[tex-live] Install file of the TL should have unique name

Reinhard Kotucha reinhard.kotucha at web.de
Fri Jan 10 02:42:15 CET 2014

On 2014-01-09 at 21:19:59 +0100, Zdenek Wagner wrote:

 > 2014/1/9 Lars Madsen <daleif at imf.au.dk>:
 > > I agree with Philip, it is a really annoying Win feature.
 > >
 > >From my point of view it is even one of the most dangerous
 > misfeatures. If a user clicks "infectme.txt" assuming to open it in a
 > notepad and it is in fact "infectme.txt.exe", the user's computer will
 > be infected. The Windows users should be educated to:
 > 1. configure Windows to display all extensions
 > 2. do not click anything unless (1) is done
 > 3. report this security risk to Microsoft

Microsoft is aware of it but they don't care.  There was the famous
I-love-you-Virus in 2000 which caused a lot of trouble worldwide.
It was an e-mail attachment with the file name



The setup.exe files are quite dangerous too unless you exactly
remember where you got them from.  A .exe file can contain arbitrary
code.  So if you don't remember where a particular setup.exe file came
from and/or what it contains, it's better to throw it away.  The .msi
installer files are less dangerous because the extension .msi is
associated with a particular program which doesn't execute arbitrary

Similarly, there is no need to execute a self-extracting ZIP file.
It's much safer to change the extension .exe => .zip before clicking
on it.  I still don't know what self-extracting ZIP files are good
for at all.

It's also advisable to be very careful with executable files in your
working directory.  A severe bug is that Windows looks for executable
files in the current working directory first.  Even worse, this
behavior cannot be turned off.  No other OS has such a silly bug.
The only solution is to be careful.

 > 4. spread this knowledge to other Windows users

Yes, the best protection against malware is knowledge.  But many
Windows users told me that they insist on convenience and don't want
to be bothered with these things.  They assume that someone else is
responsible for security.

This reflects German mentality somehow.  If a German is killed in a
car accident, everything is fine if the other one is the culprit.
Thus it's impossible to establish a speed-limit on German highways.


Reinhard Kotucha                                      Phone: +49-511-3373112
Marschnerstr. 25
D-30167 Hannover                              mailto:reinhard.kotucha at web.de
Microsoft isn't the answer. Microsoft is the question, and the answer is NO.

More information about the tex-live mailing list