Next up to BAT



  • I've been waiting, hoping, dreaming of a moment when I could post one of my experiences as a Sidebar WTF. I actually cried out those fateful words when I came across this one today, so hold on to your pants everyone.

    I was given two DVDs that contained data of various types. I was amazed to find that someone made an installer program, which unfortunately didn't execute since I don't have auto-run enabled. Then I actually noticed how it was going to attempt to install.

    The autorun.inf file specifies an executable, which in turn opens a plain HTML file. You click the "Agree" button on that page, and it directs you to the next HTML page where I am offered two buttons, "Install" and "View". Each button links to a BAT file. Yes, a web page trying to execute a batch file.

    Here's the "Install" batch file (names changed to protect my job):

    copy d:\ABCD\*.ttf c:\WINDOWS\Fonts
    copy e:\ABCD\*.ttf c:\WINDOWS\Fonts
    copy f:\ABCD\*.ttf c:\WINDOWS\Fonts
    copy g:\ABCD\*.ttf c:\WINDOWS\Fonts
    copy d:\ABCD\*.ttf c:\WINNT\Fonts
    copy e:\ABCD\*.ttf c:\WINNT\Fonts
    copy f:\ABCD\*.ttf c:\WINNT\Fonts
    copy g:\ABCD\*.ttf c:\WINNT\Fonts

    d:\XYZ_Blue2005.exe
    e:\XYZ_Blue2005.exe
    f:\XYZ_Blue2005.exe
    g:\XYZ_Blue2005.exe
    exit

    Copy some font files from....whatever your CD drive is, to...wherever your Fonts folder is. That's nice, except on my work PC, I have two bootable partitions, and usually boot to my E: drive. And what is that executable it's trying to run at the end? It's a 1.5 GB self-extracting zip file.

    You think we're done with the WTF's? Not quite. Let's look at the "View" batch file:

    copy d:\ABCD\*.ttf c:\WINDOWS\Fonts
    copy e:\ABCD\*.ttf c:\WINDOWS\Fonts
    copy f:\ABCD\*.ttf c:\WINDOWS\Fonts
    copy g:\ABCD\*.ttf c:\WINDOWS\Fonts
    copy d:\ABCD\*.ttf c:\WINNT\Fonts
    copy e:\ABCD\*.ttf c:\WINNT\Fonts
    copy f:\ABCD\*.ttf c:\WINNT\Fonts
    copy g:\ABCD\*.ttf c:\WINNT\Fonts

    d:\XYZ_Blue2005.zip
    e:\XYZ_Blue2005.zip
    f:\XYZ_Blue2005.zip
    g:\XYZ_Blue2005.zip
    exit

    Basically install the same fonts (or in my case, fail to install the fonts), then try to run a zip file as a command-line executable. What is this zip file? It's an exact copy of the 1.5 GB self-extracting zip, only without the self-extracting part.

    I'll leave the comments up to you all. I'll just finish with the final reason why this completely failed to work on my computer: BAT files are set up by default to open in my Notepad++ editor, they don't execute.



  • Just enough knowledge to make the author dangerous.  Not enough to make them useful.



  • which unfortunately didn't execute since I don't have auto-run enabled.

    You mean "fortunately."



  • @Manni said:

    I'll leave the comments up to you all. I'll just finish with the final reason why this completely failed to work on my computer: BAT files are set up by default to open in my Notepad++ editor, they don't execute.


    That's an odd customization. I'll bet I can find lots of otherwise sane installers that would fail in your case. Is this some sort of security measure?

    If you're worried about executable scripts on removable media or your local filesystem, take the time to properly secure Windows and run desktop as a restricted-access user. (Good luck with that; everyone knows that'll expose more WTFage.) Or switch to another OS.

    Eh, I guess you can't win.



  • It's the "throw everything at it" strategy.



    Why learn to do things right when you can just throw everything at the problem and pray?



    My first instinct would be to assume a ten-year-old wrote the
    thing.  But I've met enough adults who think this is a perfectly
    legitimate implementation to know better.  Unskilled and unaware.



    I've worked with such adults, in fact.  Ever try to explain to
    such a person what's wrong with something like this?  You could
    spend weeks trying to explain it.  It's a pointless exercise,
    because they have the same reply to every criticism:  "Hey, it
    works."  And no, the fact that it only works in a few specific
    cases is not something they'll acknowledge as a problem.



    Perhaps the greatest WTF of all is that someone got paid to make it.  They probably got paid well.



  • Hehe this installer would fail on my PC for the simple reason that i have 6 Hard Drives, drives c,d,e,f,g and h. so this bacially will do nothing on my machine. Thank christ.



  • @Hitsuji said:

    Hehe this installer would fail on my PC for the simple reason that i have 6 Hard Drives, drives c,d,e,f,g and h. so this bacially will do nothing on my machine. Thank christ.


    6 hard drives or 6 partitions?

    sincerely,
    Richard Nixon



  • @Richard Nixon said:

    @Hitsuji said:
    Hehe this installer would fail on my PC for the simple reason that i have 6 Hard Drives, drives c,d,e,f,g and h. so this bacially will do nothing on my machine. Thank christ.


    6 hard drives or 6 partitions?

    sincerely,
    Richard Nixon

    You forgot to mention the possibility of 6 network drives.



  • 6 Hard Drives, who needs partitions? 1.5TB of media all in one case, ooh yeah



  • @Hitsuji said:

    6 Hard Drives, who needs partitions? 1.5TB of media all in one case, ooh yeah


    What case model is this in?

    sincerely,
    Richard Nixon



  • The reason I have the file associations set up that way is partially for security (and if any installer tries to use BAT files, I don't trust it), but partially for convenience. Think about it, you edit the script files lots of times, and run it once. I'd rather double-click the file to edit it, and then do my right click -> Run to execute.

    One thing I'm surprised no one griped about was how part of this installer will only work on Windows XP (maybe Win2K?). You can't use a zip file as a command-line executable. Plus the fact that the newest XP service pack will block batch files and scripting in IE by default, so this thing won't work at all without jumping through some hoops. And users love to jump through hoops.


Log in to reply