[Top] [All Lists]

Re: MyDoom, Sorbig - Actions taken?

2004-02-05 07:49:18

I am getting a little peeve with your continued disrespect.

<yawn>. And by your repeated verbose attempts to pass off ignorance as sophistication you're demonstrating _what_ exactly?

Going back to the original question, would this be YOUR method (using MIME)
to help solve or address your email virus problems being dump your way?

If vendors followed the spec, the only way that recipients' computers would be vulnerable to viruses would be if the recipients manually saved the attachment, and then manually launched it using a separate program. It wouldn't completely keep viruses from propagating (there are some people stupid enough to do anything) but it would be sufficient to keep them from propagating quickly or widely.

Rather to being so condescending, why don't you explain how layering when
adhered by the MUA will solve the problem of abusive transportation of

If the MIME specifications were followed, there would be no incentive to send email viruses in the first place, since there would be little chance of their propagating widely. Miscreants would use other means to attack systems.

   You are bent of this being an USER/MUA problem maybe that's
because you are currently focus on "User needs."   Well,  I disagree.

That's because you don't know what you are talking about (either about my focus or about mail system design).

The MUA is the part of the system that represents the user's interests (as in, not having his computer attacked). The MUA is the part of the system that knows about message content (as in, knowing the meanings of attachment types and what to do with them). The MUA is the part of the system that has to adapt to, and learn how to handle, new kinds of content. The MTS doesn't know about any of these things, and for good reason. The MTS doesn't know about the characteristics of, or configuration of, end systems. Content that is perfectly legitimate to one recipient is potentially harmful to another. The MTS has no way of knowing the difference.

To expect an MTA to be better at filtering viruses than an MUA is to expect a part of the system that doesn't act on behalf of a recipient to represent the recipient's interests better than the recipient's MUA. It expects the MTA to know almost as much about content as the MUA even though the MTA's job is to be transparent. It expects MTAs to adapt as quickly to changes in content used by recipients as the recipient's MUAs. It makes it harder to transmit new kinds of content over the Internet because it will require the upgrade of all MTAs in the path, and it therefore makes Internet mail less flexible and less useful. A mail architecture that did that would expect ISPs to spend large sums of money to compensate for Microsoft's negligence.

Now, there's something to be said for security in depth, and having a virus filter near the recipient, say attached to the recipient's inbound SMTP server and message store, as a backup to accidental bugs in the recipient's MUA, probably does make some sense. And if it's placed there then it can still be responsive to recipient's needs (as in, "yes, I really do need the message with the three .exe attachments delivered intact; I was expecting them and the message was digitally signed by the vendor who sent them to me."). But you don't need support in SMTP to do that.

You still have not address the question when MIME is not used for attachment transportation via SMTP.

You solve that problem in the same way as for MIME attachments; it's just not in scope for the MIME spec to say that.


<Prev in Thread] Current Thread [Next in Thread>