>
> the builders of the titanic didn't know that certain kinds of steel
> become brittle at cold temperatures.
>
> otoh, the developers of this user agent knew, or should have known,
> the risks of executing code of unknown origin. they have been
> understood for a long time. they were discussed during development
> of the MIME standard. the MIME specs have required content-types to
> document known security risks since the early 1990s. other email-borne
> viruses have used similar mechanisms to this one to propagte themselves.
>
So if the users would save the virus to disk and then run it,
what's the savings? If I send a naked_bunnies.exe file to a dirty joke
email list, some people are going to run it no matter what warnings are given
or whether or not it's zipped and uuencoded, whatever. If 20% of the people
receiving a virus propagate it rather than 50%, that's probably still good
enough to be significantly detrimental.
You could have senders sign any executables. That might help a little,
as long as the sender's machine hasn't been compromised.
Austin
