MSN Messenger "security" WTF



  • So my friend sent me an MP3 file over MSN.
    MSN Messenger refused to allow me to open it by clicking on the link in the chat window.

    "Windows has determined that this file might be potentially harmful, and has prevented access to it."

    What more, when I tried to open it in Winamp, I see that the file's been deleted.....had to transfer again.
    WTF.  If it was an outright EXE file, it would've been ok. But MP3 ?

    Same with Outlook (Express) blocking basically ALL attachments sent via email by default. Pretty nice security strategy by Microsoft. No sending and receiving of files = no viruses.

    :-P


    [BTW I don't have any insanely interesting programming WTF's so far... just posting some annoyances I encountered today. Programming WTF's will follow, especially since where I work (campus job), they use only C code (I've already seen lots of hardcoded filenames and magic numbers). But they have an excuse, it's for high performance head mounted eye tracker hardware... heh.. so C is supposed to be better (?). Even though the platform for realtime experiments is..um Win XP]



  • The only (and I repeat only) complaint I have about GMail is its evil blocking of anything with a .exe extension - if you rename it to .exe2, it works fine.  But: if you put the .exe file in a zip file (say a setup program with data files), GMail will still block it.  It's really annoying, but at least it doesn't delete your copy of the file :P



  • @Albatross said:

    The only (and I repeat only) complaint I have about GMail is its evil blocking of anything with a .exe extension - if you rename it to .exe2, it works fine.  But: if you put the .exe file in a zip file (say a setup program with data files), GMail will still block it.  It's really annoying, but at least it doesn't delete your copy of the file :P


    Annoying, but makes sense.  A user that isn't in the know can't accidentally double click on evil-virus.exe2 and launch it, whereas unzipping is now built right into windows.  Two double clicks (or so) is all it takes.



  • I think that strategy is like selling all knives and razers dull. "If the user really needs to be able to cut things, they can sharpen it themselves."

    I don't know about you, but I actually DO need to sent files to myself and to friends from time to time. EXE, COM, etc... A simple "Warning, this file may contain a virus. Even if you trust the sender, before opening this file you should take steps to ensure that it was not sent by an imposter, or without the senders knowledge."

    I don't know if an MP3 file can infect a machine, so that does seem a bit odd to block it. <conspiricy-theory>The RIAA made them do it</conspiricy-theory>



  • <agreed/>

    It's the only reason... maybe they struck a deal or something :)



  • What about enumerating badness?

    What about viruses (buffer overruns in IDtags inside mp3 metadata etc.) http://news.com.com/2100-1023-895429.html

    What about telligent users of gee-mail?

    What about even more telligent and wide-spread users of Outlook Express?

    However deleting the file...that's too much. Even if you are not paying for bandwidth*bandlength.

     

     



  • @qbolec said:



    What about enumerating badness?

    What about viruses (buffer overruns in IDtags inside mp3 metadata etc.)


    What about telligent users of gee-mail?

    What about even more telligent and wide-spread users of Outlook Express?

    However deleting the file...that's too much. Even if you are not paying for bandwidth*bandlength.


    Wait a minute, are you actually defending this practise? 
    Dumb users are going to shoot themselves in the foot, it doesn't matter
    how hard you try to protect them.  If your kid was a bad driver,
    would you give them a car with no engine?  Or with a key broken
    off inside the ignition?  Of course not.  You'd just take the
    car away.  Or better yet, they'd get in enough accidents and pay
    enough for repairs (read: get enough viruses and cleanings) that they'd
    either: a) learn, or b) give up.  Either way, THAT'S the kind of
    response we want.

    Crippleware is not the answer to user stupidity or to various software programmers' inability to write half decent code (why are there still so many buffer overflow problems?!?)

    Let some half-wit design and build my car, and I'll probably crash it
    too.  Cut my break lines and I'll probably crash too.  I
    still conceed that a user getting a virus isn't entirely their fault
    (though I usually look at my car before driving it).



  • Blocking mp3 isn't as stupid as it sounds. After all, people were sure jpeg images couldn't contain a virus until the infamous GDI+ exploit.

    Then again I prefer if my email client doesn't even block exe files.


Log in to reply
 

Looks like your connection to What the Daily WTF? was lost, please wait while we try to reconnect.