Of course! I am not voting for banishing the thing. I'm voting for a secure environment to work with in first place, THEN user will decide how far he wants to go despite the risks. So it will not be XY fault, in the event of a disaster.Hallgren:Maybe because in this case, that's what a user is normally asking it to do?SkyFrontier wrote:
On the other hand, why the hell a FILE MANAGER should behave like a web browser?
not able to see HTML as HTML
-
- Posts: 2341
- Joined: 04 Jan 2010 14:27
- Location: Pasárgada (eu vou!)
Re: not able to see HTML as HTML
New User's Ref. Guide and Quick Setup Guide can help a bit! Check XYplorer Resources Index for many useful links!
Want a new XYperience? XY MOD - surfYnXoard
-coz' the aim of computing is to free us to LIVE...
Want a new XYperience? XY MOD - surfYnXoard
-coz' the aim of computing is to free us to LIVE...
Re: not able to see HTML as HTML
Erm.. I see no point in warning before previewing files. This is just needlessly coddling the user. Just accessing files through any software can cause infection.
Should XY also warn you before running/opening any item, because you might infect your machine?
There's the new vulnerability that only requires that Windows attempt to extract a lnk/pif's icon to exploit the machine, should XY now disable non-generic icons by default and then sound the sirens and flash the screen to warn the user when they change this setting?
The user needs to start acting responsible instead of blaming their tools all the time.
Might as well just convert XYplorer to a single dialog: "The mere act of using a computer could lead to it being infected by a virus. To protect you XYplorer insists you turn your computer off and go outside."
Should XY also warn you before running/opening any item, because you might infect your machine?
There's the new vulnerability that only requires that Windows attempt to extract a lnk/pif's icon to exploit the machine, should XY now disable non-generic icons by default and then sound the sirens and flash the screen to warn the user when they change this setting?
The user needs to start acting responsible instead of blaming their tools all the time.
Might as well just convert XYplorer to a single dialog: "The mere act of using a computer could lead to it being infected by a virus. To protect you XYplorer insists you turn your computer off and go outside."
Re: not able to see HTML as HTML
1. If I'm opening a web file on my computer, it's highly likely that it's been opened before in a web browser and then saved. If it was a security threat, you would have already been exploited.SkyFrontier wrote:Of course! I am not voting for banishing the thing. I'm voting for a secure environment to work with in first place, THEN user will decide how far he wants to go despite the risks. So it will not be XY fault, in the event of a disaster.Hallgren:Maybe because in this case, that's what a user is normally asking it to do?SkyFrontier wrote:
On the other hand, why the hell a FILE MANAGER should behave like a web browser?
2. If we want to protect users from security threats, then we have to apply the same rationale to lots of file formats.
3. With the above said, I can see a use where a user might want to inspect potentially dangerous files. Maybe a separate entry in the preview format that allows users to list which extensions should have a warning on the preview page before the file is loaded?
Last edited by cpusrvc on 29 Jul 2010 16:44, edited 1 time in total.
Re: not able to see HTML as HTML
I'm a bit skeptical here...
When I "Preview" a textfile it's "browsed", i.e. not opened in Editor.
But when I "Preview" a html-file it's "executed" in IE?
Shouldn't doubleclick be enough for "Execute"? And Preview only preview (the text)?
This said with respect to the security issues shown by SkyFrontier...
When I "Preview" a textfile it's "browsed", i.e. not opened in Editor.
But when I "Preview" a html-file it's "executed" in IE?
Shouldn't doubleclick be enough for "Execute"? And Preview only preview (the text)?
This said with respect to the security issues shown by SkyFrontier...
Re: not able to see HTML as HTML
Correct. It's like an email client that has a "preview" pane. It has to open (download) the entire email into your computer and then render it as if you opened it in a separate window.PeterH wrote:When I "Preview" a textfile it's "browsed", i.e. not opened in Editor.
But when I "Preview" a html-file it's "executed" in IE?
Re: not able to see HTML as HTML
If I understand you right, I disagree!cpusrvc wrote:Correct. It's like an email client that has a "preview" pane. It has to open (download) the entire email into your computer and then render it as if you opened it in a separate window.PeterH wrote:When I "Preview" a textfile it's "browsed", i.e. not opened in Editor.
