LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 24, 2012

A uTouch architecture introduction

LWN.net Weekly Edition for May 17, 2012

Tasting the Ice Cream Sandwich

Highlights from the PostgreSQL 9.2 beta

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

commands to open vs. launch

commands to open vs. launch

Posted Jan 30, 2004 3:44 UTC (Fri) by stevenj (guest, #421)
In reply to: complacency? by hingo
Parent article: Just another Microsoft worm

I think double-click to launch is not too bad, as long as it pops up a scary warning the first time that it is an executable (or a shortcut to one) and not an ordinary file.

But maybe that's not hard enough. Maybe, by default, double-clicking a user-owned executable should pop up a scary warning with the instruction that if you really want to launch it you have to right-click and select Launch Possible Evil Virus from the menu. =) Well, I'm not entirely joking.

There's really not much reason to make it easy to launch executables owned by the user; most software should be installed as an explicit administration task via a package-installation tool. Some sysadmins may want to disable launching of user-owned executables entirely (at least from the graphical desktop).

(Log in to post comments)

commands to open vs. launch

Posted Jan 30, 2004 8:56 UTC (Fri) by hingo (guest, #14792) [Link]

A scary warning doesn't help, because people don't read them! They will just hit the default button, and if that doesn't do what they want they will try all the other buttons next. I've seen this happen so much, I think it's more of a rule than an exception. Sometimes even I don't read the warnings, because I think I know what it says and don't see that now it's really trying to tell me something.

The point is, people could be taught, that you can always double click on an attachment or on a file. For launching programs you would use the menu or the panel, or if you have shortcuts you would "do some other command" (middle click, right-click and choose from a menu...). That way, people would know what they are doing.

henrik

Better use of the executable bit

Posted Jan 30, 2004 11:10 UTC (Fri) by bockman (guest, #3650) [Link]

I think all user-interactive programs should make a better use of the executable bit:
- Downloaded files shall always have the executable bit not set;
- No software shall run files with the executable bit not set (and this should include all the script interpreters, bash python perl etc... ).

This would require the user to be aware of the difference between a data file and a program and to mark a program as such (and thush declaring it 'safe to be executed').

Better use of the executable bit

Posted Jan 30, 2004 17:58 UTC (Fri) by stevenj (guest, #421) [Link]

You can't trust this bit; there's too many ways for the user to be tricked into creating a file with the execute bit set (e.g. by uncompressing an archive).

There's really no reason to trust any user-owned executable.

Copyright © 2012, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds