Secure Coding mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Re: Hypothetical design question

From: Nick Lothian <nl () essential com au>
Date: Fri, 30 Jan 2004 02:29:32 +0000



the user community has grown very fond of some of the very
features that viruses and worms thrive on (e.g., file attachments
that can be executed with a single/double click of a mouse)


I don't think this is quite true.  I think most users want to __view__
attachments, either pictures or text.  They expect the viewer to be
Word, Powerpoint Paint, etc.  They don't expect, when they click on an
attachment, to __execute__ it.



I feel the distinction between "view" and "execute" is no longer as clear as
we would like it to be. I don't think I can necessarily distinguish between
them anymore - I certainly can't explain the distinction.

If you open a Word document, are you executing it? How about an Excel
spreadsheet that contains calculations? Try explaining to a home user the
difference between macros and calculations in a spreadsheet.
Previous By Date Next
Previous By Thread Next

Current thread: