On Tue, 2006-01-24 at 23:51 +1100, John Francis wrote: > Ok, so you can stop MIME and UUE attachments. But I think Paul was > correct in stating that it will still be possible to send arbitrary > file types. Given any transport that can send bytes of data between > two computers, you can always use it to transfer arbitrary data. A > sophisticated user may get around the limitations imposed by his > network administrator by designing his own encoding method (or using > mime or uue without well know header values). > > It's like they say with security be it physical or electronic: there > is no way to make a break-in impossible it's just a matter of making > it as difficult as possible given your budget (of time, money, loss of > functionality, etc). That's certainly true. But if you were in an office environment, you'd not just lock down the server, but each client machine. You'd regulate them so they couldn't run anything other than pre-approved programs, which would stop them installing something new, or running something inserted on a disk. You'd also lockout changes to configurations of existing programs. If you didn't do all of that, then as you say, half-security isn't doing you any real good. You delude yourself that your system is safe, and don't even bother to check. For good security, you need a real multi-user system, one designed to let them all do their bit, but not stuff up someone else. Windows just isn't true multi-user. It might support different configurations for different users, but that's not multi-user. -- Don't send private replies to my address, the mailbox is ignored. I read messages from the public lists.
