Warning!
"My OS is better than yours" flame war in 3... 2... 1...
Virus writers have begun using the unpatched shortcut flaw in Windows first exploited by the Stuxnet worm, which targets power plant control systems, to create malware that infects the general population of vulnerable Windows machines. Slovakian security firm Eset reports the appearance of two malware strains that exploit …
There shouldn't be a risk on any widely used operating system or platform that when an application or user attempts to read data, that code which arrives with the data gets executed outside of a very tightly sandboxed environment. In a more ideal world market forces would prevent operating systems or platforms (e.g. Windows or Flash) which blur this boundary from existing. In a monopoly ridden (i.e. closed source) world, users of such platforms (e.g. Windows, or Flash on Linux) have to put up with or mitigate the growing number of exploits which arise as symptoms of this architectural disease. Having to run security updates every week is patching the symptoms, and not curing this disease.
Previously posted :
http://www.kb.cert.org/vuls/id/940193
"Microsoft Windows fails to safely obtain icons for shortcut files. When Windows displays Control Panel items, it will initialize each object for the purpose of providing *dynamic icon functionality*. This means that a Control Panel applet will execute code when the icon is displayed in Windows. Through use of a shortcut file, an attacker can specify a malicious DLL that is to be *processed within the context of the Windows Control Panel*, which will result in arbitrary code execution."
... this is a feature which was insisted on by a marketing person, so that he could have icons which flashed purple and pink and jumped up and down while making Whee! noises.
An engineer pointed out that this was really bad system design with unlimited potential for security breaches.
The marketing drone pointed out that this was really cool artistic design with unlimited potential for supporting the Wubbly(TM) marketing campaign, and future highly profitable developments.
The engineer was over-ruled.
Wubbly(TM) was canned a few months later when someone higher up pointed out that it might cannibalise the sales of Microsoft Office. Which is why we have never heard of it and have been spared a proliferation of purple-and-pink-flashing active icons.
Unfortunately, not a proliferation of malware, because the engineer was right. (Engineers are *always* right, but no-one ever listens until after the design is changed without their approval, and the inevitable consequences follow).
All this is complete fiction based on no facts whatsoever. Have you got a better explanation?