Benjamin Geer on Sun, 14 May 2000 07:50:11 +0200 (CEST) |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
Re: <nettime> Viruses on the Internet: Monoculture breeds parasites |
On Sat, May 13, 2000 at 11:26:12PM +0200, Menso Heus wrote: > On Sat, 13 May 2000, Benjamin Geer wrote: > > there is (or should be) a difference between 'opening' > > (i.e. viewing) an attachment and executing it as a program. When > > I click on an attachment in a mail agent, it should *not* execute > > it as a program. The idea that it might do so is completely > > absurd. It should simply show me the contents of the attachment. > > > This is again a matter of taste I'm afraid. I quite like it when > outlook opens attachments like jpgs for me etc. It basically opens > files with the associated program. The default action of a > scriptfile is 'execute' not view, users *can* rightclick and choose > view however, so again it is the luser that's the problem imho. I agree for images, and in fact my mail client is set up to open an image viewer for JPG attachments. This is because no harm can possibly come from viewing a JPG. But for scripts, I don't see when this would be a good idea. In what situation would you need to run a VBS script that you've received in the mail? > People shouldn't 'expect' anything from a program, they should RTFM. It would be wonderful if they did RTFM, but unfortunately they don't, and I think it's fair to say that software companies have led them to believe that they don't need to, since computers are now supposed to be 'user-friendly'. Software companies, including Microsoft, do try to accommodate people's expectations. For example, clicking in the middle region of the desktop does not erase your hard disk. If it did, people wouldn't buy Windows, even if this were clearly explained in the manual. I think it's asking too much to require the average user to understand that 'opening' a VBS file will execute it, especially since the average user has no idea what a VBS file is. However, I agree that if the operating system supports scripts, users need to know what script files are and what they can do. I think, though, that Microsoft is causing unnecessary confusion by using the word 'open' to mean 'run', e.g. when you right-click on a file in Windows Explorer. If the popup menu said 'Run this program' instead of just 'Open', people might think twice. Another possibility would be to use a different sort of security mechanism, so that executable code could be identified as coming from a trusted source, using a public encryption key. If you tried to run a script that didn't have a trusted public key, you'd get a dialog box saying 'Warning: This program is not known to be from a trusted source. It could cause your computer to burst into flames. Are you sure you want to run it?' Benjamin Geer # distributed via <nettime>: no commercial use without permission # <nettime> is a moderated mailing list for net criticism, # collaborative text filtering and cultural politics of the nets # more info: majordomo@bbs.thing.net and "info nettime-l" in the msg body # archive: http://www.nettime.org contact: nettime@bbs.thing.net