From: Ka-Ping Yee (firstname.lastname@example.org)
Date: Tue May 09 2000 - 00:44:27 PDT
On Tue, 9 May 2000, Dan Kohn wrote:
> In fact, other than digital signing of outgoing messages and attachments
> (and I expect I could still design a trojan that would intercept my
> passphrase and change the attachment before signing), there do not seem to
> be obvious fixes to these kind of worms.
I disagree with the conclusion here. It is true that there is
an abuse of trust going on; and that given sufficiently naive and
gullible users you can convince them to run any trojan program.
But i do think users in general -- the users who propagate ILOVEYOU,
for example -- are not so much trusting as confused. They are
confused by an e-mail interface which conflates *display* with
*execution* (a confusion promoted by the Windows desktop). If
people knew that double-clicking on the attachment meant executing
a program with full access to their files, they would probably
think twice about doing it. Unfortunately, all they think they
are doing is viewing some attached inert piece of media -- because
even though executing is vastly more dangerous than viewing, they
are both activated by the same interaction: double-click.
Secondly, there is no good reason that e-mail attachments should
ever be able to be executed with full access to the machine. This
is a misfeature provided by Outlook that Outlook simply did not
have to provide.
As far as i know, Outlook makes no special effort to promote this
crucial distinction between inert and executable content. Knowing
that attachments are allowed to run in a completely unprotected
fashion (a stupid decision to begin with), the authors of any
e-mail client would be ridiculously negligent to then go and make
it any less than *extremely* inconvenient to launch such an
1. The user interaction must clearly distinguish between
executable and non-executable content.
2. If any remote content is executed, it must be executed
with carefully limited access to the machine.
"This code is better than any code that doesn't work has any right to be."
-- Roger Gregory, on Xanadu
This archive was generated by hypermail 2b29 : Tue May 09 2000 - 00:56:30 PDT