|
| T O P I C | |
|
With Outlook you're safe from... almost everything
May 16th 2000, 19:21 CEST by andy According to this story from the BBC, Microsoft has announced that Outlook will be updated with security measures intended to reduce the threat from viruses. The patch will by default prevent users from opening 37 different executable file types. It will also warn users when a program tries to access the Outlook address book and will set the default security mode to "restricted", disabling the scripting used by the ILOVEYOU virus. One interesting quote from the story:
Because the patch will still allow users to open Word .doc files it will not by default do anything to stop macro viruses such as Melissa. In addition to welcoming the new patch, Graham Cluley of Sophos echoes the sentiment that has been put forward by the technical community:
The patch will only be available for Outlook, not the cut-down Outlook Express. It should be available within the next week. More information is available on the Microsoft web site. |
| C O M M E N T S |
|
Home »
Topic: With Outlook you're safe from... almost everything
|«« - Previous Page - Next Page - »»| |
|
Andy yes I know it makes it a clause that can now be used and enforced, but you also have to look at the fact that most companies create buggy software do it time and time again and these companies are the ones most likly to use the clause. G-Man yeah I would agree that it's intended to stop the loophole report with no fix thing but the UCITA doesn't say loophole's or security problems it's says bugs in general, which would need a suite to be filled to narrow the term bug down to loopholes only, combined with other wording that makes it nearly impossible to win a case this could be a problem. |
|
[Sup painkiller? You know me, actually :)] I love Eudora pro. No love bug crap, no activeX shit, nothing M$ except the DLLs (Id chuck windows but halflife wont run worth crap on linux) If you dislike outlook, piss on it and use PINE or eudora! Get an old version of eudora, or use your ISP's shell (get off AOL, it doesnt offer a shell). |
|
From <a href="http://www.theregister.co.uk/000511-000024.html">theregister</a>: <quote>US Congressman Anthony Weiner (Democrat, New York) blasted the anti-virus software industry for being humiliated by the Love Bug in a five-minute tirade during House Science Subcommittee hearings this week. "There's an industry here that's come up to deal with viruses, and this looks to me like a ground-ball virus. Frankly, this is an utter, abject failure of an industry that has sprung up to deal with these types of things," Weiner told anti-virus outfit McAfee's Sandra England. But that was just a warm-up. He next cast doubt on the damage estimates, implying that they're deliberately inflated by the industry to increase interest in protective software. "I mean the numbers here are little bit absurd, you know, 'billions'. We don't know how much it cost; it might not have cost anybody anything," he observed dryly. Progressively working himself up with his own rhetoric, he turned openly sarcastic. "A teenager in the Philippines whips the McAfee company so badly that you come before Congress and say, 'hundreds of millions of dollars in damage has been done, because, oh, we were so surprised it came across Outlook Express. We were shocked [to see that] it looked like Melissa...'" "It isn't going to get any easier than this. I mean, [virus authors] aren't going to knock on your door with a disk [in hand] and say, 'this virus is going out on Monday morning,'" he said scornfully. He hammered England relentlessly. "You're supposed to deal with viruses. What form do [viruses] usually come in? An announcement? A memo? They come in the form of something that you've got to anticipate from past experiences." And then the kicker: "Why did your stock prices go up after this?" </quote> The best part is they close the article by saying that microsoft is to blame. Gotta love theregister... |
|
why you gotta be playa hating me too, RahvinTaka? My school of thought is that even dumb users knew enough to have virus scanners, and their network admins get PAID not to be dumb and protect their users so they also had virus scanners running on their servers. WHICH SUCK ASS, and microsoft takes the fall. I saw some numbers last week (sorry I can't link, so take my memory for what its worth) that said that 30% of corporate users got hit and 5% of home users got hit. When I think of the stupid users harming themselves I think of the home users. Granted, these stupid users from home have a job (unless they are really, really stupid of course), but they go into an enviroment where a company has probably forked over $1000 plus on virus scanning software and $100,000 a year on technicians to keep these stupid users from costing the company more. I'm probably on 10 people's