Direcly launch exe

Jcei · Post by **Jcei** » November 8th, 2002, 1:39 am

Is it possible to directly launch exe files instead of saving them to the HD ??

Stefan · Post by **Stefan** » November 8th, 2002, 2:38 am

Very unlikely.
To begin with, most webservers are non Windows so a windows .exe file wouldn't start on it.

Thumper · Post by **Thumper** » November 8th, 2002, 3:13 am

I think he means like IE does it, as in saving it to a temp folder and launching. This is specifically being left out of Mozilla and Phoenix because of security issues.

- Chris

Post by **djst** » November 8th, 2002, 5:08 am

thumperward wrote:I think he means like IE does it, as in saving it to a temp folder and launching. This is specifically being left out of Mozilla and Phoenix because of security issues.

- Chris

Which is really silly imo, since it still allows you to run .msi files (which are an equal security threat).

Jcei · Post by **Jcei** » November 8th, 2002, 6:28 am

IE does it and it's the only reason why I keep it.
It would be great to implement an option to de/activate it.

Stefan · Post by **Stefan** » November 8th, 2002, 8:58 am

Jcei wrote:IE does it

IE also have many more high severity secruity flaws then gecko.
There is a reason for that, IE does too much behind your back.

Eg not very long ago IE happily downloaded viruses from the net and executed them on your computer, without people noticing it.
If a geckobrowser did the same I would STOP using it too, and swith to Opera or something.

Besides, is it really that hard to download and then click in the icon manually to start it?
Seems like a 0.5 second inconvenience once a week or so on average.

Neva · Post by **Neva** » November 8th, 2002, 9:41 am

If people *are* just going to run the program as soon as they've downloaded it, where exactly is the security aid in running it from the browser? It's a semi-useful shortcut, especially when you're like me and often checking out shareware... versus a "security flaw" which lies in the USER, not the software?

If people are going to do dumb things, they'll do them regardless. I really don't need my browser to protect me from the internet, just as long as it doesn't introduce any /new/ flaws.

What next, popups that say, "Ooh! You're visiting a page that may contain objectionable material! Avert your eyes!" every time I visit something not on an approved list? I'm 21 years old, thanks. I can decide myself what I want to run or not.

I can't be the only one who feels this way.

chrisMage · Post by **chrisMage** » November 8th, 2002, 9:44 am

now that somebody mentions it, that is one thing that has bugged me since my switch to mozilla/phoenix. If i'm downloading a patch or something else small that i have no intention of keeping, i have to save it to my desktop, run it, then delete it when i'm done.. It's not the end of the world, but I miss that feature from my IE days..

If it is a security issue, you could always make it disabled by default, and allow it to be enabled by people who know what they're doing.

Thumper · Post by **Thumper** » November 8th, 2002, 10:06 am

IE 6's behaviour is to still allow this but to force the user to click a dialogue box about it every time (they can't just wave it away like with most "download or open" boxes).

I can see why this is a useful shortcut. The risk is overplayed. But I've learned to live with it, because the inconvenience is minimal.

That rubbish about IE downloading viruses is pure FUD. I've never heard of anyone actually getting attacked by a virus while web-browsing. HTML mail exploits in Outlook are not the same as web-browsing in IE.

- Chris

Ted Mielczarek · Post by **Ted Mielczarek** » November 8th, 2002, 10:48 am

thumperward wrote:IE 6's behaviour is to still allow this but to force the user to click a dialogue box about it every time (they can't just wave it away like with most "download or open" boxes).

I can see why this is a useful shortcut. The risk is overplayed. But I've learned to live with it, because the inconvenience is minimal.

That rubbish about IE downloading viruses is pure FUD. I've never heard of anyone actually getting attacked by a virus while web-browsing. HTML mail exploits in Outlook are not the same as web-browsing in IE.

- Chris

Oh? Perhaps you haven't been paying attention.

There are plenty more, that's just one specific example.

Stefan · Post by **Stefan** » November 8th, 2002, 10:53 am

thumperward wrote:That rubbish about IE downloading viruses is pure FUD. I've never heard of anyone actually getting attacked by a virus while web-browsing. HTML mail exploits in Outlook are not the same as web-browsing in IE.

You are obviously not the slightest aware of what is happeining on the net in regard to secuity.

Last years largest Virus attack in the world (in infected computers) was caused by nimda, a virus/worm that could infect webservers and got downloaded to your computer automatically IN IE, NOT Outlook (you got a accept prompt however, but there are other bugs in IE to circumvent that a potential future virus could use).

The risk is overplayed.

You downplaying the importance of the security aspect is probably simply becuse you are blatantly ignorant in the subject. Read up on the basics first so you have a clue about what you are saying.

Thumper · Post by **Thumper** » November 8th, 2002, 7:52 pm

What I said was that IE didn't 'silently download viruses in the background', like you suggested. The Nimda worm isn't the same as some as someone clicking a link to "Install Winzip.exe" and choosing to "run from current location". The option to run from a temporary directory as opposed to saving and then running is of ZERO consequence security wise, as any dangerous program which your average idiot user will run is just as dangerous saved to his desktop as confirmed to run remotely in IE.

Your suggestion that IE's ability to save executables temporarily in the browser's cache and run them immediately (while still displaying a security warning) is a horrific security risk which unleashes all sorts of horrid virii on the user, comparing to Mozilla's forced saving of all executables to 'permanent' disk where they can be run at leisure is utter nonsense.

- Chris

Stefan · Post by **Stefan** » November 8th, 2002, 8:17 pm

thumperward wrote:The Nimda worm isn't the same as some as someone clicking a link to "Install Winzip.exe" and choosing to "run from current location".

No, it's defintly not the same thing. The only thing they have in common is "autoexecute on download".

thumperward wrote:The option to run from a temporary directory as opposed to saving and then running is of ZERO consequence security wise

This is not about software you choose to download yourself but that if you have a built in function to automatically run something at download it's a prime target for abuse. Anything the browser can do behind your back is bad for security.

You can't prevent people from doing stupid things, but you can use common scence when designing an UI to put up a "layered defence" where the user has to make many stupid things in order before something bad happens.

lucas · Post by **lucas** » November 8th, 2002, 8:59 pm

Stefan wrote:This is not about software you choose to download yourself

actually, i belive it is and if you had read thumperward's post you would know that

Jcei · Post by **Jcei** » November 9th, 2002, 1:24 am

A good way to protect inexperimented users from virii and security flaws is to format their HDD and just display a message at boot like "Now u r secure"

I'm harrased of having to save each time all the 30ko patch or software on my HDD. Have to click on the show file location and then launch it. How many Exe are downloaded and aren't launched immediatly ??