(idea) by baffo Fri May 05 2000 at 18:17:02
Ya know, once upon a time, viruses and worms and other forms of life had to be written in nice, tight, assembler code. They exploited strange holes in security. They were difficult stuff.

This thing here, it just walks through the totally open front door, and fucks the system every which way.
This tells you two things:

  1. Users are fucking stupid creatures
  2. Microsoft's design is even more fucking stupid
Or, more seriously (let me wear my RISKS hat):
  1. The first mistake in design is that a mail client allows you to execute a random piece of code that you got from the net.
    The designers should have asked themselves: Is this really a typical user activity ? or Is this a security hole that someone will exploit ? which basically means "Should this be made convenient like renaming a file or inconvenient like formatting a hard disk ?" - my take would obviously be "inconvenient as hell, and maybe more".
  2. The second mistake is in user interface design: the interface should make forcefully clear that what you are going to do is FUCKING DANGEROUS. The mild mannered Windows warning dialog, with its lengthy chat, just does not cut it.
  3. The third mistake lies in user training. It is assumed that users will understand what they do, but in reality they do not. I see it all the time: the project I work in has some fairly large mailing lists, used by absolute beginners.
    They get a Word document from someone who has just graduated from chalk+blackboard to a keyboard, and cheerfully open and run the macros. And then forward the infected documents to the rest of the list.
This combination of bad design, bad UI and bad training is the niche where the virus thrives.

Consider a virus that is a Linux x86 executable: I could uuencode it, and mail it to my buddies. And it would never survive, because my buddies have the training not to run an executable coming from an unknown source (point 3), and because many tipical Unix mail clients (pine, mutt, ...) do not give you any facility for one-touch uudecoding and running of random crap of unknown origin (point 1).

I like it! 1 C!