head off email viruses: distinguishing documents from executables?

["Steven G. Johnson" <stevenj ab-initio mit edu>]

As usual, I have been getting lots of MS email viruses on my GNU/Linux
email account.  Occasionally, however, instead of trashing them, I marvel
at the evil social engineering that goes into them, and I think about how
a similar attack might be aimed at other systems, e.g. Linux.

One of the tricks seems to be to attach a .zip file of something that
purports to be a document, but is actually an executable (readme.doc.scr),
combined with an email ("Read this for our meeting tomorrow") that tricks
the user into opening it.  One could conceivably do a similar trick with
Linux (attaching a .tar.gz).

The basic problem is this: simply *reading* a file, no matter whom it is
from, *should* always be safe...at least there is no technical reason it
can't be, and this is what people expect from the real-world metaphor.
But, of course, with MS, you open a document and launch an executable in
the same way (double-click).  Similarly on a Mac.  And similarly (last I
checked, admittedly a long time ago) with GNOME.  The only exception is
the command line.  How does Nautilus handle this?

As a basic safety feature, when you double-click on an executable file,
before you execute it you might pop up a dialog saying "This is an
executable program, not a document, and it may run arbitrary commands; are
you sure you want to launch it?" (with a check box to disable the warning
for *that file* in the future).  By default, you may even want to disable
click-to-run executables entirely, except for specially-created desktop
shortcuts, since most people only need to launch executables from the
menu, by drag-and-drop, or by double-clicking an associated document.

Sorry to bother you if you've already thought about this, but I figured it
wouldn't hurt to be pro-active.

Cordially,
Steven G. Johnson

PS. There are of course, other attacks if you can trick a user into
opening a file, such as evil .tar.gz files that create dotfiles (or write
in dot-directories), etcetera, when they are uncompressed from a known
location (e.g. $HOME).

PPS. Sorry if this is misdirected; I couldn't find any kind of GNOME
security list (which might be a nice idea if it doesn't exist).