This question is from a decomposition of http://stackoverflow.com/questions/678471/what-are-good-programming-practices-to-prevent-malware-in-standalone-applications
The question has to do with malware dynamically getting into a program by infecting data files which the program reads/writes.
Is it safer to require data be stored in a database and only use service calls, no direct file operations when accessing data for a program? Let's say your program loads many images, numeric data tables, or text information as it runs. Assume this is after the program is loaded and initialized to where it can make service calls.
Is it easier to infect a file or a database?