IETF Logo Mail Archive

Re: [Asrg] Bug, or Feature?

Vernon Schryver <vjs@calcite.rhyolite.com> Thu, 26 June 2003 21:10 UTC

Received: from www1.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA21854 for <asrg-archive@odin.ietf.org>; Thu, 26 Jun 2003 17:10:00 -0400 (EDT)
Received: (from exim@localhost) by www1.ietf.org (8.11.6/8.11.6) id h5QL9XV00323 for asrg-archive@odin.ietf.org; Thu, 26 Jun 2003 17:09:33 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19Vdzp-000058-DJ for asrg-web-archive@optimus.ietf.org; Thu, 26 Jun 2003 17:09:33 -0400
Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA21831; Thu, 26 Jun 2003 17:09:29 -0400 (EDT)
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19VdzK-0008O4-KS; Thu, 26 Jun 2003 17:09:02 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19VdzB-0008NM-TL for asrg@optimus.ietf.org; Thu, 26 Jun 2003 17:08:53 -0400
Received: from calcite.rhyolite.com (calcite.rhyolite.com [192.188.61.3]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA21788 for <asrg@ietf.org>; Thu, 26 Jun 2003 17:08:49 -0400 (EDT)
Received: (from vjs@localhost) by calcite.rhyolite.com (8.12.10.Beta0/8.12.10.Beta0) id h5QL0Kxp010581 for asrg@ietf.org env-from <vjs>; Thu, 26 Jun 2003 15:00:20 -0600 (MDT)
From: Vernon Schryver <vjs@calcite.rhyolite.com>
Message-Id: <200306262100.h5QL0Kxp010581@calcite.rhyolite.com>
To: asrg@ietf.org
Subject: Re: [Asrg] Bug, or Feature?
References: <B0000024266@nts1.terabites.com>
Sender: asrg-admin@ietf.org
Errors-To: asrg-admin@ietf.org
X-BeenThere: asrg@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
List-Id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-Post: <mailto:asrg@ietf.org>
List-Help: <mailto:asrg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
List-Archive: <https://www1.ietf.org/pipermail/asrg/>
Date: Thu, 26 Jun 2003 15:00:20 -0600

> From: gep2@terabites.com

> ...
> The FACT remains, however, that restricting certain operations to "root-only" or 
> "sysadmin-only" is really pretty meaningless on typical user-level Windows 
> desktops, where (especially on home machines) there IS no root or sysadmin-level 
> qualified/intelligent/wise authority which is more qualified to approve or deny 
> such requests.

If that made sense, then mail sent to "root" on UNIX boxes would
be a major hazard.  If it made sense, then XP would not be
Microsoft-standard vulnerable to viruses and worms.

The problem with Windows boxes is not they have a single user
account, but that the single user account (on those Microsoft boxes
were there there is any notion of "user account" and so not Windows-ME
and preceding) always has all privileges.

A good picture of the problem is in the difference between ActiveX
and Java.  Microsoft has asserted quite emphatically that the lack of
a "sandbox" in ActiveX is a feature instead of a bug.  That nonsense
cannot be excused as historical baggage, because ActiveX is a
post-Internet mistake.


> I still believe that a good alternative that is effective in the great majority 
> of typical cases is to simply by default block unexpected attachments that 
> arrive from unfamiliar. untrusted senders (and most especially if those are of 
> risky/executable types).

Let's see, what systems are built to to make it easy to execute
code that arrives by mail and even often without any let, leave,
or hindrance by the user?


Vernon Schryver    vjs@rhyolite.com

_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg

v2.23.0 | Report a Bug | By Email