Home page logo

nanog logo nanog mailing list archives

Re: Email virus protection
From: just me <matt () snark net>
Date: Wed, 20 Aug 2003 15:23:37 -0700 (PDT)

On Thu, 21 Aug 2003, Karsten W. Rohrbach wrote:

  Mutt and similar MUAs are prone to misconfiguration, which makes them
  vulnerable to some degree, but this fact alone does not expose enough
  surface for implementation of an internet-wide worm attack ;-)

So you are saying that all MUA's are prone to vulnerabilities through
misconfiguration, and the reason for Outlook's prominence is simply
its larger installed base? If so, I completely agree with you.

  In end-user application design, finding the right mix between security
  and and convenience (which tend to be mutually exclusive, in one way or
  the other) is a critical design decision.

  You get the point.

Indeed. I certainly wish Outlook was shipped with more sane settings.

  > I completely agree. Which is why I discourage people from using
  > Outlook Express as well as Mutt.

  So the interesting question in context of this email thread is: what do
  you encourage them for?

My brother has used MH for the last 20 years or so, without ill
effect. However, I believe it was also vulnerable in '97 because of
its inclusion of metamail functionality.

I've been impressed with Ximian's Evolution, but have no false hopes
for its intgrity in the face of malicious content.

There certainly is no universal best mail client. If I encourage
anything, its to use the client folks are most comfortable with.



--mghali () snark net------------------------------------------<darwin><
   Flowers on the razor wire/I know you're here/We are few/And far
   between/I was thinking about her skin/Love is a many splintered
   thing/Don't be afraid now/Just walk on in. #include <disclaim.h>

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]