Is It Safe?

General discussion related to "Everything".
Post Reply
therube
Posts: 4978
Joined: Thu Sep 03, 2009 6:48 pm

Is It Safe?

Post by therube »

Is It Safe?
(Much like Laurence Olivier asks of Dustin Hoffman.)
[40 years ago. How do you like that.]


Was thinking about that yesterday (Everything, that is, not the movie).
In particular something like, Preview?

And you say, "well its no less safe the using the same means to "view" the same file outside of Everything".

But (& as reiterated by Oliverier), is it safe?

Take the person who "doesn't use" WMP or IE, instead uses MPlayer & SeaMonkey.
But when you Preview a file type handled by WMP or by IE (& even though neither of them are normally ever seen, used, by you), by virtue of Preview, you are using WMP & IE, perhaps not by that name, but through & through until you get to their rendering engines.

So, is it safe?


(Has to be one of the most memorable lines ever, I would think. I remember it. Is It Safe? - Marathon Man.)
SuperDude
Posts: 221
Joined: Thu Sep 25, 2014 7:57 pm

Re: Is It Safe?

Post by SuperDude »

What you are saying is that since Everything runs with Administrator Privileges, every program launched from within Everything inherits Administrator Privileges as well, yes?
therube
Posts: 4978
Joined: Thu Sep 03, 2009 6:48 pm

Re: Is It Safe?

Post by therube »

since Everything runs with Administrator Privileges
That is only if you run it that way.
(And that is a totally different issue. And one that does run that way, should be aware of what that means.)

Most would be using the Everything Service (I would think) & while that runs in an Admin(-like) mode, Everything(.exe) runs with regular user privileges, & only talks to the Service.

No, I'm thinking more along the lines of "extras" that Everything may do, like Preview, that then tie into more vulnerable parts of the "OS" (think IE & to a lessor extent WMP or to any "common" use of some OS component that somewhere along the line turns out to be an avenue for malware infection, like wscript.exe).

So in my case, now, XP, the whole "Admin" thing is immaterial (basically), XP being unsupported, no updates to IE or anything else in the OS, IE often the target of malware, so I've, while not disabled, pretty well neutered IE on my end, & while I don't "use" IE, I know that there are "things" that do use "IE", including Preview (& my file manager's html viewer, & some utility totally unrelated to anything "internet", that wraps its interface within an "IE" frame - such that when running this utility, you are essentially running "IE", ...).

So while in the strictest sense, while Everything may be safe, it can hook into unsafe parts of the OS that then could facilitate the spread of malware, or something to that effect.


(Or an RTF parser, if "Preview" happens to tie into that...)
void
Developer
Posts: 16753
Joined: Fri Oct 16, 2009 11:31 pm

Re: Is It Safe?

Post by void »

Convenience comes at a cost. While Everythings preview is no safer, or less safer than the preview in Explorer, there always the chance of a rogue preview handler.
Running Everything as admin does increase the risk significantly.

What about an option to completely disable preview handlers (so they can not be enabled at all), or the option to only allow the built in Everything image preview handler..
SuperDude
Posts: 221
Joined: Thu Sep 25, 2014 7:57 pm

Re: Is It Safe?

Post by SuperDude »

I want the Preview function to stay! If necessary, instead of disabling it in Everything, give the user the choice of enabling or disabling it. It is SO useful. I was able to find some corrupted .PDF documents using Everything's Preview Pane that would have normally required me to open each document with my default PDF reader app.
therube
Posts: 4978
Joined: Thu Sep 03, 2009 6:48 pm

Re: Is It Safe?

Post by therube »

What about an option to completely disable preview handlers (so they can not be enabled at all)
I would think that would be the way to go.
That way, if a person wanted, needed, only the option to find "names", they could do so with less worry.
void
Developer
Posts: 16753
Joined: Fri Oct 16, 2009 11:31 pm

Re: Is It Safe?

Post by void »

Future releases of Everything will use the Windows Explorer -> Tools -> Options -> View -> Advanced settings -> Show preview handlers in preview pane setting to determine if third party preview handlers are to be used or only the built in image preview handler is to be used.

This setting can be overwritten in the Everything.ini with the show_preview_handlers_in_preview_pane setting.
0 = use system defaults.
1 = allow third party preview handlers.
2 = disallow third party preview handlers.

The Windows Explorer setting Show preview handlers in preview pane is enabled by default on Windows.
Post Reply