On Sat, 12 Dec 2009, Edward Ned Harvey wrote: >> agree that this is a problem), but there is no reason to expect that >> the >> browser would be unable to do something like this. The browser is just >> another application (just like a flash or jave app running in the > > There is no reason to believe the browser is unable to run things, but the > browser is specifically designed NOT to launch things without confirmation. > > If you follow this link: > http://download2.winzip.com/winzip140.exe > > Then your browser will prompt you, "Would you like to download this file?" > Or perhaps "Do you want to Save, or Run?" It will not download > automatically, and it will not run automatically. > > The browser is designed not to run things without your permission. It is so > universal, that it is shocking to see any other behavior. > > Yes, it is shocking and disturbing to click a link, and see a new > application launch, without any security confirmation dialog. I am thankful > that it happened on a product I actually want to run, but it makes me wonder > how easy it is for somebody bad to do the same thing with a bad product.
I know that firefox has the ability to say 'only install from trusted sources'. given the emphisis on making things 'easy to use' it wouldn't surprise me to see them saying that if it's a highly trusted site, install without prompting, and for the browser vendor to set themselves up as such a highly trusted site. I don't agree with this decision, but it doesn't shock me. now the question is where this configuration is and how easy it is for the user to change it. David Lang _______________________________________________ Discuss mailing list Discuss@lopsa.org http://lopsa.org/cgi-bin/mailman/listinfo/discuss This list provided by the League of Professional System Administrators http://lopsa.org/
