[tex-live] Install file of the TL should have unique name

Zdenek Wagner zdenek.wagner at gmail.com
Fri Jan 10 10:23:41 CET 2014


2014/1/10 Reinhard Kotucha <reinhard.kotucha at web.de>:
> On 2014-01-09 at 21:19:59 +0100, Zdenek Wagner wrote:
>
>  > 2014/1/9 Lars Madsen <daleif at imf.au.dk>:
>  > > I agree with Philip, it is a really annoying Win feature.
>  > >
>  > >From my point of view it is even one of the most dangerous
>  > misfeatures. If a user clicks "infectme.txt" assuming to open it in a
>  > notepad and it is in fact "infectme.txt.exe", the user's computer will
>  > be infected. The Windows users should be educated to:
>  >
>  > 1. configure Windows to display all extensions
>  >
>  > 2. do not click anything unless (1) is done
>  >
>  > 3. report this security risk to Microsoft
>
> Microsoft is aware of it but they don't care.  There was the famous
> I-love-you-Virus in 2000 which caused a lot of trouble worldwide.
> It was an e-mail attachment with the file name
>
>   LOVE-LETTER-FOR-YOU.TXT.vbs
>
>   http://en.wikipedia.org/wiki/ILOVEYOU
>
> The setup.exe files are quite dangerous too unless you exactly
> remember where you got them from.  A .exe file can contain arbitrary
> code.  So if you don't remember where a particular setup.exe file came
> from and/or what it contains, it's better to throw it away.  The .msi
> installer files are less dangerous because the extension .msi is
> associated with a particular program which doesn't execute arbitrary
> code.
>
> Similarly, there is no need to execute a self-extracting ZIP file.
> It's much safer to change the extension .exe => .zip before clicking
> on it.  I still don't know what self-extracting ZIP files are good
> for at all.
>
30 years ago ZIP utilities were not free, so self-extracting files was
advantageous because an author could distribute zipped files without
forcing others to buy pkunzip. I think nowadays free archiving SW is
easily available and even bundled in other programs as Norton
Commander etc.

> It's also advisable to be very careful with executable files in your
> working directory.  A severe bug is that Windows looks for executable
> files in the current working directory first.  Even worse, this
> behavior cannot be turned off.  No other OS has such a silly bug.
> The only solution is to be careful.
>
It comes from MS-DOS, so it is present also in OS/2 and eComStation.

>  > 4. spread this knowledge to other Windows users
>
> Yes, the best protection against malware is knowledge.  But many
> Windows users told me that they insist on convenience and don't want
> to be bothered with these things.  They assume that someone else is
> responsible for security.
>
> This reflects German mentality somehow.  If a German is killed in a
> car accident, everything is fine if the other one is the culprit.
> Thus it's impossible to establish a speed-limit on German highways.
>
>   http://www.youtube.com/watch?v=B3h2Rw1mHew
>
> Regards,
>   Reinhard
>
> --
> ----------------------------------------------------------------------------
> Reinhard Kotucha                                      Phone: +49-511-3373112
> Marschnerstr. 25
> D-30167 Hannover                              mailto:reinhard.kotucha at web.de
> ----------------------------------------------------------------------------
> Microsoft isn't the answer. Microsoft is the question, and the answer is NO.
> ----------------------------------------------------------------------------



-- 
Zdeněk Wagner
http://hroch486.icpf.cas.cz/wagner/
http://icebearsoft.euweb.cz



More information about the tex-live mailing list