Re: stripping out exe's from emails
Not just exe's, but any attachment, because embedded scripts and buffer escape exploits are the main malware entry points now!
Simple, have Microsoft or a trusted security software provider extend Android and iOS application level permissions framework to desktop OS, but with sensible restricted defaults for the filesystem/registry too, like the Application install/settings folders, registry folders and default documents folder, and show an admin. screen permissions dialog., after system snapshot, if it attempts to access anything else, including in non white-listed file shares. We should not always trust applications to police their own access, because they can be compromised!
There could be application group white-lists/blacklist to save duplication e.g. for Desktop and some other common folders, this could include application installation and settings folders which should usually only be accessible by the owner application.
Any unknown Application which tries to do any file system action but create new files in it's folder, not sub-folders, or access anything else should cause an admin. screen permissions dialog., after system snapshot, for one-off OK, or white-list or black-list additions.
This could make life very difficult for lots of other kinds of malware, including camera/microphone/keyboard spyware, browser hijacks and other unwanted software installs too! :)
Biting the hand that feeds IT
