[thelist] Opera browser- now with a (free) new version

jeff jeff at members.evolt.org
Fri Dec 8 06:41:41 CST 2000


jacob,

:~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
: From: Jacob Stetser
:
: Scripts _within_ an email client should not be
: able to affect anything outside of the email
: client - that means no writing files, no changing
: system config. Hell, I don't really even want it
: changing my email settings. The only real use
: of scripting in an email is if you're using HTML
: email and want mouseovers.
:~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

fortunately it's not your place to decide what a mail client that thousands
(if not millions) of others use.  amongst those things you listed that you
don't want it to do are features that some users will need to use to make
their computer use more efficient.  whether or not those features should be
enabled is left up to you when you install and use it.  if you don't want
them, simply disable them.

furthermore, the specific complaints of writing files, changing system
configurations and things like that aren't really related to outlook
specifically.  those specific virii are taking advantage of a very powerful
tool within windows that allows you to write scripts to automate common
tasks.  take away things like file writing and system config and there
wouldn't be much purpose for this tool whatsoever.

:~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
: I've said this before, but I think that the email script
: sandbox needs to be much tighter on the default config.
:~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

granted, it should be tighter be default.  however, as users we have a
responsibility to understand the capabilities of the software we're using.
using your argument i could complain to a gun manufacturer that i'm upset
that i was able to use a weapon they made to shoot holes in my car.  it's my
responsibility to know that if it's loaded and i pull the trigger that it
will shoot a projectile.  if i don't want to cause damage to my car i
shouldn't point it at my car and pull the trigger when it's loaded.

:~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
: And in Eudora you have to _open_ the attachment to
: get the virus :)
:~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

no links handy atm but i'm confident that i've read of virii that infected
eudora when you viewed the infected message if your security settings
weren't high enough.  remember, eudora uses ie as it's internal html
rendering engine - just like outlook.

:~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
: You can't blame the user for _all_ the security flaws
: of Outlook.  Just some (when your IT guy says "Don't
: open any attachment that ends with .vbs, you listen
: to him!). But if the preview pane auto-activates it for
: you, and the preview pane is a default setup, how is
: the new user supposed to know they should have
: been doing something different?
:~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

how is the new unix server admin to know they should do something different
when they set up a unix box for the first time and left access to telnet?
you think they're just going to know that that's a security hole?  they will
if they researched some common security holes of the software they're using.

the point i'm trying to make is that all the things that you say shouldn't
be able to happen are set up that way for a reason.  it's the same with
telnet on a default install of a unix box.  telnet is there for a reason.
whether or not it should be left on is left to your discretion.

i guess the point i'm trying to get across is that the machines we use come
with tools to make the time we use the computer more pleasant, more
efficient, whatever.  these tools have some amazing capabilities.
unfortunately, there are people who will find ways to ways to take advantage
of these tools for malicious acts.  that's not the fault of the tool.  it's
just doing what it's designed to do.  take away that tools ability to
perform these tasks and you might as well not even use the tool at all.
it's cutting off your nose to spite your face.  why bother even using the
computer at that point?  why bother reading newspapers since those can be
used to conceal a gun?  why jot down your thoughts in a diary since someone
could get their hands on that and use that information against you?  and on
and on . . .

finally, if you're not going to do the research necessary to lock down your
software appropriately then at the very least you ought to do like all the
other lemmings and install some resource hungry virus software.

thanks,

.jeff

name://jeff.howden
game://web.development
http://www.evolt.org/
mailto:jeff at members.evolt.org





More information about the thelist mailing list