Re: Nautilus, metadata and extendet attributes

[Olaf Frączyk <olaf cbk poznan pl>]

On Sat, 2004-01-31 at 09:55, Xavier Bestel wrote:
> Le sam 31/01/2004 à 08:02, Heinrich Rebehn a écrit :
> > >>>No.  The usage of extensions is dangerous, period.  The fact that the
> > >>
> > >>I ask for ages: why? Many people are screaming that it dangerous, but no
> > >>one shown any scenario how it can be dangerous.
> > > 
> > > 
> > > Trust me.  It is.
> > 
> > Would you PLEASE care to show us an example? Your statement does not 
> > become true by repeating it a dozen times!
> 
> 
> Is that a bad joke ? I get nearly *one hundred* Windows virus daily
> which exploit the fact that stupid people encoded metadata into the
> filename.
Have you ever tried to understand how these viruses work?
Next day you will say that using web browser is dangerous. Period.
Why? - oh, look at MS Windows - they have a web browser and they have
millions of viruses. :)

But returning to main topic:
There are 3 main mechanisms which make such viruses dangerous:
1. Users stupidity - they click on .exe file in an attachment not
thinking about it. Sniffing helps nothing here - such users will run
files with viruses anyway.
2. Bad Windows defaults - user sees mypicture.jpg, but in real it is
mypicture.jpg.exe - this is because of hiding extensions. If you don't
hide - you have no problem.
3. Automatic code execution by IE, Outlook, Outlook Express - you see an
html attachment, but when you open it, an executable embedded inside is
run automatically. This is simply bad design of these applications. And
sniffing wouldn't help here either.

If you want to convince anyone that file extensions are dangerous,
please describe how is it possible. And just saying that OS XXX uses
them and there are many viruses for this OS is not enough.

Regards,

Olaf