User: Password:
|
|
Subscribe / Log in / New account

Nice writeup

Nice writeup

Posted Feb 27, 2009 5:09 UTC (Fri) by jimparis (guest, #38647)
In reply to: Nice writeup by pynm0001
Parent article: Desktop malware risk gets raised and patched

I think you misunderstood his point, which I read as: What if the "Exec=" command in the .desktop file is misleading? Such that the user reads your dialog box, decides the command looks benign, and then clicks Continue --> but really it was just a cleverly hidden attack.

I don't think you can expect to work around this any more than you can teach users to not trust "https://www.paypal.com.nigerian-scammers-love-you.com". However, it's an argument FOR keeping some text like "If you don't know where this came from or what's going on, click Cancel" in the dialog box.

As an example, your recent dialog (krun8.png) might end up reading:

"This will start the program:
xterm -e 'dd if=/dev/null of=/dev/sda'
If you do not trust this program, press cancel"

and users could think "Oh, well, I don't fully understand what that means, but I do trust xterm, so I'll click OK"


(Log in to post comments)


Copyright © 2018, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds