Posts by onlinehah 2 publicly visible posts • joined 10 Jun 2008
Adam Azarchs said:
Granted, autorunning things in a place like the desktop where so many other things live isn't such a great idea, but until Safari started dumping turds onto it, it wasn't a security problem.
i say:
many people put weird things(like weird dll file) on desktop - they just won't run them. now windows "help" load them *automatically*.
1.
Adam Azarchs:
As has been mentioned by others before, this would be far less of an issue if safari set the "this was a downloaded file" flag in the filesystem, so windows wouldn't execute it without throwing up an "This file is unsigned and probably will mess up your computer. Are you sure?" dialog.
i say:
dll loading can't be stopped with such flag
2.
Steve P:
1. Name your nefarious app 'My Computer.exe', 'My Desktop.exe', 'Internet Explorer.exe', hell, 'Safari.exe' :) 2. Give your app the appropriate icon 3. Rely on users having hidden file name extensions 4. Profit!
i say:
yeah it's an obvious risk(but not the one covered in ms advisory/news/media). ".lnk" may be better - this file name extension is always hidden! but there is a catch - users get informed about it by the safari downloads list.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
