But that's exactly Microsoft's security problem in their operating system and applications. They make the act of safely doing regular things so difficult or confusing that people turn off or ignore the security. 99% of users have no reason to be getting executable code in mail, but the steps needed to do prevent that are too confusing to typical users, so they just keep getting them and trying to remember not to execute them. Few Word and Excel macros need to read data from anything other than currently-open documents, but detecting whether a loaded macro does this is nearly impossible for typical users.
The user interface for security needs to be simpler than the user interface for the OS and applications. Otherwise, it will be avoided. Microsoft knows this but prefers to say "we gave you the security options: if you don't use them, it's your fault".
Posted by lookit at April 6, 2004 08:34 AM