Dan Gillmor now states that he will no longer open email attachments at all. It’s not an insane stance to take at this point, but it really sucks that virus writers have put users in this predicament. Email attachments are useful. Hell, sometimes even executable attachments are useful. In this case, the computing monoculture is what’s to blame, not Microsoft, per se. If we all used Linux on our desktop and mutt as our email client, somebody would write shell script attachments which read our mutt address books and sent the results to everybody. Yeah, there are some huge security holes in Outlook that make the lives of virus writers easier, but the big problem here is user cluelessness and the fact that there are people out there willing to write email viruses. What’s really galling is that you can’t even tell people to only open attachments from people they trust due to the address book hijacking. Maybe getting rid of attachments altogether is the best option. Another option might be requiring people to cryptographically sign email with attachments in order to get them past your email server. Of course, on an alternate track, people are working their asses off to limit our access to crypto software. What a fun world.
Dan Gillmor now states that he will no longer open email attachments at all. It’s not an insane stance to take at this point, but it really sucks that virus writers have put users in this predicament. Email attachments are useful. Hell, sometimes even executable attachments are useful. In this case, the computing monoculture is what’s to blame, not Microsoft, per se. If we all used Linux on our desktop and mutt as our email client, somebody would write shell script attachments which read our mutt address books and sent the results to everybody. Yeah, there are some huge security holes in Outlook that make the lives of virus writers easier, but the big problem here is user cluelessness and the fact that there are people out there willing to write email viruses. What’s really galling is that you can’t even tell people to only open attachments from people they trust due to the address book hijacking. Maybe getting rid of attachments altogether is the best option. Another option might be requiring people to cryptographically sign email with attachments in order to get them past your email server. Of course, on an alternate track, people are working their asses off to limit our access to crypto software. What a fun world.
Commentary
Previous post
Next post