Re: Document Centricity in GNOME [LONG]

[Franck Martin <franck sopac org fj>]

"Brian F. Kimball" wrote:

> (sent only to gnome-gui)
>
> I *really* like the "Open Safely" idea.
>
> Franck Martin wrote:
>
> > You cannot expect every single piece of software to make the difference
> > between running the code and not running it.
>
> In the case of macros/scripting embedded in documents, you can and you
> should expect applications to be designed with security in mind.  Even
> Microsoft gives users the ability to turn off Word macros.  Plus, "Open
> Safely"  could be the equivalent of "gless BIG_NASTY_WARNING_FILE &&
> application" for the insecure apps, which would have the added benefit
> of pressuring the application writer to actually provide some security.
>
> In the case of documents that are pure code (like shell scripts), "Open
> Safely" can be the same as "Open" which should open the file in the
> user's favorite pager.  "Run" should actually execute it.
>
> IMHO "Open Safely" is absolutely wonderful because its very presence
> immediately informs users that "just opening" a document isn't
> necessarily safe, and that one should take precautions when dealing with
> files from untrusted sources.
>
> The only problem is liability... if "Open Safely" mistakenly opens a
> file unsafely or if a bug in the application is exploited, some very
> pissed off users might think they have good reason to sue, because they
> were told they were safe.
>
> > IMHO the best solution is to dissociate at file level the code from
> > the document. It will allow documents to be sent with their code
> > attached as a separate document. Mail software will be able to filter
> > the document from its code, and forbids any script or code to go
> > through, providing users the possibility to view the document without
> > the danger of running unknown code.
>
> (assuming I understand you correctly...)
>
> So we can't expect software that lets us disable potentially harmful
> features, but we can require that everyone design their file types in
> such a way that the "code" is in a separate file?  Please explain how
> you plan to get Microsoft, the rest of the software industry, and the
> entire free software community to agree to this.
>
> In any case, your idea seems to be exactly the same as "Open Safely"
> except it also puts extreme limitations on file design, something that
> GNOME cannot control.
>
> --
> Brian F. Kimball

I don't plan to make any person accept anything.

Ok, The open safely command should be present, and software should be design
with security in mind (Hellooo Microsoft ?). What I see is as a network
administrator, I'm responsible for what gets in and out. Documents are such
now that they are all time bombs waiting to explode. The ILOVEYOU virus was
mostly filtered out at the mailserver level, and that was after people
became aware of the problem. I see as a network administrator is not to
trust desktop software but server software. The easiest way in these cases,
is to stop anything harmfull to enter your network. For that Hardware
manufacturer are starting to remove floppy disks from PCs. The other way is
to filter attachements and let go through only dead documents to go through.
For the moment only a filtering by mime types can be envisaged for mail
software. I expect more and more network administrator to request filtering
software and to stop active documents entering the network (*.doc).

To have dead documents requires to separate the code from the rest of the
document.
An alternative could be that the gnome office could make sure that they have
a send mail button, that send the document minus code under a different mime
type. A kind of "send safe document", so that in your mailbox the
attachement cannot be run but only opened. In our organisation we use more
and more pdf to send word documents outside our organisation. PDF is very
limited in scripting which makes it secure.

These are just a few tought to avoid the spread of viruses... Do you know
also that your anti-virus software slows down the opening of documents to
unbeleivbale  amount of time. Disable your antivirus and open a document,
note the difference in time... How much money is lost because your
anti-virus has to scan each documents, while the place could be secure if
you secure the various points of entry....

Just a few disorganised toughts but worth having a debate on the issue
before  we are crippled by viruses and anti viruses.

Cheers...
Franck