But when I "Preview" a html-file it's "executed" in IE?
If I want to edit a file, I double click.
If I want to see ("exec") a web-page I double click.
Shouldn't "Preview" be something else? I think even the name implies that?
-
- Posts: 2341
- Joined: 04 Jan 2010 14:27
- Location: Pasárgada (eu vou!)
Re: not able to see HTML as HTML
TheQwerty:
Only one time, TheQwerty. Defaults to .txt/raw/code and warns when enabling live preview. Easy like that, unobtrusive like that. Safe like that.Erm.. I see no point in warning before previewing files.
New User's Ref. Guide and Quick Setup Guide can help a bit! Check XYplorer Resources Index for many useful links!
Want a new XYperience? XY MOD - surfYnXoard
-coz' the aim of computing is to free us to LIVE...
Want a new XYperience? XY MOD - surfYnXoard
-coz' the aim of computing is to free us to LIVE...
-
- Posts: 2341
- Joined: 04 Jan 2010 14:27
- Location: Pasárgada (eu vou!)
Re: not able to see HTML as HTML
TheQwerty:
Previewing a file simply "happens" when you have the preview pane open. If you happen to stumble upon an infected file, the whole thing starts no matter if you have chosen to or not. But this will only happen with "live preview", in certain cases. Depends on how the file manager/program deals with what it is showing. I do not preview anything, by the way. Not my fight.
That's not the case, since "running/opening" involves a decision.Should XY also warn you before running/opening any item, because you might infect your machine?
Previewing a file simply "happens" when you have the preview pane open. If you happen to stumble upon an infected file, the whole thing starts no matter if you have chosen to or not. But this will only happen with "live preview", in certain cases. Depends on how the file manager/program deals with what it is showing. I do not preview anything, by the way. Not my fight.
New User's Ref. Guide and Quick Setup Guide can help a bit! Check XYplorer Resources Index for many useful links!
Want a new XYperience? XY MOD - surfYnXoard
-coz' the aim of computing is to free us to LIVE...
Want a new XYperience? XY MOD - surfYnXoard
-coz' the aim of computing is to free us to LIVE...
Re: not able to see HTML as HTML
To edit a TXT file, it must be opened and then the program allows editing. TXT also has no active elements. Viewing an HTML file, so that it looks correct, involves showing the active elements. To not do so, is to show the raw text in the file. Consider previewing a music file. It has to interpret the data in the file and then creates the sound. TXT files are raw, no processing to them. Editing is entirely different process though it usually (but doesn't have to) include viewing.PeterH wrote:If I understand you right, I disagree!cpusrvc wrote:Correct. It's like an email client that has a "preview" pane. It has to open (download) the entire email into your computer and then render it as if you opened it in a separate window.PeterH wrote:When I "Preview" a textfile it's "browsed", i.e. not opened in Editor.
But when I "Preview" a html-file it's "executed" in IE?
If I want to edit a file, I double click.
If I want to see ("exec") a web-page I double click.
Shouldn't "Preview" be something else? I think even the name implies that?
-
- Posts: 2341
- Joined: 04 Jan 2010 14:27
- Location: Pasárgada (eu vou!)
Re: not able to see HTML as HTML
cpusrvc:
That's why browser-based e-mail disable even the viewing of "innocent" image files, THEN giving user option to show live content as it is. User decision, and they will never be blamed for anything...
I afraid auto previewing and avoid it as the devil. If I want to see anything, I do that by CONSCIOUSLY choosing to do so. Suspect files? Sandboxie. And even then with extreme caution... So far, I had ONE single infection on a machine using such procedures - and that happened thru a bad-a$$ code that caught my VACCINED pen-drive/"all autorun off" system. Hats off to the coder - I hate him!
Just to clarify: it can execute external or internal files, doing whatever they were programmed to do.Viewing an HTML file, so that it looks correct, involves showing the active elements.
That's why browser-based e-mail disable even the viewing of "innocent" image files, THEN giving user option to show live content as it is. User decision, and they will never be blamed for anything...
