Malware (Was: Re: (no subject))
Eric "Shubes"
plug at shubes.net
Fri Sep 22 06:44:42 MST 2006
I saw one mail admin that blocked .xls and .doc extensions too. After all,
they can contain macros that can cause damage. :( To me, that's excessive. I
kind of doubt that you're blocking these extensions, Craig.
Where does it end?
Craig White wrote:
> I've been doing this for a number of years now and I don't recall a
> single instance when it was necessary for a user to get an attachment
> that was of a type (exe, com, pif, bat, scr, vbs and there's some more).
>
> In a world where users do what users do, they can't be trusted not to
> blindly open things.
>
> Yes, Outlook 2K3 and 2K will not allow them to open those files but you
> can change the security settings to get around that.
>
> Older versions of Outlook, etc. aren't likely to have all of the
> safeguards in place.
>
> Craig
>
> On Thu, 2006-09-21 at 23:37 -0700, Kevin Brown wrote:
>> Nothing wrong with an exe getting through. I, on occasion, send things
>> to myself that are small executables (maybe its a perl script wrapped up
>> with par, or a self executing zip file). Outlook, being the jacked up
>> program that it is, just flat out blocks them.
>>
>> Blindly blocking all .exe, .zip, .<xxx> attachments is just an idiotic
>> knee-jerk reaction. Much like banning violent video games because a few
>> of the millions that play commit an act of excessive violence.
>>
>>> I think that if an exe attachment gets through an e-mail system to the
>>> end user, the battle is already lost. Whether they opened it or not is
>>> sort of immaterial. Users will do whatever users do.
>>>> One of my clients got an email to them from them and it had an .exe
>>>> attachment. Fortunately, they called me before opening it. Same deal,
>>>> though.
>> ---------------------------------------------------
--
-Eric 'shubes'
More information about the PLUG-discuss
mailing list