Secure Coding mailing list archives
Re: Re: Hypothetical design question
From: "Kenneth R. van Wyk" <Ken () KRvW com>
Date: Fri, 30 Jan 2004 00:00:28 +0000
Ken Goldman wrote: the user community has grown very fond of some of the very features that viruses and worms thrive on (e.g., file attachments that can be executed with a single/double click of a mouse) I don't think this is quite true. I think most users want to __view__ attachments, either pictures or text. They expect the viewer to be Word, Powerpoint Paint, etc. They don't expect, when they click on an attachment, to __execute__ it. Yes, that's an excellent point. That probably would address the average user's _requirements_ for what an email client should do, David Wheeler's disapproval notwithstanding. ;-) And David, while I completely agree with you regarding how people _should_ handle attachments, I think that the argument is moot. I'm talking about the typical end user (if such a thing even exists) in this hypothetical situation. History has shown us that there is no shortage of people that will click/execute even a .exe attachment under all sorts of appalling circumstances. I'm convinced that a mass email with a message of "Click _here_ to infect your computer with a virus." would STILL get a non-zero percentage of takers. The situation that I proposed was merely to solicit opinions and discussion on how one might go about designing a mail client _for the masses_ that could protect them from this sort of thing. So my improved email client would say, "clicking an attachment can pass it's contents to this approved list of viewers, but it will never just execute the attachment." Would you propose that these viewers be "dumbed down" versions of their full-featured counterparts? Otherwise, there's of course the issue of macro viruses and the like. I, for one, would still rest easier if the viewers ran in a sandbox, virtual machine, or some other compartmented construct that is relatively isolated from the rest of the OS. Cheers, Ken van Wyk
Current thread:
- RE: Hypothetical design question, (continued)
- RE: Hypothetical design question ljknews (Jan 28)
- RE: Hypothetical design question Nick Lothian (Jan 28)
- RE: Hypothetical design question Dave Paris (Jan 29)
- RE: Hypothetical design question ljknews (Jan 29)
- Re: Hypothetical design question David A. Wheeler (Jan 29)
- Re: Hypothetical design question Paco Hope (Jan 29)
- Re: Hypothetical design question David Harmon (Jan 30)
- RE: Hypothetical design question David Crocker (Jan 30)
- RE: Hypothetical design question Alun Jones (Feb 01)
- Re: Hypothetical design question Paco Hope (Jan 29)
- Re: Hypothetical design question Ken Goldman (Jan 29)
- Re: Re: Hypothetical design question Kenneth R. van Wyk (Jan 29)
- Re: Re: Hypothetical design question der Mouse (Jan 29)
- RE: Re: Hypothetical design question Alun Jones (Jan 30)
- Re: Re: Hypothetical design question Jose Nazario (Jan 30)
- Re: Re: Hypothetical design question der Mouse (Jan 31)
- RE: Re: Hypothetical design question Michael S Hines (Jan 30)
- RE: Re: Hypothetical design question Ben Corneau (Jan 31)
- RE: Re: Hypothetical design question Alun Jones (Feb 01)
- Re: Hypothetical design question der Mouse (Jan 30)
- Re: Hypothetical design question Glenn and Mary Everhart (Jan 30)