On Tue, Feb 12, 2002 at 07:09:32AM -0500, Douglas Quebbeman wrote:
> On Mon, 11 Feb 2002, Doc wrote:
If people are
still using MS Outlook inspite of all the viruses and crap
that have plagued that pathetic piece of shit in the past few years then
they not only deserve whatever damage gets done to their system via such
vehicles but they shouldn't be allowed to use e-mail at all since they
only end up contributing to the greater problem by running it!
Until the govt performs a door-to-door search for all the script
kiddies, whatever is the most-popular-and-prevalent-platform will be
the target for such attacks. You may think that Pine has no way of
being exploited (is Mark Crispin on this list?), but wait'll it's
the only thing we're using...
Seriously, Outlook isn't the source of the stated problems; half-assed,
self-taught, sycophantic sysadmins who can't secure their systems are!
Clearly you have to decide which problem is more serious:
- Outlook _does exhibit_ these problems (because of the lazy sysadmins
and swarming script kiddies)?
- Outlook _can exhibit_ these problems? (because of the lack of checking
for buffer overflows, incredibly complicated code, difficulty of
knowing if you've turned all the insecure features off, etc.)
Suppose Emacs suddenly became the most popular mail client. A whole
bunch of exploits would no doubt appear. I would trust the Emacs
community more than I would trust Microsoft to understand the bugs
being exploited, change the code, and release the changes. And I'm
with Doc -- the way MS writes programs makes them horribly insecure,
and the second point above is probably more serious than the first.
BTW, Emacs can execute code in a file when it reads the file, so (in
some fundamental sense) it's just as dangerous as Outlook. But there
are only two variables that control this feature, so if I turned it off,
I would feel more confident than with Outlook that it stayed off.
I wouldn't feel completely confident, though. Relatively few people
can write Emacs viruses, or would want to -- if that changed, I would
probably feel less confident in the Emacs source code.
-- Derek