Home page logo

nanog logo nanog mailing list archives

Re: Email virus protection
From: "Karsten W. Rohrbach" <karsten () rohrbach de>
Date: Thu, 21 Aug 2003 00:12:34 +0200

just me(matt () snark net)@2003.08.20 14:41:02 +0000:

Please don't pretend that your MUA-de-jour is somehow invulnerable by
design, unless you've audited every line of code yourself.

I don't.

Mutt and similar MUAs are prone to misconfiguration, which makes them
vulnerable to some degree, but this fact alone does not expose enough
surface for implementation of an internet-wide worm attack ;-)

Perhaps, Outlook is a secure and performant email solution - in, say, 3
to 4 years from now, but this means a drastic change of course for the

In end-user application design, finding the right mix between security
and and convenience (which tend to be mutually exclusive, in one way or
the other) is a critical design decision.

You get the point.

  On a different angle, the apparent problem of a software product being
  vulnerable to an exploit is not solved by deploying a - albeit
  well-patched - application monoculture worldwide. Risk is lowered by
  using more well-designed software packages out there. Diversity is the
  name of the game, it's nature's solution and it seems to work quite

I completely agree. Which is why I discourage people from using
Outlook Express as well as Mutt.

So the interesting question in context of this email thread is: what do
you encourage them for?


Horngren's Observation:
    Among economists, the real world is often a special case.
webmonster.de -- InterNetWorkTogether -- built on the open source platform
http://www.webmonster.de/ - ftp://ftp.webmonster.de/ - http://www.rohrbach.de/
GnuPG:   0xDEC948A6 D/E BF11 83E8 84A1 F996 68B4  A113 B393 6BF4 DEC9 48A6
Please do not remove my address from To: and Cc: fields in mailing lists. 10x

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]