I have been trying to figure out the reason behind smartscreen and I have read from microsoft's documentation (https://support.microsoft.com/en-us/topic/what-is-smartscreen-and-how-can-it-help-protect-me-1c9a874a-6826-be5e-45b1-67fa445a74c8) that smartscreen will appear when a downloaded file is from an untrusted web (that is not in the trusted list of microsoft) or when a downloaded file contains malicious software that has been reported to microsoft. I found out that if I download an .exe that was send through skype app, the smartscreen doesnt prompt but it does prompt when I download the .exe from skype web. However, when I download it from both Whatsapp app and web, the smartscreen was sure to prompt. So, I'm actually wondering what is the reason behind this?
It basically flags all .exe files after checking the source (e.g. if source is Adobe, it lets it go). If the app has been sent through the Skype app, the system assumes the file would have been checked on the system that sent it and thus flags it safe.
Related
With the Round-trip Editing Library for Domino WebDAV for IBM Domino on openntf which should enable me to open an attachment, such as Microsoft Word, edit, and save it back to the server.
I have configure my server with the necessary information but find it difficult to run the WebDocOpenSetup and the WebDocOpen.exe file on my 64bit window system, any idea how i could go about this?
I wrote this piece of code, so let me explain a few of the challenges you will face:
Windows will open anything that starts with http(s) using a webbrowser and not an app. It happily ignores file extension. Thus a different protocol was needed. I opted for webdav:// (like you have skype://, notes://, sap:// )
the helper application (on Windows - or the script for OS/X Linux) simply reacts on that protocol. The installer simply creates the needed registry entries. You could do that by hand
When you start any office application with an URL as parameter e.g. winword.exe https://.....doc the webDAV mechanism kicks in as desired.
The only thing WebDocOpenSetup does is to set some registry keys and register the WebDocOpen.exe as handler for the webdav(s):// protocol. The source code is included, you might need to recompile it for 64Bit
the helper checks the app needed based on the extension and launches it with the url (webdav replaced with http) as parameter
You can save yourself quite some trouble using https with a proper certificate. Self signed won't cut it
There is an article on my blog explaining more of the background
The registry entries are explained here
You might test with a Mac or Linux first to ensure all is working ;-)
Even without the little helper application you can connect using Explorer webfolders (not Internet Explorer, Explorer)
Good luck!
Is it possible to retrieve the computer name when developing a Chrome Extension, for example "Jenny-PC"?
At first glance I did not find the API, but maybe I missed something.
If you are quite the daredevil, you could try to extract that info from a NPAPI plugin. This is quite dangerous, as you can read more about on the chrome extension site
No directly, for security reasons extensions can't access OS services.
But, hacker way, you may find some odd way to get what you're looking for.
If your extension has file:// permission, it can read system configuration files.
If you can get the user drop some file containing the name you want on some receiver in your extension's page, you can read it with HTML5 FileReader object.
If you can get the user download and execute some script you wrote (for example a .bat in Windows), it can grab that name and send to the extensions in various ways:
- writing it in a file the extension can read
- executing something like
"c:\chrome install folder\chrome.exe" chrome://extensions/yourextensionkey/receiver.html?name=thenameyourellokingfor
About file:// permission
Chrome Web Store doesn't allow uploading nor publishing extensions with such permission. But the extension works if you install it as a developer, or as .crx .
I'm not sure, but I think you can upload it to Chrome web store modifying it, in order to ask for permission.
I looked into very many Google Chrome extensions and apps in order to find one that matches the following requirements:
runs in a Google Chrome tab
editor for any code, PHP, CSS, HTML
can load and save files (on my computer) and create new ones
works with local files on my computer
Is there any? kodingen, cloud9, shiftedit does not seem to make it on the localhost.
Maybe SourceKit will do?
SourceKit is an extension to your Google Chrome browser which runs in a separate tab. The files are stored in your Dropbox account, so not only can you access the files from your computer - you can access them from anywhere! It uses syntax highlighting like Notepad++ for a limited number of languages (you said php, css, and html - they are all supported). It can load, save, and edit text files locally on your computer if you install the Dropbox Desktop Application. This will also synchronize the files with your online account and thereby make them accessible from anywhere in the world.
That sounded more like a salesman's advertisement than intended.
