Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

On the other hand, it used to be very common for malware on Windows to email itself to all your contacts using your real email client. It's probably reasonable for an OS to add a little friction to the process in the modern era, though it probably shouldn't lie and claim the binary is damaged when that's not the problem.




chmod to dequarantine doesn't sound like "a little friction" to me.

On your point about security, this kind of aggressivity from the platform owner tend to backfire.

The user was already convinced to open that mail, download that file, and try to run it. Pushing the process to the terminal just means your clueless users now run the provided incantations in the shell instead, and the attack vector now becomes huge (the initial program doesn't even need to be malware)

reply


I agree having to go to the command line is too much friction. Just clicking `overdue-invoice.doc.pif` is too little. About right is somewhere between a prompt and setting the file executable in the GUI.

reply


I wish it would run in a stricter sandboxed mode and prompt the user on the first network requests and file writes outside of it's directory.

That wouldn't be perfect, but at least the user could be prompted for a concrete action instead of a vague "this script is scary" warning.

reply




Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: