> So, you go to a web page, click "Download", then click "Install"; and > you are surprised that it downloads and installs?
Yes. And it's not stupid, and I don't need the mocking. Regardless of what text they write in the HTML button, they could write "Blow up the world" and I would expect that button would be unable to blow up the world. In the HTML form, you click "Download and Install" and then the executable is launched in your OS. I thought the browser should not allow such a thing to happen. If Google is able to launch an EXE on your computer, with admin privs, just by clicking a harmless looking button inside a webpage, bypassing all the usual "This webpage is trying to run a program" security dialogs, bypassing the usual "This website is trying to download a file" confirmation and security and download dialogs ... How do they do it? Do malicious people use the same techniques to launch malicious programs upon unsuspecting users? What if they had made a pop-up, paid advertisement on some site, and made the "OK" button launch malware? What if they made the "Cancel" button launch malware? I thought the browser provided more security than that. _______________________________________________ Discuss mailing list Discuss@lopsa.org http://lopsa.org/cgi-bin/mailman/listinfo/discuss This list provided by the League of Professional System Administrators http://lopsa.org/
