RG> OK, this discussion now has the potential to be endless.
RG> Exactly what is it that distinguishes "text" from "data" ?

> In this context data could be binary,

RG> As I said, this is going to be an endless discussion. Text on a
RG> computer is just as binary as any other data. ie, they are both
RG> nothing more than a series of 0's & 1's. It *could* be argued
RG> that the difference between text and data/binary is that text
RG> only uses 7bits, where as data/binary uses 8bits, and in fact
RG> this was quite a valid arguement 30 years ago. These days, many
RG> 'text' documents contain 8bit data so that distinction no
RG> longer holds water. 

 Text *is* data, for Christ's sake! What distinguishes text from an
EXE file is the header, the first 60 bytes (from memory). If I put an
EXE header on text, the system will try to run it.

RG> The point I was trying to make is that cookies are NOT
RG> executable files

> a point well made.

RG> OK, so now all we have to do is convince Bob of this fact.

 I said "cookies and other crap" or words to that effect. I know
cookies don't run, but they do have access to the system and are
loaded anywhere the cookie-sender chooses to put them. It gives
another way in for a virus.EXE (or any of the many extensions that
Windows recognises and will try to run). I've lost track of what
runs, or where Windows puts them...

 A virus used to be a brilliant little piece of code hidden on the
hard disk with direct access to the O/S. Now you juse use windows
itself and write a SCRIPT, for god's sake! If I *really* wanted to
ruin the World's computers, I'd load an attachment as a "cookie" that
did nothing, and then after a year activate it. I really do worry that
M$ has *already* done that.

 I talk to Americans in the SF echo, and they don't think like us
human beings. They actually feel threatened by insane things. They
think Bin Laden could destroy America! ROFL! If  drop into their
mindset, it frightens me. I think it is more than possible that the US
has a way to kill every computer on planet Splong, using Intel and M$
(which explains why Gates seems free to flaunt their antitrust
laws). So... is it paranoid if they are *really* out to get you?

RG> No they are not. The MACRO's that may be embeded within the
RG> files are "effectively executables for virus purposes", but the
RG> document files themselves aren't. If you don't make this
RG> distinction then you are going to be in the Bob Lawrence camp
RG> in thinking that ZIP files are also "executable for virus
RG> purposes", and hopefully you know better.

 I don't think *you* understand, Rod. What is the difference between 
a self extracting ZIP file and an EXE file? From memory, six bits in
the header. Not a lot of protection... is it?

RG> He does have a point though, if you don't have a computer, then
RG> you cannot get a computer virus. If you don't have internet
RG> access, then you can't get a virus that is spread from the
RG> internet. Problem is, he seems to forget that computer virus's
RG> existed long before the 'net as we know it came into being.

 I forget nothing. Before Win98 and Explorer, we had an O/S that was
understandable and managable (but pretty-well fucked), and when you
sent data every kilobyte counted. The BBS filtered spam and the
sysops fopund the viruses. What you say about running EXE's was true.
a virus scan could search for a few specific bytes to find the
nasties. Now... M$ has made it possible to insert a "virus" using
plain text! It's no longer the really clever little code that hid in
the boot sector or the partition information, but who cares? It might
as well me a megabyte in plain sight.

 And Microsoft has *admitted* that they have a backdoor in Windows.
Did they really think that hackers wouldn't know that?

RG> The Internet, Zip files, doc files with embed macro's, and so
RG> for are still nothing more than transport mechanisms - the
RG> virus code STILL needs to be executed before an infection can
RG> take place.

 But Windows makes it *automatic!*

> It seems there was some way to get OE to run stuff wiothout
> asking and there was no way to block it.

RG> Funny, I check for Mickysoft updates on a daily basis and there
RG> haven't been any security updates for nearly a month now. You
RG> must be WAY behind the times.

 That assumes that M$ *want* to fix it.

RG> The reason WHY I've never been infected isn't just because I
RG> keep up to date with security patches (I know plenty of other
RG> people that also do this, and STILL get infected on a regular
RG> basis), the reason why I've not had a single infection is by
RG> doing what I tell other people to do all the time, namely, I
RG> DON'T open attachments unless it is something I was expecting,
RG> and never ever run executables of unknown origin. These two
RG> simple rules is all it takes to remain virus free.

 So, what if I ring you up and tell you I'm sendign you a great
picture of big tits? And I send it but there's a Bob-virus embedded?
That does nothing just then...?

RG> simple rules is all it takes to remain virus free.

 Sure it is... and what if those updates you check daily from
Microsoft are what's infecting your PC? Except it hasn't been
activated yet? You download megabytes, and you don't have a clue
what's there!

RG> I then use Explorer to view the email as plain text - This
RG> eliminates the possiblty of anything actually being executed
RG> and that is usually enough to satisfy my curiosity about the
RG> actual contents.

 You use explorer!!! I use a plain DOS text editor. How can you
possibly trust Explorer?

RG> The SIDE effect of this is that the actual viral message then
RG> gets stored in my cache directory (harmless), but, when I do
RG> run the online virus checker (housecall, by trend micro) it
RG> never fails to report all of these virus tucked away in the
RG> cache. 

 I love the logic behind that. It "never fails to report..." how do
you know? That's the problem with a virus checker... you never know
until someone else finds the super-clever virus.

RG> It is important to realise that simply having a virus on the
RG> computer is NOT enough to cause the computer to be infected -
RG> As I keep saying, the virus code needs to be executed in order
RG> for the infection to occur. 

 There are two kinds of virus... 

 The old-fashioned *clever* kind that used the O/S itself to run them
and self duplicate. Ordinary actions like inserting a floppy copied
the virus to the floppy, and so on. These were relatively easy to
find, with only a few specific commands art risk (a thousand or
so). That still works...

 With WinXP, many other ways have been introduced (XP is *much* more
complex), and the virus is not always recognisable until ti staerts
stuffing the sytem doing weird things. It can be a megabyte.

RG> Oh yeah, I *could* (and do) often "inspect" virus infected
RG> emails simply by using "view source" (CTRL-F3) often combined
RG> with "Quick view plus" (in order to view the contents of any
RG> zip files) - This has the same immunity as viewing them via the
RG> webserver but it means viewing them one at a time as I come
RG> across them. Those that are viewed via the browser have been
RG> automatically filtered and saved as the mail arrives. :-) 

 How do you know they are viruses? Maybe they're just pictures of big
tits. 

Regards,
Bob

--- BQWK Alpha 0.5