From: "Geo." 

"Rich"  wrote in message news:3e333305{at}w3.nls.net...
>   I still think you are off base in a fundamental way.  Some actions are
safe and some are not.  Things that are not should require explicit action
or confirmation from the user.  Things that are safe should not. <

Ok I can accept that, I wouldn't mind a feature in media player that asked
before fireing up IE and if it did that then it would have required action
on the part of the user and I'd consider this to be a trojan instead of an
exploit.

>If something is supposed to be safe and it's not then the problem is with
the component that isn't safe when it should be not the component that
relied on it.<

There are imo two unsafe pieces of code in the media player example, not one.

How can you consider a piece of code that allows a hacker to fire up IE
automatically and have it download something from a site of his choosing to
be a safe piece of code? A media file is supposed to contain media that the
media player plays, it's not supposed to contain stealth instructions to
allow a hacker to control other applications on your computer and it
certainly should not allow a hacker to tell IE to go download something of
his choosing from the internet. That's not safe by any stretch of the
imagination.

Geo.

--- BBBS/NT v4.01 Flag-4