RE: META: Attachments

From: Eugene Leitl (Eugene.Leitl@lrz.uni-muenchen.de)
Date: Thu Jul 26 2001 - 03:54:24 MDT


On Wed, 25 Jul 2001, Harvey Newstrom wrote:

> Do you think that the binary blob you put on your website would be
> less likely to contain viruses than the binary blob you attach to an
> e-mail? If both started on your PC, it seems that the transmission

Yes. Because putting up a document on a web site and posting a plain text
email with an URL in it is a filter, both at the sender and the reader
side. The sender will have to have a modicum of clue. The receiver will
have to fetch the file.

Also, some ISPs have started filtering executable attachements (yes, .doc
is executable, thanks to MS).

However, my comment was directed towards conserving space in people's
mailboxes, who haven't requested the (usually large) attachement.

> medium doesn't matter. If you're infected, your binary becomes
> infected, and you give the infected binary to me. I don't see how
> using the web over attachments makes anything safer.

If you use a nonstandard OS/mailer, you live safer. If you use plain text
email (no HTML, no nothing) you live safer. If you use mailers which don't
allow you to start an executable attachement by simply clicking on it, you
live safer. If you never execute unsolicited attachements, you live safer.
If you check the digital signature and only execute files with good
signature from trusted people who understand what a passphrase is, you
live safer. If you use a secure OS, and read email as dedicated user with
minimal rights you live safer.

I wish computer viruses would make people sick.

-- Eugen* Leitl <a href="http://www.lrz.de/~ui22204/">leitl</a>
______________________________________________________________
ICBMTO : N48 10'07'' E011 33'53'' http://www.lrz.de/~ui22204
57F9CFD3: ED90 0433 EB74 E4A9 537F CFF5 86E7 629B 57F9 CFD3



This archive was generated by hypermail 2b30 : Fri Oct 12 2001 - 14:39:57 MDT