Re: Hotmail not scanned?

From: Nick FitzGerald (nick@virus-l.demon.co.uk)
Date: 07/14/02 

From: "Nick FitzGerald" <nick@virus-l.demon.co.uk>
Date: Sat, 13 Jul 2002 23:09:23 GMT

"Ken Blake" <kblake@this.is.an.invalid.domain.com> wrote:

> I completely disagree. I use both Outlook and Outlook Express
> here. I've used them both for years, and *never* gotten a virus.
> I know many others who can say the same thing.

And many tens of thousands of people drove Pintos without having
them explode in flames...

Your point?

> There are vulnerabilities, but they can easily be overcome with
> antivirus software.

You clearly have no grip whatsoever about what you are talking about.

Antivirus software cannot adequately protect you from inherently
flawed and insecure design. At best it can paper over the obvious
and already known cracks.

And, as you are an IE/Outlook/OE user I sure hope you've been keeping
up with your security reading and finally decided to disable ActiveX
in the Internet security zone as yet another fundamental design error
in the handling of security zones as regards scripting of ActiveX was
announced the other day. Microsoft does not have a patch out yet, and
as scripting and ActiveX are the source of all but about two of all
the really bad IE security holes ever, it is now clearly irresponsible
to use the product with either feature enabled. Of course, that will
break millions of exceptionally crappily "designed" (I hesitate to use
the term here, other than in its most sarcastic of connotations) web
sites, but such is the almost inevitable price of trying to glue "user
interface" functionality onto a protocol that was never designed for
such an application in the first place and is, rather predictably as a
result (especially after Microsoft became involved), entirely unsuited
to the task. 

--
Nick FitzGerald

Relevant Pages

  • Re: Hotmail not scanned?
    ... Great post Nick! ... I use both Outlook and Outlook Express ... > flawed and insecure design. ... > in the Internet security zone as yet another fundamental design error ...
    (microsoft.public.security)
  • Re: Outlook Express Attachments
    ... Security zones enable you to choose whether active content, such as ActiveX ... can be run from inside HTML e-mail messages in Outlook ... To customize your Internet Explorer security zone settings for Outlook ...
    (microsoft.public.security)
  • Re: [Full-Disclosure] Email marketing company gives out questionable security advice
    ... > released the Outlook Security Update a few years back because anti-virus ... Turning back on ActiveX and ... security zone mechanism provides adequate protection --- is that the ...
    (Full-Disclosure)
  • Re: Word 2003 - Wont Display Photos in Outlook Emails
    ... By design, your Outlook data store is designed to be secured against ... photos are not diplayed in the new email. ...
    (microsoft.public.mac.office.word)
  • Re: Designing a Contact form in OL03
    ... about all of the times I keep reading "this does not work well in Outlook ... After I have gone to the trouble to design the new form and publish it and ... I would like to modify the form for this Folder to have a few extra ... Once I have all my contacts in the new custom form, ...
    (microsoft.public.outlook)