Top posting self-reply: looks like a lot of what I've suggested may have finally been acknowledged by MS, according to a recent Register.co.uk article. http://www.theregister.co.uk/content/56/33599.html
We can only hope ... -- Scott Francis || darkuncle (at) darkuncle (dot) net illum oportet crescere me autem minui On Mon, Nov 03, 2003 at 03:05:03PM -0800, [EMAIL PROTECTED] said: [snip] > The 3 things that would do the most to help eliminate this problem (millions > of easily 0wned end-user hosts) right now are all things that lie in > Microsoft's domain: > > 1) enable Internet Connection Firewall by default; > 2) enable automatic Windows Update patch installation by defuault; [*] > 3) modify the HTML engine in Outlook/OE such that it can ONLY render HTML, > and any active content is ignored - in other words, replace MSIE as a backend > HTML rendering engine with, say, lynx. [**] > > (and even if the above were all incorporated into all subsequent releases of > Windows, it might take years before the old insecure hosts were finally > replaced ...) > > Nothing new to this crowd, I'm sure, but I sure wish there was a way to make > this a priority to the folks at MS, who are really the only people with the > ability to make this happen. Without their compliance, the problem will never > improve (not as long as they're as dominant as they currently are). > -- > Scott Francis || darkuncle (at) darkuncle (dot) net > illum oportet crescere me autem minui > > [*] I'm well aware of the potential disaster were the WindowsUpdate site to > be trojaned. However, corporate IT should be updating from a single server by > the schedule of their windows admins, and for everybody else ... it couldn't > be much worse than the current state of affairs. > > [**] I've given up on hoping that email will return to the plain old text it > was intended to be. I'm in the minority on that opinion, and I'm willing to > settle for HTML in email if it can be rendered in a non-harmful manner (i.e. > plain vanilla HTML only).
pgp00000.pgp
Description: PGP signature