> Permitting HTML in email is (IMHO) a bad idea. Permitting script
I agree.
> execution in an email is a fatal defect. I'm sorry, but people who let
Agreed again.
> their mail reader auto-execute scripts aren't getting much sympathy from
> me. If people want the virus problem to be greatly reduced, it's really
> simple -- just quit running the virus writer's best friend.
Dale, Jon, and Matt,
It's just not that simple. I don't run a virus scanner (don't really need
to), but I did get a virus once (really, only once). I have a laptop that I
tote around to customer sites. Since I have a network at home, I naturally
have file and printer sharing enabled (cuz I need it). I plugged into a
customers network once and *BAM* I was infected. It's my fault, I admit,
but it's easy to get a virus if you are using windows. Passwording your
shares is not necessarily a "perfect" defense, as there are exploits for
these.
I would rather run Linux all the time, but it's simply not possible for me.
I absolutely have to run windoz at times.
The moral to this story is: You can get a virus at the least expected time,
regardless of any protection methods you employ. Until you have personally
examined all the source code running on your computer, you can't be sure
what the next exploit is going to be. Microsoft is completely to blame for
this, because they only fix holes that have been "discovered" and even then
only once it's been exploited. For every "discovered" hole in windos, there
are probably a thousand more that haven't been "discovered". Their silly
auto execution, Hacktive X, and other cutesy features are the root of this
serious problem. I think the NIMDA virus demonstrated the cleverness and
capability of the current virii.
No disrespect intended, but if you are absolutely sure that you are never
going to get a virus, you are eventually in for a nasty surprise. Nearly
every computer that I work on has one virus or another. Either that, or it
has so much spy-ware loaded that it's just as bad off as if it had a virus.
Just because you turn off a setting, or raise your security level in
winderz, doesn't mean that you are safe. I have seen some very clever
techniques used to get past that stuff.
michael brown
--
http://www.piclist.com hint: To leave the PICList
mailto:piclist-unsubscribe-request@mitvma.mit.edu