I don't know.. how would the user disable it? An option in the registry? Since the point of those blocks are for *after* the virus has run, it can just modify the registry itself. I'm sure they're looking into it though.
Saving it to the drive and then launching it from there is just as big a security risk as launching it directly from outlook.
In SR1 microsoft changed outlook so that exe, com, bat, vbs etc could not be launched directly from mail - user had to save to disk and then open windows explorer and run it from there. And people with SR1 on their machines still opened the iloveyou virus - meaning that they saved the attachment to disk first, and then ran it. Insane. I got 4 copies of the virus from people running SR1 myself.
They already do this. Here's what my outlook98 machine shows me when I double click on a txt attachment:
Some files can contain viruses or otherwise be harmful to your computer. It is important to be certain that this file is from a trustworthy source.
There's an "Open" and a "Save" option below this. And as we've seen, people will still click Open. A dialog warning them of potential dangers isn't enough.
For instance, if a script is ran externally from Outlook, assume that the user ran it him/herself, and give it access to the Outlook Address book (there are legitimate times when this is useful). If the script is ran from within Outlook, then it should be assumed to be insecure
You obviously don't know anything about how the last few viruses have worked. ILOVEYOU ran *from outside* outlook. It was a VBS, when launched it was executed by wscript.exe which is the operating system's VBScript interpreter. It then called into outlook from that external source.
It is a blatant overreaction, and limiting the attachments doesn't address the underlying security flaws; it only hides them.
Actually, it does address the *social* aspect of the virus problem - the fact that people will open any darn thing they got in email, even if it's from someone they don't know and they have 20 copies of the message in their inbox.
People will want to send froginablender.exe to their pals, but their pals are the same people who would open THISISAVIRUSBUTIMACOOLVIRUSSOJUSTCLICKME.EXE.
Outlook already did disable double-click launching and execution of those types of files in Office 2000 Service Release 1. They made it so that for various filetypes, you could only save the file to disk, not launch it directly from Outlook. And guess what.. when people got ILOVEYOU, they saved the attachment to the hard drive and launched it there. Or were you proposing that nobody should be able to launch executables from the hard drive too?:-)
Uh.. sorry, but before i'd ever start a dictionary attack, i'd check the default password. Just like you try "password" and "" before you start a dictionary attack.
Use citrix terminal client to a server that has outlook on it. Or use Netscape to access your exchange server via Outlook Web Access. Both options of course rely on your admin to set them up for you...
I have the full overview in a 'left side' frame. What happens during slide five? Somebody has a question that you are about to answer in slide 14. I 'click' forward to 14 and then back again. (try that in Powerpoint).
OK, I will.
1. Start powerpoint 2. Add some slides 3. Click from slide 5 to 14 in the left pane and then back again
Granted, the above is using powerpoint 2000 and I don't know if that's what he was using. But I do get tired of people claiming a product (microsoft or not microsoft) doesn't have a feature when it really does.
The donations go to the Bill & Melinda Gates Foundation, which doles out the money to such *uninteresting* causes like AIDS research, vaccines for poor kids in africa, scholarships for minorities.
Nothing as *fascinating* and *worthy* as OSS, unfortunately..
(1) In the case of major architectural bugs, I am not willing to release my 'fixes' until it's been determined that they didn't actually make the problem worse; this can often take upwards of a month.
I'm sure that's the same reason microsoft and other companies take so long. When you ship so much software (or some software that is just so giant), just about *any* change you make can affect other products or other parts of your own product, and it takes quite a while to verify there are no bad reactions. And if there are, well then the cycle starts all over again.
Really, I don't think 11 or 16 days is bad at all. Now, Sun's statistics...
Hardly a fairer comparison.. microsoft doesn't ship those other popular windows programs. Redhat ships those open source programs, therefore they should accept responsibility for what's on the CD with their name and logo.
No no silly you've got it wrong. Haven't you seen _Fear of a black hat_? The difference between bitches and ho's is that a ho will fuck anybody.. and a bitch will fuck anybody but *you*.
I think what people are trying to say is that the problem starts *before* the women drop out and the men assume the providing role - the problem starts when women assume early on in life that if that situation were to happen, she would be the one to drop out. So all you're doing is reiterating that yes, the problem exists.
Well, I am also a female in a technical, 90% male workplace. My manager is male. He's awesome. My previous manager was male. He was also awesome. They both have supported me in my goals, they both have rewarded me for good work.
What am I saying??? What I meant to say was, I am constantly hitting the glass ceiling!!
