Secure Coding mailing list archives
RE: Re: Hypothetical design question
From: Nick Lothian <nl () essential com au>
Date: Fri, 30 Jan 2004 02:29:32 +0000
the user community has grown very fond of some of the very features that viruses and worms thrive on (e.g., file attachments that can be executed with a single/double click of a mouse)I don't think this is quite true. I think most users want to __view__ attachments, either pictures or text. They expect the viewer to be Word, Powerpoint Paint, etc. They don't expect, when they click on an attachment, to __execute__ it.
I feel the distinction between "view" and "execute" is no longer as clear as we would like it to be. I don't think I can necessarily distinguish between them anymore - I certainly can't explain the distinction. If you open a Word document, are you executing it? How about an Excel spreadsheet that contains calculations? Try explaining to a home user the difference between macros and calculations in a spreadsheet.
Current thread:
- RE: Re: Hypothetical design question, (continued)
- RE: Re: Hypothetical design question Alun Jones (Jan 30)
- Re: Re: Hypothetical design question Jose Nazario (Jan 30)
- Re: Re: Hypothetical design question der Mouse (Jan 31)
- RE: Re: Hypothetical design question Michael S Hines (Jan 30)
- RE: Re: Hypothetical design question Ben Corneau (Jan 31)
- RE: Re: Hypothetical design question Alun Jones (Feb 01)
- RE: Hypothetical design question Nick Lothian (Jan 29)
- Re: Hypothetical design question der Mouse (Jan 30)
- Re: Hypothetical design question Glenn and Mary Everhart (Jan 30)
- Re: Hypothetical design question Fernando Schapachnik (Jan 30)
- RE: Re: Hypothetical design question Nick Lothian (Jan 29)
- Re: Hypothetical design question Greenarrow 1 (Jan 30)
- RE: Re: Hypothetical design question Carl G. Alphonce (Jan 30)
- RE: Hypothetical design question Jeremy Epstein (Jan 30)
- Re: Hypothetical design question der Mouse (Jan 31)
- RE: Hypothetical design question Shea, Brian A (Jan 31)
- RE: Hypothetical design question ljknews (Feb 01)
- RE: Hypothetical design question Alun Jones (Feb 02)
- RE: Hypothetical design question ljknews (Feb 03)
- Re: Hypothetical design question Crispin Cowan (Feb 04)
- RE: Hypothetical design question Alun Jones (Feb 04)
- RE: Hypothetical design question ljknews (Feb 01)