An interesting read indeed. BTW...the link for part one doesn't work :-(.
Is sure is humid and hot here in FL this week....ugh.
Hrm, works fine for me... it's from august 04.
Did you know your typepad blog is down?
What URL are you using for typepad? I'm not having a problem.
has been sitting in my bookmarks for a while. Also googled you and got the same url. Perhaps I'm just being a bit dim...
I know you didn't write this post to rebut them, but Slashdot posters should generally be ignored.
Nothing cures user apathy about attachments like a good virus infection. After the owner of our company opened an unknown attachment and spread a virus throughout the network, the incidence of people doing that dropped to zero.
Also, a good Exchange-based attachment blocking by extension filter does wonders. We have been protected from several new viruses before the signatures were updated just by blocking executable attachments at the gateway.
Chaz: I saw on that blog that you found the new URL, sorry - I changed 'kc' to 'cynical' as I didn't want people who googled my name to find that one *first*, since they were probably looking for this one instead :-)
Peter: In general I agree, but it's difficult to ignore ignorance in such cases :-) I totally agree in the effectiveness of simple file-extension-blocking filters, both on the client and server. When we first did the Outlook block for attachments, it seemed like such a major step, to completely block access... now it's a given.
Might be a bit late to chime here, but...
The problem (that I see) with blocking attachments by extension is that it means that ligitimate attachments which are .exe or whatever (it happens, I'll often find some cool tool on the net and forward it 'round to my team mates) means that we need to create "workarounds" like zipping the .exe first.
But of course, that just conditions users to open a virus in Winzip and run it from there... so then you block .exe-in-.zip files, and ligitimate people have to work around /that/ and that just conditions people to..., and so on.
It's kind of like that feature in OSX where if you run something that needs admin privileges, it pops up a dialog asking for the password. All that does is condition people to type in their admin password all time and all it takes is someone to create a copy of that dialog in their phishing app, and away it goes!
(By the way, I don't use OSX so maybe that dialog is just an urban legend, I don't know...)
Dare's post about human nature touches on UAC in Vista: How do you design a dialog prompt to warn users
PingBack from http://mstechnews.info/2008/10/human-nature-and-email-attachment-security/
PingBack from http://blog.hi-tech-sw.net/2008/12/11/human-nature-and-email-attachment-security/