[Piskvorrr]

Oh, you can. Just like you can inject any random substance given to you by a stranger.

Being aware that both are high risk activities is the point, methinks.

[sp332]

There's absolutely no reason that sending a link to someone should be able to pwn their box. There's no reason to make such fragile email systems.

[ihattendorf]

What if they click the link, run the downloaded invoice.EXE, and enter their password when prompted? At a certain point, the user needs to be educated enough to avoid this.

PDF/Office macros are a whole other topic though.

[sp332]

There's a really big gap there. Look at chromeOS - you can click a lot more email links on that OS without getting ransomware'd.

[Piskvorrr]

Is it because the OS is inherently more secure, or because the malicious code is not written for that OS?

[sp332]

Yeah, the sandboxing helps a lot. I mean look at iOS - super popular, huge target for malware, but it hardly ever gets hacked.