Secure Coding mailing list archives
RE: Re: Hypothetical design question
From: "Alun Jones" <alun () texis com>
Date: Fri, 30 Jan 2004 14:26:42 +0000
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of der Mouse Sent: Thursday, January 29, 2004 5:57 PM I've long thought that a large part of the reason Windows is so virus-vulnerable is that the user interface uses the same gesture (double-clicking, or even right-click and choose "open") to run an executable file and "open" a "document".
As well it may, since there is little to distinguish between the two. "Data" files carry executable code - macros, components, etc. Executables embed data - self extracting zip files, movie viewers, even (IIRC) some DRM stuff. And that's before you even get started on the way that a buffer overflow bug turns what used to be data into a vector for carrying unwanted executable code. Alun. ~~~~
Current thread:
- RE: Hypothetical design question, (continued)
- RE: Hypothetical design question Dave Paris (Jan 29)
- RE: Hypothetical design question ljknews (Jan 29)
- Re: Hypothetical design question David A. Wheeler (Jan 29)
- Re: Hypothetical design question Paco Hope (Jan 29)
- Re: Hypothetical design question David Harmon (Jan 30)
- RE: Hypothetical design question David Crocker (Jan 30)
- RE: Hypothetical design question Alun Jones (Feb 01)
- Re: Hypothetical design question Paco Hope (Jan 29)
- Re: Hypothetical design question Ken Goldman (Jan 29)
- Re: Re: Hypothetical design question Kenneth R. van Wyk (Jan 29)
- Re: Re: Hypothetical design question der Mouse (Jan 29)
- RE: Re: Hypothetical design question Alun Jones (Jan 30)
- Re: Re: Hypothetical design question Jose Nazario (Jan 30)
- Re: Re: Hypothetical design question der Mouse (Jan 31)
- RE: Re: Hypothetical design question Michael S Hines (Jan 30)
- RE: Re: Hypothetical design question Ben Corneau (Jan 31)
- RE: Re: Hypothetical design question Alun Jones (Feb 01)
- Re: Hypothetical design question der Mouse (Jan 30)
- Re: Hypothetical design question Glenn and Mary Everhart (Jan 30)
- Re: Hypothetical design question Fernando Schapachnik (Jan 30)