Re: Help with AVG Anti-virus email scanning

bz <bz+csm@xxxxxxxxxxxxxxxxxxxx> wrote:

Formatting is not meant to make information beautiful or cute.

What is it meant for?

Making it more readable, highlighting parts of it, influencing the way
it is interpreted.


2) html enabled e-mail clients are executing programs that others
have sent you when they render html coded text.

Odd, mine doesn't. Maybe I misconfigured it?

Maybe you and I disagree a bit on what is meant by 'executing
programs'.

In my view, you can talk about 'executing programs' as soon as
interpreting data goes beyond changing or visualizing it.


And maybe you and I see different sides of the problem. You seem
concerned with protecting YOUR computer.

Yes, that's true.


I, on the other hand, clean computers for people after they have been
infected due to clueless use.

Maybe you would be unemployed if all computer users were clueful.


3) it is practically impossible to 'foolproof' such rendering so as
to protect the viewer from all possible attacks.

HTML is much more complex than plain-text, yes. Still, we have very
good SGML and XML parsers, which are well tested and seldomly fail
in a way that can be exploited.

'Seldom' is too often.

'Seldom' is the best you can get. Computer programs are always
error-prone.


Reinventing the wheel is a bad idea in this place, so you would just
use one of these parsers.

I see people spend hundreds of hours making their HTML 'look right' on
their screen. They don't realize that the format and display is
platform and browser dependent. Even when it is explained to them,
they still don't 'get it' on a deep level and STILL try to make it
'look right' on their screen. They don't 'get it' until I show them
how it looks on another computer.

Using HTML in e-mail is like gluing flowers on your car's tires.

It looks pretty until your try to use it.

Some of the flowers (roses for example) have thorns and poke holes in
the tires.

Well, all this is not HTML's fault. It's the fault of how people
interpret and use it.


BTW, if it would be that bad, web browsers would be much more
hazardous to use.

They are much more hazardous than you imagine. I see infected machines
every day, usually infected by browsing or reading e-mails.

That's, as you said, because of clueless use.


Consider that a mail-reader would only need a small subset of the
possible HTML extensions, e.g. it doesn't need stuff like JavaScript
and you may even decide to disregard things like CSS).

And do these things come 'turned off' by default?

[...]

No, and again, that isn't HTML's fault.


4) embedded images in html can tell the sender 'an idiot just
opened the e-mail I sent them' so you just told the spammer that
the e-mail address is a good one. He can now sell it to other
spammers.

Read the first sentence of my last reply again.

Your responsibility seems limited to your machines.

Yes, but again, you might need to find another job, if those problems
weren't present.


6) html can be coded so that the viewer sees one link while being
sent to a different place on the web.

How? Remember, we

You have a mouse in your pocket? Who is 'we'.
How would you get 40,000 students and 3,000 faculty/staff to 'practice
safe hex'?

ignore JavaScript for mails, and the destination address is shown in
the status bar.

That feature can be disabled. It can also be fooled and you seem to
assume that the user LOOKS at the status bar before they click on the
link. I'll bet that even YOU have 'clicked first', sometime.

Sure, but that's okay. I notice it in the address bar of my browser at
the latest. But your point is true. In a larger scale, that can surely
be abused. My point, however, is that it isn't HTML's fault. Used
properly, HTML emails are useful.


That's okay. I do, too. Though I have an HTML plugin loaded, it
displays the plaintext parts by default, and displays nothing it
there is no plaintext part. I have to specifically select the HTML
part, if I want to view it.

Reason: Some HTML-enabled mail-readers format their plaintext parts
that horribly, that the HTML part is just much more readable.

You assume that all HTML rendering is good and readable. I was just
looking at a web page where text was overlaying other text.

But if the plaintext part is totally unreadable (e.g. each paragraph in
one long line, as Outlook tends to format the plaintext parts), then I
prefer to read the HTML part, which is well readable in most cases.


8) Some discard ALL html encoded and graphic encoded incoming
e-mail, unviewed.

Those people don't do serious business.

What you call 'serious business', some others might consider to be
chicken feed.

Depends. You will have lots of customers and allies, who don't have a
clue about electronic data processing. They usually use Outlook, and
they usually send HTML mails. Some of them even prefer email over other
media. Sad, but true.

Not viewing the HTML parts automatically is a good idea. Dropping mails
unread just because they contain an HTML part is a bad idea. You may
want to drop emails, which _only_ contain an HTML part, though. I
haven't seen many clients do or even allow that, but for example AtMail
does.


90% of my incoming business emails have an HTML part.

If you handle your 'serious business' via e-mail, you have a problem.

I get quite a few customer requests via email. Not my fault, I have a
telephone, but still some customers prefer that way.


E-mail never has been and never will be reliable. E-mails get lost.

That is why 'serious companies' do not allow the use of e-mail for
'serious business'. It IS useful for some things but if you want to
make sure your message gets through, talk to them on the telephone,
confirm via fax. Check via e-mail to make sure the fax got through ok.

I don't initiate 'serious business' via email, but some people seem to
prefer it over other media. And I've also never said anything about the
quality of the email medium. I just say that IMO there is nothing wrong
with HTML emails.


90% of my incoming spam has HTML. Eliminating HTML eliminates 90% of
the spam.

True.


I like 'new and improved' when it is really improved.

Improvements often come with problems, at least with more complexity.


Regards,
Ertugrul.


--
http://ertes.de/

.

Relevant Pages

  • Re: If all the CoBOL people updating the language...
    ... The personal computer and the business apps that run on them were targeted directly at the small business sector. ... already knew HTML and didn't have to go to HTML school. ... "free" the way Java and HTML were, or at least cheap, the way Visicalc ...
    (comp.lang.cobol)
  • Re: SQL for presentation
    ... claimed that the "business logic" should be implemented in the database ... the server for the advantage of centralization. ... the presentation - HTML - is a data structure. ...
    (comp.databases.theory)
  • Re: HTML or Dreamweaver?
    ... David Dorward wrote: ... HTML which my tutor insists is a better way to make & update the site. ... Dreamweaver is a tool that may speed up your production of webpages - but if ... I'm getting some general business advice but not from web design ...
    (alt.html)
  • Re: HTML or Dreamweaver?
    ... David Dorward wrote: ... HTML which my tutor insists is a better way to make & update the site. ... Dreamweaver is a tool that may speed up your production of webpages - but if ... I'm getting some general business advice but not from web design ...
    (alt.html)
  • Re: Extending JEditorPane or related classes/interefaces?
    ... I don't really want to be writing a parser or to ... >> reinvent a class to display whatever the HTML should produce. ... This is true only if you're talking about absolute data security. ... Every business suffers loss from theft, ...
    (comp.lang.java.gui)
Quantcast