Re: Hypothetical design question

["Kenneth R. van Wyk" <Ken () KRvW com>]

Michael S Hines wrote:


A FreeBSD user was trying to execute the new macro virus circulating
(MyDOOM) and couldn't seem to replicate the problem the Windows users were
seeing.
Another AlphaVMS user was having the same problem.
Which is to say - it does seem to be an Operating System design flaw, to me
- not necessarily a mail client issue.


I don't believe that those facts support your conclusion.  All that they 
prove is that the virus in question is Windows specific.  Had the virus 
contained a Linux executable and had Linux users run the attachment, 
then I'd venture to bet that it would have run there just fine.



Consider - why do we have a Java Sandbox, and allow other executable files
to run 'in the wild' (without contraints for authorizaion or
authentication).


I agree that a sandbox model, like the one used by default for Java 
applets, can be beneficial for running unknown code.



Click and run is the mistake...  I think. Why would a user
be allowed to execute a program they wouldn't be allowed to install on their
machine, otherwise (if proper controls are in place)?  This is a flaw in the
security mechanism of the OS.


I'm not a big fan of click and run either, but it's out there now and I 
doubt that the end user population will voluntarily give that ability 
up.  That was one of my points in posing this hypothetical question.  

I'm not so convinced that a reasonable solution couldn't be designed at 
the app level, though.  After all, the Java sandbox that you cite runs in user
space.  I look at Wietse Venema's Postfix as a superb example of an 
elegant design solution to a difficult set of problems (admittedly for an 
MTA, not an MUA).  His use of compartmentalization and separation 
of privilege is ingenious, IMHO.


Cheers,

Ken van Wyk