Re: head off email viruses: distinguishing documents from executables?

["Curtis C. Hovey" <sinzui cox net>]

On Wed, 2003-11-05 at 19:57, Steven G. Johnson wrote:
> On Thu, 6 Nov 2003, Julien Olivier wrote:
> > It means that if you receive an email containing from someone who
> > appears to be a friend of yours, with an attached archive (zip or tgz
> > for example), this archive could contain binary files with the exec bit
> > set. Of course, a well-educated user would never run a binary files
> > contained in an archive if he isn't 100% sure what it is. But, to avoid
> 
> Let me further point out that it's not always clear what is a binary file,
> e.g. if you get a tarred file called "britney.jpg " which is really a
> binary with the execute bit set.  This is the core of the problem.
> 
> My basic argument is that any widespread vector for email viruses
> (e.g. .zip attachments containing executables disguised as
> documents) indicates a UI flaw.  In this case, the flaw is that it is not
> easy to readily distinguish between launching an executable (or .desktop
> file) and opening a document.

When a text file is locked, the lock emblem is displayed on the icon. 
We can have an launch icon display on executable files.  In the case of
britany.jpg, the thumbnail wouldn't render on my desktop...being the
first clue that the file's mime-type is a lie.

I like Nautilus's dialog that asks if I want to run or edit the
executable text file, because I have accidentally launched what I wanted
to edit.  I think it's a good idea to extend the behavior to any
executable that is not in the user's $PATH.  I think we should add this
feature to GNOME before GNOME is the average user's (and script
kiddie's) desktop.

-- 
__C U R T I S  C.  H O V E Y____________________
sinzui cox net
Guilty of stealing everything I am.