contact list on my home account. At work, I'm on 100+. At school I'm on 2000+. Work and school have large amounts of money invested in server side virus protection that rolled right past it, onto the servers then to me. 2 days straight of the damn thing. You'd think after, oh, 30 minutes these highly paid network admins and virus protection professionals could have kept the stupid users from gettings the virus by oh, filtering any message with a .vbs attachment or updating their virus scanning software. Limiting the software won't protect the user. Its wonderful that microsoft now brings up a message that tells you when your address book is being opened. But I bet you that if you are on a corporate network (which was largest hit), you have some sort of database. Which probably stores an e-mail address. It's relatively easy to go through every database on your harddrive looking for e-mail address. And you know anyone who would open this virus also makes it quiet easy for themselves to open a password encrypted database because they can't remember the password. So with this you can do two things. Corrupt a database (which is a hell of a lot more important than fucking .dlls and .mpgs) and propagate farther. Don't tell you I didn't warn you, this will happen within a year. And people will scream "why did microsoft make it so easy to connect to a database, its so insecure!" while the virus scanner sits there with your 50 dollar check for their software and a thumb up their ass watching their stock go up. |
|
here's a list of extension's this patch updates, along with a link. I'm glad to see I'm protected from the deadly photoCD virus. ADE Microsoft Access Project Extension ADP Microsoft Access Project BAS Visual Basic® Class Module BAT Batch File CHM Compiled HTML Help File CMD Windows NT® Command Script COM MS-DOS® Application CPL Control Panel Extension CRT Security Certificate EXE Application HLP Windows® Help File HTA HTML Applications INF Setup Information File INS Internet Communication Settings ISP Internet Communication Settings JS JScript® File JSE JScript Encoded Script File LNK Shortcut MDB Microsoft Access Application MDE Microsoft Access MDE Database MSC Microsoft Common Console Document MSI Windows Installer Package MSP Windows Installer Patch MST Visual Test Source File PCD Photo CD Image PIF Shortcut to MS-DOS Program REG Registration Entries SCR Screen Saver SCT Windows Script Component SHS Shell Scrap Object URL Internet Shortcut (Uniform Resource Locator) VB VBScript File VBE VBScript Encoded Script File VBS VBScript Script File WSC Windows Script Component WSF Windows Script File WSH Windows Scripting Host Settings File <I><B></B></I><I></I><I></I> |
|
my posting extavaganza continues! I use pine so I'm invincable? a possible vulnerability that causes pine to execute arbitrary shell scripts included inside HTML files attached to emails: <a href="http://www.securiteam.com/exploits/Pine_remote_exploit_source_code_released.html">HHP-Pine remote exploit</a> there is a patch to fix this I believe, but I luckily don't use pine so I don't have to worry. <I><B></B></I><I></I><I></I> |
|
someone should exploit the security hole in word that lets you use their spell checker in other apps and put it into crapspy. it sure would make me look a lot less stupid at the wee hours of the night.<I><B></B></I><I></I><I></I> |
|
The point I was trying to make in the other thread is totally vidicated with the MS press release. Computer virus' can't be stopped, but the means, transportation, and communicabity can. The later of those three were all MS responsibilites in this instance, if a virus exploited another well known program, say for instance (*chuckles*) Lotus notes - I would be hanging them out to dry. Which collides headon directly with my initial post that Vale (and Phil) took exception to, the damage this virus has done can be directly attributed to the Microsoft monopoly in the home computer market. Sure, gaming industry's practical side will tell you splitting MS up is a real bad thing because they've <i>been getting better</i> and the system will be diluted - and I whole heartedly concur. But this system would have been much, much farther along today if we had 6 different OS companies MS had sublicensed using the same baseline operating structure and each making various improvements and the consumer would be inherintly more educated, because in the end - if Joe Consumer <b>has the option to</b> he will look for that ZDNet 5 star rating on the package he buys. When was the last 5 star MS operating system? Win 3.1? This is where the beauty linux users find in their OS that anti-linux people don't: Choice is a good thing. You can, as I write this - walk into Wal-Mart and pick up 2 differen't kinds of Linux off the shelf, Turbo and Redhat. And it <i>actually matters</i> which one you buy because one has more functionality. But every single piece of software will run on either. But the 'discouragement factor' MS used, and still uses is a cornerstone to this arguement, whether you want it to be or not. |
|
I'll admit this; I don't know a damn thing about linux and I'm looking to learn. So I go download the newest version of mandrake linux, which our head technical trainer at my company said was the easiest to get started with. The vast majority of users if they had a choice would listen 1) to what their friends say is good 2) what they've heard of 3) what costs the least/most (depending on their finincial theories work). I went with what my friends say. I would have gone with red hat but I was told this version was red hat + easier to install. I don't have the time nor do I care to learn about the different distros of linux and which one is perfect for me. I My point which probably seems unrelated to the previous story is that most users are going to buy a computer from gateway, dell, micron (if they even make machines still), or whoever has the neatest ads on tv. I'm pretty sure a new computer user won't go to their friends house and log on to zdnet to find out which version of windows would be the best, they'd take gateways word for it. And once gateway and dell have their distros, they become the defacto standard except some fringe users who don't use it because everyone else does. The damage done is cause by the monopoly. But I'll stick with my stupid highway anology from the other thread. Everyone uses the highways (windows), and everyonce in a while a trucker falls asleep at the wheel or a drunk takes out a school bus (malicious l33t hax0rs). You don't blame the highway for allowing many cars to go quickly from one place to another (outlook sucks). You blame the trucker for falling asleep or the drunk for driving. Sure there are some fringe users who take side roads everywhere and chuckle at people getting in wrecks on the expressway (*nix users), but most drivers don't know roads well enough to find their way on side streets (newbies). You don't destroy the highway or put up speed bumps everywhere (cripple outlook, windows), you stop drunk drivers by better measures at the bars and harsh fines (antivirus and/or government intervention). Sorry about the all the notes, but rereading my analogy made me realize it was really poorly written and needed explaining. I wouldn't be surprised to see some sort of world wide policing organization develope because the internet crime demands it. <I><B></B></I><I></I><I></I> |
|
<b>#44</b> "Phil Scott" wrote... <QUOTE>The damage done is cause by the monopoly. But I'll stick with my stupid highway anology from the other thread. Everyone uses the highways (windows), and everyonce in a while a trucker falls asleep at the wheel or a drunk takes out a school bus (malicious l33t hax0rs). You don't blame the highway for allowing many cars to go quickly from one place to another (outlook sucks). You blame the trucker for falling asleep or the drunk for driving. Sure there are some fringe users who take side roads everywhere and chuckle at people getting in wrecks on the expressway (*nix users), but most drivers don't know roads well enough to find their way on side streets (newbies). You don't destroy the highway or put up speed bumps everywhere (cripple outlook, windows), you stop drunk drivers by better measures at the bars and harsh fines (antivirus and/or government intervention). Sorry about the all the notes, but rereading my analogy made me realize it was really poorly written and needed explaining. </QUOTE> There is one significant problem with your analogy. One trucker can not take out 90% of the highways in the world within hours. Now if they could do that then I would choose to fly instead.<I><B></B></I><I></I><I></I> |
|
Phil: I disagree with your point about 'logging on, going to ZDNet', mostly because you seemed to be confused about the point I was making. :) Example: Warcraft II is the game that made me a hardcore RTS player - why? Because stamped on the front of the box was a quote with "Game of the Year" on it. Since then, this tactic has made Blizzard, Westwood, and Valve absolutely <b>insane amounts of money</b>. Why? Because the choice was made very clear to the consumer that they were better than the rest, and they had legitimate sources to back them up. Every damn person I've ever met has either heard "Warcraft II was awesome" or think Half Life "is one of the best games ever made." Not just because <i>they</i> thought it was, but because damn near <i>everyone</i> thought it was was. Tell me, when was the last time WinAnything had "of the year" on it? And no, Age of Kings doesn't count. If I walk into store to buy a drill, one drill is advertised "drill of the year by these publications" and the other drill isn't, guess what drill I'm going to buy? I don't want to spend 2 hours looking around online for reviews of a drill, to see if drillx will suit softer wood better than drier wood. I just want a good drill. This is the mindset our time strapped civilization has; and civilization rules, my friend. You spend hours a day on your computer, I spend hours of day on my computer, but that still doesn't give me enough time to educate myself about the correct way to walk through a door, get in my car and drive to work. Some things people just wing in life, and to a lot of people computers are one of those things that just can't afford a lot of to intimately know. |