Just kidding. I know that a lot of women have it hard, but I think the answer is to either A) move into management yourself so that you can foster growth in all the people who work for you, male or female or B) leave a company where your managers are sexist (regardless of their gender) and don't help you out, and go to one where they do.
Lather, rinse, repeat B) until you find such a company.
So maybe someone here can explain to me.. how did the people calling these guys geeks find out that these kids were into computers? I was into computers in high school.. Granted, we didn't have any computer specific courses so nobody found out that way. But what did these guys go around doing, sitting in gym class talking about their latest BASIC program?
Could it be that the girls in HS who were interested in computers didn't talk about it *all the time* and thus make it obvious that they were really into computers? Just a thought.
I too have noticed that most women programmers at my job are Asian or Indian (or Russian, actually, in a couple cases). And talking to them is a lot easier than talking to many of our male devs.. Of the 10% female programmers we have, I don't know any who are difficult to work with. Of the 90% male programmers we have, we have quite a few prima donnas.
I wanted to add.. what cracks me up is that you mention Hedy is also a sex symbol. Come on, would you say "ESR, besides being a sex symbol, helped design and run...". Reminds me of every time I read an article that has an interview with a top level female executive, and they *always* mention that she's "smartly dressed" or something. Yay, she can dress herself.
Yeah I want to be like Angelina Jolie in hackers.. Wear tight clothing and hack at the same time.
I seriously think the way to get young girls into computers (and by this I do *not* necessarily mean coding, as most people seem to assume) is to get something on the computer that they like, and hope that their natural curiosity takes off from there. And I think that the web and the net are doing an okay job at that, so far - get them on the net first so that they're *using* the technology. And then hope they think to themselves "I wonder how this works..". And hope they mention that to a friend who knows. And hope that that friend helps them learn..
Hrm, seems like quite a bit of hoping. What else can we as individuals do though? Raise our daughters with computers? That's a long ways away, what can we do now?
Slashdot Mirror
I don't know.. how would the user disable it? An option in the registry? Since the point of those blocks are for *after* the virus has run, it can just modify the registry itself. I'm sure they're looking into it though.
Saving it to the drive and then launching it from there is just as big a security risk as launching it directly from outlook.
In SR1 microsoft changed outlook so that exe, com, bat, vbs etc could not be launched directly from mail - user had to save to disk and then open windows explorer and run it from there. And people with SR1 on their machines still opened the iloveyou virus - meaning that they saved the attachment to disk first, and then ran it. Insane. I got 4 copies of the virus from people running SR1 myself.
Microsoft did this months ago - see http://support.microsoft.com/support/kb/articles/Q 259/2/28.ASP
... and it didn't work. People running SR1 still opened the iloveyou attachment.
They already do this. Here's what my outlook98 machine shows me when I double click on a txt attachment:
Some files can contain viruses or otherwise be harmful to your computer. It is important to be certain that this file is from a trustworthy source.
There's an "Open" and a "Save" option below this. And as we've seen, people will still click Open. A dialog warning them of potential dangers isn't enough.
For instance, if a script is ran externally from Outlook, assume that the user ran it him/herself, and give it access to the Outlook Address book (there are legitimate times when this is useful). If the script is ran from within Outlook, then it should be assumed to be insecure
You obviously don't know anything about how the last few viruses have worked. ILOVEYOU ran *from outside* outlook. It was a VBS, when launched it was executed by wscript.exe which is the operating system's VBScript interpreter. It then called into outlook from that external source.
It is a blatant overreaction, and limiting the attachments doesn't address the underlying security flaws; it only hides them.
Actually, it does address the *social* aspect of the virus problem - the fact that people will open any darn thing they got in email, even if it's from someone they don't know and they have 20 copies of the message in their inbox.
People will want to send froginablender.exe to their pals, but their pals are the same people who would open THISISAVIRUSBUTIMACOOLVIRUSSOJUSTCLICKME.EXE.
Outlook already did disable double-click launching and execution of those types of files in Office 2000 Service Release 1. They made it so that for various filetypes, you could only save the file to disk, not launch it directly from Outlook. And guess what.. when people got ILOVEYOU, they saved the attachment to the hard drive and launched it there. Or were you proposing that nobody should be able to launch executables from the hard drive too? :-)
Uh.. sorry, but before i'd ever start a dictionary attack, i'd check the default password. Just like you try "password" and "" before you start a dictionary attack.
I don't understand... What does diana ross have to do with this?
What's really bad, man, are those lipstick applications. Bringin' us all down, man.
Use citrix terminal client to a server that has outlook on it. Or use Netscape to access your exchange server via Outlook Web Access. Both options of course rely on your admin to set them up for you...
I have the full overview in a 'left side' frame. What happens during slide five? Somebody has a question that you are about to answer in slide 14. I 'click' forward to 14 and then back again. (try that in Powerpoint).
OK, I will.
1. Start powerpoint
2. Add some slides
3. Click from slide 5 to 14 in the left pane and then back again
Granted, the above is using powerpoint 2000 and I don't know if that's what he was using. But I do get tired of people claiming a product (microsoft or not microsoft) doesn't have a feature when it really does.
I think he would also have to claim X as income, thus canceling out most of that..
The donations go to the Bill & Melinda Gates Foundation, which doles out the money to such *uninteresting* causes like AIDS research, vaccines for poor kids in africa, scholarships for minorities.
Nothing as *fascinating* and *worthy* as OSS, unfortunately..
(1) In the case of major architectural bugs, I am not willing to release my 'fixes' until it's been determined that they didn't actually make the problem worse; this can often take upwards of a month.
I'm sure that's the same reason microsoft and other companies take so long. When you ship so much software (or some software that is just so giant), just about *any* change you make can affect other products or other parts of your own product, and it takes quite a while to verify there are no bad reactions. And if there are, well then the cycle starts all over again.
Really, I don't think 11 or 16 days is bad at all. Now, Sun's statistics...
It's easy to fly.. Just throw yourselves at the floor, and miss. :-)
Hardly a fairer comparison.. microsoft doesn't ship those other popular windows programs. Redhat ships those open source programs, therefore they should accept responsibility for what's on the CD with their name and logo.
if someone from the open source community had headed up the QA team, could it then have less bugs
:-)
Nah, they'd spend too much time going to meetings, just like all people who head up teams.
No no silly you've got it wrong. Haven't you seen _Fear of a black hat_? The difference between bitches and ho's is that a ho will fuck anybody.. and a bitch will fuck anybody but *you*.
"I went to college to get an MRS degree"
I think what people are trying to say is that the problem starts *before* the women drop out and the men assume the providing role - the problem starts when women assume early on in life that if that situation were to happen, she would be the one to drop out. So all you're doing is reiterating that yes, the problem exists.
Well, I am also a female in a technical, 90% male workplace. My manager is male. He's awesome. My previous manager was male. He was also awesome. They both have supported me in my goals, they both have rewarded me for good work.
What am I saying??? What I meant to say was, I am constantly hitting the glass ceiling!!
Just kidding. I know that a lot of women have it hard, but I think the answer is to either A) move into management yourself so that you can foster growth in all the people who work for you, male or female or B) leave a company where your managers are sexist (regardless of their gender) and don't help you out, and go to one where they do.
Lather, rinse, repeat B) until you find such a company.
So maybe someone here can explain to me.. how did the people calling these guys geeks find out that these kids were into computers? I was into computers in high school.. Granted, we didn't have any computer specific courses so nobody found out that way. But what did these guys go around doing, sitting in gym class talking about their latest BASIC program?
Could it be that the girls in HS who were interested in computers didn't talk about it *all the time* and thus make it obvious that they were really into computers? Just a thought.
Why don't you call it the "Linux Internet Pr0n Review" and then i'll call my venture capitalist friends..
I too have noticed that most women programmers at my job are Asian or Indian (or Russian, actually, in a couple cases). And talking to them is a lot easier than talking to many of our male devs.. Of the 10% female programmers we have, I don't know any who are difficult to work with. Of the 90% male programmers we have, we have quite a few prima donnas.
I wanted to add.. what cracks me up is that you mention Hedy is also a sex symbol. Come on, would you say "ESR, besides being a sex symbol, helped design and run...". Reminds me of every time I read an article that has an interview with a top level female executive, and they *always* mention that she's "smartly dressed" or something. Yay, she can dress herself.
Yeah I want to be like Angelina Jolie in hackers.. Wear tight clothing and hack at the same time.
I seriously think the way to get young girls into computers (and by this I do *not* necessarily mean coding, as most people seem to assume) is to get something on the computer that they like, and hope that their natural curiosity takes off from there. And I think that the web and the net are doing an okay job at that, so far - get them on the net first so that they're *using* the technology. And then hope they think to themselves "I wonder how this works..". And hope they mention that to a friend who knows. And hope that that friend helps them learn..
Hrm, seems like quite a bit of hoping. What else can we as individuals do though? Raise our daughters with computers? That's a long ways away, what can we do now?