On Fri, Nov 03, 2000 at 07:34:27AM -0500, brflgnk@cotse.com wrote:
Real-To: brflgnk@cotse.com
Harmon said: I'm just amazed that with all the flack about ZK, something even worse goes unnoticed. Or are there so many of these pseudo-secure outfits that it would be a waste of bandwidth to comment. -- end quote --
I think that's it exactly. Doesn't look like VerySafe is bringing anything new to the table. PGP already does self-decrypting files, and has better support than just an Outlook plugin.
Self-decrypting (and self-anything files that need executable permission) are tragedies waiting to occur. People who aren't technical enough to install their own copies of PGP shouldn't be encouraged to run unknown email attachments, no matter what the associated pretty icon looks like. Of course, for the email to become known in any meaningful way - say, with a digital signature created by a trusted correspondent - requires the same computation (or a close analog) that the self-decryption would perform. The "I LOVE YOU" (which sent messages from known correspondents) should eliminate any hope that the people who create malicious programs aren't smart enough to take advantage of local data like address books when propagating bad code. -- Greg Broiles gbroiles@netbox.com PO Box 897 Oakland CA 94604