Hi, On Thu, May 10, Kurt Seifried wrote:
BTW what happens when there is a flaw in binary only software? Doh.
So why are you using Microsoft Outlook? Do you have the sources? Or don't you care about security?
I have up to date AV software and I block 200+ attachment types on my server. Plus a few other commercial security products loaded onto my windows machine. Plus other forms of network security to isolate this workstation in the event someone does do something nasty to it.
I fail to see how all this will protect you from some backdoor in binary only outlook. Since the sources of outlook are not available, paranoid people need to assume the worst.
Pine has also had it's share of security flaws, on OpenBSD ports it won't compile, they have configured it to issue a warning, you must make a modification to the Makefile to download/compile/install it.
1. You have the sources of pine. You can audit it and fix it if needed 2. There are alternatives to pine (eg mutt) 3. You don't know what security flaws are in outlook. There might even be intentional ones. But maybe you have some special deal with Microsoft...
Show me a unix mailer with support for PGP/GnuPG and a smart card reader with X.509 certificate and I will switch.
That is a lame excuse. If you are really interested in having this functionality in Linux, help work on it ;) But blindly trusting some binary only program (especially from Microsoft) sounds very strange to me.
Kurt Seifried, seifried@securityportal.com Securityportal - your focal point for security on the 'net ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Don't get me wrong. I do not intend to offend you. But claiming to care about security and at the same time using binary only software for really critical and sensitive things makes it quite hard for lots of people to take you seriously. -o) Hubert Mantel Goodbye, dots... /\\ _\_v