|
regards the comments about system admins..... Unless youre doing that for a living, you have no concept of just how bad the workload can be. Its all very well to say they should be on top of every virus and alter the mail server. In practicality, not a fucking hope. Often by the time you learn about the virus, youve been hit by it and the users are merrily spreading it as fast as they can. Keeping patches and service packs up to date on 200+ machines, whilst keeping them all running is heartbreaking at times. Even more so when you have to deal with idiot users willfully doing stupid things (like cramming cds in between gaps in the blanking plates). Fortunately I put in heavy hours and put Murphy plans into place. Murphy plans being contingency planning for _any bad shit_ that I can dream up. Result ? The 200 odd systems I look after personally still use Lotus notes, reject various attachments and could view the .vbs but not execute it (wouldnt let them save it either). The other side of the company (with 20 staff to just me) got slaughtered and screamed at users over the PA whilst killing their lovely exchange and msmail system. To use an analogy, a virus outbreak is like being punched from behind. Theres no real way you can anticipate it or see it coming, you just learn to roll with it so you take minimal damage. oh and my companies estimate for lost productivity is a few thousand. Nearly all of thats on the other side of the company .... my side kept on quite happily ;) Ds |
|
Phil: just compare hackers to people thast throw big rocks on your highway... sure... it's their fault, but I prefer driving under bridges with high railings, so that dumb kids can't throw rocks from them... maiking changes to the bridge wouldn't change tha highway at all. Also it would be helpful to tell users when they are driving under well-known drop-off points, so that they can slow down if they care... Redline: I myself am only starting with linux, but would your script do that much damage with me accessing my mail as a simple "user", not as "root". Even then, I should have to think(!!) about what to do with an attachment in bourne... .Exactly that is the problem with Outlook Express,etc...the programs try to take care of the thinking the user should do. This is a nice way to educate people;-) Seth ( d_k_denz@hotmail.com) |
|
<b>#46</b> "Seth Krieg" wrote... <QUOTE>If I walk into store to buy a drill, one drill is advertised "drill of the year by these publications" and the other drill isn't, guess what drill I'm going to buy? I don't want to spend 2 hours looking around online for reviews of a drill, to see if drillx will suit softer wood better than drier wood.</QUOTE> If you are buying things just because of labels on the boxes, and not any other criteria, you deserve what you are going to get. Using your drill, lets say that while the magazine called it the "Drill of the Year" they also put a little paragraph in the review that says the motor in the drill heats up under hard use, and may seize from the heat. They then say that if your job requires prolonged use, you might be better served by another drill. You, who buys the drill because of the sticker, take the drill home and start building your house or whatever. After drilling through four or five 2x6's, the motor seizes, and now you have paperweight of the year. You didn't do your homework, and got stung. Who's fault?<I><B></B></I><I></I><I></I> |
|
[49] VeeSPIKE Amen brudha... It's like the amount of magazines that give "Editor's Choice" to a graphics card this is either an ATi or a Matrox... sure ATi has great DVD playback and sure Matrox have by far the best image quality... but... they aren't exactly the best gaming cards on the market, and so the "Editor's Choice" award does not really reflect a truly well-rounded product (Cards before the ATi Rage Fury and Matrox G400 were total dogs at 3D... at least those two are a lot better) And if you are buying your graphics card specifically for gaming, and go with an "Editor's Choice" award from my example, then you are gonna be pretty upset. Of course that's not true of all magazines, but how are you gonna know what's what unless you read up about it... It's like, if you are gonna drop two grand or more on something, you have to be pretty crazy to accept on faith someone elses judgement... for a start they could just be plain wrong, and even if they are "right" -- It might only be "right" from their perspective... you might have totally different needs and goals... but unless you understand a little about how a computer works, you are never going to be able to judge correctly what you need to buy to take care of your needs. |
