The first case requires active user intervention. That's not a virus, it's a con-job. Save it as a .bmp? OK - then what? Who tries to run a .bmp? And even if you did, the OS should recognize it as a .bmp and merely try to display the 'fuzziness,' as best it can.
The second case, it's all data, just that some is hidden in a different kind of data. How would you execute it?
How it gets executed is the rub! I've already admitted that it is unlikely, today, to happen. I've also stated that any compromise is ultimately the fault of the application, not the data(/code). If the data causes a buffer over-run, for example, causing something to get written to memory not originally intended to house said data, and is then executed, that is a security failing of the application (and, by extension, the OS, and programming language, etc...).
Admittedly, buffer over-runs aren't as common as they once where (and that's good), but I chose it as a simple example (it is generally how SQL injections occur, as well). I still think that because we may have trouble envisioning how something might happen
today, does not preclude it becoming a possibility in the future. I'm not saying it is foregone, just that it might be possible.
NB.
Most (crime drama, etc) TV shows that use technology (and, specifically, computers) as part of the problem / solution, do so in an un-realistic manner. Whether that's due to poor knowledge, expectation of lack of knowledge of the audience or just as convenient plot devices (nee
deus ex machina), it still grates on me whenever I see (what I perceive as) a glaring error. I'm sure many at this forum share this sentiment at one time or another.
Dilber MC Theme by HarzeM