gnupg encrypted mail and malware/spam
Mon May 12 07:03:02 2003
You hit the nail on the head here. If the most virus-vulnerable
software were not also the most common, the anti-virus companies would
be nearly out of business.
As an IT manager, it is intellectually dishonest to continue to try to
play both sides of the game here: One cannot on the one hand claim to
be for system security, cost effectiveness, etc., while at the same
time continue to support and recommend software from Microsoft. To do
so is merely paying lip-service and is professionally dishonorable.
To establish a corporate policy banning the use of encryption because
"someone might slip through a Windows virus" is reprehensible. If one
of my employees ever recommended something like that I would fire him.
On Saturday, May 10, 2003, at 06:54 PM, John Clizbe wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> Eugene Smiley wrote:
>> I think you are missing the point with regard to the issue of
>> server based virus scanning. It isn't that hard to imagine a
>> virus generating an email via Outlook which is then passed to
> - --------------------------------^^^^^^^
>> GPGRelay; the user isn't paying attention, types the passphrase,
>> and it get's emailed; the user on the other end decrypts it and
>> opens the attachment... BLAMO!
> Ding! There's the REAL culprit - There seems to be as many LookOut!
> exploits out on the 'Net as there are attacks against InternetExploder.
> Perhaps a less-easily hijacked MUA is needed. What you describe here is
> more E-mail worm than SPAM.
> - --
> John P. Clizbe Inet: JPClizbe@EarthLink.net
> Golden Bear Networks PGP/GPG KeyID: 0x608D2A10
> "Most men take the straight and narrow. A few take the road less
> traveled. I chose to cut through the woods."
> "There is safety in Numbers... *VERY LARGE PRIME* Numbers
> 9:00PM Tonight on _REAL_IRONY_: Vegetarian Man Eaten by Cannibals
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.2 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
> -----END PGP SIGNATURE-----
> Gnupg-users mailing list