|
Phil thanks a lot for the list, and just as I suspected there's a lot of stupid crap on there. URL's blocked, Photo CD's blocked, Security Certificate's blocked, Access projects blocked, is it just me or are none of these programs likly to have a virus, fo programs for that matter? did think so. |
|
Phil thanks a lot for the list, and just as I suspected there's a lot of stupid crap on there. URL's blocked, Photo CD's blocked, Security Certificate's blocked, Access projects blocked, is it just me or are none of these programs likly to have a virus, fo programs for that matter? did think so. Looks like Half-ass Outlook gets a Half-ass patch as well. |
|
As I said from the beginning, there are steps MS can take to prevent this from happening in the future. Those steps have now been taken, and they take the precise form that myself and several others pointed out - they REDUCE FUNCTIONALITY. MS could also have solved this problem by making Outlook delete ALL attachments. MS is NOT the protector of the world, they provided the tool. It's not their fault the tool was abused, by both the trojan author and the countless lemmings that executed it. Frankly, I'm going to be pretty pissed off if we have to keep reducing the functionality of our software based on what a stupid person "might" do with it. I'm a little tired of having my freedoms, options and productivity reduced to conform to society's least common denominator. How are we suppose to evolve as a society if we continue to cater to the stupid and punish those who "get it"? Nevermind...it's just a patch. I don't have to download it. Of course, MOST of the morons that caused the problem won't download it either...unless their IS/IT rep does it for them. After all, they obviously weren't concerned about the previous "security" patches. -Valeyard |
|
<b>#53</b>, Valeyard: <QUOTE> Frankly, I'm going to be pretty pissed off if we have to keep reducing the functionality of our software based on what a stupid person "might" do with it. </QUOTE> The Outlook patch doesn't affect me at all. It needn't affect you. I've never used Outlook. If you use it, you can switch to something else. It makes sense that the most widely-used software should be suitable for the average person. Non-average people can use software more suited to their uses for it. That's what I do, and that's what you can do if you choose to. What you're saying, in effect, is that the majority of the world's population should 'suffer' so that you personally don't have to. But you've turned it around to make it sound like you're the one losing out. |
|
<b>#54</b> "Andy" wrote... <QUOTE>If you use it, you can switch to something else. </QUOTE> Alas, I'm unable to do that on the job. At home I've been using Eudora for years. <b>#54</b> "Andy" wrote... <QUOTE>What you're saying, in effect, is that the majority of the world's population should 'suffer' so that you personally don't have to. But you've turned it around to make it sound like you're the one losing out. </QUOTE> Isn't that what an elitist is supposed to do? :) Seriously though, the functionality in Outlook is often critical to performing my job. While this new "security patch" (which I will not install) won't completely cripple productivity, it does reduce it. I'm not trying to pull the old "do what's right for me, to hell with everyone else" argument...I'm just bothered when I see us dumbing down society. We're crippling growth in order to help the weak. Why not help make the weak strong? Teach them how to use the tools before you send them out into the world. If they can't understand it - tough. Everyone doesn't deserve or need to use a computer. We don't just let <i>anyone</i> fly a plane, do we? Some of these people have no business on a computer (without training) and if that means they have to find another job, that's too bad. Be qualified to do your job or be prepared to lose it. When you begin to "limit" aspects of society to conform to the least common denominator, you are inhibiting the growth of a society. We stand at the verge of becoming greater as a society, yet we're doing every thing in our power to prevent it. Yes, I know, it's only one little piece of software. But it's not. It's an attitude that permeates society. Stop making laws to protect people from themselves...maybe you'll finally see people learn from experience...they way we've done it since the dawn of time. If someone wants to ride their motorcycle without a helmet, let them. It's called "natural selection" and it's not a bad thing. -Valeyard <I><B></B></I><I></I><I></I> |
|
<b>#55</b>, Valeyard: <QUOTE> Alas, I'm unable to do that on the job. </QUOTE> Hey, what you do in your own time... :) As for the rest of what you said, there's a nagging agreement in the back of my mind, but I'm fighting it because I know it's wrong. It may be right for me and you, but we're just two people out of six billion so we don't matter much. What you have to remember is that none of these 'stupid' people contacted Microsoft and told them to make an e-mail client. Microsoft created Outlook and spent huge amounts of money on putting it on 90% of desktops around the world - all because Microsoft <b>wanted</b> to, for its own commercial reasons. If use of Outlook by stupid people is a problem then it's a problem of Microsoft's creation. Let Microsoft sort it out. |
|
<quote>As for the rest of what you said, there's a nagging agreement in the back of my mind, but I'm fighting it because I know it's wrong. It may be right for me and you, but we're just two people out of six billion so we don't matter much. </quote> I'd have thought that most people of above-average intelligence feels the same way, or has at least to some extent in the past. |
|
<b>#56</b> "Andy" wrote... <QUOTE>As for the rest of what you said, there's a nagging agreement in the back of my mind, but I'm fighting it because I know it's wrong.</QUOTE> I'm not saying "throw out all compassion", I'm not saying "don't protect the innocent". <b>Do</b> protect the innocent and have compassion...just don't put them in positions they're not ready for. Make sure people are qualified and skilled to perform the tasks they're responsible for. (American-centric semi-rant:) School systems are letting lazy, ignorant, idiots graduate because they don't want to traumatize them by holding them back and they don't want to waste funds on someone who can't or won't learn. Society is overflowing with the "let's make it fair" mentality. We have the capability now, more than ever, to make things "more fair" for everyone...but that comes at a cost: progress. We're constantly passing laws and posting warnings to protect people from themselves. If this had gone on a million years ago, we'd still be starting fires with a sinewy bow and stick get-up...if fire was allowed at all. Yes, I'm going over the top on this one, but it's a societal condition that grieves me. As an example, I play pool. Billiards, straight pool, one-pocket and snooker...primarily. I'm a "classical" player, not a big fan of 9-ball and the like. My favorite game is one-pocket. In a nutshell, each player "owns" a corner pocket near the rack. The first player to pocket (or "pot" for you UK readers) 8 balls in their pocket wins the game. It's a beautiful game, full of strategy and safety shots. It's as close as you can get to playing chess on the pool table. If one person is better than the other, the common practice for competition is to handicap the better player. You now have to make more balls in your pocket than your opponent...9-7, 10-6, 11-5 etc. This practice of handicapping is great for making sure you can get a money game, it's great for balancing a game for fun, and it will make the game more fair...and I have no problem with that. It is, however, a terrible to learn to play better. The lesser player isn't put in as many difficult positions, they don't have to learn how to play the game "properly" they only have to learn enough <i>to get by</i>. The also don't benefit from making and missing as many shots. The same applies for straight pool, where the better player will usually "spot" the opponent 10, 25, 50 or more balls in a race to 150. The best players learned the hard way, you play someone who's MUCH MUCH better than you are, you immitate, emulate, invent and experiment...eventually, you either learn to play well or you give up. You are going to lose. You're going to lose often and big. You're not going to learn much from having things handed to you or taking the easy road and that's what modern society is trying to do. Letting illiterate kids graduate to save their feelings, promoting dependency with welfare, and handing people jobs that they simply aren't qualified to do. Where do you think middle-management comes from? :) Had to inject a little humor, it was depressing. The important thing is that I'm NOT saying <i>punish</i> the majority for the "elite" minority. I'm staying stop dumbing everything down. Stop limiting the options of the rest of society to conform to the needs at the bottom. How many kids have been completely bored to tears at school because the teachers were forced to move at the pace of the slowest learner? How much potential is lost in a "limiting" process like that? Granted, we aren't going to agree, you're more compassionate to the "little guy" than I am. I prefer to be more pragmatic...if you put your hand on the hot stove after being told you'd get burned, who's fault is that? If you do it again and again, does that mean the rest of us should get rid of our stoves? -Valeyard<I><B></B></I><I></I><I></I> |
|
Well, not that I don't think this discussion has pretty much been beaten like a red headed dead horse, I've decided to add some constructive critism and some possible solutions for all of us. Have several different versions of Outlook for release at retail (or on the internet, as applicable). Outlook standard, Outlook Express, and Outlook Advanced. The backbone would all use the Outlook engine and the frontend wouldn't have to be changed at all. Outlook standard works just like Outlook does post security patch (and if you still don't believe this was a MS security issue, I'm really sorry for you). Outlook Express looks the same as it does today post equivelant security patch. Outlook Advanced - ahhh, Vale's Holy Grail. a small 3 meg patch (or even a slightly more expensive version at retail) available only to registered owners of Outlook. Advanced gives you the power to; disable/enable file opening, puts an 'add/remove' list to programs that have access to your address book. "Power Feature after Power Feature", so to speak. And it's not like this hasn't occured to Microsoft, look at so many of their programs with technical differences (yet interoperability). Hell, look at their latest Flight Simulator that comes in seperate flavors. And voila, ILOVEYOU never happens. Tell me a flaw with this Vale. (other than the <i>obvious</I> OEM bit of sandbagging) |
|
Well, this will probably only make it worse around here but this was posted over at Blue's from ZDNet. <a href="http://www.zdnet.com/zdnn/stories/news/0,4586,2570727,00.html">Microsoft's 'Clippy' a security nightmare?</a> MS has already posted a patch, saying something about an ActiveX control that was incorrectly marked as 'safe for scripting.' It can be found <a href="http://www.microsoft.com/technet/security/bulletin/ms00-034.asp">here</a><I><B></B></I><I></I><I></I> |
|
<b>#59</b> "Seth Krieg" wrote... <QUOTE>Tell me a flaw with this Vale. </QUOTE> What you're proposing already exists, to a degree. Outlook Express, Outlook with warnings turned ON and Outlook with warnings turned OFF (or ignored). If people are turning the warnings off <b>now</b>, and still getting "hit", the same people will be using your Outlook Advanced...and will still get "hit". Additionally, three separate version is going to be way too confusing for the general population...they've already proven how rough two versions can be. It's not cost effective for MS to distribute and market three versions of Outlook. Some people who get Outlook Standard will be complaining that they have to "upgrade" to Advanced to get the feature that they won't. Some people will be complaining that Outlook Advanced has the features they need, but that it's not as "safe". The list is endless. The solution, for the nth time, is training. Teach people how to use the tool, teach them the dangers and hazards - or don't let them use it. Or at least stop listening to their complaints. -Valeyard <I><B></B></I><I></I><I></I> |
|
<b>#12</b> "Bad_CRC" wrote... <QUOTE>umm macros are disabled by default in Word... ummm, since when? </QUOTE> At the least, it's that way in Word2000. Every time you try to open a Word doc that has macros it gives a nice little warning that macros could be dangerous and asks if you'd like to <i>enable</i> macros. You say no and it opens the doc without macros ;) If you do enable macros, though, I believe you have the choice of doing so just for that document. That alone has saved me from quite a few macro virii (simply because, yes, I was expecting the document, but the person that sent it to me was a moron that wasn't aware they had a macro virus). If I was really, really bored I could probably install Word98 and see if it's the same there, but I'm not... <b>#37</b> "Jowr" wrote... <QUOTE>[Sup painkiller? You know me, actually :)] </QUOTE> /me wonders... |
|
If you're using Outlook Express: Tools - Options - security -- set to Restricted Zone instead of Internet Zone. Now go edit your IE settings in the Restricted Zone to allow downloads, not run scripts (even those marked safe), and not allow auto running. <I><B></B></I><I></I><I></I> |
|
I am an asshole. |
|
Agreed. Jesus Christ, that is unbelievably retarded! - lwf
|
|
Puzzling! |
| C O M M E N T S |
|
Home »
Topic: With Outlook you're safe from... almost everything
|«« - Previous Page - Next Page - »»| |
| P O S T A C O M M E N T |
|
|
| C R A P T A G S | ||||||||
|
|
| There are currently 0 people browsing this site. [Details] |
Powered by blah 0.9.1-dev •
PlanetCrap is © 1997-2035 Hendrik "Morn" Mans
|