Kuro5hin.org: technology and culture, from the trenches
create account | help/FAQ | contact | links | search | IRC | site news
[ Everything | Diaries | Technology | Science | Culture | Politics | Media | News | Internet | Op-Ed | Fiction | Meta | MLP ]
We need your support: buy an ad | premium membership

[P]
COM must die

By Blarney in Op-Ed
Mon Jan 28, 2002 at 08:54:06 PM EST
Tags: Security (all tags)
Security

One of the best features of Microsoft operating systems for the PC-compatible family of personal computers is that software developed for older Microsoft operating systems almost always functions under newer Microsoft operating systems. However, this may not always be a good thing.


What do you think of when you see the word "COM" on your computer screen? Some smart programmer types out there might think of the Microsoft Component Object Model, but they are not typical computer users. If you are like most computer users, you think of an Internet address. Many computer users think that command.com is the name of a website. Hardly anybody knows that a COM file can be a potentially dangerous executable.

So when my friend got an email the other day with an attachment called "www.myparty.yahoo.com", she clicked on it without thinking about any harsh consequences. It looked like an URL, so it of course had to be! When a DOS console window appeared on the screen of her Windows 98 system, she realized that she'd just executed a program and gotten a virus. Many people obviously clicked on the same link, as the w32.myparty virus is clogging mailboxes all over the world right now.

Now you can assume that all the people who click on .COM files are stupid, but you'd be completely wrong. It is quite reasonable that people don't know what the COM file format is. Windows programmers generally distribute their programs as EXE files. In fact, it has been many years since Microsoft's developer tools were even shipped with the capability to generate COM executables. Why? Because COM executables are very limited and are made completely obsolete by EXE files. COM files were invented over 20 years ago to allow CP/M-80 Translation Capability. What this means is that programs written for 8-bit computers running the CP/M operating system could be automatically converted to run on a 16-bit IBM-PC running MS-DOS. This is of no interest today - nobody is still translating these old CP/M-80 programs to run on the PC. Furthermore, COM files place severe limits on the programs stored in them. The total size of the programs executable code and RAM-resident data cannot exceed 64 Kilobytes. This is hardly enough space to write any useful modern program, and was even seen as a severe limitation long ago when MS-DOS started - which is why the EXE file format was developed. Today, there is no reason at all for any user of Microsoft Windows to ever run a program stored in a COM file.

I propose, therefore, that Microsoft should change the way their Windows operating systems handle COM files to prevent users from executing them. Too many things are named "COM", and confusion is inevitable. While some people might still wish to run old DOS-based software stored in COM files, they can perfectly well open a DOS box and execute the software from a prompt - if they know DOS, this will not be difficult for them. The GUI should not be able to invoke COM executable files - you should not be able to run one by clicking on it. The ShellExecute API call should also be modified to not run COM files, so that an email client or other such program cannot launch a COM file that a user clicks on. People click on URLs ending in .COM all the time, and it is not fair to confuse them.

Sponsors

Voxel dot net
o Managed Hosting
o VoxCAST Content Delivery
o Raw Infrastructure

Login

Poll
COM is....
o Component Object Model 36%
o The best of the TLDs 1%
o A serial port 18%
o Cream Of Mushroom 18%
o Whatever you want it to be 24%

Votes: 90
Results | Other Polls

Related Links
o Yahoo
o website
o w32.mypart y
o developer tools
o CP/M-80 Translation Capability
o Also by Blarney


Display: Sort:
COM must die | 46 comments (42 topical, 4 editorial, 0 hidden)
Interesting title... (4.75 / 12) (#1)
by K5er 16877 on Mon Jan 28, 2002 at 05:23:42 PM EST

I thought the titel refered to the Component Object Model. I clicked hoping to hear a rant against the painful component technology. COM has left bruises as I have often banged my head against my desk in frustration. COM has hogged my system resources with out of proc servers running in the background after the client app crashed unexpectedly. I agree: COM must die!

Oh, wait, it's talking about the executable format. I love the use of the title. It confuses the experienced computer user just as the virus confuses the novice.

COM is Love! (2.00 / 1) (#31)
by Sunir on Tue Jan 29, 2002 at 01:19:18 AM EST

I guess you just aren't a Don Box fan. That's ok, he's jinxed.

"Look! You're free! Go, and be free!" and everyone hated it for that. --r
[ Parent ]

Don Box is cool (none / 0) (#43)
by aphrael on Tue Jan 29, 2002 at 03:30:46 PM EST

but COM is the devil. :)

[ Parent ]
Er... (4.50 / 4) (#2)
by imrdkl on Mon Jan 28, 2002 at 05:24:20 PM EST

... they can perfectly well open a DOS box and execute the software from a prompt

You mean they should use command.com?

