Linux-Advocacy Digest #395, Volume #26 Sun, 7 May 00 12:13:07 EDT
Contents:
Re: This is Bullsh&^%T!!! (mlw)
Re: Browsers and e-mail ("Boris")
Re: Browsers and e-mail (mlw)
Re: This is Bullsh&^%T!!! (Bart Oldeman)
Re: X Windows must DIE!!! (Byron A Jeff)
Re: This is Bullsh&^%T!!! ("Marc Schlensog")
Re: KDE is better than Gnome (Matthias Warkus)
Re: KDE is better than Gnome (Matthias Warkus)
Re: Browsers and e-mail ("Boris")
Re: Built in Virus Scanners! ("Mike")
Re: This is Bullsh&^%T!!! (Alan Boyd)
Re: Built in Virus Scanners! ("Mike")
Re: Browsers and e-mail ("Christopher Smith")
Re: This is Bullsh&^%T!!! ("Christopher Smith")
Re: This is Bullsh&^%T!!! ("Christopher Smith")
----------------------------------------------------------------------------
From: mlw <[EMAIL PROTECTED]>
Crossposted-To: comp.os.ms-windows.nt.advocacy
Subject: Re: This is Bullsh&^%T!!!
Date: Sun, 07 May 2000 07:45:55 -0400
Christopher Smith wrote:
>
> "Bart Oldeman" <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]...
> > On Sat, 6 May 2000, Rich C wrote:
> >
> > > "Bart Oldeman" <[EMAIL PROTECTED]> wrote in message
> > > > On Sat, 6 May 2000, Rich C wrote:
> > > >
> > > > > But this DOES bring out an inherent flaw in OE, as it doesn't
> > > distinguish
> > > > > between "opening" a document file, such as text or a jpeg, and
> "opening"
> > > a
> > > > > program, ie., running it.
> > > >
> > > > As it is, any e-mail client (not just OE) that can execute
> > > > dangerous attachments is dangerous.
> > >
> > > Yes, but not as dangerous as an e-mail client that does not do enough to
> > > distinguish an EXECUTABLE program from a text or graphic document.
> >
> > That's exactly what I mean. The really annoying pop-up I described should
> > _only_ occur if the program is EXECUTABLE and potentially dangerous, not
> > if it's just a jpeg or a text file or even a safe java application.
>
> Please detail to us how you're going to detect the difference between
> "dangerous" and "safe" attachments.
Any vb script that makes system calls, fetches data from a URL, modifies
the registry, looks at the e-mail address book. These would be good
starters. Any binary executable too.
The whole idea of running a program without an authoritative origin is
problematic. There is some debate about this happening in Linux, while
it "could" happen in Linux I doubt, very much, that it "would" happen in
Linux because security is an important concern amongst its developers.
One last note, if malissa happened on a Linux e-mail client, you can be
sure "ILOVEYOU" would not have had a chance, because the author of an
e-mail program that allowed such a virus, would have fixed it. Unlike MS
who has proven that, as a monopoly, it does not need to care.
--
Mohawk Software
Windows 9x, Windows NT, UNIX, Linux. Applications, drivers, support.
Visit http://www.mohawksoft.com
"We've got a blind date with destiny, and it looks like she ordered the
lobster"
------------------------------
From: "Boris" <[EMAIL PROTECTED]>
Crossposted-To: comp.os.ms-windows.nt.advocacy
Subject: Re: Browsers and e-mail
Date: Sun, 7 May 2000 05:35:55 -0700
"mlw" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED]...
>
> Given the nature of both systems, i.e. the normalcy of receiving data
> from unknown origins, shouldn't e-mail have the same restrictions and
> safety precautions that browsers have?
I use IE5/OE5 on Win2000. And most security settings in OE are inherited from IE. For
example, if I disabled ActiveX controls in IE and opened HTML post on news group, and
that
message contains ActiveX control, that control won't be able to execute.
