That aside, one of the primary reasons for e-mail and networking computers was to do away with SneakerNet. Shops with a no-attachment policy might also want to consider disconnecting those pesky CD and floppy drives to eliminate other sources of infection. Here's another idea: Maybe the truly proactive security manager should insist that the openings of all CD and floppy drives on desktop computers be glued shut.
A much more realistic approach to the problem of the current crop of e-mail viruses is to apply the available patches. The SST incident wasn't as nasty as the LoveBug virus, in part because patched systems weren't affected, period. The ignorant, overworked, or sloppy seem to be the ones who were bitten. But even an overworked IT department has had months to make sure that the patches were on corporate systems and to assist home and remote workers with the task of hardening their systems.
The big problem isn't file attachments; it's the consultants, home office users, and telecommuters who pose trouble. It's not enough to ask the telecommuter to make sure the computer she uses is secure; all computers in the household have to be patched.
Just as King Canute commanded the tides to halt in vain as a demonstration of the difference between the powers of God and the power of kings, the believers in a no-attachment policy are ignoring the water lapping at their knees. Attachments aren't a "necessary evil," but an effective way for users of heterogeneous systems to transfer files. If we wanted text-only e-mail, then we should have stuck with PROFS. So if you're worrying about file attachments in e-mail but don't know if your Windows systems have the latest patches, it's time to get your priorities in order, and fast.