OT: But too funny...

From: Derek Peschel <dpeschel_at_eskimo.com>
Date: Tue Feb 12 07:46:06 2002

On Tue, Feb 12, 2002 at 07:09:32AM -0500, Douglas Quebbeman wrote:
> > On Mon, 11 Feb 2002, Doc wrote:

> > If people are still using MS Outlook inspite of all the viruses and crap
> > that have plagued that pathetic piece of shit in the past few years then
> > they not only deserve whatever damage gets done to their system via such
> > vehicles but they shouldn't be allowed to use e-mail at all since they
> > only end up contributing to the greater problem by running it!
>
> Until the govt performs a door-to-door search for all the script
> kiddies, whatever is the most-popular-and-prevalent-platform will be
> the target for such attacks. You may think that Pine has no way of
> being exploited (is Mark Crispin on this list?), but wait'll it's
> the only thing we're using...
>
> Seriously, Outlook isn't the source of the stated problems; half-assed,
> self-taught, sycophantic sysadmins who can't secure their systems are!

Clearly you have to decide which problem is more serious:

  - Outlook _does exhibit_ these problems (because of the lazy sysadmins
    and swarming script kiddies)?

  - Outlook _can exhibit_ these problems? (because of the lack of checking
    for buffer overflows, incredibly complicated code, difficulty of
    knowing if you've turned all the insecure features off, etc.)

Suppose Emacs suddenly became the most popular mail client. A whole
bunch of exploits would no doubt appear. I would trust the Emacs
community more than I would trust Microsoft to understand the bugs
being exploited, change the code, and release the changes. And I'm
with Doc -- the way MS writes programs makes them horribly insecure,
and the second point above is probably more serious than the first.

BTW, Emacs can execute code in a file when it reads the file, so (in
some fundamental sense) it's just as dangerous as Outlook. But there
are only two variables that control this feature, so if I turned it off,
I would feel more confident than with Outlook that it stayed off.
I wouldn't feel completely confident, though. Relatively few people
can write Emacs viruses, or would want to -- if that changed, I would
probably feel less confident in the Emacs source code.

-- Derek
Received on Tue Feb 12 2002 - 07:46:06 GMT

This archive was generated by hypermail 2.3.0 : Fri Oct 10 2014 - 23:34:46 BST