RE: Viruses



But you missed the point.  I'm talking about the user taking direct,
voluntary action - not the mailer running attachments automatically.  This
is how melissa and the latest one (I forget the name) were spread.  By users
manually running the attachment.

Anyway, my point is that it is incredibly easy to bypass security.  There
are holes that rely on user action - and inexperienced users aren't going to
know enough to protect themselves.  So, basic internal control is most
likely a requirement as well.

> -----Original Message-----
> From: Alan Shutko [mailto:ats@acm.org]
> Sent: Tuesday, July 06, 1999 7:49 PM
> To: gnome-list@gnome.org
> Subject: Re: Viruses
> Importance: Low
>
>
> "Roger Vaughn" <rvaughn@pobox.com> writes:
>
> > And how about the recent flood of email-based virii?  Isn't it easy to
> > imagine that one of your users could run an unknown email
> attachment on your
> > Linux box?  (Proving only that virii don't even have to be
> smart to invade.)
>
> This is much less likely on Unix boxes.  The problem on Windows is
> that mailers completely ignore the mime-type and pass the filename to
> the OS with some general "execute" call.  This will spawn a viewer
> based on the extension, and the action for .exe is to run it.  Nice,
> for binaries on your system, not nice for attachments.
>
> In contrast, on Unix, every mailer I know ignores the extension and
> spawns a viewer based on the mime-type.  And no mailer I know will run
> executable files or scripts by default.  So clicking on something that
> looks like a zip file will always spawn a zip viewer, never run the
> file.
>
> --
> Alan Shutko <ats@acm.org> - Looking for a job in Long Island!
> Check http://rescomp.wustl.edu/~ats/ for a resume.
> Serving coffee on aircraft causes turbulence.
>
>
> --
>         FAQ: Frequently-Asked Questions at http://www.gnome.org/gnomefaq
>          To unsubscribe: mail gnome-list-request@gnome.org with
>                        "unsubscribe" as the Subject.
>
>



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]