| > The threat model here is phishing, not drive-by downloads. I think you missed my point. What if it isn't a phishing attack? Or even, what if it isn't just a phishing attack? Your suggestion leaves users vulnerable by encouraging them to open suspicious looking links on the off chance it is, at most, a phishing attack. > Browsers have a much greater ability to mitigate those. Except when they don't. For what it's worth, I've also seen mobiles fall victim to drive-by download attacks. > Also, a drive-by download email doesn't have to impersonate any particular sender, it just has to look like something that a user might want to click on. E-mail worms are spread by the trust relationship between people known to each other (ie a user opening an attachment because it's from a recipient they know). I don't see why drive-by download attacks couldn't exploit the same human condition (ie "Hey bob, check out this link. It's awesome"). In fact I have seen that kind of malware in the wild, now I think about it. |