Re: Malware Triangle
From: Roger Wilco (yesman_at_yourservice.invalid)
Date: Wed, 1 Dec 2004 19:00:51 -0500
"Richard S. Westmoreland" <email@example.com> wrote in message news:316e8fF36liuvU1@individual.net...
> We're not trying to "blame" something, just classify the threat. Okay let
> me rephrase my last statement.
> I think he's refering to the document itself and what is the result when it
> is opened.
> People don't send you buggy rendering processing engines to inflict damage.
> The bad software is the exploitable, the html "file" is the exploit (html
> plus embedded junk), and the whole thing is the threat.
> You guys are now arguing just argue.
Just like "e-mail is a threat" - well, it is (or can be). But arguably it is the extension to e-mail (MIME) that is the threat
because without it we would have only text (like the good old days) - but wait...MIME itself isn't bad, it is a container
for the multipurpose extended content which can be HTML or attached content or script within HTML or whatever
that is extracted from their containers and executed by the mail client's use of OS resources. To guard against such
threats as e-mail you could set a policy to not allow any - but all you really needed to do is not allow the script to run.
Same with HTML files in general - you wouldn't need to disallow HTML to stop the threat, only the scripting. It is
best to look at what is actually the threat instead of labelling all HTML as dangerous.