Dan Gillmor's current post on Siliconvalley.com about MyDoom is interesting reading as are some of the comments attached to the post. Dan writes that he doesn't open any attachment that arrives in his email that he hasn't specifically requested. I also adopted this policy some years ago and I think it has served me well. Unfortunately it means I automatically have to delete most of the emails my mother sends me (which usually have an e-card or something attached). Is my mother the only one in the world who does this?
And internally at MS, most people now send a link to a Windows Sharepoint Teamsite to share a document, rather than attaching it (which of course saves our bandwidth as well as reduces the threat of a dodgy attachments).
However, some of the people commenting on the site believe users shouldn't be blamed for opening files containing virus-laden attachments. Instead, some argue, Microsoft should be blamed for allowing so many security holes in Windows / Outlook. Someone called Lee Riemenschneider even suggests that virus writers might be “trying to compensate for a lack of action by the courts in limiting Microsoft's anti competitive business practices and are fighting the next PC revolution“ and draws an analogy between the virus writers and the Boston Tea Party. No-one yet has mentioned RSS as one of the antidotes. Where is Scoble when we need him?! :-)