[3465] in WWW Security List Archive
NS Security Prompt Not for Novices
daemon@ATHENA.MIT.EDU (David W. Morris)
Wed Nov 6 00:47:51 1996
Date: Tue, 5 Nov 1996 19:37:39 -0800 (PST)
From: "David W. Morris" <dwm@xpasc.com>
To: www-security@ns2.rutgers.edu
Errors-To: owner-www-security@ns2.rutgers.edu
A widely used but technically not the most current version of
Netscape (2.0) provides a security warning dialog box which is
a great example of how to avoid getting a responsible decision
from novice users. I just encountered the following prompt
when accessing a web page:
>Warning: There is a possible security hazzard here.
Netscape will launch the application c:\windows\sndrec32.exe in
order to view a document.
You should be aware that any file you download from the network
could contain malicious program code (applications) or scripting
language (documents). Simply viewing the contents of these files
could be dangerous.
Take precautions: donot download anything from a site that you
do not trust.
Are you sure you want to continue?
++
++ don't show this for c:\window\sndrec32.exe again.
Note: To show this alert again, edit your NETSCAPE.INI file.
( the ++/++ above is a check box).
After some effort, I guessed that the file was the *.wav file
embeded in the html file. How a basic user could make a rational
decision is problematic.
Dave Morris
