May 9, 2000
6:46 PM   Subscribe

since people who use Linux as a client OS are generally geeks, they tend to use one of the ugly, unfriendly default mail programs that ship with Linux distributions: from IDG with love. I hardly call it ugly if it saves your ass and your virtual "Billions."
posted by greyscale (14 comments total)
Or unfriendly, if it refrains from deleting your JPEGs and MP3s. In any case, my belovedmutt is a much prettier and more powerful program than most GUI mailers.

(Actually, Petreley is much more of a Linux advocate than that comment would suggest, but this piece is pretty heavy-handed in its promotion.)
posted by holgate at 8:07 PM on May 9, 2000

The problem is, he picked the wrong example -- it is demonstrably wrong to say that e-mail on Windows has no competition.

Anyone who's been on or administered a mailing list and paid attention knows the most common distribution you're likely to see: about 30-40% AOL, 20-30% Outlook, and the remaining 50-30% split up every which way from Sunday. (YMMV in individual circumstances, obviously.) TUCOWS lists over 25 shareware e-mail clients alone for NT, and that's before we get into either retail packages or things bundled with other software like newsreaders or browsers.

At least he's honest enough to recognize that Linux is not immune to virii in general...

posted by aurelian at 11:50 PM on May 9, 2000

Petreley said what?

I use The Bat on windows, and Mutt on Linux; I like both...
posted by baylink at 7:15 AM on May 10, 2000

What? Didn't you know that ILOVEYOU ravaged Linux as well? I guess you haven't been paying close enough attention to your helpful Microsoft spokespeople.
posted by harmful at 7:28 AM on May 10, 2000

"But I'm betting that IT administrators will react the same way to the damage and costs caused by ILOVEYOU that they did to the havoc that followed Melissa. They'll fix the damage, ask for a bigger budget, and then continue with business as usual"

You know what I've never really understood?

Generally speaking its large-ish corporations that get hit hardest by such VBS trojan horses, because they have a LOT of Outlook clients, sending a lot of email automatically. But you can turn off the automatic opening of atachments in Outlook; it's Microsoft's pat answer to ILOVEYOU, Melissa, and will be for the next VBS trojan horse that comes along.

After getting a HUGE slap in the face with Melissa, why the hell didn't the admins at these companies change their client configuration to turn of the automatic opening, then lock out that option? It's possible to do, and if they're a company of any size they're using SMS, which means rolling out a new update to their client boxen is relatively easy. Certainly easier than trying to restore hundreds of missing files from workstations, let alone trying to configure your exchange server to cope with the flood of messaging it's getting.
posted by cCranium at 7:39 AM on May 10, 2000

cCranium, auto-opening of attachments is not the problem. As far as I can tell, the latest version of Outlook doesn't provide a way to auto-open, even if you try. Older versions of Outlook might have allowed this, but Microsoft has learned its lesson, apparently. Notably, it is possible (according to reports I've read anyway, I don't use the product) to configure Eudora to auto-open attachments.

We had a moderately big problem with this virus at the university I work for. The problem was users that open attachments they shouldn't. The users had to take action to open the attachment and click through a dialog warning them about the possibility of a virus. Users should be educated to open only attachments that they are expecting, and even then should be doubly sure of what they're doing.

As for setting organization-wide security policy, Outlook can be configured so that it forces you to actually save attachments to your hard drive and then go find them in order to run them. This still won't stop everyone, but it makes it that much more difficult for this type of thing to spread.
posted by daveadams at 8:41 AM on May 10, 2000

Um, Rob? Do *you* have documentation that auto-opening of attachments is possible in Outlook? I understand that it is, but have been unable to get a pointer...
posted by baylink at 8:43 AM on May 10, 2000

You know what? Offhand, I don't. I just did a brief run-through of my options in Outlook, and couldn't find documentation for it.

I remember viewing messages in the preview pane with the jpegs rendering, or html formatting being applied. I force plain text on all my messages now though (too much pr0n spam showing up on my work box... nothing better than having your boss walk in while you're previewing H0T t33N S3XXX 'accidently' :-) so if I want to see a jpeg, or something I actually have to click on it.

Dave: I understand the futility of trying to teach users not to open every attachment, and I'm not trying to put the blame on sysadmins. Is there any way of filtering messages at the Exchange level, so you could block all vbs or exe files or something?

posted by cCranium at 9:15 AM on May 10, 2000


No, Linux didn't get anything... this time.

That isn't to say someone can't write a open source, cross-platform worm in the future, though.

posted by aurelian at 9:21 AM on May 10, 2000

Well, the ISSCAN utility will automatically remove messages or attachments in the Exchange database based on parameters you specify. The tool was originally developed for the Melissa virus, but it will work for any similar virus like ILOVEYOU. It's an after-the-fact thing, though.

As for filtering attachments as the messages come through: I know there are filters you can put on Exchange that will delete certain types of attachments (don't have time to find a link right now). I don't think they're written by Microsoft. I know that some places filter all executable attachments completely out with these tools.
posted by daveadams at 10:24 AM on May 10, 2000

While I haven't used many email clients I feel like the general populace and status of coputing interfaces is not much better than it was with the Mac GUI of 10 or more years ago. What is most frustrating is that most if not all the news coverage does nothing to educate people on any computing fundamentals, or security issues, and are therefore just sensational political articles for social engineering, and given that Melissa alread came and went, ILOVEYOU should have never happened. I very much blame the news for their irresponsible and useless reporting of sensations instead of substance. ILOVEYOU is a tremendous opportunity to raise awareness on a variety of security, computing, and personal responsibility issues and yet it appears an opportunity missed. Mass media and government targets the cracker instead of telling people just straightforward/fundamental stuff like: don't get involved with a stranger (i.e. second guess the attachment), beware that the doors you open to communicate through can be probed my malicious persons, et cetera. This is stuff we learn about in kindergarden but so quickly forget in the complex and abstract world of computing. Anyone agree?
posted by greyscale at 6:15 PM on May 10, 2000

Exchange 5.5 with Service Pack 3 installed has a hook that third-party vendors can use for scanning tools. Most major anti-virus products now work with this hook. Some products let you specify other criteria for filtering messages in the same way (e.g. adult material, company secrets).
posted by dhartung at 6:34 PM on May 10, 2000

So there's nothing explicitly included in Exchange to filter attachments?

I'm not sure why that surprises me, I guess that nasty idealism I've been infected with is poking through again.
posted by cCranium at 5:45 AM on May 11, 2000

Well, look at it this way. Exchange actually has TWO market niches that Microsoft has explicitly roped off for third parties to fight over: Exchange attachment filtering, and multi-POP connections using Exchange.
posted by dhartung at 12:53 PM on May 11, 2000

« Older   |   Here's a follow-up Newer »

This thread has been archived and is closed to new comments