[Lotus Notes Sucks: Example 55]
The Attachment Window, Part 2
Problem
A work colleague received an email message and suspected that the message contained a virus. So he wanted to view the attachment to be sure. As you can see, the Attachment window gives the user a choice to View, "Launch," or "Detach." The poor names notwithstanding, he clicked View to view the attachment.
Unfortunately, the attachment was a program information file (.pif), which is a file that is used to store information about DOS programs that need to run in early versions Microsoft Windows. Unfortunately, the file contained malicious instructions. Unfortunately, Lotus Notes executed the attachment, thus his computer became infected.
Analysis
Suppose I were looking at an attachment that was a batch file that contained the following command:
del c:\*.*
If I were to click Launch, I would expect files to be deleted. If I click View, as my work colleague did, I would expect to see the code.
View means view, Launch means open the attachment with the application associated with the file's extension or run the executable. View means show me what's in the file, but don't run it. This means don't run macros embedded in Microsoft Word documents. View should be a safe way to figure out if an attachment is safe.
Batch files, program information files, scripts, etc. can be viewed but not run, so Lotus Notes again fails the user.
Update for Version 6.5.2
It appears this problem is fixed. But I do say this: Lotus Notes does open the currently selected attachment if you click Open. So if you receive an attachment that ends with .PIF, I wouldn't open it, because that would run it. I hope the secretaries around here can remember that.
User Interface Guideline Violations
- Interface does not do as the user expects.
- Forcing the user to deal with stupidity.
Conclusion
Lotus Notes sucks.