OSNews

> But malware may have a hard time as well, if it's left without executable permissions.

Specially forged data files do not have executable permissions but execute code anyway through buffer overflow attacks.

Not all scripting interpreters require the script to have executable permissions. The script could also be embedded in a datafile.

Social engineering attacks don't have a hard time in making the user set executable permissions.

... and so on. You can of course pretend the problem doesn't exist. But you could also understand the cause of these problems, why file permissions alone *don't* handle them, and find a better solution. This doesn't mean file permissions are useless - in fact they'd probably play an important role in a proper solution. But they are not a solution to everything if taken alone.

On a side note, many "computer specialists" avoid responsibility for social engineering attacks altogether, probably with excuses such as "people shouldn't be so stupid", or "we can't solve this problem anyway", or "we aren't the right people to solve this problem", or whatever. Saying that file permissions solve the malware problem tends to lead in the same direction.

"A virus is something that infects the system and screws it up..."
No, a virus is something that infects a system and uses it to spread further. Damaging the infected system is not always a goal.

"But malware may have a hard time as well, if it's left without executable permissions."
Not really, since the owner of a file always can change its permissions and a file can still be run even if it doesnt have the execute permission (ie "/bin/sh somescript").