Historically, passworded .zip files have been the only remotely acceptable way to e-mail executables. I'm hesitant to give that up.
ACK. Some AV vendors even request samples of exectuables in passworded zips.
I'd still rather allow all passworded .zips and rely on the client's AV to nab it.
People using pgp / gpg to exchange executables between them would possibly be the way to go. Then again people who have heard about p/gpg aren't the ones who click on executables randomly anyway. There's still an education issue with new Internet users of which there seem to thousands a day who fall for these worms. After all there are driver licenses for normal highways but none for the "information super highway".
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
