[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Full-Disclosure] Administrivia: Testing Emergency Virus Filter.. 

  >>> The wetware could make better decisions is his M$ 
  >>> Outlook actually told him he was running an .exe file 
  >>> instead of looking at a .gif...

My own view is that sending out executables as attached files to email
messages regardless if the files are friendly or if they are malware is
socially unacceptable.  Just like smoking on a commercial airliner is
now socially unacceptable.  

For programmers who need to send around executables, please ZIP them up
first.

Outlook 2002 by default removes all attached executable files from
incoming email messages.  The Outlook security update, which has been
available for more than 2 years, provides the same feature for Outlook
98 and 2000.  

Outlook Express 6 also offers this same executable stripping feature,
but Microsoft stupidly made the default be off.  Some computer makers
saw the errors of Microsoft's ways are now turning on the stripping
feature in Outlook Express, before their Windows boxes leave the
factory.  Unfortunately, I've now seen recommendations in both PC World
and PC Magazine to turn this feature back off.

The email infrastructure (SMTP servers, POP servers, Web-based email
systems, list serve software, etc) should all be doing the same
stripping of exectuables.  

The Windows worm problem is solvable if all vendors of email software
got the message that attached executable files are bad news and should
be deleted.

Richard M. Smith
http://www.ComputerBytesMan.com


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html