Re: Help with strings for "solution" for desktop file "virus" problem

From: Dan Winship <danw gnome org>
To: Alexander Larsson <alexl redhat com>
Cc: desktop-devel-list gnome org
Subject: Re: Help with strings for "solution" for desktop file "virus" problem
Date: Fri, 20 Feb 2009 11:44:04 -0500

Alexander Larsson wrote:
> So, there has been a lot of attention on the internets recently about
> the the desktop file "virus" issue.
> 
> I think its all pretty overblown, and any solution we have that doesn't
> completely neuter the feature will just involve users learning to work
> around the issue in cases where this is correct, and thus are likely to
> do this when they are targets of an actual attack.

What is the attack? Get someone to download a .desktop file off a web
page? Is there any situation where that *should* work?

I'd say, something like: if they double click on a non-"trusted"
.desktop file, give an error saying "The file %s looks like an
application launcher, but it is broken and cannot be opened." with a
"More Details" button that explains "For security reasons, launchers
that are not installed in system directories must have the executable
bit set". Do not provide a button to fix the problem or a link to
further help. If the user doesn't know what "the executable bit" means,
and how to fix it themselves, then they would not have been playing
around with desktop files in a way that would have triggered the dialog,
and so the most likely guess is that they're being hacked.

-- Dan

Follow-Ups:
- Re: Help with strings for "solution" for desktop file "virus" problem
  - From: Stef
- Re: Help with strings for "solution" for desktop file "virus" problem
  - From: Simos
- Re: Help with strings for "solution" for desktop file "virus" problem
  - From: Alexander Larsson

References:
- Help with strings for "solution" for desktop file "virus" problem
  - From: Alexander Larsson

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]