Anil Dash

A few ideas that have

A few ideas that have been kicking around in my head long enough that I figure they’ll never actually be fully formed, so I might as well get them out now…

The rash of discoveries and overreactions to Outlook security issues a few months back made me think that Microsoft’s security model (or lack thereof) for Outlook is basically the "credit card" model of security. Which is to say, we have essentially no practical safeguards against the misuse of credit cards before the fact. While there are perfunctory checks, (has a clerk who glanced at the back of the card ever complained that my signature looks nothing like what’s on the card?) any theif could easily swipe your card into a gas pump or any disreputable sales clerk could swipe your card on one of the new pocket-sized number swipers.

But our recourse is all after the fact, limited to the $50 damage rule and dependent on our timely notification of the loss of a card. Which is to say, dependent on the responsibility and common sense of the cardholder.

The analogy, of course, is that Outlook has historically been dependent on the user being smart enough not to run a program that they get unsolicited as an attachement to an email. Let me repeat the scenario that caused LoveBug to spread: The user runs a program, often from a person they don’t know, which came as a generically-named attachement to an unsolicited email entitled I Love You.

Regardless of how much power you think Microsoft has, I don’t think there is any power in the universe strong enough to save people that inept from harming themselves. Of course, the blame was put on Microsoft, not the phenomenally incompetent users, or their negligent network administrators at work (because I can’t imagine there’s too many people who run Outlook at home) and the result was a patch which actually disabled large portions of attachement functionality.

Now at work, a separate issue required me to put all the Office service packs on my Windows 2000/Office 2000 workstation, and now I am unable to attach links to outgoing messages, and unable to double-click to activate the legitimate, requested content such as executables and script files that I use to do my job.

Perhaps the solution is a simple IQ test as part of the install process, and those shown to be mentally deficient get their attachement functionality disabled. Hell, let’s get rid of their ability to forward while we’re at it, and then extend this feature to AOL’s client software…

Okay, I’m done with my rant now.