On Wed, 30 Jul 2003 17:06:28 -0700, Delirium delirium@rufus.d2g.com gave utterance to the following:
Vicki Rosenzweig wrote:
What's wrong with HTML is
- It can contain viruses, tracking software, and other malware (as
explained in the message you're replying to)
- It enforces the appearance of a message on the reader, whether
she likes it or not (sometimes things like black on dark blue)
- It takes up a lot more space, which is a problem for people on
dialup lines or with space-limited mailboxes.
I don't see how an HTML message could possibly contain a virus, unless you have a horribly broken mailreader.
80% of PC users have a horribly broken mailreader - it comes with their OS.
I can recall an instance of a Chinese fireworks website where there were two thumbnail images on a page of about 20 where clicking the thumbnail served not a jpg image but a vbs scripted virus or bomb. While IE blindly trusts the extension rather than checking the MIME type as per the standard, both Opera and Mozilla simply reported that they could not open the resource. Fortunately the computer I was using when I tried it in IE was not my work one, because the C: drive had to be wiped and the OS reinstalled from scratch. And the nasty got straight past an up-to-date AV program. If such an image was called from an email, you could be toast if using client which uses IE as its HTML renderer, without a single click. The vulnerability has probably been patched by now (but who knows, there are still unpatched vulnerabilities published 18 months ago) and how many people have their OS fully patched. As a result, I do not have vbs or activeX installed on my computers any more.