else.
> >
> > Besides, wasn't there one virus that had a subject line
> > similar to "Here is that information you requested"? Hardly
> > anything lascivious there.
>
> To answer this, I'll use our office manager as an example. Quinn, I hope
you
> don't mind. She's not a programmer. She doesn't know how to install much
> software, or write web applications. She uses her computer for email,
> browsing the web, and using MS Office. Yet, she knows better than to
> double-click on attachments that she didn't ask for. Her machine doesn't
> even have antivirus software installed right now, but I'm not worried
about
> her. Why? She has enough common sense to avoid these sorts of problems.
>
> As for what virus writers "could" put in the subject line, the amount of
> "social engineering" with most of the latest WSH viruses is laughable.
When
> I saw the first virus message on the list today, even though the
attachment
> wasn't there (thanks to Mike D), I knew it was a virus. This isn't rocket
> science. You might have a point, if there actually were WSH viruses going
> around that looked at all like legitimate mail, but they don't. The
quality
> of social engineering with WSH viruses is much lower than with assembler
> viruses, which were often hidden in a tempting executable or screen-saver.
>
> Finally - and this is all I've got to say - this kind of attitude, in
which
> you expect the end user to be irresponsible and, frankly, stupid, is the
> kind of paternalistic Politburo outlook of people who think that the
masses
> must be protected from themselves. Being an adult means knowing what
happens
> - and being responsible for it - when you push the button, or pull the
> trigger, or push the accelerator.
>
> Dave Watts, CTO, Fig Leaf Software
> http://www.figleaf.com/
> voice: (202) 797-5496
> fax: (202) 797-5444
>
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
