> "Noonan, Wesley" <[EMAIL PROTECTED]> said:
> I don't disagree that we will continue to see the problem.
>
> Here is where I think it is overkill. Security isn't everything, and it sure
> isn't the only thing. Someone once told me "security that hampers work is
> not security". That is such a true statement. Security like that is just as
> bad as the "malicious code" it serves to stop. They take different methods,
> but the end result is the same - lost time and money.
I agree. What you are talking about is a risk assessment. Does the cost of
security outweigh the benefits. It would be interesting to see how much it
really costs to track down virus or worm infections. I'll bet it is pretty
high.
> Let me ask you this. Does anyone know of an email scanning product that
> blocks "all .exe and .com extensions" by default and design? Of course not
> (or at least I don't know of one - not by default at least), since people
> need to be able to pass executables as part of their day to day business.
> The same holds true for .vbs. The shops that have lot's of W2K and are
> managing the hell out of it are doing so with scripting.
Why do people need to pass executables in email messages? I have nothing against
scripts, but delivering scripts via an insecure delivery system is just inviting
problems. Email delivery is insecure. There are other ways to do remote management or
provide client systems enhanced functionality without asking users to execute
unauthenticated code.
--
Smoot Carl-Mitchell
Strategic Technologist - Managed Services
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
