Kirk Strauser said: > At 2003-09-23T21:16:02Z, Ray <[EMAIL PROTECTED]> writes: > >> perhaps if someone wrote the "don't f*&$ open me"[1] virus and had it go >> through a little tutorial about why not to open unknow attachments have >> message go something like "I was foolish enough to open the attachment, >> and since you are at risk of getting a message from me with a virus, >> this >> attachment has forwarded itsself to you" > > Indeed. You know, we're going through a lot of effort and hypothesizing > do > to exactly one problem: Outlook* makes it easy for uneducated users to do > stupidly dangerous things.
Outlook2002 will tell you "bla bla bla unsafe bla bla bla outlook users might not be able to open this" because without being hooked to an exchange server w/ a policy to allow unsafe attachments, outlook blocks your access to those attachments. OE will let you send it w/o a peep, but the default is to block access to it on the recieving side. You just have to uncheck a little box to get the attachment. >That's it - the whole problem. You don't get > junk from Macs or Mozilla users, and those are nice, easy-to-use GUI > clients. We're having this entire conversation simply because Microsoft > refuses to make it more difficult to execute an attached file than > clicking > on an attachment icon. As much as I agree to some degree or another to the spirit of what you're saying, I started this thread because Swen was swamping me. If thousands of people were personally emailing me virus laiden emails, that's one thing, but that's not the case here. I'm getting thousands of emails from copies of a virus that isn't opening O* to send it's mail. I am getting those emails because 1) Win users were either not updated with security patches or gullible and 2) I have posted to this list using my valid email address. Since I don't have much faith in fixing #1 any time soon beyond some pep talks to friends, I am focusing on how to avoid the easy target #2 left me open to be. Normally when I get viruses it's only from people I've sent email to. This time it was from anyone who was infected/unprotected and who's computer found my email from the mailing list. I would also like to avoid UCE/UCB Spam that harvested my email from usenet as well. That isn't a virus or email client specific issue. > > Out of curiosity, are there *any* legitimate reasons at all why you'd want > to mail an uncompressed executable to someone? I'm sure someone could pipe up about how it's hard to walk their grandma/client through installing *zip, which unfortunatly is a valid point. :( Lets say all viruses start mailing zipped copies of themselves. They only have to zip themselves once on the host machine then mail that copy. Now we have to watch for a zip archive in mime data and unzip all mail to scan it, or reject zipped files as well. :( I'm all for p2p file sharing or some server based file store and only sending p2p invite keys/urls in your email. If email were only text, load could sure drop, but I don't think it will happen. Its too convenient. I know I use it even when I don't _have_ to. Right now, if my grandma tries to email me some christmas windows screen saver (possibly a virus in disguise as something neat), she get's a '550 We do not accept executable attachments' and I can deal with any flack telling her "I'm sorry, but I don't want to get a virus." If someone else sends me the same file but claims to be her, they get the 550 unless an open relay was involved. I don't post-delivery bounce. -- Jacob Trying out SquirrelMail -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]