Re: head off email viruses: distinguishing documents from executables?

["Steven G. Johnson" <stevenj ab-initio mit edu>]

On Thu, 6 Nov 2003, Julien Olivier wrote:
> It means that if you receive an email containing from someone who
> appears to be a friend of yours, with an attached archive (zip or tgz
> for example), this archive could contain binary files with the exec bit
> set. Of course, a well-educated user would never run a binary files
> contained in an archive if he isn't 100% sure what it is. But, to avoid

Let me further point out that it's not always clear what is a binary file,
e.g. if you get a tarred file called "britney.jpg " which is really a
binary with the execute bit set.  This is the core of the problem.

My basic argument is that any widespread vector for email viruses
(e.g. .zip attachments containing executables disguised as
documents) indicates a UI flaw.  In this case, the flaw is that it is not
easy to readily distinguish between launching an executable (or .desktop
file) and opening a document.

Steven

PS. How would one go about setting up a security gnome org list, and
possibly a web page of proposals and/or potential vulnerabilities?  Give
the paranoid freaks a place to chew the carpet.  =)