On numerous occasions your blogger has humbly opined that Microsoft Outlook is probably one of the biggest risks to individual computer security today. The latest version of Microsoft Outlook still renders HTML automatically, disguises true link destinations and mangles plain text emails so clumsily and unnecessarily that it can only be deliberate.
The policies of "encouraging" end users to read HTML emails rendered by the MUA and of hiding the true link destinations have been contrived to make Microsoft Outlook "User Friendly". But rather than "User Friendly" Outlook is mostly "Phisher Phriendly".
Lately Microsoft have introduced a feature which warns naive microsofties that it might be dangerous to click on links that you do not trust <sarcasm> Oh? You don't say? </sarcasm>
You might wonder then dear reader, why do they design their MUA so that everything in the email pane is "clickable" by default (in fact "preferred") and it is difficult to distinguish between HTML and plain text (which they try to discourage!). Possibly you might also wonder - Ok so there is a "feature" that warns me about opening an executable! Where is the option that STOPS the MUA from opening an executable?
Possibly, the little bit of advice about links being dangerous is a tad disingenuous?
And the bad news doesn't stop there. Since Microsoft Outlook is the undisputed leader (quite undeservedly so in your blogger's humble opinion), other contenders tend to emulate Microsoft and include similar unexploded ordinance in their MUAs. Apple is making some great software for OS X, a robust version of Unix based on BSD, but they are beginning to insert Microsoftish user friendly traps in their mail client. Even the latest version of Kmail (for Kubuntu 9.04), which is in your blogger's most humble opinion, is an impressive software release, we can see a similar disturbing trend.
It is clearly evident that the Internet security model is broken. And for Microsoft, the world's worst offender, to start advising their customers that "Software Security is your responsibility", after two decades of the most appalling security holes designed into their software, the situation would be risible if it wasn't so serious.
However, your humble blogger must agree with the advice currently being offered by Microsoft. It is extremely dangerous to click on links in your inbox. And you might ask, "if that is so, why has the MUA been designed so that it you can only click on things?".
The following should be a minimum design standard for MUAs:
The real link properties should be clearly displayed when a mouse is passed over the link. This is the case for many MUAs. The standout exception is MS Outlook.
It should not be possible to open a link with a single left-click! Users should be presented with a menu which includes options to "Open with" a list of browsers, and/or "copy the link contents" ... etc". If the link is copied it should be the REAL link ... For example if the link says "www.big.aussie.bank.com.au?login", the contents should be the REAL contents ... which might be something like "www.jack-my-computer.ru?f%#_me_over_completely&steal_my_passwords". And it probably wouldn't be a bad idea to ship the software with the "Open with browser" option disabled by default, along with a warning that enabling it could expose the user to risk.
It should never be possible to run an executable or a script by left clicking.
Allowing even experienced users to run a binary or a script directly from an email with a single mouse click would seem, in your blogger's not so humble opinion, one of the most brain-dead design flaws in today's profoundly broken Internet security model. To merely preface such a potentially dangerous procedure with a vacillating, mealy-mouthed warning that "opening links from untrusted sources might be dangerous" is nothing less then fork-tongued, marketing, weasel speak. Let's be a little more emphatic about this ... It's not a good idea to run executables from an email ever!! ... Even if it was sent by your own mother! Well ... Come to think of it ... Especially if it was sent by your mother! Unless, that is, she happens to be a programmer and an expert on Internet Security. But then if she was she wouldn't be sending you binary executables ... Because it just encourages you to carry on recklessly clicking on things you bloody-well ought not be clicking on!
In your blogger's not so humble opinion, the only way to run an executable (or a script) should be:
Right click the attachment.
Select Save as ... And save it.
Select the item on the desktop and change the permissions to make it "executable".
Then, and only then the script or binary might be executed with a mouse click. You have unpacked the firearm ... You have carefully loaded it with live rounds ... You have put a live round into the breech ... Taken off the safety catch ... So you can't complain too loudly if you blow your foot off!
Of course the ones who complain loudest and longest about not being able to run executables from their inbox by clicking on them will be exactly the group of people who should not be doing it!. Well actually nobody should be doing it!
Developers should follow design criteria somewhat like the above, whenever they are designing an MUA. Just because Microsoft have built their business on a broken security model does not mean that other contenders should follow their poor example. Better security could be a genuine point of difference between Apple/Ubuntu software and Microsoftware.
More importantly, people who put themselves forward as technology "experts" and/or opinion leaders (and who are often just part time journalists), should stop gushing endlessly about silly frills and eye-candy and discuss things like the number of successful phishing attacks and security breaches that occur as a result of using the software.
Or at least that is ... In your blogger's most humble opinion.