Secure Coding mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Re: Hypothetical design question

From: "Alun Jones" <alun () texis com>
Date: Fri, 30 Jan 2004 14:26:42 +0000
-----Original Message-----
From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of der Mouse
Sent: Thursday, January 29, 2004 5:57 PM

I've long thought that a large part of the reason Windows is so
virus-vulnerable is that the user interface uses the same gesture
(double-clicking, or even right-click and choose "open") to run an
executable file and "open" a "document".


As well it may, since there is little to distinguish between the two.

"Data" files carry executable code - macros, components, etc.  Executables
embed data - self extracting zip files, movie viewers, even (IIRC) some DRM
stuff.

And that's before you even get started on the way that a buffer overflow bug
turns what used to be data into a vector for carrying unwanted executable
code.

Alun.
~~~~
Previous By Date Next
Previous By Thread Next

Current thread: