Re: Mobile code security (was Re: rr style scanning of non-customers)
therefore
3) why would anyone ever run outlook
i love outlook2003. no joke, i use it every day. whenever i get an attachment that seems reasonable and i need to open it, i put it in the folder that outlook can see, and i read it. i also share a calendar (in three directions) using outlook's "iCalendar" support. i edit my cell phone's directory using a shared outlook address book. for what it's intended to do, outlook works really great. it's only when you let it open *all* the e-mail you get, that its weaknesses prevail. moral of story: i think the security model is terrible, and i think the fact that credible or similarly-dominant alternatives do not exist is reprehensible, but the applications themselves, like outlook, seem to work pretty well once you put them inside a lockbox. (i guess hundreds of companies are now in the business of selling such lockboxes, too.) the real failure, the thing that actually burns my hash, is when my spam complaints or noc correspondance are robotically bounced because they contain dangerous mime attachments of type "message/rfc822" (spam examples) or "text/plain" (traceroute or tcpdump output). if your noc or abusedesk has such a robot protecting it, you ought to be ashamed.
On Mon, 16 Jun 2003, Paul Vixie wrote:
therefore
3) why would anyone ever run outlook
i love outlook2003. no joke, i use it every day. whenever i get an attachment that seems reasonable and i need to open it, i put it in the folder that outlook can see, and i read it. i also share a calendar (in three directions) using outlook's "iCalendar" support. i edit my cell phone's directory using a shared outlook address book. for what it's intended to do, outlook works really great. it's only when you let it open *all* the e-mail you get, that its weaknesses prevail.
This is the central problem though, Complexity. Paul is willing to accept having 3 email clients and jumping through hoops to read an email or sync a calendar across 3 devices... 99% (more?) of the computing public can't understand this :( I'm willing to jump through 3 hoops of ssh to make connections to one network, this to me is the price of 'security'... Many other people just don't understand why they can't jump right to the end system and still be 'secure'. That or they are just unwilling to remember that security is important and at times it can entail some extra work :(
moral of story: i think the security model is terrible, and i think the fact that credible or similarly-dominant alternatives do not exist is reprehensible, but the applications themselves, like outlook, seem to work pretty well once you put them inside a lockbox. (i guess hundreds of companies are now in the business of selling such lockboxes, too.)
So, microsoft has actually improved the computing business world as well as ruined it? :)
the real failure, the thing that actually burns my hash, is when my spam complaints or noc correspondance are robotically bounced because they contain dangerous mime attachments of type "message/rfc822" (spam examples) or "text/plain" (traceroute or tcpdump output). if your noc or abusedesk has such a robot protecting it, you ought to be ashamed.
Sure, that and the fact that outlook hasn't properly handled 822 messages 'ever'... whats a standard for anyway?
participants (2)
-
Christopher L. Morrow -
Paul Vixie