keithr said:
My employer's e-mail system rejects anything vaguely executable, you
just add another extension to make it something like fred.exe.zzz and
get the recipient to strip the extra extension before use.
Like I said, theirs was much more restrictive, in that it looked within
the binary and worked out what the file was.
This is just way over the top, and can be managed via other means.
Back a billion years ago, the company I worked for had a minor issue of
a virus appearing on our distributed media. Thankfully, the source
wasn't our department, nor the "official" disk duplicator / machine
builder guy. Turns out, while he was on break, some other guys in
another department thought it was an easy job and thoughtfully took over.
As a result of that, an instant company-wide policy of "if you bring
media into our premises, you're out the door" was brought in. (clearly
before the unions made it impossible to fire idiots).
At that time, I agreed with that stance, and appreciate it was the
right course of action.
But that was when software was being sourced via official means and we
had no *real* need to bring our own "unofficially sourced" stuff in.
Or, where required, we had the option of writing tools ourselves anyway
- which we did on occasion.
Today however, EVERYONE uses software in some form or another. We have
established procedures to look out for obvious clues to infection, and
have other procedures for handling the disinfection.
Preventing infection is also accounted for, while we block web access
to verified dodgy sites, users are otherwise free to download the latest
software of what they use.
Today, an outright blockage of executables - with no (electronic)
options offered, is just silly. It servers only to stop you working.
