Serious security bug in the Beta 1

D

Dave

There is a real problem with this software.

When I right click on a file in Explorer, and choose Open
With... from the context menu, the spyware tool pops up
and asks me if I am happy to perform what might be an
unsafe operation.

Given that I have just selected Notepad to view the
content of the file, I answer that I am happy.

But what happens is that the default Open, not Open With
action is then generated. Now if this was a .vbs file, it
would then run the script, rather than open the file in
Notepad.

I assume that this bug has been reported (and fixed)
before, but I'm afraid I haven't the time to check. So
here it is, just in case.

Oh, and this is on a machine running XP SP2 with all the
latest patches applied, if that helps.
 
D

Dave

And your point is...?

The bug is that after choosing accept, the software runs
the default Open action, not the Open With action that I
selected off the menu.

This means that I choose to accept the action of opening
a script with Notepad, but Antispyware changes my action
to execute the script!

I'm more than happy that the tool should try to protect
me from running scripts accidentally (this is a good
thing) - it then screws up by running the script instead
of opening it in the editor, as I requested.

That certainly qualifies as a class A security bug.
Someone on the Antispyware team needs to read Writing
Secure Code.

On a slightly less on topic mechanism, the usability of
the product is truly awful. There's little to no keyboard
support; when a scan is running, you can't minimise the
window that appears (you can only abort the scan). Why
does this software have to violate every single Windows
UI design guideline?

Someone should be getting fired over this!
 
B

Bill Sanderson

Dave said:
And your point is...?

The bug is that after choosing accept, the software runs
the default Open action, not the Open With action that I
selected off the menu.

This means that I choose to accept the action of opening
a script with Notepad, but Antispyware changes my action
to execute the script!

I'm more than happy that the tool should try to protect
me from running scripts accidentally (this is a good
thing) - it then screws up by running the script instead
of opening it in the editor, as I requested.

That certainly qualifies as a class A security bug.
Someone on the Antispyware team needs to read Writing
Secure Code.

On a slightly less on topic mechanism, the usability of
the product is truly awful. There's little to no keyboard
support; when a scan is running, you can't minimise the
window that appears (you can only abort the scan). Why
does this software have to violate every single Windows
UI design guideline?

Someone should be getting fired over this!
Click to expand...

Dave - the scripting behavior was reported long ago. You may be sure that
this is being fixed.

The beta you are looking at involves a quick removal of some functionality
and re-branding of an existing third-party product acquired by Microsoft
only 3 weeks before the beta began. The user interface issues you mention
are apparent to all and you should see a major reworking of a number of
areas of the product in a future beta build.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Serious Bug: Shell Context Menu Entries 1
BUG: "Open With" always opens default application after allowed 4
MSAS Bug - wrong verb used when clicking "allow" on script file access 1
Wrong action when selecting item from context menu 1
BUG: AntiSpyware runs scripts when not told !! 2
Open With problem 2
Intel CPU Bug (Meltdown and Spectre) 32
BUG: Wrong action is runned 4

Top