SL Baur's Journal: Why we *must* blame Microsoft for malware

Microsoft is to blame for the malware explosion and here's why.

I wrote the following[edited for context] in response to someone who was attempting to blame "the idiot behind the keyboard":
Offering to execute pieces of email should never have been an option, let alone an unprompted default. Offering a prompt is a total misunderstanding of the real issue.

I can't think of an appropriate car analogy, so how about a rake analogy? Prompting before executing a file received in email is like attaching a notice to a rake laying on the ground with the tines facing up that reads, "if you step on this rake you could do serious damage to your face, proceed?" That is intended to sound dumb because it is every bit as dumb as executing things received via email.

There were good solid reasons why shar messages were distrusted and so somebody wrote unshar so one could unpack such things without executing it directly in the Unix shell. This was all standard industry knowledge about a decade before the release of Microsoft Windows 95.

Only idiots execute code received in email, but only an interface done by worse idiots gives them that option. Microsoft popularized the misfeature and made it a feature that some people cannot live without. It should never been a feature in the first place. And for that, you most certainly can lay blame to the management chain at Microsoft that signed off on the idea. The US tobacco industry was successfully sued for billions over much less.

I'll go after the creeping evil Javascript in a future journal entry, never fear.

I (mostly) agree

[rk]

I also blame the malware authors, and do think they need to be swatted with the newspaper, but you're spot on.

Do you remember the "Good Times" email virus hoax all those many years ago at the dawn of the popular internet? And us confident techies explaining to the newbies that "you can't get a virus from an email?" It was almost as though a team at Microsoft said, "hey, you CAN'T! Let's get on this right away!" I'd like to think MS didn't design their OS platforms to pass viruses, but if I were to desig

Re:

[SL Baur]

I also blame the malware authors

I can hardly disagree with that, but ...

I've done my own share of pranks. In the days when vi used to default to executing anything called .exrc in the current directory, regardless of ownership, I used to drop vi bombs (:!kill -IOT $$, or something like that makes an "interesting" .exrc). I've also written a (Korn) shell virus which was a lot more fun to write than it was to deploy ...

Do you remember the "Good Times" email virus hoax all those many years ago at the dawn of the popular internet?

Oh yes.

And us confident techies explaining to the newbies that "you can't get a virus from an email?"

It's been a long time now. I think I used to argue against you guys. I started using Emacs Lisp mail and news cl