|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Features versus Security versus User Education
- To: NTBUGTRAQ
LISTSERV.NTBUGTRAQ.COM - Subject: Re: Features versus Security versus User Education
- From: Vesselin Bontchev <bontchevCOMPLEX.IS>
- Date: Tue, 30 Mar 1999 12:38:11 +0000
- Approved-By: Russ.CooperRC.ON.CA
- In-Reply-To: <000501be7a64$5804a410$0d00000aaesthetic> from Steve Sheldon at "Mar 29, 99 10:18:16 pm"
- Reply-To: Vesselin Bontchev <bontchevCOMPLEX.IS>
- Sender: Windows NT BugTraq Mailing List <NTBUGTRAQLISTSERV.NTBUGTRAQ.COM>
Steve Sheldon writes: > For instance, every Word macro virus I have encountered contains this > line: > > Options.Virusprotection = Disable > > This turns off the virus protection from then on out, so the next > document opened doesn't display the warning, which causes the Virus > to spread without people even being warned. > > I frankly don't see any reason why Word macro's should be able to > change program configuration options. Actually I frankly don't see > any reason why user's should be given the option of turning this > warning off. This is *exactly* what we told Microsoft in the early days when Concept appeared. We told them to implement some kind of macro protection - but to make it possible to turn it off only manually from the menus - not from the macro language. Not that it wouldn't have been bypassable (e.g., SendKeys), but still, would have made the job of the virus writers more difficult. Fell in a deaf ear, alas. :-( Regards, Vesselin -- Vesselin Vladimirov Bontchev, not speaking for FRISK Software International, Postholf 7180, IS-127, Reykjavik, Iceland producers of F-PROT. e-mail: bontchev
- References:
- Features versus Security versus User Education
- From: Steve Sheldon <sheldonVISI.COM>
- From: Steve Sheldon <sheldon
- Features versus Security versus User Education
- Prev by Date: Re: Features versus Security
- Next by Date: Re: Features versus Security
- Prev by thread: Features versus Security versus User Education
- Next by thread: Features versus Security versus User Education
- Index(es):