I hear that Mozilla 1.0 RC3 is a very popular browser now and includes a mail client.
<Siegfried /> > -----Original Message----- > From: Matthew Carpenter [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, June 04, 2002 11:01 PM > To: MS-Exchange Admin Issues > Subject: RE: Oh man you are kidding... > > I would still like to know what client they prefer instead > > -----Original Message----- > From: Siegfried Weber [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, June 04, 2002 4:00 PM > To: MS-Exchange Admin Issues > Subject: RE: Oh man you are kidding... > > I agree with you in all points. I just don't see a reason why tossing > Outlook now that it, as you mentioned, has been greatly improved to stop > such automated script execution attacks. > > Interesting enough KLEZ uses a completely new algorithm to spread > itself. It harvests e-mail addresses out of the browser local temporary > Internet file cache and sends e-mails with faked originator addresses > using it's own SMTP engine. How would it help to toss Outlook to get > around KLEZ? > > I am just awaiting the first .EXE viruses designed to infect a *NIX > machine by using the same algorithm KLEZ uses (harvesting e-mail > addresses from temporary files) and send them via it's own SMTP engine. > > Anybody knows how to program that? > > <Siegfried /> > > > -----Original Message----- > > From: Steven Peck DNET [mailto:[EMAIL PROTECTED]] > > Sent: Tuesday, June 04, 2002 10:51 PM > > To: MS-Exchange Admin Issues > > Subject: RE: Oh man you are kidding... > > > > And once again the convenience vs. security debate is launched. > > > > The downside of Outlook was it's ability to execute some script > attacks > > from > > the preview pane. This is solved somewhat in later versions and > patches. > > And is defeated through a percentage of end-users inability to control > > their > > double-click. ANY OS that has file execution associations can be hit > by a > > virus. Both KDE and GNOME are building this functionality into their > > interface and as such will also be subject to this kind of attack. > > > > It is more effectively solved by preventing the executable type files > from > > passing through your server in the first place. If someone wants to > email > > an executable, they can zip it. At least then it is a two stage > process > > for > > infection and the local desktop anti-virus sw has a shot at the new > virus > > that your Exchange servers anti-virus missed. Even if an end user is > > infected (floppy, etc) they mail bomb's their own email box as the > server > > refuses to send those attachment types internally as well. I have yet > to > > see a legitimate reason to email an scr file in a corporate > environment. > > :) > > > > If it is vbs or js, then the developer can rename it as txt and assume > > that > > the recipient can rename it to vbs or js. > > > > As to alternative's to Outlook in asked about in another message. > > You can use Eudora, Netscape Mail, Pine, etc (POP3 or IMAP)...... You > just > > LOSE the Email/Calendaring integration function which is the primary > > appeal > > of the Exchange server in a business environment. > > > > Of course, I am aware of a company that has an Exchange server and > uses > > Outlook Express!? > > > > -sp > > > > -----Original Message----- > > From: Siegfried Weber [mailto:[EMAIL PROTECTED]] > > Sent: Tuesday, June 04, 2002 1:33 PM > > To: MS-Exchange Admin Issues > > Subject: RE: Oh man you are kidding... > > > > > > > It is what happens when people insist on using Outlook as their MUA. > > > > BS! You can get any type of virus if you open a mail and execute an > > attached > > file. > > > > <Siegfried /> > > > > List Charter and FAQ at: > > http://www.sunbelt-software.com/exchange_list_charter.htm > > > List Charter and FAQ at: > http://www.sunbelt-software.com/exchange_list_charter.htm > > List Charter and FAQ at: > http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm