[XML-DEV Mailing List Archive Home] [By Thread] [By Date] [Recent Entries] [Reply To This Message]

RE: Turn Off Automatic Script Activation In Outlook (WA S RE:

  • To: "'xml-dev@l...'" <xml-dev@l...>
  • Subject: RE: Turn Off Automatic Script Activation In Outlook (WA S RE: [xml-dev ] Painful USA Today article (was RE: ANN: R ESTT utorial))
  • From: "Bullard, Claude L (Len)" <clbullar@i...>
  • Date: Fri, 24 May 2002 09:28:41 -0500

outlook activation

I mean social engineering in the sense that they advertise 
interoperation then turn it off to protect the unskilled 
or insufficiently knowlegeable.  The web and even the home 
systems are lab experiments that escaped the lab into 
a population that innocently bought into the massive hype 
but were not aware of the dangers.  I disagree that this 
is not related to virus writers; they are exploiting it 
criminally.  The rest of your example comes down to 
inconvenience that will prompt some learning on the 
customer's part, but not criminal acts.

I agree it turned out that the environment was far more 
hostile than some realized or wanted to admit although 
some of the original community pointed it out.  How that 
happened is a different topic and one the MS engineers 
and staff should discuss among themselves.  That it happened 
has become a problem for all of us.  It is somewhat similar 
to the introduction of smallpox to the aboriginal Americas. 
It infested a population unaware of how to protect and 
not knowledgeable of the need to protect.   The same kind 
of problem decimated the original Hawaiian population. It 
produced unacceptable results, but largely by accident.

But we have to be clear that hostility by a group is 
not a legitimate expression of free speech.  In other 
words, MS did a dumb thing.  Exploiting a dumb thing 
by attacking the systems of their customers is not 
dumb: it is criminal, similar to giving smallpox 
infested blankets to the aboriginal Americans.

The goals are to get MS to turn these features off 
by default; clearly explain the risks of turning them 
on.  This is a case where the greater good for the 
greater number is to turn it off because we are seeing 
a multiplicative effect across the global environment.

A related by cause and effect but not intent goal 
is to come to grips with the reality that an architecture 
which insists anonymity is a first concern will protect 
criminals.  Anonymity is a problem.  Is it a right?  
I don't have a clear picture of this issue but it is 
obvious that it can be exploited by criminals in such 
a way as to make the web a risky technology for the 
society that uses it.   We have a bigger problem than 
MS leaving on a feature by default.

len


From: Frank Richards [mailto:frank@t...]

What you call "social engineering" sounds to me like trivial attention to good design.

Let us assume a totally 'benevolent' (literally 'well wishing') environment. The benefits of live content
running automatically largely accrue to users in large enterprises where big apps are set up to use it.
End user systems in those environments are configured by pros, who know what to do, and are going
to either script or look at all the settings anyway.

The dangers of INADVERTANT settings changes or file clobbers (yeah it's rare now, but this started with win95 which
is very brittle), or just having an attached MP3 play after you've just gotten the baby down for a nap, largely
accrue to the home users who don't want to have to diddle with settings (this isn't social engineering, it's giiving the
customer what they both want and need) and frequently don't know how to reconfigure anyway..

It was a dumb move, even if viruses had never been invented.






PURCHASE STYLUS STUDIO ONLINE TODAY!

Purchasing Stylus Studio from our online shop is Easy, Secure and Value Priced!

Buy Stylus Studio Now

Download The World's Best XML IDE!

Accelerate XML development with our award-winning XML IDE - Download a free trial today!

Don't miss another message! Subscribe to this list today.
Email
First Name
Last Name
Company
Subscribe in XML format
RSS 2.0
Atom 0.3
 

Stylus Studio has published XML-DEV in RSS and ATOM formats, enabling users to easily subcribe to the list from their preferred news reader application.


Stylus Studio Sponsored Links are added links designed to provide related and additional information to the visitors of this website. they were not included by the author in the initial post. To view the content without the Sponsor Links please click here.

Site Map | Privacy Policy | Terms of Use | Trademarks
Free Stylus Studio XML Training:
W3C Member
Stylus Studio® and DataDirect XQuery ™are products from DataDirect Technologies, is a registered trademark of Progress Software Corporation, in the U.S. and other countries. © 2004-2013 All Rights Reserved.