On Wed, 28 Jan 2004, Alexei Roudnev wrote:
Most Windows boxes are running with administrative privledges. That makes Windows a willing accomplice. The issue isn't that people click on attachments, but that there are no built in safeguards from what happens next.
This is problem #1. Unfortunately, Windose is too complex and have too much legacy, so everyone must run as a administrator (try to install Visio without admin privileges...).
The whole point of the infamous *.DLL was to provide local libraries for applications like unix *.lib.so files. This was corrupted by app vendors who were too deadline focused to install their DLL's in the application directory. Of course this was abetted by the ability of an application to write into the system directories. When NTFS came out an ordinary user could not write the system directory tree Hence most users are running as Administrator or equivalent so that they can write into the system tree. This was a bad design decision by MS _and_ application developers. This _is_ fixable by MS by simply not allowing apps to write into the system tree. This of course is a "small matter of programming" but it would really improve the overall security posture of Windows. Now there are well written applications which do install their DLL's into their own tree these apps can usually be recognized by _not_ requiring a reboot after installation.
Problem #2 - using extentions to select an application - may be, it's a very good idea, but it complicates virus (worm) problem.
Problemm #3 - Monoculture. This greatly exacerbates problems 1 and 2 but is not so much of a
Agreed However magic numbers in the header or having the execute permission bit set bring the same problem to the table. problem on its own. i.e. Apache which has over 75% of the webserver market and is infrequently compromised. Problem #4 MS applications have an unfortunate predilection to run any bit of executable code they find. i.e. a WMA file can contain executable code which media player will happily execute. This is a perfect example of just because you can do something it does not necessarily follow that you _should_ do something. This dates back to [*]BASIC and the RUN command. It was somewhat useful 10+ years ago not so much today.