Top posting self-reply: looks like a lot of what I've suggested may have finally been acknowledged by MS, according to a recent Register.co.uk article. http://www.theregister.co.uk/content/56/33599.html We can only hope ... -- Scott Francis || darkuncle (at) darkuncle (dot) net illum oportet crescere me autem minui On Mon, Nov 03, 2003 at 03:05:03PM -0800, darkuncle@darkuncle.net said: [snip]
The 3 things that would do the most to help eliminate this problem (millions of easily 0wned end-user hosts) right now are all things that lie in Microsoft's domain:
1) enable Internet Connection Firewall by default; 2) enable automatic Windows Update patch installation by defuault; [*] 3) modify the HTML engine in Outlook/OE such that it can ONLY render HTML, and any active content is ignored - in other words, replace MSIE as a backend HTML rendering engine with, say, lynx. [**]
(and even if the above were all incorporated into all subsequent releases of Windows, it might take years before the old insecure hosts were finally replaced ...)
Nothing new to this crowd, I'm sure, but I sure wish there was a way to make this a priority to the folks at MS, who are really the only people with the ability to make this happen. Without their compliance, the problem will never improve (not as long as they're as dominant as they currently are). -- Scott Francis || darkuncle (at) darkuncle (dot) net illum oportet crescere me autem minui
[*] I'm well aware of the potential disaster were the WindowsUpdate site to be trojaned. However, corporate IT should be updating from a single server by the schedule of their windows admins, and for everybody else ... it couldn't be much worse than the current state of affairs.
[**] I've given up on hoping that email will return to the plain old text it was intended to be. I'm in the minority on that opinion, and I'm willing to settle for HTML in email if it can be rendered in a non-harmful manner (i.e. plain vanilla HTML only).