PRODUCTS

DOWNLOAD

BUY

LEARN

SUPPORT

COMPANY

Cart

XML Editor - Download a Free Trial >

See What's New >

Buy Now >

ASP Error: 70
Description: Permission denied
Source: Microsoft VBScript runtime error

[XML-DEV Mailing List Archive Home] [By Thread] [By Date] [Recent Entries] [Reply To This Message]

RE: Painful USA Today article (was RE: ANN:RESTTutor

To: xml-dev@l...
Subject: RE: Painful USA Today article (was RE: ANN:RESTTutorial)
From: Benjamin Franz <snowhare@n...>
Date: Sat, 25 May 2002 09:09:42 -0700 (PDT)
Cc: Joshua Allen <joshuaa@m...>
In-reply-to: <4F4182C71C1FDD4BA0937A7EB7B8B4C105535203@r...>

Play the video

On Fri, 24 May 2002, Joshua Allen wrote:
> 
> * Installed by default in Outlook was the ability to have code send
> e-mail and lookup addresses on behalf of the user.  The first outlook
> worms used that API.  The new versions of Outlook (and patches for
> previous versions) made this impractical, so the next batch of worms
> connected TCP directly using port 25.  Would installing with CDO (the
> automatic e-mail API) off by default have made a big difference?
> Possibly.

Better yet (and getting MS out in front of this would be a _good_ thing)  
would be placing sockets under the explicit control of the security
system. If a program had to be explicitly _granted_ permission to make the
initial connect to a outbound TCP/UDP port (or via a non-port oriented IP
protocal period) or to establish a listener the first time (either by user
interaction or via strong cryptographic signature, or both) this would
drop 99% of Internet-aware malware dead in its tracks. The (not
insignificant) side-benefit is that it would _also_ stop virtually all
'spy-ware' from 'phoning home' without a user's explicit permission and
knowledge. And users should have the ability to _turn off_ a specific
program's access priviledges once set as well.

With the Internet becoming as much a feature of computers as hard drives - 
it is about time that the security model _at least_ caught up with the 
idea of 'access permissions' that have been used to keep programs and 
people out of places they are not supposed to be for decades on 
filesystems.

 -- 
Jerry

     The lyf so short, the craft so long to lerne.

                                    ---Geoffrey Chaucer

References:
- RE: Painful USA Today article (was RE: ANN: RESTTutorial)
  - From: "Joshua Allen" <joshuaa@m...>

Prev by Date: The report on subtyping..
Next by Date: RE: Painful USA Today article (was RE: ANN:RESTTutorial)
Previous by thread: RE: Painful USA Today article (was RE: ANN: RESTTutorial)
Next by thread: TR9503 to XSD
Index(es):
- Date
- Thread

PURCHASE STYLUS STUDIO ONLINE TODAY!

Purchasing Stylus Studio from our online shop is Easy, Secure and Value Priced!

Download The World's Best XML IDE!

Accelerate XML development with our award-winning XML IDE - Download a free trial today!

Subscribe in XML format

RSS 2.0
Atom 0.3

Stylus Studio has published XML-DEV in RSS and ATOM formats, enabling users to easily subcribe to the list from their preferred news reader application.

Stylus Studio Sponsored Links are added links designed to provide related and additional information to the visitors of this website. they were not included by the author in the initial post. To view the content without the Sponsor Links please click here.

XML Editor - Download a 15 Day Free Trial Now >

See What's New in Stylus Studio >

Buy Stylus Studio - XML Editor - Now >