Secure Coding mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Hypothetical design question

From: ljknews <ljknews () mac com>
Date: Thu, 29 Jan 2004 15:17:58 +0000
At 8:45 AM +1030 1/29/04, Nick Lothian wrote:


I think either the email client or the operating system needs to protect the
user from malicious programs _by default_ (on a non-professionally
administered system). I don't think an email client can do this, and I'm not
aware of any operating system that really supplies this protection (although
most can be configured to provide some protection. Perhaps capability based
operating systems do this?)


I would think MVS provides this capability, as Mandatory Access Control
(where the user cannot change the protection) is sort of built in.


On the other hand, the operating system/email client still needs to allow
one-click execution of attachments - it should just restrict them from doing
malicious things.


Specifying that is a lot easier than implementing it :-)
Previous By Date Next
Previous By Thread Next

Current thread: