The short answer: because all malware/viruses/worms are executables and the principal type of executables are EXE files (in a Windows-based environment).
The majority of phishing attempts with drive-by-downloads try to entice you to download EXE files and run them locally. EXE files should always be blocked. You can open certain files on a case-by-case basis and in a very controlled fashion, but that’s the extent of it.
EXE files are one of the primary vectors of attack, however they work in concert with the fact that most Windows installs are in DEFAULT PERMIT mode and the user operates the computer in an administrative context.
Transferring EXE files wouldn’t be a problem if all users operated in an ‘ordinary user’ context, thereby being prevented from installing programs without increasing their security level (i.e., as in Ubuntu Linux where you have to grant permission to run the programs as root, a sudo ‘do-something’).
Windows’ DEFAULT PERMIT approach is probably the cause of most of the security problems we have today. That and lazy users! If everything was instead DEFAULT DENY, there would be much less need for security solutions.
Another problem stems from the fact that it’s darned hard to create an account in Windows that limits execution. You can setup group policies, sure, but a lot of software programs expect full control over resources to be able to function properly. The blog referenced reviews a great program called ‘ExeLockdown‘ that lets you define the allowed executables on your system versus having to list all possible malware (i.e. enumerate ‘goodness’). It’s a lot easier to whitelist the 30 or so apps that you run than to blacklist half-a-million (and growing) executables.
Hence, IMHO, this is why we must block EXEs.
The customer in question was having problems with an end-user wanting some justification why he [the end-user] wasn’t allowed to receive EXEs over Email. He wanted a ‘blurb’ so I gave him one