On Fri, 22 Sep 1995 dmandl@panix.com wrote:
On Fri, 22 Sep 1995, Adam Shostack wrote:
Perry E. Metzger wrote:
| I don't believe the Sun Java stuff would suffer from it, although I | fear Java a great deal.
I keep hearing this thought. Isn't Win95 with its 'executables in email' much more dangerous than Java, which at least tries to address security?
Is that the new MS-Word you're thinking of? I hear that it lets you imbed macros containing executable code in documents. That's got to be one of the most dangerous ideas ever cooked up.
Agreed; but it's present, not just in Word (every version since 2.0, as far as I can tell, in fact, since they all let you make system calls...), but in Microsoft Network, Microsoft Access, Microsoft Excel... I believe PowerPoint and Publisher are exempt from this bug, if only because the current versions have no macro languages... One of the penalties that modern software (at least for Windows) imposes is the ability to create massive viri, simply by allowing system calls to be executed from macros (if this was not the case, OLE technology wouldn't work, and interoperation between Windows programs can't occur, thereby crippling the system through bad design regardless of which alternative was chosen) Jon ------------------------------------------------------------------------------ Jon Lasser <jlasser@rwd.goucher.edu> (410)494-3072 Visit my home page at http://www.goucher.edu/~jlasser/ You have a friend at the NSA: Big Brother is watching. Finger for PGP key.