Boris
------------------------------
From: mlw <[EMAIL PROTECTED]>
Crossposted-To: comp.os.ms-windows.nt.advocacy
Subject: Re: Browsers and e-mail
Date: Sun, 07 May 2000 08:55:49 -0400
Boris wrote:
>
> "mlw" <[EMAIL PROTECTED]> wrote in message
>news:[EMAIL PROTECTED]...
> >
> > Given the nature of both systems, i.e. the normalcy of receiving data
> > from unknown origins, shouldn't e-mail have the same restrictions and
> > safety precautions that browsers have?
> I use IE5/OE5 on Win2000. And most security settings in OE are inherited from IE. For
> example, if I disabled ActiveX controls in IE and opened HTML post on news group,
>and that
> message contains ActiveX control, that control won't be able to execute.
>
So, OK, what's the answer? I think we all agree that something like the
"ILOVEYOU" virus will continue to happen in increasing frequency. How do
you stop it? You can't keep arresting 14 year olds everytime this
happens, you have to decide that security is important.
--
Mohawk Software
Windows 9x, Windows NT, UNIX, Linux. Applications, drivers, support.
Visit http://www.mohawksoft.com
"We've got a blind date with destiny, and it looks like she ordered the
lobster"
------------------------------
Crossposted-To: comp.os.ms-windows.nt.advocacy
From: Bart Oldeman <[EMAIL PROTECTED]>
Subject: Re: This is Bullsh&^%T!!!
Reply-To: [EMAIL PROTECTED]
Date: Sun, 7 May 2000 12:49:41 GMT
On Sun, 7 May 2000, Christopher Smith wrote:
> > That's exactly what I mean. The really annoying pop-up I described should
> > _only_ occur if the program is EXECUTABLE and potentially dangerous, not
> > if it's just a jpeg or a text file or even a safe java application.
>
> Please detail to us how you're going to detect the difference between
> "dangerous" and "safe" attachments.
Every binary and vb-script is potentially dangerous. A jpeg, text file,
java file executed in a sandbox is not. It's easy enough.
> > > The SAME virus warning occurs whether or not you are opening an exe
> file, a
> > > .vbs file or a .gif, or .jpg file (I don't know about .txt files--I
> don't
> > > have any in my in box at the moment. Funny, though, the warning DOESN'T
> show
> > > up with .avi files or .doc files.)
> >
> > That is really stupid of OE.
>
> As to his last two examples, it sounds to me as if someone has set the
> "don't ask this again" option once when opening an .avi or .doc file.
Firstly, it shouldn't display a warning when opening a .avi file or a .doc
file without embedded executable content. Secondly, the "don't ask
again" option shouldn't be present. You should only be able to turn it off
by tweaking the registry.
> The same dialog is used, I would imagine, for a reason of programming
> efficiency. The more special cases you have to add, the more of a pain it
> becomes to write and the more of a pain it becomes to mantain.
LOL. Now this is bullocks. A simple table (or extension of an existing
one) is enough for a start.
extension potentially dangerous
.jpg no
.vbs yes
.exe yes
A scanner could determine whether a potentially dangerous attachment
(a) contains a known virus, (b) is safe or (c) it cannot determine whether
it's safe or not, in which case the user has to use considerable effort
(e.g. first save to disk and then execute it or type in a sentence) to
execute it.
Bart
------------------------------
From: [EMAIL PROTECTED] (Byron A Jeff)
Crossposted-To: comp.os.linux.x
Subject: Re: X Windows must DIE!!!
Date: 7 May 2000 09:54:34 -0400
In article <8ert80$r4c$[EMAIL PROTECTED]>,
bytes256 <[EMAIL PROTECTED]> wrote:
>In article <[EMAIL PROTECTED]>,
>
>My point is quite simply put: XWindows does not best meet the needs of
>the average Linux user. It is far more complicated than necessary.
I think you have a budding mistake here. It's based on the untruth that
user's stand pat in their level of understanding or usage of a system.
While a use may not initially use all the functionality of a system, as they
become knowledgeable they start to use more features. Being shortsighted and
only targeting the novice/average user creates an environment of frustration
for advanced/expert users which a fair number of currently novice/average
users will grow into.
