[svlug] eWeek article on MS Outlook

Rick Moen rick at linuxmafia.com
Mon May 15 13:33:48 PDT 2000

Quoting LennyBruceLee (lloyd at morpheme.com):

> Article on Outlook from those usually friendly folks at ZDNet
> http://www.zdnet.com/eweek/stories/general/0,11011,2568904,00.html

It's interesting to contemplate the user-level view at the crucial
moment, when the user executes the viral code.  (It's been difficult
for me to do this, for lack of access to Win32 boxes.)

Microsoft OSes have a concept called "opening" or "launching" 
a file, an action usually performed by double-clicking on something.  
This characterisation conceals the vital question, which the user
_should_ be concerned about, of whether one is merely viewing the 
file, or executing (running) it.

To the extent Microsoft OSes make information available at all, on the
executable vs. non-executable question, they do so via an impossibly 
large and disorderly array of file "type" indicators, implemented as 
three-letter filename extensions.  Unfortunately, those OSes suppress
display of such extensions by default (!).

So, even if the user were wary of common executable file "types" and
his system happened not to support any uncommon ones, he still won't
even see the necessary extension information unless he has dug into the 
shell options and re-enable their display.  Furthermore, even after
_that_, at least one filename extension (.lnk) will still remain
undisplayed, as we know from the current Eudora for MS Windows security
hole:  http://www.eudora.com/security.html

Obviously, there is a ghastly user-level hazard here that is in no way
limited to Visual BASIC Scripting or to MS Outlook / MS Outlook Express:
The OS's fundamental design actively _encourages_ cluelessness and
ignorance, _and_ actively stands in the way of users having crucial

In short, it's pretty much horrific from every angle:  The userbase
tends to be a bit dim to begin with, and the smart ones are actively
deprived on crucial data and crucial distinctions are concealed from
them.  No wonder they have an ongoing virus disaster.  It's a wonder the
whole house of cards hasn't collapsed on them before now.

And blaming MS Outlook and/or Visual BASIC Scripting ignores the real
problem.  Glad it's not mine.

Rick Moen                           "Make vole, not raw."
rick (at) linuxmafia.com             -- From _Dyslextrata_, by Aristophanes

More information about the svlug mailing list