Let's review Computer Security 101 with a case study in Mainstream Media Morality Play Nonsense 102:<p>The article is garbage. Nonsense. Brain-dead. Trying to jerk people around by the gut.<p>'Vanity Fair' is for what, overly emotional, determinedly non-technical, easily scared, fundamentally incompetent and, thus, dependent, young woman who want to gossip about fashion and celebrities?<p>If the article had anything, then it would have explained something solid; since nothing solid was explained, it must not have had anything.<p>So, the article starts with:<p>"Lying there in the junk-mail folder, in the spammy mess of mortgage offers and erectile-dysfunction drug ads, an e-mail from an associate with a subject line that looked legitimate caught the man’s eye. The subject line said '2011 Recruitment Plan.' It was late winter of 2011. The man clicked on the message, downloaded the attached Excel spreadsheet file, and unwittingly set in motion a chain of events allowing hackers to raid the computer networks of his employer, RSA. RSA is the security division of the high-tech company EMC. Its products protect computer networks at the White House, the Central Intelligence Agency, the National Security Agency, the Pentagon, the Department of Homeland Security, most top defense contractors, and a majority of Fortune 500 corporations."<p>and in particular:<p>"The man clicked on the message, downloaded the attached Excel spreadsheet file, and unwittingly set in motion a chain of events allowing hackers to raid the computer networks of his employer, RSA."<p>Garbage. Absolute reeking, fuming, bubbling, flaming, smelly, gooey, sticky, yucky nonsense.<p>So, he received an e-mail message. Okay, we're talking likely post office protocol 3 (POP 3).<p>Back when I was using OS/2 and had no decent e-mail software, I took out an afternoon and wrote my own POP 3 client e-mail software. I used it for years. I'm about to ditch Outlook 2003 and return to what I wrote (in Rexx) on OS/2.<p>Gotta tell you, no way, not a chance, was there any way to infect my computer by sending me e-mail. Not in this galaxy. Send me anything you want, pictures, viruses, root-kits, Flash, infected, 'active' PDF files, EXE files, Active-X files, spreadsheets, etc., and no way will my computer be 'infected'. Just impossible.<p>Why: First, the data that comes via POP 3 is lines of text of just 8 bit characters. Period.<p>At the beginning are the 'header lines'. The end of the header lines is denoted by one blank line.<p>The rest of the e-mail is just the 'body', and it is just more lines of text of 8 bit characters.<p>Harmless. It's just some simple minded data as lines of 8 bit characters. Can put the data in an ordinary file, edit it with an ordinary editor, view it on the screen, print it out, etc. All harmlessly.<p>The body may have a PDF file, a movie, some audio, some Flash, and EXE file, a spreadsheet, etc., and still it's all just harmless data. Period.<p>If there is one or more 'attachments', then each of these is delimited by a line with some text indicated in the header. Each such attachment is just more lines of text. To permit sending any data at all, these lines of text consist of just 65 simple-minded, old ASCII printable characters. You can print them out, and they won't hurt you, steal your bank records, install software on your computer, etc. They are 100% harmless.<p>Those 65 characters are part of a scheme called 'base 64 encoding' which is part of the e-mail 'multi-media internet mail extensions' (MIME).<p>For such an attachment. can follow the base 64 rules and 'decode' the attachment back to the original data in the file. The file, then, will be a sequence of 8 bit bytes. Give the file any name you want and put it in any directory ('folder') you want. Yes, you do NOT want to put the file where other software will use that file without your knowledge; but why would you do that? E.g., don't overwrite some important operating system DLL file.<p>The file may be in the format of an EXE file, JPG file, GIF file, PNG file, XLS file, etc. Still it is just a file, just a sequence of bytes. Like any other sequence of bytes, it's harmless, will not cause blindness, falling hair, black toenails, or an infected computer. You can copy it, back it up, send it as an attachment via e-mail, etc. all harmlessly.<p>The file can be a virus, a root-kit, a Trojan, malicious, malevolent, nasty, etc., but STILL is just 100% harmless, safe, and innocuous. No rubber gloves needed.<p>Now, if the computer is being used by a total dummy, idiot, drooling on the keyboard, licking the screen, etc., then there might be a threat: The rube might permit such a file to execute as software on their computer. Dumb. Stupid. Brain-dead. Don't do that. Never do that.<p>First rule of computer security:<p><pre><code> Never, ever permit data from an untrusted
source to execute as software.
</code></pre>
Never. Ever. Don't do that.<p>So, if there was a computer security problem, then it was NOT the e-mail, the attachment, or the spreadsheet but JUST some total idiot who let such an attachment execute as software.<p>Any author of any e-mail program that lets data execute as software without very explicit approval of a user should be dragged through the streets while peasants throw garbage, two week old dead animals, night soil, upchuck, toxic witch's brew, effluent from tanning animal skins, etc., racked, excoriated, eviscerated, drawn, quartered, hung, dried, roasted, and fed to sick animals.