The "folks who caused it" are the sociopaths who would rather use their
not inconsiderable technical skills to hurt other people.
No doubt that those people are also culpable.
But when we designed MIME we went to considerable trouble to understand
the dangers of shipping around arbitrary content and making it easy to
present aribtrary content, and to warn implementors of those dangers.
Since that time there has been ample experience to indicate that our
concerns were justified, and which should further inform implementors of
the dangers.
It's hard for implementors to claim they weren't aware of the risks.
I'm not aware
of any software that comes out of the box with a "launch nasty virus"
option;
It's not called "launch nasty virus", of course.
It's called "launch arbitrary content with a single click from
inside a mail user agent". "nasty virus" just happens to be a
(very common) special case of "arbitrary content".
The risk of virus transmision would be there in any case, and
other systems have fallen victim to similar attacks even when
launching was not so easy (anyone remember CHRISTMA EXEC ?).
However the design choice to allow arbitrary content to be launched
in a single click makes the probability of infection *much* greater.
It's not as if Microsoft is the only party guilty of shipping
product that makes systems so vulnerable to infection. But the
more customers you have, the more systems you make vulnerable
when you make a mistake, and the greater your liability - not just
to your own customers but to everyone else on the net.
Keith