Or CMD.EXE (4.50 / 2) (#5)
by Blarney on Mon Jan 28, 2002 at 05:30:10 PM EST

In Windows NT, 2000, and XP, the command prompt is a 32-bit program called "CMD.EXE". As Microsoft does not plan to make any more DOS-based Windows systems like 95, 98, and the perhaps deliberately awful ME, COMMAND.COM will be just a memory as well.



[ Parent ]

Yea.. it stunk (4.00 / 2) (#7)
by imrdkl on Mon Jan 28, 2002 at 05:45:43 PM EST

I couldn't resist. Moderators, punish me now.

However I believe that, formally, DOS requires .com to run .exe, due to the address translations that have to be done. (or something incredibly insightful like that). The shell in NT (XP is good news as well, I feared another lame shell from 98) is much preferable, but getting fully rid of .com means the rest of the tools which are based on DOS legacy will have to be rewritten. I count at least 10 in my NTPL6 box, including more(), yikes.

Great rant tho, maybe it's not so difficult as I suppose. Maybe XP has no need for DOS at all. I voted for it.

[ Parent ]

Excellent point. article. (3.66 / 3) (#3)
by Elkor on Mon Jan 28, 2002 at 05:25:08 PM EST

The majority of internet users these days have probably never used a command prompt, let alone learned how to use DOS. (No, I don't mean Denial of Service)

Especially with Microsofts attempts to get people to use Internet Explorer as their local browser as well, in which files on their local drive appear as links in the screen.

It is interesting to observe changing paradigms (2 nickels) and how they can affect legacy beliefs.

Regards,
Elkor


"I won't tell you how to love God if you don't tell me how to love myself."
-Margo Eve
sub-optimal (4.77 / 9) (#4)
by Arkady on Mon Jan 28, 2002 at 05:25:16 PM EST

So, Microsoft should start dropping backwards compatibility features just because someone's figured out that clueless users can be convinced that they represent _domain names_? Bah.

First, it would be far better, and much more broadly beneficial, if people stopped using mailers with the ability to execute attachments. At a bare minimum, the mailer should _never_ execute an attachment of any kind without first propmpting for approval. This, in addition to solving your issue with .COM files, would block the vast majority of mailer macro viruses.

Of course, this would be no substitute for people actually learning something about their computers, but I guess that's expecting too much? ;-)

-robin

Turning and turning in the widening gyre
The falcon cannot hear the falconer;
Things fall apart; the centre cannot hold;
Mere Anarchy is loosed upon the world.


That wouldn't help. (4.50 / 4) (#24)
by nstenz on Mon Jan 28, 2002 at 10:24:28 PM EST

At a bare minimum, the mailer should _never_ execute an attachment of any kind without first propmpting for approval.
That would be pointless- people would just click 'yes' every time. I know, because that's what Outlook Express does to me at work. I pay attention, but most people don't. It would be a better idea to only prompt on executable attachments... and it should never run crap like VBS scripts... ever.

[ Parent ]
"Click here to infect your computer with a vi (4.66 / 3) (#32)
by swr on Tue Jan 29, 2002 at 01:21:44 AM EST

I pay attention, but most people don't. It would be a better idea to only prompt on executable attachments... and it should never run crap like VBS scripts... ever.

The problem is that it is treated as okay (by the software, and by the users) to grant J. Random Sender rights to do anything on your computer that your user context is allowed to do.

VBS is no worse than EXE. In fact, they are equivalent from a security standpoint (worst case, you can use an executable of one type to create and invoke an executable of the other type). VBS is popular for viruses only because it gets the nasty done in a k1dd13-friendly way. If people refuse to run .vbs but let .exe through then the k1dd13s will just start using vbs-to-exe compilers.

Really, the prompt for executing attachments should be worded along the lines of this...

"You are about to execute a program file which may or may not have been sent to you by sender@example.com. By executing this program you are giving it full access to your system. This includes the ability to install viruses and backdoors, if the program includes code to perform such malicious acts. Are you sure you want to proceed?"
Clicking OK to anything less-strongly worded really is not informed consent (not that "informed consent" matters to virus writers).

When I first heard about Java years ago I was convinced it would revolutionize the internet. The write-once-run-anywhere idea was lost on me; I figured everyone was using Windows anyway (I know better now). What got my attention was the idea of being able to run a computer program from an untrusted website without any risk to your computer and its files.

Too bad the "average users" don't seem to care about that sort of thing. If what I've personally seen is any indication, they are perfectly happy to have one-click computer sex with the entire internet (patent pending), lose their work, discover they've been hit by a virus, then shrug it off as "just one of those things". If the warnings were more explicit it might make people realize that they really are responsible for what happens on their computer.



[ Parent ]
"Average users" don't read dialogue boxe (4.33 / 3) (#36)
by ajf on Tue Jan 29, 2002 at 04:27:46 AM EST

"You are about to execute a program file which may or may not have been sent to you by sender@example.com . By executing this program you are giving it full access to your system. This includes the ability to install viruses and backdoors, if the program includes code to perform such malicious acts. Are you sure you want to proceed?"

