Wow, I'm going to be out of a job talking about security soon >;-)
As long as there are Microsoft products in the world, as long as AOL brings Hillbillies to the Internet, as long as there are script kiddies, you WILL have plenty to talk about. ;)
Wow, you mean refusing to run things sent from possibly untrusted clients, or if running, doing so in a sandbox?
Basically it just means (as far as I can tell) that cluebies need one extra step to screw themselves. Basically they'll need to save the .vbs to disk and then run it from Explorer. (file explorer, not Internet Explorer).
On the other hand now ILOVEYOU would force a dialog to pop up saying "This script is attempting to access your Outlook address book, would you like to allow this?", and i'm sure a bunch of mindless drones would click "Yes" anyway :)
So trojan writers will just need to become a bit more sophisticated and disguise their trojans as something nicer than VBS, and work out the Outlook address book format so that they don't need to use MAPI to get it. Although that'd only work for local address books, not global ones that are stored on the server.. but i'm sure there are ways around that.
Not that i've been thinking about it ;)
[ Parent ]