Haven’t we learned enough about viruses, malware, spyware and other malicious behavior online to avoid … running unknown executables to get to content? (video, documents, images) The AnnaKournikova.jpg.vbs debacle should have been enough to keep people from double-clicking unknown attachments and files that they couldn’t recognize, but apparently not.
This morning, one of my daily Google Alerts delivered me a link to a blog page promoting the use of Microsoft OneNote, which included a link to the Microsoft’s OneNote Demo video page. The Microsoft page included this helpful description:
Watch this introductory demo to learn about Microsoft Office OneNote 2007 and how to use it to gather, organize, and share your notes and other information.
But that Microsoft page has a link to download a file called “
On2007DemoWhatIsOneNote.exe“. Wait, I thought I was going to be able to watch a demo of OneNote… not install something on my machine?
But let’s just make sure I’m not being paranoid:
$ cabextract On2007DemoWhatIsOneNote.exe Extracting cabinet: On2007DemoWhatIsOneNote.exe extracting ON_WhatIs_final_ZA10177529.wmv
Nope, I’m not. Microsoft is still not being smart about protecting their users at all. They compressed the original source video into an executable file, to save 1 megabyte of bandwidth.
Not only does this propagate the problem of running unknown executables for the purposes of watching video or providing other non-application content, but it makes it prohibitive for someone on say… a Linux machine (like myself) or a Mac (like my work colleagues) to watch the video.
What if a non-Windows user wanted to learn more about OneNote? They have to have a Windows machine to run the executable, to unpack the video, to watch it?
Further to that problem, instead of using many of the industry-standard video encoding algorithms (MPEG4, MPEG, AVI or even Windows Media), they opted for the sole proprietary format that almost nothing but Microsoft’s own Windows Media Player can play: Microsoft ASF. Well-done, Microsoft… well-done.
But guess what? That doesn’t work either. Ridiculous.
When people ask me why I run Linux instead of Microsoft, it is examples like these that validate my choice in an operating system.