Hi there, > > The best idea is to educate users to -not- run anything without the > > administrators say so, and the administrator should by default say no. > > It is a well known fact that you can't educate users. Virii has to be Sure they can, otherwise why do they have computers and what do they do with them? There has to be a "million monkeys on a million typewriters" joke in here somewhere. If you can not educate users to do sensible things with email attachments then you can not educate them to not bring "fun" floppy disks from home to show to their office mates. There are all manner of stupid things that users can do to stupid systems and their networks without some degree of education and guidance (intentionally or otherwise) - using poor email programs in a poor way is just one of them. The vbscript attack that swamped this list recently could just as easily have been caused by browsing a web-site using IE - if I understand correctly what it was doing (from what I heard), it was just opening local address books and propogating itself that way. > dealt with at the firewall, which means that e-mail can't be > encrypted, which brings this back on topic! :-) (well, almost) Really ... dealing with it at the firewall is more difficult and requires one to be a lot more restrictive than just standardising on sensible software and sensible policies (and sensible users). Using stupid users with stupid software with stupid guidelines is something no firewall (except /dev/null) is ever going to fix. Anyone who deploys a careless installation of Outlook throughout their network without some serious usage guidelines (and maybe even WITH such guidelines) is simply asking for all the trouble they get, firewall or no firewall. Just my $0.02-worth Cheers, Geoff ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