BTW explain both 'complicated' and 'necessary'. The merit of the above
statement relies on the definitions of these terms.
>And then it leaves out important functionality that people want.
>(Standardized controls,
Sigh. Wrong level of abstraction. It's like saying that all automobile engines
must be standardized so that folks can drive. X11 is an infrastructure on
which desktop environments built.
And of course the standard problem with standard anything that is presented
to a user: How do you incorporate all the features that satisfy every user
that will ever use the 'standardized' system. Well you end up with two
equally unpleasing ends: Either you don't satisfy all of the users, or
you create a system that can be customized thereby breaking the very standard
you're trying to create. It's a no win situation.
So instead of 'Standardized controls' which is guranteed to fail for any
desktop system you propose, try 'Standardized default controls with
custumization' and you get closer to the target. Customization is critical
because most users don't remain at the same level of compentency throughout
their usage of a system. If that were the case we'd all still be novices
wouldn't we?
> High performance,
This is usually a very ugly Catch-22: creating a high performance system
necessitates placing that system where it can do real damage to the very
system it's trying to enhance. For example the NT 3.51 GUI system was outside
of kernel space. It wasn't high performance. M$ then inserted the GUI into
the kernel which made the system much less reliable.
Also you need to define high performance. What exactly are the features
necessary for high performance. Also high performance for the average user
and high performance for a gamer are two totally different things. While X
may not have enough horsepower for 3D gaming, explain why it doesn't have
enough horsepower for the average browsing and office type tasks?
> easy installation, etc.)
Installation is so lame I get tired of discussing it. X with its setup tools
are more than adequate for an knowledgeable installer. Novices shouldn't
be doing installations. Period. Why? Because then it either requires so
steep a learning curve that it frustrates the novice, or it requires a system
so complicated and fragile that any unmet assumption leads to installation
failure.
I can set up most any box with X in less than 10 minutes with the maximum
resolution and colors allowed by the video card and monitor. It's easier
and faster for me to do it than to frustrate a novice with the task. The
novice only wants to use the computer, not administrate it.
Installation is a non issue. I'm sick of seeing it discussed as a real issue.
>
>Don't shoot the messenger...revolutions have to start somewhere.
There's no substance to justify having a new regime. It's almost like someone
wants to kill the king simply because he's old. But I'll take a old, wise,
effective king over an unproven young upstart any day of the week.
Especially a old king that has the ability to adapt as times change.
Please come back and define your buzzwords, then we can talk about dethroning
X.
BAJ
------------------------------
From: "Marc Schlensog" <[EMAIL PROTECTED]>
Crossposted-To: comp.os.ms-windows.nt.advocacy
Subject: Re: This is Bullsh&^%T!!!
Date: Sun, 7 May 2000 16:27:44 +0200
Christopher Smith <[EMAIL PROTECTED]> wrote in:
8f39fj$3r$[EMAIL PROTECTED]
>
> "Bart Oldeman" <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]...
> > On Sat, 6 May 2000, Rich C wrote:
> >
> > > "Bart Oldeman" <[EMAIL PROTECTED]> wrote in message
> > > > On Sat, 6 May 2000, Rich C wrote:
> > > >
=====8<===========[snip]=============>8=====
> Please detail to us how you're going to detect the difference between
> "dangerous" and "safe" attachments.
Dangerous in a sense, that the attachment has access to the entire system,
safe in a sense, that the attachment contains a picture, a textfile, a
soundfile,
or even a JAVA-script
=====8<===========[snip]=============>8=====
> As to his last two examples, it sounds to me as if someone has set the
> "don't ask this again" option once when opening an .avi or .doc file.
>
> The same dialog is used, I would imagine, for a reason of programming
> efficiency. The more special cases you have to add, the more of a pain it
> becomes to write and the more of a pain it becomes to mantain.
I donīt quite think so. It should be about the same pain, as to offer
a choice to never ask again, since they have to store the information,
whether or not to ask. Given, that it defaults to donīt ask for .avi and
.doc files, is that really that hard to believe?
=====8<===========[snip]=============>8=====
> And such a "virus" would be basically impossible to detect without prior
> knowledge of its existence.
