As reguards:
Previous security foobars by M$:
NT C2 <---- LOL!!!
I beleive that no operating system has ever been given a C2 certification, and that only indiviual installations can be certifed. This requries that each installation be transported and conducted under armed guard, which is case with certain US government Microsoft NT Workstation installations. It is also stated (somewhere, but I don't have the details to hand) that no C2 rated system should be plugged in to an external network connection (i.e. the internet), and that only connections to secure LAN's/WAN's are permitted (otherwise the C2 certification is meaningless, hence why NT Sever has never been C2 certified IIRC). I would be grateful if anyone can categorically deny or in any way support this.
Auto-Launch attached binaries in E-Mail <-- Can we say GoodTimes?
The GoodTimes virus was, according to the DOE's CAIC a hoax. This is also my personal opinion. This is what DOE's CAIC have to say: http://ciac.llnl.gov/ciac/CIACHoaxes.html#goodtimes Or, more amusingly. http://ciac.llnl.gov/ciac/CIACHoaxes.html#goodspoof However All E-mail readers that support HTML & JavaScript/Java/Active-X are inherantly insecure. This inlcudes Netscape Navigator and Microsoft Outlook, where mearly the act of previewing a malicious message can cause adverse effects. If anyone were to include a embed a malicious Java or Active-X control then the supposed sandbox in Windows 9X/NT would be ineffectual as one could conceviably create a control which could execute software anywhere on the hard disk (this has already been done using both Active-X and IE under Windows 95). Thus it follows that it could determain what viewer it is being read under and execute any other attachments in the same e-mail from where the are stored (in Netscape/Outlook) which could then... <please complete this sentence using your own words> Iain Collins, icollins@sol.co.uk