On Thu, 10 Jul 2014 12:25:50 -0700 Ted Mittelstaedt <t...@ipinc.net> wrote:
> Fundamentally I think the problem is with attachments. No, the problem is not with attachments. An attachment actually included in an email is no more dangerous than an attachment downloaded via a link. Email attachments are far too convenient; no-one's going to give them up. The problem is that Windows encodes metadata such as "this is executable" in the filename, making it trivial for attackers to get their payloads to run. The simple act of renaming a file in Windows can be the equivalent of "chmod a+x" in UNIX. A Windows user probably does not realize that renaming a file can have dire consequences, whereas even a casual UNIX user might pause if asked to chmod a file after saving it. (Note well this article: http://lwn.net/Articles/178409/ which points out that some UNIX desktop environments are repeating the mistake made by Windows.) Regards, David.
