Benjamin Geer on Sun, 14 May 2000 07:50:11 +0200 (CEST)


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: <nettime> Viruses on the Internet: Monoculture breeds parasites


On Sat, May 13, 2000 at 11:26:12PM +0200, Menso Heus wrote:
> On Sat, 13 May 2000, Benjamin Geer wrote:
> > there is (or should be) a difference between 'opening'
> > (i.e. viewing) an attachment and executing it as a program.  When
> > I click on an attachment in a mail agent, it should *not* execute
> > it as a program.  The idea that it might do so is completely
> > absurd.  It should simply show me the contents of the attachment.
> >
> This is again a matter of taste I'm afraid. I quite like it when
> outlook opens attachments like jpgs for me etc. It basically opens
> files with the associated program. The default action of a
> scriptfile is 'execute' not view, users *can* rightclick and choose
> view however, so again it is the luser that's the problem imho.

I agree for images, and in fact my mail client is set up to open an
image viewer for JPG attachments.  This is because no harm can
possibly come from viewing a JPG.  But for scripts, I don't see when
this would be a good idea.  In what situation would you need to run a
VBS script that you've received in the mail?

> People shouldn't 'expect' anything from a program, they should RTFM.

It would be wonderful if they did RTFM, but unfortunately they don't,
and I think it's fair to say that software companies have led them to
believe that they don't need to, since computers are now supposed to
be 'user-friendly'.  Software companies, including Microsoft, do try
to accommodate people's expectations.  For example, clicking in the
middle region of the desktop does not erase your hard disk.  If it
did, people wouldn't buy Windows, even if this were clearly explained
in the manual.  I think it's asking too much to require the average
user to understand that 'opening' a VBS file will execute it,
especially since the average user has no idea what a VBS file is.

However, I agree that if the operating system supports scripts, users
need to know what script files are and what they can do.  I think,
though, that Microsoft is causing unnecessary confusion by using the
word 'open' to mean 'run', e.g.  when you right-click on a file in
Windows Explorer.  If the popup menu said 'Run this program' instead
of just 'Open', people might think twice.

Another possibility would be to use a different sort of security
mechanism, so that executable code could be identified as coming from
a trusted source, using a public encryption key.  If you tried to run
a script that didn't have a trusted public key, you'd get a dialog box
saying 'Warning: This program is not known to be from a trusted
source.  It could cause your computer to burst into flames.  Are you
sure you want to run it?'

Benjamin Geer

#  distributed via <nettime>: no commercial use without permission
#  <nettime> is a moderated mailing list for net criticism,
#  collaborative text filtering and cultural politics of the nets
#  more info: majordomo@bbs.thing.net and "info nettime-l" in the msg body
#  archive: http://www.nettime.org contact: nettime@bbs.thing.net