reply
1.
Adam Azarchs:
As has been mentioned by others before, this would be far less of an issue if safari set the "this was a downloaded file" flag in the filesystem, so windows wouldn't execute it without throwing up an "This file is unsigned and probably will mess up your computer. Are you sure?" dialog.
i say:
dll loading can't be stopped with such flag
2.
Steve P:
1. Name your nefarious app 'My Computer.exe', 'My Desktop.exe', 'Internet Explorer.exe', hell, 'Safari.exe' :) 2. Give your app the appropriate icon 3. Rely on users having hidden file name extensions 4. Profit!
i say:
yeah it's an obvious risk(but not the one covered in ms advisory/news/media). ".lnk" may be better - this file name extension is always hidden! but there is a catch - users get informed about it by the safari downloads list.