[TriLUG] How not to run a network

[Dan Monjar]

William Sutton wrote:
> The points are:
> - If I can rename it anyway, then all that does is provide a slightly 
> higher barrier to the stupidity level, meaning I can still send some luser 
> a file labeled "your program.dat", tell them that it is useful in some way 
> or other, and have them wipe out their system.
> - Likewise, it makes it a serious pain in my backside to send them 
> legitimate programs (the more so since the IS folks took away IM file 
> transfer).
> 
> In other words, it puts a crimp in my ability to do my job and doesn't (as 
> far as I can analyze the situation) do anything beyond stop Outlook from 
> being stupid.  Frankly that's not a sufficient reason to me.
> 
> Of course the fact that I have to use Windows to do UNIX development work 
> is a whole other sore point...
> 
> I should also like to point out that can/can't and will/won't are very 
> different things.  I agree that "can't" is probably indicative that 
> someone shouldn't be using a computer.  "won't" is debatable.  "doesn't 
> want to" is a whole other option that you left out in what sounded like a 
> targeted attack :)
> 

no, certainly not targeted at you.  Apologies if it seemed so.

The policy won't stopped a "targeted" attack.  If I trust you and you 
abuse that trust by sending me something bad then I am screwed.  But the 
policy does stop the millions of messages being spewed out by infected 
machines.

I honestly cannot see the "serious pain" aspect of this.  Copy prog.exe 
to prog.exx and mail it to me.  When I detach the file I do a save as to 
prog.exe.  where's the pain?

-- 
Dan Monjar