good chemistry is complicated, and a little bit messy -LW |
|
PerlMonks |
comment on |
( [id://3333]=superdoc: print w/replies, xml ) | Need Help?? |
PerlScript's default security being set to "local" zones is ok surely? NO! It's not ok. Imagine being sent an email with an attachment - it's a .html. It got through your virus scanners because they can't scan for malicious perl code and it looks just like a regular html page. It's stored locally on your hard disk before you open it in Outlook Express. You open it and BANG!
"Doctor, it hurts when I use Outlook Express!"
Seriously, though, you raise a few good points. But as with many things in life, this is a trade-off. PerlScript enables wonderful things like ActiveState's Win32::OLE Type Library Browser. And, for those who're motivated to do so, it allows the browser to be used as a very limited UI platform. Trade this off against the probability of being attacked. Your average script-kiddie is unlikely to bother with a PerlScript-based attack, because percentages are so low. Unless they're targeting a Perl mailing list, the chance of getting hits based on a broadcast spam attack are pretty slim. I have PerlScript installed on my box at work. My work email address is generally unknown, and isn't on any mailing lists. I have no fear of attack there (except, perhaps, from my coworkers. But they phear me :-)
In reply to (dws)Re: use PerlScript && die;
by dws
|
|