Topic: Associate *.VDM with vpw.exe -x (1 of 6), Read 42 times
Conf: Installation, Configuration
From: Steve Rawling
Date: Saturday, February 22, 2003 09:35 PM

I note that the default installation of vedit associates *.vdm with vpw.exe.

I have editing my file association so that *.vdm files now are started up by vpw.exe -x

I use Ztree as my file manager and I configure it to start vpw with the E (for Edit) key and previously the O (for Open) key also opened vpw when the current file is of extension vdm. Now after my changes to the registry, O runs the vdm macro.

Of course not all vdm macros are suited to be treated as autostart macros, but wildfile and wildston certainly are.

However, macros that require a file to be already opens in a vedit buffer would not tempt the user to try to open them this way and so would not be so openned or double clicked.

So.... I make the suggestion that the default installation be made to use vpw.exe -x.

Perhaps there are good reasons why this would not be good for most. If so I' like to here those reasons.

Steve

 


Topic: Re: Associate *.VDM with vpw.exe -x (2 of 6), Read 43 times
Conf: Installation, Configuration
From: Ted Green
Date: Saturday, February 22, 2003 09:45 PM

At 09:36 PM 2/22/2003, you wrote:
>So.... I make the suggestion that the default installation be made to use vpw.exe -x.

No, no, no!
If we did that, then emailed macros could turn out to be viruses which could delete files, send more email (soon) and so on. All the current problems with viruses on the Internet are caused by MS Outlook auto-executing scripts.
Therefore, we reject this as a security and liability issue. We cannot recommend that anyone follow this suggestion.
Sorry.

Ted.

 


Topic: associate *.VDM with vpw.exe -x is bad (3 of 6), Read 46 times
Conf: Installation, Configuration
From: Steve Rawling
Date: Saturday, February 22, 2003 11:15 PM

On 2/22/2003 9:45:53 PM, Ted Green wrote:
>Therefore, we reject this as a
>security and liability issue.
>We cannot recommend that
>anyone follow this suggestion.

Understood Ted, I forgot about the evil world out there:-)

I suppose the fact that, by default, vpw.exe autostarts startup.vdm has some security risk in it, yes? Not as much as my suggestion though , blush.
Steve

 


Topic: Re: associate *.VDM with vpw.exe -x is bad (4 of 6), Read 44 times
Conf: Installation, Configuration
From: Ted Green
Date: Sunday, February 23, 2003 01:14 PM

At 11:15 PM 2/22/2003, you wrote:
>I suppose the fact that, by default, vpw.exe autostarts startup.vdm has some security risk in it, yes? Not as much as my suggestion though , blush.

Startup.vdm is not a security risk, if a virus/hacker can change the startup.vdm file, it can change any file on your computer. The problem is people who click on email attachments. Some (unpatched) versions of Outlook auto-open all attachments - a virus writers dream-come-true.

(I didn't mean to jump on you Steve; all of Microsoft has also overlooked such issues in their Office products.)

Ted.

 


Topic: Re: associate *.VDM with vpw.exe -x is bad (5 of 6), Read 46 times
Conf: Installation, Configuration
From: Steve Rawling
Date: Sunday, February 23, 2003 02:28 PM

On 2/23/2003 1:14:35 PM, Ted Green wrote:
>At 11:15 PM 2/22/2003, you
>wrote:
>>I suppose the fact that, by default, vpw.exe autostarts startup.vdm has some security risk in it, yes?

>Startup.vdm is not a security
>risk, if a virus/hacker can
>change the startup.vdm file,
>it can change any file on your
>computer. The problem is
>people who click on email
>attachments. Some (unpatched)
>versions of Outlook auto-open
>all attachments - a virus
>writers dream-come-true.

But what about this

Someone sends a macro of some ms app (say excel) as an email attachment that is received by an unpatched outlook. That macro searches for c:\vedit\startup.vdm. If found, it is replaced by a destructive vdm of the same name. The next time vedit is started up the destructive vdm is executed.

This would be a little more difficult to do if startup.vdm was +R

>(I didn't mean to jump on you
>Steve; all of Microsoft has
>also overlooked such issues in
>their Office products.)
No offence taken Ted.

PS I would neither be offended by forum moderation of this post.

Steve

 


Topic: Re: associate *.VDM with vpw.exe -x is bad (6 of 6), Read 52 times
Conf: Installation, Configuration
From: Christian Ziemski
Date: Sunday, February 23, 2003 04:49 PM

Steve wrote:

>But what about this
>
>Someone sends a macro of some ms app (say excel) as an email attachment
>that is received by an unpatched outlook. That macro searches for
>c:\vedit\startup.vdm. If found, it is replaced by a destructive vdm of the
>same name. The next time vedit is started up the destructive vdm is executed.
>
>This would be a little more difficult to do if startup.vdm was +R

Not really.

If a virus/macro has come so far there is near to nothing that can
stop it.

If it is able to search a file on your disk why shouldn't it be able
to reset the read-only-flag just before modifying the file?

Every computer user should be aware of the danger of viruses etc. and
should use the appropriate means like virus scanners.

But there is no need to become paranoid! (Not you Steve. I mean that
generally.)


Christian