|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Vesselin Bontchev (bontchev
COMPLEX.IS)Date: Fri Dec 21 2001 - 12:22:28 CST
At 17-12-2001 15:08, Russ wrote:
>I implemented my COM Add-in so that NoHTML 1.2.0.0 checks messages when you
>click on them, not when they arrive.
OK, then it has a different problem. COM Add-Ins trying to intercept the
message arrival event are not guaranteed to see all the traffic - i.e.,
they can miss *some* (read - many) messages. However, COM Add-Ins that
process messages when the user opens them are *guaranteed* to miss a
message that is displayed because the preview pane is enabled. This
"functionality" of Outlook is one of the reasons why viruses like JS/Kak
became so widespread. Fortunately, as you pointed out in our phone
conversation, Microsoft has disabled the ability to run scripts when
viewing a message in the preview pane in Outlook 2000 and above.
>while I'm sure your comments were intended to be constructive and
>informative to the users of NoHTML, they really aren't based on any analysis
>of NoHTML or its operation, are they.
My comments were about a much more general problem, indeed. As I have
mentioned in my original message, no COM Add-In for Outlook, no matter how
well implemented, can see all the incoming traffic. The "MAPI hook" method
isn't supported in Outlook XP, so it cannot be relied upon, either. The
only thing that remains is the "Exchange client extension" method.
Somebody dropped me a private note that Outlook Express does not use MAPI.
While that's true, it's also largely irrelevant - OE is an entirely
different kettle of fish and it doesn't support COM Add-Ins and Exchange
client extensions, either. So, if this is the client you're using, you're
SOOL. Just use an on-access scanner on the client and scan the e-mail at
the gateway.
>In v1.3.0.0, soon to be released, I have added the functionality that you
>believe will be susceptible to load problems. v1.3.0.0 *ADDS* conversion
>upon message arrival to your Inbox (inbox only, not other folders). This
>*WAS NOT* done to increase the security, or the effectiveness of NoHTML.
>Instead, it was done to try and add a performance boost to the way most
>people use the tool. If messages are converted as they arrive, it reduces
>the time it takes to scroll down a list of messages.
Trust me, the messages can still arrive fast enough for some of them to be
missed. In our experiments we implemented the "scanner" COM Add-In as just
a small almost-do-nothing piece of code that just logs the fact that it has
intercepted a message (without trying to process it in any way) - and it
*still* missed messages!
>and I would expect you to retract it or provide the details of the analysis
>of NoHTML which you have already performed. You tested it and found it to
>fail how many times?
It is very difficult to trigger reliably the interpretation of the message
because of the preview pane being opened - but it can happen, as you
mention yourself on the Web page describing the tool.
>If you're someone who feels the need to insist on getting a message through
>to the list about it to forewarn them of inadequacies that you believe it
>has, or mis-representations that you believe I've made about it, then
>consider asking me first directly before you make some public statement
>about it.
I *did* contact you privately while your program was still in design phase.
Your answers were something irrelevant about you being able to program only
in Visual Basic. I gave you the address of our developer who is very
intimate with the problems I mentioned. Did you contact him? Did you
discuss the problems with him?
BTW, rest assured, I have absolutely no pressure to "get a message through
to the list". Every time I post a message there, I get a humongous number
of automatic "out of office" replies - despite your claims that inactive
users are removed from the list - so, I do my best to restrict my posts to
this list to the absolute minimum.
>I say you don't know you're a$$ from a hole in the ground wrt NoHTML, and
>are flat out speculating and wrong, but then I'm biased...I only wrote it to
Russ, I have the impression that you're taking this too pesonally. Try to
relax a bit, willya?
Regards,
Vesselin
-- Vesselin Vladimirov Bontchev, not speaking for FRISK Software International, Postholf 7180, IS-127, Reykjavik, Iceland producers of F-PROT. e-mail: bontchev============================================================================ Delivery co-sponsored by VeriSign - The Internet Trust Company ============================================================================ Protect your servers with 128-bit SSL encryption! Get VeriSign's FREE guide, "Securing Your Web Site for Business." You will learn everything you need to know about using SSL to encrypt your e-commerce transactions for serious online security. Click here! http://www.verisign.com/cgi-bin/go.cgi?a=n016065650057000 ============================================================================
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]