From: Ka-Ping Yee (ping@lfw.org)
Date: Tue May 09 2000 - 00:44:27 PDT
On Tue, 9 May 2000, Dan Kohn wrote:
> In fact, other than digital signing of outgoing messages and attachments
> (and I expect I could still design a trojan that would intercept my
> passphrase and change the attachment before signing), there do not seem to
> be obvious fixes to these kind of worms.
I disagree with the conclusion here. It is true that there is
an abuse of trust going on; and that given sufficiently naive and
gullible users you can convince them to run any trojan program.
But i do think users in general -- the users who propagate ILOVEYOU,
for example -- are not so much trusting as confused. They are
confused by an e-mail interface which conflates *display* with
*execution* (a confusion promoted by the Windows desktop). If
people knew that double-clicking on the attachment meant executing
a program with full access to their files, they would probably
think twice about doing it. Unfortunately, all they think they
are doing is viewing some attached inert piece of media -- because
even though executing is vastly more dangerous than viewing, they
are both activated by the same interaction: double-click.
Secondly, there is no good reason that e-mail attachments should
ever be able to be executed with full access to the machine. This
is a misfeature provided by Outlook that Outlook simply did not
have to provide.
As far as i know, Outlook makes no special effort to promote this
crucial distinction between inert and executable content. Knowing
that attachments are allowed to run in a completely unprotected
fashion (a stupid decision to begin with), the authors of any
e-mail client would be ridiculously negligent to then go and make
it any less than *extremely* inconvenient to launch such an
attachment.
In short:
1. The user interaction must clearly distinguish between
executable and non-executable content.
2. If any remote content is executed, it must be executed
with carefully limited access to the machine.
-- ?!ng
"This code is better than any code that doesn't work has any right to be."
-- Roger Gregory, on Xanadu
This archive was generated by hypermail 2b29 : Tue May 09 2000 - 00:56:30 PDT