just me(matt@snark.net)@2003.08.20 14:41:02 +0000:
Please don't pretend that your MUA-de-jour is somehow invulnerable by design, unless you've audited every line of code yourself.
I don't. Mutt and similar MUAs are prone to misconfiguration, which makes them vulnerable to some degree, but this fact alone does not expose enough surface for implementation of an internet-wide worm attack ;-) Perhaps, Outlook is a secure and performant email solution - in, say, 3 to 4 years from now, but this means a drastic change of course for the vendor. In end-user application design, finding the right mix between security and and convenience (which tend to be mutually exclusive, in one way or the other) is a critical design decision. You get the point.
On a different angle, the apparent problem of a software product being vulnerable to an exploit is not solved by deploying a - albeit well-patched - application monoculture worldwide. Risk is lowered by using more well-designed software packages out there. Diversity is the name of the game, it's nature's solution and it seems to work quite well.
I completely agree. Which is why I discourage people from using Outlook Express as well as Mutt.
So the interesting question in context of this email thread is: what do you encourage them for? Regards, /k --
Horngren's Observation: Among economists, the real world is often a special case. webmonster.de -- InterNetWorkTogether -- built on the open source platform http://www.webmonster.de/ - ftp://ftp.webmonster.de/ - http://www.rohrbach.de/ GnuPG: 0xDEC948A6 D/E BF11 83E8 84A1 F996 68B4 A113 B393 6BF4 DEC9 48A6 Please do not remove my address from To: and Cc: fields in mailing lists. 10x