Virus Guy  news:575C2003.56A4C592@Guy.C0M Sat, 11 Jun
2016 14:28:19 GMT in alt.comp.virus, wrote: 

> And this is something that I've posted here in the past, with *no*
> replies from this peanut gallery.

You call various people peanut galleries and actually expect a useful 
response as a result. Various people, including myself, have tried to 
explain many concepts to you; Always wasting our time in the process.

I only respond to your post because I find some of the.. correlations 
you've established to be amusing on one hand, and ... a bit on the 
dumb side on the other.
 
> These files have always come in as a .zip compressed archive.  

That's a bad thing, how?
 
> One of these doors is Windoze ability (since Win-XP) to handle
> .zip archive compression.

I don't consider that alone to be a doorway to exploitation. If 
anything, it's convenient as you don't need a 3rd party package like 
pkzip, winrar, winzip, etc to make use of .zip files with XP and 
above.
 
> I argue that this ability should have been removed from win-7 and
> later (or turn it off by default) - because only power-users these
> days know about and use file-compression.  We are long past the
> time when floppy disks and dial-up internet were routinely used to
> transport files. 

As far as I know. the .zip file format hasn't gone the way of the 
dinosaur yet and some stuff is still provided in that manner. It's 
not fair to assume only power users still need to know anything about 
it. Your suggestion to further try and dumb down things for the 
benefit of the users really isn't a benefit to them.
 
> More than just turning on Office macro support (and reducing to
> the point of absurdity the warnings about macros in documents) is
> the 800 lb gorilla in the room that your typical Windoze user has
> no practical need for .zip file de-compression, yet that is the
> route by which they #### up their computer (if not their entire
> organization) by opening the attachment in any given spam for the
> past few years. 

Opening a zip file atleast requires a little more effort on the part 
of the soon to be infected user. Than opening the pdf/doc/exe/js/etc 
attachment, directly, instead. Atleast when you open the .zip file, 
you aren't typically presenting yourself to danger. You still have a 
chance to say 'wait, hold the phone. Do I really want to run ANY of 
the programs/scripts inside this .zip file?

Opening the .zip file alone won't infect you. Acting on the contents 
inside in an irresponsible manner, oth, could very well do that.
 
> How a Bad UI Decision From Microsoft Helped Macro Malware Make a
> Comeback

macro malware? Another stupid term that's redundant and unnecessary.
 
> Macro malware is a term to describe malware that relies on
> automatically executed macro scripts inside Office documents. 
> This type of malware was very popular in the '90s, but when
> Microsoft launched Office 97, it added a popup before opening
> Office files that warned users about the dangers of enabling
> macros. 

That type of malware you're referencing were mostly actual viruses, 
not simplistic, lame ass trojans so typically found today. Think, 
Melissa virus. it was word macro based. We didn't refer to it as 
macro malware then either. Malware is a buzzword, essentially. It's 
ambiguous.

 
> Microsoft's decision had a huge impact on macro malware, and by
> the 2000s, this type of malware went almost extinct.  Lo and
> behold, some smart Microsoft UI designers start thinking that
> users might get popup fatigue, so in Office 2007, Microsoft makes
> the monumental mistake of removing the very informative popup, and
> transforming the warning into a notification bar at the top of the
> document with only six words warning users about macros. 

Actually, on the office 2007 package I used at a specific job, it 
disabled macros by default and required me to take a couple of steps 
to enable them. One, I had to click a button to the upper left to 
'enable' the macros. A small box would come up warning me of the 
potential dangers in doing this and again, request my permission to 
enable macros. It wasn't automatic. 
 
> Things get worse in Office 2010, when Microsoft even adds a shiny
> button that reads "Enable Content," ruining everything it had done
> in the past 10-15 years, and allowing macro malware to become the
> dangerous threat it is today.  The U.S.-CERT team issued an
> official threat yesterday warning organizations about the
> resurging threat of malware that uses macro scripts in Office
> documents. 

The enable content button, last time I checked, also required you to 
confirm that's what you really wanted to do; after displaying several 
reasons why it might not be a good idea.

Disclosure; Both packages are enterprise level. I don't think that 
would have any bearing in this case, though.
 
In both cases, I was given more than one opportunity not to run ANY 
of the detected macros. If I still chose to do that, the 
responsiblity for the outcome relied with me. Nobody else.


-- 
MID: 
Hmmm. I most certainly don't understand how I can access a copy of a
zip file but then not be able to unzip it so I can watch it. That
seems VERY clever! 
http://al.howardknight.net/msgid.cgi?ID=145716711400
--- NewsGate v1.0 gamma 2