From: "Geo" 

"John Beckett"  wrote
in message news:uo6bf1h7u1utrt3okd9dgn3qtvc361h9h1{at}4ax.com...

> It is obvious that any decent scripting or programming language can
> produce a program that can do malicious things. It is pretty trivial to
> write a script that finds other scripts and changes their contents.

I'm not a virus writer so I don't know what the concept these proof of
concept virus were supposed to prove  but obviously they have proved it so
whoever was saying it wasn't possible so it doesn't need to be secured or
there doesn't need to be concern about an insecurity here is now proven
wrong?

Remember the activeX argument that said it requires signing so it's safe?
How many "safe for scripting" activex controls have proven to not
be safe now? 10, 12?

This is really no different, someone must have been arguing that it wasn't
possible to do whatever they are doing in the poc code, that's the whole
reason for poc code, to prove that it is possible. To me that says that
someone in the monad project has been once again giving features priority
over security which seems pretty typical for everyone at MS except maybe
for the DNS group.

Geo.

--- BBBS/NT v4.01 Flag-5