Re: Mobile code security (was Re: rr style scanning of non-customers)
Should ISPs control what applications their customers can run?
frankly and truly, i would be satisfied if isp's wouldn't run outlook/exchange in their noc/abuse departments, so that they could safely accept mime-mail rather than bouncing it as their only means of keeping themselves virus-free. i love it when mime shows up here. mh-e just has no idea what to do with a "pif" or "exe" file. the whole concept of having to run "mime defang" at the gateway because an abuse desk worker or backbone engineer has a fragile user agent is completely ridiculous and there is no possible explaination for it. (if this is your situation then quit, or fire somebody, as appropriate.)
On Mon, 16 Jun 2003, Paul Vixie wrote:
Should ISPs control what applications their customers can run?
frankly and truly, i would be satisfied if isp's wouldn't run outlook/exchange in their noc/abuse departments, so that they could safely accept mime-mail rather than bouncing it as their only means of keeping themselves virus-free.
yea, if my sister in-law (who barely knows what 'computer' means most times) can come to the conclusion that: 1) all email viruses of note are outlook targetted 2) everyone with outlook gets viruses therefore 3) why would anyone ever run outlook why can't multibillion dollar companies figure that out? it does mystify me :)
i love it when mime shows up here. mh-e just has no idea what to do with a "pif" or "exe" file. the whole concept of having to run "mime defang" at the gateway because an abuse desk worker or backbone engineer has a fragile user agent is completely ridiculous and there is no possible explaination for it. (if this is your situation then quit, or fire somebody, as appropriate.)
go pine! (or mh or elm or... mailx!)
why can't multibillion dollar companies figure that out? it does mystify me :)
The only lame excuses I can come up with are possibly: laziness, stupidity, ignorance, complacency, fear of non-compliance (but I think that's a stretch) and perhaps the raccoon mentality of 'it's new and shiny - I MUST have it'. Beyond that I have no idea why groups continue to use a Microsoft Virus Run-Time Environment or even see the excuses above as legitimate justification.
"Christopher L. Morrow" wrote:
yea, if my sister in-law (who barely knows what 'computer' means most times) can come to the conclusion that: 1) all email viruses of note are outlook targetted 2) everyone with outlook gets viruses
therefore
3) why would anyone ever run outlook
why can't multibillion dollar companies figure that out? it does mystify me :)
When I visited for my birthday last week, I discovered my 15-year-old niece's Comcast attached machine was infected wih multiple things, one of which (I never figured out how) would even prevent the machine from being shutdown (turned it into restart). From the activity lights, it was pretty clearly sending a lot of traffic, sitting in the basement unattended, with the screen blanked. As far as I could tell, the vector was AOL IM. So, it's not only M$ and outlook. Why oh why are vendors shipping with defaults like no restrictions on "buddy" downloads and execution? -- William Allen Simpson Key fingerprint = 17 40 5E 67 15 6F 31 26 DD 0D B9 9B 6A 15 2C 32
participants (4)
-
Christopher L. Morrow -
Matt Hess -
Paul Vixie -
William Allen Simpson