[thelist] Opera browser- now with a (free) new version
Jacob Stetser
lists at icongarden.com
Fri Dec 8 06:00:54 CST 2000
Scripts _within_ an email client should not be able to affect
anything outside of the email client - that means no writing files,
no changing system config. Hell, I don't really even want it changing
my email settings. The only real use of scripting in an email is if
you're using HTML email and want mouseovers.
I know Outlook allows remote installs by sending an email if it's
configured that way. That's sorta scary. Maybe it's cool. But why are
we relying on a messaging/scheduling client to do our IT work for us?
I've said this before, but I think that the email script sandbox
needs to be much tighter on the default config.
And in Eudora you have to _open_ the attachment to get the virus :)
Oh wait, even that most likely won't happen, since I use a Mac and
script kiddies and virus writers prefer to infect the vastly greater
sea of PCs :) (Note: I know there are Mac viruses. I've even
encountered a few, but none in the past 3 years.)
You can't blame the user for _all_ the security flaws of Outlook.
Just some (when your IT guy says "Don't open any attachment that ends
with .vbs, you listen to him!). But if the preview pane
auto-activates it for you, and the preview pane is a default setup,
how is the new user supposed to know they should have been doing
something different?
Jake
>
>still the fault of the user - not the email client. scripting within an
>email can have it's uses (no matter how much it may be annoying). it's up
>to the user to have their security set up in such a way as to prevent
>scripts from running. script executing in the message is also a problem
>that eudora has so let's not point the finger just at outlook.
>
--
icongarden.com
Making good ideas grow || http://icongarden.com/
More information about the thelist
mailing list