[3485] in WWW Security List Archive
Replacement Netscape PopUp Message
daemon@ATHENA.MIT.EDU (Dave Kinchlea)
Thu Nov 7 15:09:02 1996
Date: Thu, 7 Nov 1996 09:47:33 -0800 (PST)
From: Dave Kinchlea <security@kinch.ark.com>
Reply-To: Dave Kinchlea <security@kinch.ark.com>
To: "Mirick, James R." <692-1709@mcimail.com>
cc: "David W. Morris" <dwm@xpasc.com>,
www security <www-security@ns2.rutgers.edu>
In-Reply-To: <84961107141948/0005516966NA4EM@MCIMAIL.COM>
Errors-To: owner-www-security@ns2.rutgers.edu
Given what David Morris and James Mirick have said, I propose the
following as a replacement for the PopUp message that David originally
sent. Does ANYONE believe that this would improve the situation for
`basic' users?
WARNING:
You have just instructed Netscape to download a potentially
dangerous file to your computer. Netscape requires the use of an
external program to `view' the file HUH.WAV.
Because of the way that Netscape has been configured on this
computer, the program C:\WINDOWS\SNDREC32.EXE will be used to `view'
the document. As it is *trivial* to: a) reconfigure Netscape anb b) to
install applications onto your computer, Netscape cannot make any
guarantees as to whether C:\WINDOWS\SNDREC32.EXE is suitable or safe
to use to view the file HUH.WAV as you have instructed it to do so by
downloading it.
Every user should be aware that it is possible to download
files from the Internet, possible put there by other people with
malicious intent, that *could* damage your computer. While most files
you download, and most sites that allow you to download files, are
safe (that is, the files will *not* do any damage), Netscape has no
ability to determine which files and sites are safe and which ones are
not.
To help you, the end-user, Netscape offers the following
choices with regards to this file type, this site and the application
that Netscape will use to `view' the file:
1) DO use the application C:\WINDOWS\SNDREC32.EXE to `view'
the file HUH.WAV from the site http:\\www.whoknows.com\ this time
ONLY, prompting next time with this very same message
2) DO NOT use the application C:\WINDOWS\SNDREC32.EXE to,
`view' the file this time ONLY, prompting next time with this very
same message.
3) ALWAYS use the application C:\WINDOWS\SNDREC32.EXE to
`view' any file of type ".wav" and DO NOT prompt with this (or any
other) message in the future
4) NEVER user the application C:\WINDOWS\SNDREC32.EXE to
`view' any file of type ".wav" and DO NOT prompt with this (or any
other) message in the future
5) DO use the application C:\WINDOWS\SNDREC32.EXE to view the
file HUH.WAV this time and DO prompt with this same message the next
time a ".wav" file is downloaded
6) DO NOT use the application C:\WINDOWS\SNDREC32.EXE to view
the file HUH.WAV this time and DO prompt with this same message the
next time a ".wav" file is downloaded
7) DO use the application C:\WINDOWS\SNDREC32.EXE to `view'
the file this time and every time a ".wav" file is downloaded from
http://www.whoknows.com without prompting (but prompt for other sites)
8) NEVER use the application C:\WINDOWS\SNDREC32.EXE to `view'
a ".wav" file http://www.whoknows.com (this does not affect other
sites)
HOT LINKED GLOSSARY
Client: A computer which will accept files for download from a server
Download: to download is to transfer a file from a `server' to your
own computer.
Extension: The final 3 (or more on some operating systems) characters
following the dot "." in a file name and is generally used to
describe the expected contents of a file)
Server: A computer which will provide files for download to clients
View: Netscape uses the word `view' to describe whatever action is
necessary to deal with the file in question, this could range
from displaying it on your screen, to using your sound-card,
to running arbitrary programs.
