| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: rms at computerbytesman.com (Richard M. Smith) Subject: Administrivia: Testing Emergency Virus Filter.. >>> The wetware could make better decisions is his M$ >>> Outlook actually told him he was running an .exe file >>> instead of looking at a .gif... My own view is that sending out executables as attached files to email messages regardless if the files are friendly or if they are malware is socially unacceptable. Just like smoking on a commercial airliner is now socially unacceptable. For programmers who need to send around executables, please ZIP them up first. Outlook 2002 by default removes all attached executable files from incoming email messages. The Outlook security update, which has been available for more than 2 years, provides the same feature for Outlook 98 and 2000. Outlook Express 6 also offers this same executable stripping feature, but Microsoft stupidly made the default be off. Some computer makers saw the errors of Microsoft's ways are now turning on the stripping feature in Outlook Express, before their Windows boxes leave the factory. Unfortunately, I've now seen recommendations in both PC World and PC Magazine to turn this feature back off. The email infrastructure (SMTP servers, POP servers, Web-based email systems, list serve software, etc) should all be doing the same stripping of exectuables. The Windows worm problem is solvable if all vendors of email software got the message that attached executable files are bad news and should be deleted. Richard M. Smith http://www.ComputerBytesMan.com
Powered by blists - more mailing lists