[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [ossig] Important notify about your e-mail account. (fwd)



Ken Wong wrote:

> 
> In the meantime, all we have done is make it difficult for users to use 
> their email. The non-automatic nature of email attachment handling in 
> KDE means that while my colleagues may have opened an attachment, 
> scanned it and given feedback, I'm still waiting for OpenOffice to 
> finish loading so I can just read the doc. 
> 
> Eh, don't mind me. I'm just in an ornery mood today. 
> 

But there's a difference between an email attachment which is a document
(nonexecutable data) and passing it to an (already trusted, installed)
application, and running an executable attachment.

I'm arguing that no email client should allow a executable program to
be run directly from an email.    (Perhaps java could be an exception,
since there is a proper sandbox model to prevent apps doing system-level
damage).

Macro viruses - well, that's the weakness of the application to allow
a document's attached executable code to run outside of a proper sandbox.


Imran






-- 
Imran William Smith,
Open Source R&D, MIMOS Berhad, Malaysia
http://opensource.mimos.my -  http://www.asiaosc.org

Please avoid sending me Word or PowerPoint attachments.
See http://www.fsf.org/philosophy/no-word-attachments.html


---------------------------------------------------------
To unsubscribe: send mail to ossig-request@mncc.com.my
with "unsubscribe ossig" in the body of the message