On Monday 20 November 2006 10:45, Kai Ponte wrote:
...
I prefer flat listing in date order. My usenet client - Pan - is set the same way.
Is there _any_ mail client that won't do that?
Dunno.
There are non to speak of. All mail clients will provide a simple, date-ordered message list.
and enabling trojans, worms and virii to do their dirty work,
Those are not a portion of the client, but rather the underlying OS, which is inferior.
You are very confused about what's happening where.
No, not confused. I don't think it is necessarily the responsibility of the client to handle security for the OS. If the client wants to run scripts, that should be fine and it is within the context of the OS to handle security outside of that client.
That is nonsense. The OS cannot know what larger-scale patterns of activity represent acceptable and unacceptable actions within the application program.
If the OS allows software application X to write to the system, that is where the security lies.
And conversely: Preventing modification of system resources is far from sufficient to prevent malicious activities.
You've got that really wrong. The underlying Windows OS kernel is just fine and well designed.
Heh. That's funny!
I'm glad you're amused, but it is a fact.
I won't go into why I don't like the WinNT kernel, I'd probably get shot off for being OT, which this is straying, I think.
Are you a software designer?
No, I'm a manager of software designers. :)
Yeah. I know the type...
Seriously, I've been programming since '79, and professionally since '92, when I graduated college.
Well, then I guess you just need more experience.
It _is_ the fact that Outlook and Outlook Express will automatically invoke active content of the messages they receive (compounded by the ability of that code to access many local resource and initiate outgoing email) that makes them such a ripe portal of infection and transmission of malware of various sorts.
Again, the OS. If I ran active content on KMail or Thunderbird or whatever under *nix, I'm still only one user and cannot infect the system files, wherever they're located - /etc/fu/bar /bin/bash /usr/opt/home
You're very confused. If we wrote an Outlook clone (gave it active content capabilities, access to local address books and the ability to send mail all without any user interaction) for Linux, it would have the same vulnerabilities.
Not likely. In linux - with the beautiful su capbility - I cannot mess up any system settings or applications.
But you can write scripts and programs that do bad things such as DOS attacks and mail-bombing. Likewise, the vulnerabilities in Outlook remain even if the user running it has no administrative privileges.
...
I still remember hearing on the news that there was this big, "I Love You" virus that had hit the East Coast. I got into work early and tried to get to our Exchange server to patch it, so we wouldn't be affected. Unfortunately, the CEO had decided that was the day to come in very early. He saw an email from his buddy in New York, saying, "I Love You" and got curious.... What a mess!
And that virus spread without using privileges beyond those available to non-administrative users. It spread solely based on the capabilities of Outlook itself. Again, a comparable program written for Linux or MacOS would have the same vulnerabilities.
...
-- kai
Randall Schulz -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org