Well, true.
------------------------------
From: [EMAIL PROTECTED] (Matthias Warkus)
Crossposted-To: comp.windows.x.kde,tw.bbs.comp.linux
Subject: Re: KDE is better than Gnome
Date: Sun, 7 May 2000 14:24:07 +0200
Reply-To: [EMAIL PROTECTED]
It was the Mon, 01 May 2000 23:11:28 GMT...
...and JEDIDIAH <[EMAIL PROTECTED]> wrote:
> On 1 May 2000 22:32:47 GMT, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
> >In article <[EMAIL PROTECTED]>,
> > [EMAIL PROTECTED] (JEDIDIAH) writes:
> >>
> >> Tough fucking shit.
> >>
> >> I'm not some German who thinks its OK for the state to treat
> >> it's citizens like children (even if they are).
If it's not "it's", it's "its".
> >I didn't think this flamewar could deteriorate any further. It seems it can.
> >Which enlightened corner of the world are you from then?
>
> I'm a federalist if that gives you any clue...
Funny to see someone who calls himself a federalist flame Germans.
You're probably too busy being a red-blooded American to once get some
real education or even only a look over the edge of your plate.
mawa
--
All I wanna do is flush my queue
Mail it out to the relays, too
All I wanna do is flush my queue
Let me SMTP to you
------------------------------
From: [EMAIL PROTECTED] (Matthias Warkus)
Crossposted-To: comp.windows.x.kde,tw.bbs.comp.linux
Subject: Re: KDE is better than Gnome
Date: Sun, 7 May 2000 14:20:36 +0200
Reply-To: [EMAIL PROTECTED]
It was the Thu, 04 May 2000 14:07:52 GMT...
...and Roberto Alsina <[EMAIL PROTECTED]> wrote:
> In article <[EMAIL PROTECTED]>,
> [EMAIL PROTECTED] wrote:
>
> Ok, sorry, but I'll go a bit offtopic for the thread :-)
>
> > /opt/enlightenment/bin/enlightenment depends on 20 libraries;
> > /opt/gnome/bin/panel depends on 31;
> > /opt/gnome/bin/nautilus even depends on 44.
>
> Hey, interesting numbers! Just for kicks:
>
> [ralsina@server ralsina]$ ldd `which kwm` |wc -l
> 10
> [ralsina@server ralsina]$ ldd `which kwin` |wc -l
> 17
> [ralsina@server ralsina]$ ldd `which kicker` |wc -l
> 19
> [ralsina@server ralsina]$ ldd `which kpanel` |wc -l
> 10
> [ralsina@server ralsina]$ ldd `which konqueror`|wc -l
> 22
>
> I'll remember this the next time people say KDE's components are too
> interdependent ;-)
Well, the reason for the high number of dependencies of, say, the
GNOME panel, compared to, say, kpanel, is the greater modularity of
the supporting libraries GNOME uses. For example, kpanel only links to
libjpeg. Probably, other image formats are loaded by loaders built
into libqt or one of the libkde*s directly. (Or maybe you don't even
support formats other than JPEG and XPM while we can load about every
format in the known universe, frankly I don't know.)
panel links to libtiff, libjpeg, libpng (thus, also to libz); it links
to libgdk_pixbuf, thus it links to libart_lgpl, too etc. etc. For
legacy reasons we still link to libgdk_imlib, we'll drop Imlib with
GNOME 2.0, however.
Also, the GNOME panel uses CORBA. ORBit and GNORBA means another five
libraries. Using GTK+ means linking to GDK and glib, too.
GNOME has got panel applets, KDE hasn't yet; that means linking to one
more library etc. etc.
As a whole, it's hard to compare. However, we've contemplated lumping
large numbers of support libraries into one huge "libgnomesupport.so"
for easier distribution and to make the amount of libraries look less
daunting. But I don't think the GNOME project wants to impress people
by a seemingly low number of dependencies, anyhow that support library
idea was dropped AFAIK.
mawa
--
... and don't worry about your deposits; they're insured to the HILT
by Republic Savings and Loan of Lubbock, Texas
-- Garrison Keillor, American Radio Company of the Air, Season Finale,
"Prairie Home Companion Fourth Annual Revival", 16 June 1990.
------------------------------
From: "Boris" <[EMAIL PROTECTED]>
Crossposted-To: comp.os.ms-windows.nt.advocacy
Subject: Re: Browsers and e-mail
Date: Sun, 7 May 2000 08:29:44 -0700
"mlw" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED]...
> Boris wrote:
> >
> > "mlw" <[EMAIL PROTECTED]> wrote in message
>news:[EMAIL PROTECTED]...
> > >
> > > Given the nature of both systems, i.e. the normalcy of receiving data
> > > from unknown origins, shouldn't e-mail have the same restrictions and
> > > safety precautions that browsers have?
> > I use IE5/OE5 on Win2000. And most security settings in OE are inherited from IE.
>For
> > example, if I disabled ActiveX controls in IE and opened HTML post on news group,
>and
that
> > message contains ActiveX control, that control won't be able to execute.
> >
>
> So, OK, what's the answer? I think we all agree that something like the
> "ILOVEYOU" virus will continue to happen in increasing frequency. How do
> you stop it? You can't keep arresting 14 year olds everytime this
> happens, you have to decide that security is important.
There are enterprise-level AV solutions out there. They scan e-mail as it enters
corporate
network: on firewall, etc. Once new virus has been identified and signature list
updated,
that virus won't be able to pass firewall. The critical factor here is how fast new
virus
spreads (across Internet).
Sysadmin can specify IE security settings across enterprise (and lock down those
settings
so that users cannot change them). This will work both for NT4/W2k and Win9x systems.
I think that MS should do the following also: have attachments execute in context of
some
account with very little rights. WIN32 systems calls: LogonUser() and
CreateProcessAsUser() - are there. It would be very difficult(impossible) to get
access
to contents of user mailbox, when executing under account without rights(Guest). On the
other side this would prevent me from executing self-extracting achieves, if they were
received via e-mail, for example : rather inconvenient.
Boris
------------------------------
From: "Mike" <[EMAIL PROTECTED]>
Crossposted-To: comp.os.ms-windows.nt.advocacy
Subject: Re: Built in Virus Scanners!
Date: Sun, 07 May 2000 15:41:08 GMT
"Charlie Ebert" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
[... long incoherent screed unceremoniously snipped ...]
> Do so without fear of viruses as the basic
> structure of Linux doesn't allow installation nor execution of
> programs without the prior approval of root on my system. Root has to
> be involved before a program is installed or declared runnable in my
> user account.
Get real, Charlie. I'm supposed to call a sysadmin before I can run a simple
script? And what is she going to do? Inspect it first, to make sure it's
okay? And, God help us, what if I actually _write_a_program_? You know, one
that needs to be compiled? I can compile it, but then I have to call the
sysadmin every time I want to test it?
Wouldn't it be a whole lot more productive if you just left the power switch
in the 'off' position?
------------------------------
From: Alan Boyd <[EMAIL PROTECTED]>
Crossposted-To: comp.os.ms-windows.nt.advocacy
Subject: Re: This is Bullsh&^%T!!!
Date: Sun, 07 May 2000 10:46:46 -0500
Bart Oldeman wrote:
>
> On Sat, 6 May 2000, Rich C wrote:
>
> > "Bart Oldeman" <[EMAIL PROTECTED]> wrote in message
> > > On Sat, 6 May 2000, Rich C wrote:
> > >
> > > > But this DOES bring out an inherent flaw in OE, as it doesn't
> > distinguish
> > > > between "opening" a document file, such as text or a jpeg, and "opening"
> > a
> > > > program, ie., running it.
As I understand it, OE doesn't know or really care what type of file an
attachment is. It's just executing the program that's associated with
the file extension and passing the file name ("c:\tmp\whatever.ext") to
the program. To OE, it's no different than launching notepad to view a
text file. It's probably just trying to execute the file name and the
OS (or Explorer) is looking up the file type in the registry to get the
program name and starting it. If this is so then placing the blame on
OE is wrong.
> > >
> > > As it is, any e-mail client (not just OE) that can execute
> > > dangerous attachments is dangerous.
> >
> > Yes, but not as dangerous as an e-mail client that does not do enough to
> > distinguish an EXECUTABLE program from a text or graphic document.
>
> That's exactly what I mean. The really annoying pop-up I described should
> _only_ occur if the program is EXECUTABLE and potentially dangerous, not
> if it's just a jpeg or a text file or even a safe java application.
Wouldn't an easier fix be for the program (whatever it's called) that
reads the script and executes the commands just not auto-execute the
script? When a file is double clicked it would bring up an editor with
the script in an edit window. To automate a task you would create an
icon with the command "whs -run SafeScript.vbs".
OE would still need to check for .exe, .com, .bat and whatever else the
OS runs natively.
--
"I don't believe in anti-anything. A man has to have a
program; you have to be *for* something, otherwise you
will never get anywhere." -- Harry S Truman
------------------------------
From: "Mike" <[EMAIL PROTECTED]>
Crossposted-To: comp.os.ms-windows.nt.advocacy
Subject: Re: Built in Virus Scanners!
Date: Sun, 07 May 2000 15:51:09 GMT
"Boris" <[EMAIL PROTECTED]> wrote in message
news:iFcR4.94$[EMAIL PROTECTED]...
> So once again, it's NOT NT problem at all. It has to do with abundance of
features in
> Office and easy programmatic access to those features.
Ahhh, finally the advantages of Unix are becoming clear: by making
_everything_ painfully difficult, it prevents us from doing much of
_anything_, including bad things.
-- Mike --
"Thank you sir, and may I have another!"
-- Fraternity pledge, as he is being hit with a paddle, in 'Animal House'
-- Unix user, as they attempt to do something useful (or not)
------------------------------
From: "Christopher Smith" <[EMAIL PROTECTED]>
Crossposted-To: comp.os.ms-windows.nt.advocacy
Subject: Re: Browsers and e-mail
Date: Mon, 8 May 2000 01:58:45 +1000
"mlw" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Boris wrote:
> >
> > "mlw" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> > >
> > > Given the nature of both systems, i.e. the normalcy of receiving data
> > > from unknown origins, shouldn't e-mail have the same restrictions and
> > > safety precautions that browsers have?
> > I use IE5/OE5 on Win2000. And most security settings in OE are inherited
from IE. For
> > example, if I disabled ActiveX controls in IE and opened HTML post on
news group, and that
> > message contains ActiveX control, that control won't be able to execute.
> >
>
> So, OK, what's the answer? I think we all agree that something like the
> "ILOVEYOU" virus will continue to happen in increasing frequency. How do
> you stop it? You can't keep arresting 14 year olds everytime this
> happens, you have to decide that security is important.
1. Get out a clue stick and *cough*re-educate*cough* people who open
attachments they know nothing about.
2. Get your sysadmin to distribute a little registry patch to make the
default action of a .vbs file to "Edit" instead of "Open". Have said patch
installed during a login script.
------------------------------
From: "Christopher Smith" <[EMAIL PROTECTED]>
Crossposted-To: comp.os.ms-windows.nt.advocacy
Subject: Re: This is Bullsh&^%T!!!
Date: Mon, 8 May 2000 02:12:43 +1000
"Bart Oldeman" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> On Sun, 7 May 2000, Christopher Smith wrote:
>
> > > That's exactly what I mean. The really annoying pop-up I described
should
> > > _only_ occur if the program is EXECUTABLE and potentially dangerous,
not
> > > if it's just a jpeg or a text file or even a safe java application.
> >
> > Please detail to us how you're going to detect the difference between
> > "dangerous" and "safe" attachments.
>
> Every binary and vb-script is potentially dangerous. A jpeg, text file,
> java file executed in a sandbox is not. It's easy enough.
Great, so how are you going to allow users to execute their safe, approved
scripts ?
