Menso Heus on Sun, 14 May 2000 07:50:10 +0200 (CEST) |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
Re: <nettime> Viruses on the Internet: Monoculture breeds parasites |
On Sat, 13 May 2000, Benjamin Geer wrote: > I know very well what VBS is; I've written rather a lot of software in > it. You don't seem to have understood my sentence above. > > Let's suppose I write the following two-line shell script: > > #!/bin/sh > rm -rf /* > > If you run this script with root permissions on a Unix system, it will > delete the entire contents of your hard drive. If I email this script > to people, is it a virus? No. All that will happen is that the > people who receive it will see the two lines above. The script will > not execute. A virus must exploit flaws in the receiving system in > order to cause itself to be executed, without the user's knowledge or > permission. > > > Outlook does NOT automatically open attachments, the user still has > > to click on them.... > > As I said, there is (or should be) a difference between 'opening' > (i.e. viewing) an attachment and executing it as a program. When I > click on an attachment in a mail agent, it should *not* execute it as > a program. The idea that it might do so is completely absurd. It > should simply show me the contents of the attachment. This is again a matter of taste I'm afraid. I quite like it when outlook opens attachments like jpgs for me etc. It basically opens files with the associated program. The default action of a scriptfile is 'execute' not view, users *can* rightclick and choose view however, so again it is the luser that's the problem imho. Since many people were complaining about this, they just didn't get it or didn't want to educate the users they had to deal with, MS made a patch for this years ago. The patch then causes the same behaviour as you describe: you first have to save before you can do anything with the attachment (though you will find most windows users saving and then running anyway... ) > Of course, if people insist on running a program without knowing what > it is or where it came from, and the program turns out to be a virus, > then the only solution is to educate the user. But I don't think most > users are as naive as you seem to think. Viruses are often talked > about in the news; people know that it's dangerous to run a program > that you receive in the mail. I worked as an operator for a year, it seems almost *impossible* to explain stuff like this too people. Ofcourse I was dealing with accouting and marketing people... never had any trouble with the development department ;) > They simply aren't expecting Outlook to > run a message attachment as a program when they click on it. Nor > should they. As I said before: this is a matter of taste. I like the fact that, as soon as I click on an attachment it is opened by Outlook. If I would need to save every Word attachment, Excel sheet, JPG file etc I receive first it'd drive me mad. (Ofcourse you get a lot less of these in Unix environments ;) The option can be turned of as I already mentioned.... People shouldn't 'expect' anything from a program, they should RTFM. Menso -------------------------------------------------------------------------- Be a better bastard. -- Josh Brandt ...and the world will beat a luser to death at your door. -- Carl Jacobs -------------------------------------------------------------------------- # distributed via <nettime>: no commercial use without permission # <nettime> is a moderated mailing list for net criticism, # collaborative text filtering and cultural politics of the nets # more info: majordomo@bbs.thing.net and "info nettime-l" in the msg body # archive: http://www.nettime.org contact: nettime@bbs.thing.net