I think it's simpler: don't touch untrusted content unless/until you need to.

marysol5 25 days ago | parent | next [-]

But that just moves it from 0-touch, to 1-touch (which is of course better).

But users are morons.

We STILL NOW, have people getting phished and pwning their employers.

	▲	olyjohn 24 days ago \| parent [-]
		Let's think about why that happens though We all go through that stupid phishing training. They give us a list of red flags to help determine if an email is legit. Then the next day, the CTO sends out an email that says IMPORTANT and the only text body says PLEASE READ THE ATTACHED .DOCX FILE. This is exactly what we were just trained not to open, but its from some exempt C-level who didn't have time to take the training, and all he is now doing is training the employees to open mails that look like phishing.

saagarjha 25 days ago | parent | prev | next [-]

Alas, there are a lot of things that you need to touch that are untrusted.

stavros 25 days ago | parent | prev [-]

That's easy, and already done. Phones only touch untrusted content when they need to, it's just that they need to touch it immediately upon receipt