Re: Any value in this list ?

People wanted to do more than just exchange text messages, and Microsoft
(and other companies) built products to help them do that.  Microsoft
also produces a lot of information on how to secure its products.  I do
not have the data at hand, but I have read several times that when
Microsoft servers are compromised, it is often because they are
misconfigured.


perhaps because they are shipped that way?
(I don't know about the servers, but it's true of mail clients)

I would also point out that NONE of this class of viruses can infect
unless the user executes them!


Right.  But do you really expect a user to understand that when he
clicks on something that is apparently (to him) an image, or even
a word procesor document, that it's going to *execute* something
that can potentially infect his system?

MIME implementors are supposed to safeguard their users against
such hazards, at least by default.  Microsoft deliberately ignored
this advice and chose to make their users vulnerable - not just by
making the content "executable" with a single click, but also by
bypassing the safeguards in the content-type registration system.

BTW, internally our mail servers are configured to strip anything that
looks remotely like an executable.  Sometimes this is a pain (I can't
mail a legitimate script to a colleague), but that's the world in which
we live - more openness means more opportunity for sabots in the gears.


Maybe you should put the fix where it belongs - in your mail clients -
rather than trying to put a stopgap fix into your network where it
severely limits your flexibility.

Or are you saying that Microsoft employees are no smarter than the
average user (whom you expect should know better than to "execute"
a virus)?

In any event, blaming any one company for viruses because its products
are abused, seems way too much like e.g. blaming automobile
manufacturers for reckless driving.


no, it's more like blaming automobile manufacturers for producing
cars whose brakes fail when used normally.

 Human beings are responsible for their own actions, although
some wish to evade or abuse that responsibility.


Presumably, that includes the actions of those at Microsoft who chose 
to make their customers unnecessarily vulnerable.

Keith

<Prev in Thread]	Current Thread	[Next in Thread>
Re: Any value in this list ?, (continued) Re: Any value in this list ?, Anthony Atkielski Re: Any value in this list ?, Theodore Tso Re: Any value in this list ?, Anthony Atkielski Re: Any value in this list ?, Venkateswar Reddy Melachervu Re: Any value in this list ?, Venkateswar Reddy Melachervu Re: Any value in this list ?, Randy Bush RE: Any value in this list ?, Mak, L (Leen) Re: Any value in this list ?, Anthony Atkielski Re: Any value in this list ?, Anthony Atkielski Re: Any value in this list ?, Anthony Atkielski Re: Any value in this list ?, Keith Moore <= Re: Any value in this list ?, Anthony Atkielski Re: Any value in this list ?, Valdis . Kletnieks Re: Any value in this list ?, Anthony Atkielski Re: Any value in this list ?, Henning G. Schulzrinne Re: Any value in this list ?, Keith Moore Re: Any value in this list ?, Meritt James Re: Any value in this list ?, Anthony Atkielski Re: Any value in this list ?, slawrence Re: Any value in this list ?, Anthony Atkielski Re: Any value in this list ?, Valdis . Kletnieks