I afraid auto previewing and avoid it as the devil. If I want to see anything, I do that by CONSCIOUSLY choosing to do so. Suspect files? Sandboxie. And even then with extreme caution... So far, I had ONE single infection on a machine using such procedures - and that happened thru a bad-a$$ code that caught my VACCINED pen-drive/"all autorun off" system. Hats off to the coder - I hate him!
New User's Ref. Guide and Quick Setup Guide can help a bit! Check XYplorer Resources Index for many useful links!
Want a new XYperience? XY MOD - surfYnXoard
-coz' the aim of computing is to free us to LIVE...
Want a new XYperience? XY MOD - surfYnXoard
-coz' the aim of computing is to free us to LIVE...
Re: not able to see HTML as HTML
Previewing from a fresh copy of XY also takes decisions.SkyFrontier wrote:TheQwerty:That's not the case, since "running/opening" involves a decision.Should XY also warn you before running/opening any item, because you might infect your machine?
Previewing a file simply "happens" when you have the preview pane open. If you happen to stumble upon an infected file, the whole thing starts no matter if you have chosen to or not. But this will only happen with "live preview", in certain cases. Depends on how the file manager/program deals with what it is showing. I do not preview anything, by the way. Not my fight.
1. You have to open the IP and set it to the Preview pane for it to happen automatically. OR You have to explicitly say Preview this item.
2. You have to focus the file to preview. (Navigating in/out of folders doesn't trigger the preview.)
And just showing the icon is enough to exploit all versions of Windows since XP... so what now?
Maybe XYplorer should monitor everything I do and pop up a little animated character, perhaps a paperclip or a dog, that can provide me with some guidance and warn/prevent me from doing anything that might be dangerous.
-
- XY Blog Master
- Posts: 5824
- Joined: 02 Jan 2006 19:34
- Location: So. Chatham MA/Clearwater FL
- Contact:
Re: not able to see HTML as HTML
I believe that issue goes futher back than XP...I know that my W2K is vunerable.TheQwerty wrote:And just showing the icon is enough to exploit all versions of Windows since XP... so what now?
And remember that XY users are not likely to be as clueless as the avg user who clicks on anything...so if they do something that may be hazardous, then it was a willing choice...besides, how would the HTML that is being previewed get on users system to begin with as someone else said? Most likely from a "Save" from a browser so it's ALREADY been opened and any issues should have been flagged at that point.Maybe XYplorer should monitor everything I do and pop up a little animated character, perhaps a paperclip or a dog, that can provide me with some guidance and warn/prevent me from doing anything that might be dangerous.
Still spending WAY TOO much time here! But it's such a pleasure helping XY be a treasure!
(XP on laptop with touchpad and thus NO mouse!) Using latest beta vers when possible.
(XP on laptop with touchpad and thus NO mouse!) Using latest beta vers when possible.
Re: not able to see HTML as HTML
Here's a simple solution if you don't want XY to preview dangerous formats: just disable those formats in Config | Previewed Formats and then it's just as you want.SkyFrontier wrote:
On the other hand, why the hell a FILE MANAGER should behave like a web browser?
Re: not able to see HTML as HTML
I thought it did as well, but Microsoft's security vulnerability doesn't go further back, or maybe they only show those OSes that they still support?j_c_hallgren wrote:I believe that issue goes futher back than XP...I know that my W2K is vunerable.TheQwerty wrote:And just showing the icon is enough to exploit all versions of Windows since XP... so what now?
Last edited by TheQwerty on 29 Jul 2010 18:07, edited 1 time in total.
Re: not able to see HTML as HTML
Excellent. I like this.TheQwerty wrote:Erm.. I see no point in warning before previewing files. This is just needlessly coddling the user. Just accessing files through any software can cause infection.
Should XY also warn you before running/opening any item, because you might infect your machine?
There's the new vulnerability that only requires that Windows attempt to extract a lnk/pif's icon to exploit the machine, should XY now disable non-generic icons by default and then sound the sirens and flash the screen to warn the user when they change this setting?
The user needs to start acting responsible instead of blaming their tools all the time.
Might as well just convert XYplorer to a single dialog: "The mere act of using a computer could lead to it being infected by a virus. To protect you XYplorer insists you turn your computer off and go outside."
Proud XYplorer Fanatic