I take your points, but...
To be precise, .scr screen saver files have always been executables,
with all the implications that came with that fact.
/You/ know that, and /I/ know that, but a lot of people think there are
some special format that is roughly like a picture.
And there are worse examples - it is possible to put executable code
within a font file in windows! (I don't know if this has ever been
exploited for passing malware.)
Then there is the absolutely stupid idea of hiding "known" extensions
by default and all the Trojans that came after, naming their files
something like "joke.txt.exe" or "naked_woman.jpg.exe".
That's the first "feature" I turn off on all new installations - it was
probably the biggest single gift from MS to malware writers (it even
beats the concept virus in my book).
But the same kind of vulnerability now exists in Linux and OS X. Any
file can be "executable" and the system chooses what to do with the
file upon double-click based on the extension OR on the contents of
the file, just double-click a .c file or rename a .pdf to eliminate
the extension and then open the file to see what happens or rename a
.pl to .py or eliminate the extension altogether and see what happens
when you feed it raw to the system.
/Usually/ you have to provide some sort of confirmation in Linux before
running the unknown file - but one should never underestimate the
ingenuity of the bad guys, or the naïvety of some users.
But then there's the meta-data in PDF files and the scripts inside
Open Office and Excel or Word files and don't even get me started on
the idiocy of execute-on-mount or the Windows autorun facility...
Yes, I think that would be getting a bit off-topic. And since most
people (including me) would agree with you, there would be no fun argument!
But I've had to use self-extracting archives to transport files from a
PC to a dedicated control like the Siemens 840D because it didn't have
a zip tool and it was far more expeditious to run the self-extractor
than to escape the HMI to install some code just to install some more
code.
Certainly there are occasions when such tools are useful (and most
setup.exe and install.exe programs are not much more than
self-extracting archives - but the little extra makes it worth having an
executable).
But one thing has always irritated me about OS X is that I have found
no tool that can open .zip files for examination _before_ extracting
them as you can with WinZIP or WinRAR.
I don't use OS X, so I can't comment. WinZip and WinRar extract files
to directories in your temp folder before viewing them, so they
certainly /do/ unpack them before letting you examine the files. They
might not unpack /all/ the archive, but the files are there in your temp
folder - along with probably gazillions of old temp files from previous
unpackings that have not been cleared up properly.
