MozillaZine

Direcly launch exe

Discussion of features in Mozilla Firefox
Jcei
 
Posts: 6
Joined: November 8th, 2002, 1:38 am

Post Posted November 8th, 2002, 1:39 am

Is it possible to directly launch exe files instead of saving them to the HD ??

Stefan

User avatar
 
Posts: 2051
Joined: November 5th, 2002, 2:46 am

Post Posted November 8th, 2002, 2:38 am

Very unlikely.
To begin with, most webservers are non Windows so a windows .exe file wouldn't start on it.

Thumper

User avatar
 
Posts: 8037
Joined: November 4th, 2002, 5:42 pm
Location: Linlithgow, Scotland

Post Posted November 8th, 2002, 3:13 am

I think he means like IE does it, as in saving it to a temp folder and launching. This is specifically being left out of Mozilla and Phoenix because of security issues.

- Chris

djst
Moderator

User avatar
 
Posts: 2826
Joined: November 5th, 2002, 1:34 am
Location: Sweden

Post Posted November 8th, 2002, 5:08 am

thumperward wrote:I think he means like IE does it, as in saving it to a temp folder and launching. This is specifically being left out of Mozilla and Phoenix because of security issues.

- Chris


Which is really silly imo, since it still allows you to run .msi files (which are an equal security threat).

Jcei
 
Posts: 6
Joined: November 8th, 2002, 1:38 am

Post Posted November 8th, 2002, 6:28 am

IE does it and it's the only reason why I keep it.
It would be great to implement an option to de/activate it.

Stefan

User avatar
 
Posts: 2051
Joined: November 5th, 2002, 2:46 am

Post Posted November 8th, 2002, 8:58 am

Jcei wrote:IE does it


IE also have many more high severity secruity flaws then gecko.
There is a reason for that, IE does too much behind your back.

Eg not very long ago IE happily downloaded viruses from the net and executed them on your computer, without people noticing it.
If a geckobrowser did the same I would STOP using it too, and swith to Opera or something.

Besides, is it really that hard to download and then click in the icon manually to start it?
Seems like a 0.5 second inconvenience once a week or so on average.

Neva
 
Posts: 42
Joined: November 8th, 2002, 9:38 am

Post Posted November 8th, 2002, 9:41 am

If people *are* just going to run the program as soon as they've downloaded it, where exactly is the security aid in running it from the browser? It's a semi-useful shortcut, especially when you're like me and often checking out shareware... versus a "security flaw" which lies in the USER, not the software?

If people are going to do dumb things, they'll do them regardless. I really don't need my browser to protect me from the internet, just as long as it doesn't introduce any /new/ flaws.

What next, popups that say, "Ooh! You're visiting a page that may contain objectionable material! Avert your eyes!" every time I visit something not on an approved list? I'm 21 years old, thanks. I can decide myself what I want to run or not.

I can't be the only one who feels this way.

chrisMage

User avatar
 
Posts: 23
Joined: November 5th, 2002, 8:14 am
Location: Alabama

Post Posted November 8th, 2002, 9:44 am

now that somebody mentions it, that is one thing that has bugged me since my switch to mozilla/phoenix. If i'm downloading a patch or something else small that i have no intention of keeping, i have to save it to my desktop, run it, then delete it when i'm done.. It's not the end of the world, but I miss that feature from my IE days..

If it is a security issue, you could always make it disabled by default, and allow it to be enabled by people who know what they're doing.

Thumper

User avatar
 
Posts: 8037
Joined: November 4th, 2002, 5:42 pm
Location: Linlithgow, Scotland

Post Posted November 8th, 2002, 10:06 am

IE 6's behaviour is to still allow this but to force the user to click a dialogue box about it every time (they can't just wave it away like with most "download or open" boxes).

I can see why this is a useful shortcut. The risk is overplayed. But I've learned to live with it, because the inconvenience is minimal.

That rubbish about IE downloading viruses is pure FUD. I've never heard of anyone actually getting attacked by a virus while web-browsing. HTML mail exploits in Outlook are not the same as web-browsing in IE.

- Chris

Ted Mielczarek
 
Posts: 1269
Joined: November 5th, 2002, 7:32 am
Location: PA

Post Posted November 8th, 2002, 10:48 am

thumperward wrote:IE 6's behaviour is to still allow this but to force the user to click a dialogue box about it every time (they can't just wave it away like with most "download or open" boxes).

I can see why this is a useful shortcut. The risk is overplayed. But I've learned to live with it, because the inconvenience is minimal.

That rubbish about IE downloading viruses is pure FUD. I've never heard of anyone actually getting attacked by a virus while web-browsing. HTML mail exploits in Outlook are not the same as web-browsing in IE.

- Chris


Oh? Perhaps you haven't been paying attention.

There are plenty more, that's just one specific example.

Stefan

User avatar
 
Posts: 2051
Joined: November 5th, 2002, 2:46 am

Post Posted November 8th, 2002, 10:53 am

thumperward wrote:That rubbish about IE downloading viruses is pure FUD. I've never heard of anyone actually getting attacked by a virus while web-browsing. HTML mail exploits in Outlook are not the same as web-browsing in IE.


You are obviously not the slightest aware of what is happeining on the net in regard to secuity.

Last years largest Virus attack in the world (in infected computers) was caused by nimda, a virus/worm that could infect webservers and got downloaded to your computer automatically IN IE, NOT Outlook (you got a accept prompt however, but there are other bugs in IE to circumvent that a potential future virus could use).

The risk is overplayed.


You downplaying the importance of the security aspect is probably simply becuse you are blatantly ignorant in the subject. Read up on the basics first so you have a clue about what you are saying.

Thumper

User avatar
 
Posts: 8037
Joined: November 4th, 2002, 5:42 pm
Location: Linlithgow, Scotland

Post Posted November 8th, 2002, 7:52 pm

What I said was that IE didn't 'silently download viruses in the background', like you suggested. The Nimda worm isn't the same as some as someone clicking a link to "Install Winzip.exe" and choosing to "run from current location". The option to run from a temporary directory as opposed to saving and then running is of ZERO consequence security wise, as any dangerous program which your average idiot user will run is just as dangerous saved to his desktop as confirmed to run remotely in IE.

Your suggestion that IE's ability to save executables temporarily in the browser's cache and run them immediately (while still displaying a security warning) is a horrific security risk which unleashes all sorts of horrid virii on the user, comparing to Mozilla's forced saving of all executables to 'permanent' disk where they can be run at leisure is utter nonsense.

- Chris

Stefan

User avatar
 
Posts: 2051
Joined: November 5th, 2002, 2:46 am

Post Posted November 8th, 2002, 8:17 pm

thumperward wrote:The Nimda worm isn't the same as some as someone clicking a link to "Install Winzip.exe" and choosing to "run from current location".


No, it's defintly not the same thing. The only thing they have in common is "autoexecute on download".


thumperward wrote:The option to run from a temporary directory as opposed to saving and then running is of ZERO consequence security wise


This is not about software you choose to download yourself but that if you have a built in function to automatically run something at download it's a prime target for abuse. Anything the browser can do behind your back is bad for security.

You can't prevent people from doing stupid things, but you can use common scence when designing an UI to put up a "layered defence" where the user has to make many stupid things in order before something bad happens.

lucas
 
Posts: 14
Joined: November 7th, 2002, 8:17 pm

Post Posted November 8th, 2002, 8:59 pm

Stefan wrote:This is not about software you choose to download yourself

actually, i belive it is and if you had read thumperward's post you would know that

Jcei
 
Posts: 6
Joined: November 8th, 2002, 1:38 am

Post Posted November 9th, 2002, 1:24 am

A good way to protect inexperimented users from virii and security flaws is to format their HDD and just display a message at boot like "Now u r secure"

I'm harrased of having to save each time all the 30ko patch or software on my HDD. Have to click on the show file location and then launch it. How many Exe are downloaded and aren't launched immediatly ??

Return to Firefox Features


Who is online

Users browsing this forum: No registered users and 3 guests