Re: MyDoom, Sorbig - Actions taken?
2004-02-05 07:49:18
I am getting a little peeve with your continued disrespect.
<yawn>. And by your repeated verbose attempts to pass off ignorance as
sophistication you're demonstrating _what_ exactly?
Going back to the original question, would this be YOUR method (using
MIME)
to help solve or address your email virus problems being dump your way?
If vendors followed the spec, the only way that recipients' computers
would be vulnerable to viruses would be if the recipients manually
saved the attachment, and then manually launched it using a separate
program. It wouldn't completely keep viruses from propagating (there
are some people stupid enough to do anything) but it would be
sufficient to keep them from propagating quickly or widely.
Rather to being so condescending, why don't you explain how layering
when
adhered by the MUA will solve the problem of abusive transportation of
viruses.
If the MIME specifications were followed, there would be no incentive
to send email viruses in the first place, since there would be little
chance of their propagating widely. Miscreants would use other means
to attack systems.
You are bent of this being an USER/MUA problem maybe that's
because you are currently focus on "User needs." Well, I disagree.
That's because you don't know what you are talking about (either about
my focus or about mail system design).
The MUA is the part of the system that represents the user's interests
(as in, not having his computer attacked). The MUA is the part of the
system that knows about message content (as in, knowing the meanings of
attachment types and what to do with them). The MUA is the part of the
system that has to adapt to, and learn how to handle, new kinds of
content. The MTS doesn't know about any of these things, and for good
reason. The MTS doesn't know about the characteristics of, or
configuration of, end systems. Content that is perfectly legitimate to
one recipient is potentially harmful to another. The MTS has no way of
knowing the difference.
To expect an MTA to be better at filtering viruses than an MUA is to
expect a part of the system that doesn't act on behalf of a recipient
to represent the recipient's interests better than the recipient's MUA.
It expects the MTA to know almost as much about content as the MUA
even though the MTA's job is to be transparent. It expects MTAs to
adapt as quickly to changes in content used by recipients as the
recipient's MUAs. It makes it harder to transmit new kinds of content
over the Internet because it will require the upgrade of all MTAs in
the path, and it therefore makes Internet mail less flexible and less
useful. A mail architecture that did that would expect ISPs to spend
large sums of money to compensate for Microsoft's negligence.
Now, there's something to be said for security in depth, and having a
virus filter near the recipient, say attached to the recipient's
inbound SMTP server and message store, as a backup to accidental bugs
in the recipient's MUA, probably does make some sense. And if it's
placed there then it can still be responsive to recipient's needs (as
in, "yes, I really do need the message with the three .exe attachments
delivered intact; I was expecting them and the message was digitally
signed by the vendor who sent them to me."). But you don't need
support in SMTP to do that.
You still have not address the question when MIME is not used for
attachment transportation via SMTP.
You solve that problem in the same way as for MIME attachments; it's
just not in scope for the MIME spec to say that.
Keith
<Prev in Thread] |
Current Thread |
[Next in Thread>
|
- Re: MyDoom, Sorbig - Actions taken?, (continued)
- Re: MyDoom, Sorbig - Actions taken?, Valdis . Kletnieks
- Re: MyDoom, Sorbig - Actions taken?, Hector Santos
- Re: MyDoom, Sorbig - Actions taken?, Keith Moore
- Re: MyDoom, Sorbig - Actions taken?, Hector Santos
- Re: MyDoom, Sorbig - Actions taken?, Valdis . Kletnieks
- Re: MyDoom, Sorbig - Actions taken?, Hector Santos
- Re: MyDoom, Sorbig - Actions taken?, Valdis . Kletnieks
- Re: MyDoom, Sorbig - Actions taken?,
Keith Moore <=
- Re: MyDoom, Sorbig - Actions taken?, Brad Clements
- RE: MyDoom, Sorbig - Actions taken?, Dan Wing
- Re: MyDoom, Sorbig - Actions taken?, Keith Moore
- Using SUBMIT without bothering the user (was Re: MyDoom, Sorbig - Actions taken?), Arnt Gulbrandsen
- Re: Using SUBMIT without bothering the user (was Re: MyDoom, Sorbig - Actions taken?), Keith Moore
- Re: Using SUBMIT without bothering the user (was Re: MyDoom, Sorbig - Actions taken?), Arnt Gulbrandsen
- Re: Using SUBMIT without bothering the user (was Re: MyDoom, Sorbig - Actions taken?), Keith Moore
- Re: Using SUBMIT without bothering the user (was Re: MyDoom, Sorbig - Actions taken?), ned+ietf-smtp
- Re: Using SUBMIT without bothering the user (was Re: MyDoom, Sorbig - Actions taken?), william(_at_)elan(_dot_)net
- Re: Using SUBMIT without bothering the user (was Re: MyDoom, Sorbig - Actions taken?), John C Klensin
|
|
|