> > > > The SAME virus warning occurs whether or not you are opening an exe
> > file, a
> > > > .vbs file or a .gif, or .jpg file (I don't know about .txt files--I
> > don't
> > > > have any in my in box at the moment. Funny, though, the warning
DOESN'T
> > show
> > > > up with .avi files or .doc files.)
> > >
> > > That is really stupid of OE.
> >
> > As to his last two examples, it sounds to me as if someone has set the
> > "don't ask this again" option once when opening an .avi or .doc file.
>
> Firstly, it shouldn't display a warning when opening a .avi file or a .doc
> file without embedded executable content.
So you also want the mail program to know enough about filetypes (like
.docs) to go scanning through them for dangerous content. Fantastic.
> Secondly, the "don't ask
> again" option shouldn't be present. You should only be able to turn it off
> by tweaking the registry.
I strongly diagree. I don't want to have to go screwing around in the
registry just so I can have mpegs or avis automatically play when I double
click them. Or for opening .txt and .c files.
> > The same dialog is used, I would imagine, for a reason of programming
> > efficiency. The more special cases you have to add, the more of a pain
it
> > becomes to write and the more of a pain it becomes to mantain.
>
> LOL. Now this is bullocks. A simple table (or extension of an existing
> one) is enough for a start.
> extension potentially dangerous
> .jpg no
> .vbs yes
> .exe yes
Which then has to be maintained, separately to the existing list of
extensions.
Plus you have to add another check in the program itself.
Plus you need another dialog, which also has to be maintained.
> A scanner could determine whether a potentially dangerous attachment
> (a) contains a known virus, (b) is safe or (c) it cannot determine whether
> it's safe or not, in which case the user has to use considerable effort
> (e.g. first save to disk and then execute it or type in a sentence) to
> execute it.
------------------------------
From: "Christopher Smith" <[EMAIL PROTECTED]>
Crossposted-To: comp.os.ms-windows.nt.advocacy
Subject: Re: This is Bullsh&^%T!!!
Date: Mon, 8 May 2000 02:14:51 +1000
"Marc Schlensog" <[EMAIL PROTECTED]> wrote in message
news:8f3vqf$e6v$[EMAIL PROTECTED]...
>
> Christopher Smith <[EMAIL PROTECTED]> wrote in:
> 8f39fj$3r$[EMAIL PROTECTED]
> >
> > "Bart Oldeman" <[EMAIL PROTECTED]> wrote in message
> > news:[EMAIL PROTECTED]...
> > > On Sat, 6 May 2000, Rich C wrote:
> > >
> > > > "Bart Oldeman" <[EMAIL PROTECTED]> wrote in message
> > > > > On Sat, 6 May 2000, Rich C wrote:
> > > > >
>
> -----8<-----------[snip]------------->8-----
>
> > Please detail to us how you're going to detect the difference between
> > "dangerous" and "safe" attachments.
>
> Dangerous in a sense, that the attachment has access to the entire system,
> safe in a sense, that the attachment contains a picture, a textfile, a
> soundfile,
> or even a JAVA-script
So what about legitimate scripts ? After all, some people do roll their
own.
> > As to his last two examples, it sounds to me as if someone has set the
> > "don't ask this again" option once when opening an .avi or .doc file.
> >
> > The same dialog is used, I would imagine, for a reason of programming
> > efficiency. The more special cases you have to add, the more of a pain
it
> > becomes to write and the more of a pain it becomes to mantain.
>
> I donīt quite think so. It should be about the same pain, as to offer
> a choice to never ask again, since they have to store the information,
> whether or not to ask. Given, that it defaults to donīt ask for .avi and
> .doc files, is that really that hard to believe?
But it defaults to asking for *all* files. Someone, somewhere, has told
outlook not to ask again for .avis and .docs on your machine. Especially in
the case of the latter, I suggest you turn this off.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and comp.os.linux.advocacy) via:
Internet: [EMAIL PROTECTED]
Linux may be obtained via one of these FTP sites:
ftp.funet.fi pub/Linux
tsx-11.mit.edu pub/linux
sunsite.unc.edu pub/Linux
End of Linux-Advocacy Digest
******************************
