Re: Re: Hypothetical design question

["Kenneth R. van Wyk" <Ken () KRvW com>]

Ken Goldman wrote:


the user community has grown very fond of some of the very
features that viruses and worms thrive on (e.g., file attachments
that can be executed with a single/double click of a mouse)


I don't think this is quite true.  I think most users want to __view__
attachments, either pictures or text.  They expect the viewer to be
Word, Powerpoint Paint, etc.  They don't expect, when they click on an
attachment, to __execute__ it.


Yes, that's an excellent point.  That probably would address the average 
user's _requirements_ for what an email client should do, David 
Wheeler's disapproval notwithstanding.  ;-) 

And David, while I completely agree with you regarding how people 
_should_ handle attachments, I think that the argument is moot.  I'm 
talking about the typical end user (if such a thing even exists) in this 
hypothetical situation.  History has shown us that there is no shortage 
of people that will click/execute even a .exe attachment under all sorts 
of appalling circumstances.  I'm convinced that a mass email with a 
message of "Click _here_ to infect your computer with a virus." would 
STILL get a non-zero percentage of takers.  The situation that I 
proposed was merely to solicit opinions and discussion on how one might 
go about designing a mail client _for the masses_ that could protect 
them from this sort of thing.



So my improved email client would say, "clicking an attachment can
pass it's contents to this approved list of viewers, but it will never
just execute the attachment."


Would you propose that these viewers be "dumbed down" versions of their 
full-featured counterparts?  Otherwise, there's of course the issue of 
macro viruses and the like.  I, for one, would still rest easier if the 
viewers ran in a sandbox, virtual machine, or some other compartmented 
construct that is relatively isolated from the rest of the OS.


Cheers,

Ken van Wyk