LISTSERV - HP3000-L Archives

HP3000-L Archives

July 2001, Week 3

HP3000-L@RAVEN.UTC.EDU

	LISTSERV Archives
	HP3000-L Home
	HP3000-L July 2001, Week 3

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: Snow white -- is it just me?
From:	[log in to unmask]
Reply To:	[log in to unmask]
Date:	Mon, 16 Jul 2001 16:21:01 -0400
Content-Type:	text/plain
Parts/Attachments:	text/plain (58 lines)

X-no-Archive:yes
Tom Emerson wrote:
> The root problem, however, is the plethora of things windows considers to
> be "executable", and by "clicking" on a file with a particular file
> extension [a bozo implimentation {sic} if ever I saw one (*)] causes the
windows
> GUI to attempt to load & execute something of questionable origin.
You seem to be confusing three concepts, what is in fact executable, what is
associated with an executable, and what is an OS-executable script.
Winword.exe is an executable. .DOC is associated with Winword.exe. .doc's
association with Word runs a program I have already installed. This is very
different from running some .com or .com whatever binary someone attaches to
an email. The fearless among you might want to look at
http://216-118-15-3.pdq.net/emailgag/EXE's/Greeting.exe as something which
looks and acts as dangerous as it could be, but is not actually dangerous.

Tom refers to things listed as in file associations as executable. Running
assoc|find /c "." tells me that I have 465 associations, so I won't be
reviewing them, although if you are worried about these accumulating, feel
free to keep track of them. But a cursory examination shows me that WinZip
associated files are considered executable. That is because ZIPs allow for a
file to be ran after it is unzipped (or whatever form of compression is
used). This is closer to the idea of a Word document having an embedded
macro, to allowing a data file to also contain something which can be ran.
And opening a Word document or Zip file is still a very different thing from
running a text file that is also an OS-executable script (like a VBS) or
running an attached executable.

.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH are all values of PATHEXT
on my workstation, and they are treated as executables, and do not require
me to install or have anything outside of Windows, even though some of them
are just scripts. I guess one could remove .VBS, et al, from that list, if
one is concerned. I'm not, because I take other steps to prevent these
problems, such as using Windows Update and Office Update to stay updated,
using an AV scanner, and not opening attachments such that they can be
executed. It is more involved to associated .vbs with an editor, while
preserving the ability to run it when desired, but it is one solution.

I don't for instance expect to see any viruses written in perl. perl.exe is
an executable. .pl is the standard extension associated with a perl script.
And I use this as an example, because perl scripts are something that can
run. So, if one has .pl associated such that the default is to run them,
then double-clicking on someone's attached. pl is a bad idea. However, it
would require that one have a perl interpreter installed, and have .pl
associated such that it is ran when opened, instead of simply opened in a
text editor. But a perl virus would require the victim to have perl
installed and so associated.

Now if Windows users would learn to use protocol links, instead of emailing
attachments, maybe we would appreciate Windows's ability to open documents
by association somewhat more.

Greg Stigers
http://www.cgiusa.com

* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *

ATOM RSS1 RSS2

RAVEN.UTC.EDU