Home page logo

nanog logo nanog mailing list archives

Re: Email virus protection
From: just me <matt () snark net>
Date: Wed, 20 Aug 2003 14:41:02 -0700 (PDT)

On Wed, 20 Aug 2003, Karsten W. Rohrbach wrote:

  just me(matt () snark net)@2003.08.20 14:17:17 +0000:
  > http://www.cert.org/advisories/CA-1997-14.html
  > http://www.cert.org/advisories/CA-1998-10.html
  > Wow, the second one even mentions Mutt by name.

  The more recent of those two advisories is dated August 11, 1998.
  What are you trying to express, by citation of those pretty outdated
  CERT advisories? If you are trying to imply that software does not
  improve in a time frame of five years, go ahead and convince me. =)

It's happened before, it'll happen again. Please don't pretend that
your MUA-de-jour is somehow invulnerable by design, unless you've
audited every line of code yourself.

  On a different angle, the apparent problem of a software product being
  vulnerable to an exploit is not solved by deploying a - albeit
  well-patched - application monoculture worldwide. Risk is lowered by
  using more well-designed software packages out there. Diversity is the
  name of the game, it's nature's solution and it seems to work quite

I completely agree. Which is why I discourage people from using
Outlook Express as well as Mutt.


--mghali () snark net------------------------------------------<darwin><
   Flowers on the razor wire/I know you're here/We are few/And far
   between/I was thinking about her skin/Love is a many splintered
   thing/Don't be afraid now/Just walk on in. #include <disclaim.h>

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]