Virus free desktop

Robert P. Goldman rpgoldman at
Thu Nov 20 20:48:50 GMT 2003

>>>>> "John" == John Davidorff Pell <johnpell at> writes:

    John> On Nov 19, 2003, at 7:15 PM, Robert P. Goldman wrote:
    >>> "John" == John Davidorff Pell <johnpell at> writes:
    >>>> What you'd need to do is to forbid the user ever to create
    >>>> instructions that are executed by the system (or cripple the 
    >>>> available
    >>>> set of instructions really, really, badly).  This means no macros in
    >>>> your spreadsheets, etc., etc.
    >>> Does anyone ever actually use ANY MACRO that does ANYTHING
    >>> more than move some data around the spreadsheet, or copy it
    >>> to another sheet? If you use a MACRO to do anything more
    >>> than simple stuff like that then you're begging for a simple
    >>> typo to wide out some important stuff!
    >>> Also, isn't a MACRO (and I'm not talking about in M$ Orifice
    >>> where MACROs are written in VB) just a script? Why couldn't
    >>> you write and run a complete script as a non-privileged
    >>> user??
    >> Well, you can, but that doesn't make it a virus-free desktop, since if
    >> you have macros, and you have people sending you email, which could
    >> contain macros.  You do something with the macro-containing email, it
    >> mails itself to a zillion other people and, hey presto!, a virus.
    >> Viruses don't need root privilege.  That's why I think this idea is
    >> goofy.

    John> You're correct, but iThink that you are missing what I am
    John> saying. From my point of view, there is NO reason to allow a
    John> MACRO to send anything to anyone in your address
    John> book. ever. 

Hmm???  I think there are lots of people who track mailing lists in
Excel who would disagree with you....  

For that matter, it wouldn't be at all hard for me to write a simple
shell script that would rummage through some data files on my system
and then invoke the "mail" program.  I don't see how you could forbid
that without crippling my workstation....  How do you keep people from
sending emails that contain shell scripts or other arbitrary
executable code?  Now, one could easily forbid the mail client from
invoking a shell or other command interpreter, but that hardly gives
you a virus-free desktop.

Honestly, I don't see how to get a virus free desktop in anything
that's turing-equivalent.  Certainly, I think there are lots of things
one can do to make it harder to have viruses (like the example of
restricting the execution capabilities of the mail client), but at the
end of the day, I think the virus-free desktop (at least as I
understand what you're trying to do) is an impossible dream.

This message is from the kde mailing list.
Account management:
More info:

More information about the kde mailing list