Text 12009, 112 rader
Skriven 2006-07-08 08:07:56 av Antti Kurenniemi (1:379/45)
  Kommentar till text 12006 av Geo (1:379/45)
Ärende: Re: Windows shortcut 'trick' is a feature: Microsoft
============================================================
From: "Antti Kurenniemi" <NOantti@SPAManttikPLEASE.com>

It's all part of the "the web is the computer" revolution! Now you can just do
everything through your browser - and who wouldn't want to open their browser
and type in www.openmynotepadapplicationplease.com instead of just clicking on
a dull icon? This is just sooooo great, I'm going to put shortcuts to all
programs to my desktop and launch them via my browser, yeah!


Antti Kurenniemi
(not)

"Geo" <georger@nls.net> wrote in message news:44af0856$5@w3.nls.net...
>I don't understand how it can be useful to a user.
>
> Geo.
>
> "/m" <mike@barkto.com> wrote in message
> news:gc2ra2te4dtp9uevg78v4vt5fk1fq46th1@4ax.com...
>>
>>
> http://www.zdnet.com.au/news/software/soa/Windows_shortcut_trick_is_a_feature
_Microsoft/0,2000061733,39262246,00.htm
>>
>> ===
>> Microsoft has denied that a 'trick', which could allow an executable
>> file to be launched when a user types a Web address into Internet
>> Explorer, is a security vulnerability.
>>
>> Using Windows XP and Internet Explorer, it is easy to create a scenario
>> where a user types in a Web address -- such as www.microsoft.com -- into
>> their browser and instead of the launching the Web site, the browser
>> runs an executable file that is located on the user's computer.
>>
>> To test the 'trick' yourself, try the following:
>>
>>   Right click on the Desktop and create a new Shortcut
>>
>>   Point the shortcut to an executable -- such as
>>      c:\windows\system32\calc.exe
>>
>>   Call the shortcut www.microsoft.com
>>
>>   Start Internet Explorer and type "www.microsoft.com" into
>>   the address bar
>>
>> If the shortcut is then deleted -- or the characters "http://" are added
>> before the "www" in the browser address bar -- then IE will once again
>> connect to the Internet as expected.
>>
>> In a statement to ZDNet Australia on Tuesday, Peter Watson, chief
>> security advisor at Microsoft Australia, said this is not a security
>> vulnerability but actually a feature that could be used by legitimate
>> applications.
>>
>> "It's important to clarify the difference between security problems and
>> legitimate features. A security hole helps an attacker do something they
>> shouldn't be able to do, which is not the case in this instance.
>>
>> "Software that the user legitimately has installed on the computer might
>> need exactly this sort of feature provided by IE," said Watson.
>>
>> According to Watson, the 'trick' could be used to help automation.
>>
>> "For example, imagine if you needed to run a dialup connection to
>> connect to a certain site. The dial up connection might be called
>> "connect to mysite.com". You can see in that case how important it is
>> for Windows (or any operating system) to have flexibility for legitimate
>> software.
>>
>> "Organisations or individual users may require or desire to automate
>> part of the process for application connectivity with IE. Microsoft
>> views this as one of the advantages in using IE as a means of enabling
>> user access in that it provides users a consistent and seamless
>> experience," said Watson.
>>
>> However, security experts believe this particular 'trick' is unnecessary
>> and expect it to be exploited by malware writers.
>>
>> Michael Warrilow, director of Sydney-based analyst firm Hydrasight, told
>> ZDNet Australia that he tested the 'trick' using Windows XP SP2 and
>> found that although it worked using IE, Firefox users were safe.
>>
>> "Microsoft's so-called useful features have been shown time and again to
>> result in security exposures that are ultimately exploited for malicious
>> purposes. This will be no exception," he said.
>>
>> Frost and Sullivan Australia's security analyst, James Turner agreed: "I
>> would imagine that malware writers could definitely exploit this --
>> particularly with a little social engineering".
>> ===
>>
>>
>>
>>
>> I like this part:
>>
>> Microsoft views this as one of the advantages in using IE as a means of
>> enabling user access in that it provides users a consistent and seamless
>> experience," said [Peter Watson, chief security advisor at Microsoft
>> Australia].
>>
>>
>> Simply precious.  What more can I add, except to ask if Microsoft is
>> having an internal meltdown?
>>
>>  /m
>
>

--- BBBS/NT v4.01 Flag-5
 * Origin: Barktopia BBS Site http://HarborWebs.com:8081 (1:379/45)