the builders of the titanic didn't know that certain kinds of steel
become brittle at cold temperatures.
otoh, the developers of this user agent knew, or should have known,
the risks of executing code of unknown origin. they have been
understood for a long time. they were discussed during development
of the MIME standard. the MIME specs have required content-types to
document known security risks since the early 1990s. other email-borne
viruses have used similar mechanisms to this one to propagte themselves.
So if the users would save the virus to disk and then run it,
what's the savings? If I send a naked_bunnies.exe file to a dirty joke
email list, some people are going to run it no matter what warnings are given
or whether or not it's zipped and uuencoded, whatever. If 20% of the people
receiving a virus propagate it rather than 50%, that's probably still good
enough to be significantly detrimental.
You could have senders sign any executables. That might help a little,
as long as the sender's machine hasn't been compromised.
Austin