Both Dropbox and SourceKit are free.
There are four catches as far as I can see:
Dropbox "only" offers 2GB for free, however, you can upgrade at any time if you're willing to pay.
Dropbox Desktop will only synchronize one folder (and all of its contents), but that's really not any different from a web site.
SourceKit will not debug your code, but will it highlight wrong syntax(only for certain languages).
EDIT Does not work offline.
I've tried it out, and it works well.
Sympathy Editor
Sympathy uses the npapi-file-io plugin mentioned in an answer above to allow you to edit local files.
Pros
Allows you to edit local files
Full syntax highlighting
Bookmark local files for easy access
Cons
Uses npapi plugin to read files, which means it has access to all your data
Unavailable on Chrome Webstore
Still under development
Only works on linux/windows as of the moment (not in mac)
If you are interested, you can see the README, or Manual on github.
Disclosure: I'm the primary developer of the extension.
Don't any of these extensions you have mentioned work with the file:/// protocol? They will work for the http:// protocol only if you are going to edit files inside your local webserver.
Instead of writing http://localhost/(...) you write file:///(...), where (...) is the full path.
In UNIX systems it is file:///home/jens/file.txt. In Windows it should be file:///C:\(...).
#Berk Demirkir may be right.
Here are the resources I found that may be of use;
32 Google Chrome Extensions For Smart Designers
Chrome Web Developer Tools No. 7 on the above list
There's no extension for editing local files.
But you can write one!
Acesses to local filesystem cannot be done using Chrome's Extension API.
But you can use HTML5's File API (which is draft) or Local Storage. If none of these storage methods sufficient for you, you can build a NPAPI Plugin. Chrome supports NPAPI Plugins. There's also a project called npapi-file-io in Google Code which aims to access local files from Google Chrome Extension context.
Edit:
Now, there's one usable editor, Symphaty. You can use Capt.Nemo's Symphaty editor.
Edit 2:
NPAPI plugins are phased out from Chrome since version 42. The only alternative would be to use a wrapper native app and communicate using Native Messaging API.
ShiftEdit can be used to work locally, you will need to have XAMPP or equivalent installed.
Before downloading the file, the site checks out fine. After downloading an .exe (non-malicious; an installer for an app used internally by website staff), the browser alerts:
This website has been reported to
contain the following threats:
Malicious software threat: This site contains links to viruses or other
software programs that can
reveal personal information stored or typed on your computer to malicious
persons.
Checking on a different computer, the site is fine. After downloading the .exe, the same message appears again.
Why does this happen? More importantly, how do I prevent it from happening?
The same does not happen in Firefox or Chrome or Safari, using their similar malware-checking features.
Do you have control over the file that is being downloaded? If so, wrap it in compression (zip, rar, or something else). Browsers do not like .exe files being downloaded.
Make the user physically have a link to the download, in a compressed format would also help. A site that tries to send the user a *.exe file would look suspicious to any browser that cares at all for its user.
I am thinking about having the following use-case:
User installs application on local machine.
User goes to our website, and are presented with many links (choices).
User clicks on a link.
Application starts, with some information contained within the link passed to the application.
Step 4 is obviously a security minefield. The end goal is that the user makes a choice, and if the application is installed, it starts with some information passed to it (ie command line parameters, or perhaps a temp file somewhere on the user's machine)
Can I/ Should I access the registry from javascript? Are there any ideas about how I might go about this? Do you have an alternative suggestion?
Assuming the applications the user installs are also developed by you.
Register a file extension for use by the specific application - then your web links can be links to a file that is downloaded and auto-run by your app. The file could contain details on the defaults for your app to use.
Sort of like how clicking on a .pdf file opens your pdf reader.
As an alternative to the file-extension solution you may want to know about Custom Application Protocol feature. Link is for Windows but there are nearly same techniques on other systems. I can't say if this approach works in every browser but you may want to try it out.
Accessing the registry from JavaScript inside a browser is nigh on impossible for the security implications. To access the registry from the web, I'd imagine you'd have to use a binary (C++ or others) program that can read the registry, but also has an HTTP module to communicate with your server.
Sounds like you might need the Click Once deployement feature for your app. I think once it's installed over http there should be a pretty easy way to launch an executable.
http://en.wikipedia.org/wiki/ClickOnce