RE: Re: Hypothetical design question

["Michael S Hines" <mshines () purdue edu>]

The other part of this issue, of course, is that Outlook hides the true file
extension..  If it is SRC, EXE, COM or such, one can fool Outlook into
hiding the *real* file type so you think you are looking at a picture when
in fact you may be executing a program (which may display a picture as a
part of the process to think you got what you expected) which installs back
doors onto the system (either for later entry, or to send information out).

If we had 'full disclosure' there might not be such a problem.

MSH

-----------------------------------
Michael S Hines
[EMAIL PROTECTED]

-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of Ken Goldman
Sent: Thursday, January 29, 2004 1:39 PM
To: [EMAIL PROTECTED]
Subject: [SC-L] Re: Hypothetical design question


> the user community has grown very fond of some of the very
> features that viruses and worms thrive on (e.g., file attachments
> that can be executed with a single/double click of a mouse)

I don't think this is quite true.  I think most users want to __view__
attachments, either pictures or text.  They expect the viewer to be
Word, Powerpoint Paint, etc.  They don't expect, when they click on an
attachment, to __execute__ it.

Most virus attachments disguise themselves as text or pictures.  The
accompanying teaser text says "look at this cool picture" or "here's
the document you asked for".  The teaser text never says "here's the
program I want you to execute."

So my improved email client would say, "clicking an attachment can
pass it's contents to this approved list of viewers, but it will never
just execute the attachment."

--
Ken Goldman   [EMAIL PROTECTED]   914-784-7646