Clicking OK to anything less-strongly worded really is not informed consent (not that "informed consent" matters to virus writers).

Anything short of forcing the user to type in the third word from the seventh line of page 177 of the manual is not going to stop people running executables without thinking, because average users don't read dialogue boxes - especially ones with long scary messages.

Most Unix mail readers handle this nicely - binaries can't be run until you use chmod to mark them as executable, and /etc/mailcap (or equivalent "helper application" settings) isn't configured to execute interpreted languages. But I have no doubt that somebody with the aim of "making Linux more user-friendly" will solve both of these "problems" for the average user.



"I have no idea if it is true or not, but given what you read on the Web, it seems to be a valid concern." -jjayson
[ Parent ]
Sorta (4.00 / 3) (#25)
by Bob Abooey on Mon Jan 28, 2002 at 10:25:22 PM EST

Microsoft is partially to blame here, but the real reason we see these malicious programs being passed around by MS Mail programs is because of user error. You will never fix user error, all you can hope to do is contain it. At the very least I suspect that MS could fix it so that if you try to launch an executable from Outlook or one of it's variants, you would get pop up a dialog box that says "You are launching an application, are you sure you want to do this?" and give them an OK and a Cancel(default) button.

Make this the default behavior and let the user turn it off if they want. It wouldn't be too difficult to do.


-------
America... just a nation of two hundred million used car salesmen with all the money we need to buy guns and no qualms about ki
[ Parent ]

Some people don't know not to smoke in gas (3.00 / 5) (#10)
by terpy on Mon Jan 28, 2002 at 06:08:33 PM EST

stations either. But we don't "disable" smoking, we just post signs. Computers truly are complex, and today's OS's try to simplify things to a great degree; it is inevitable that some people will not be aware of certain "idiosyncracies" and suffer some consequences. That's life. Should we also ban single ply toilet paper in public restrooms because it may be unkowingly used by a person with the piles? There are also tons of people out there who will drive about happily with the "check engine" light on, and then be upset because their car broke down without any warning.... Besides, do you have any idea how many programs out there would be seriously hindered by not being able to click on .coms? I have several that I use (even one I wrote!). Anyways, the point is that if you aren't familiar with something, there's a good chance you can botch it up - that's true everywhere in life.

----
<joh3n> BUKKAKE: the final frontier
<joh3n> these are the stories of the starship: jizziprize

COM for small code size (4.93 / 15) (#11)
by delmoi on Mon Jan 28, 2002 at 06:21:06 PM EST

Many (well, relatively speaking) demo scene coders use com files for making really small programs. Many competitions are held for '1k' and '256' demos. The smallest win32 app you can make is 4k, I belive

BTW, you can disable exicution of .com files by modifying the registry setting for 'comfile' and replacing "%1 %*" to "notepad %1" or something (this opens the file in notepad). I just tried it, it worked :) (Now give me mojo!)

Btw, you can download my reg patch at http://hatori42.com/comnorun.reg.
--
"'argumentation' is not a word, idiot." -- thelizman
Reg patch site license (4.25 / 4) (#12)
by delmoi on Mon Jan 28, 2002 at 06:27:00 PM EST

Btw, if you're in IT or something and want to help people avoid worms, you can site-license my reg patch for just $10,000!

Non comercial use is free :)
--
"'argumentation' is not a word, idiot." -- thelizman
[ Parent ]
Thanks! (4.00 / 2) (#13)
by Blarney on Mon Jan 28, 2002 at 06:38:36 PM EST

I'm definitely going to try that when I get home from work. Don't want to play with the work machines...... so long as I can invoke .COM files from the command prompt but not the GUI, that will be exactly the fix I want!

[ Parent ]
Whew (3.33 / 3) (#15)
by CaptainSuperBoy on Mon Jan 28, 2002 at 07:06:17 PM EST

That was a relief.. as a programmer who uses COM, I was sure the article was going to badmouth it in some way. Luckily that's not what this article was about, and I fully support abolishing .COM executables.

--
jimmysquid.com - I take pictures.
Gratuitous "Get A Mac" Post... (4.14 / 7) (#16)
by maveness on Mon Jan 28, 2002 at 07:32:28 PM EST

... run Mac OS X and reduce your virus worries to very close to 0. Sorry. Had to say it.

*********
Latest fortune cookie: "The current year will bring you much happiness." As if.

that's true of any under-used os (none / 0) (#44)
by gps on Tue Jan 29, 2002 at 06:44:09 PM EST

only the most used os will have good viruses written for it. nobody cares enough about OS X, linux or freebsd to write a decent virus anymore. *sniff* *sniff*

[ Parent ]
GUI (3.33 / 3) (#17)
by J'raxis on Mon Jan 28, 2002 at 07:39:51 PM EST

These *.com files show up with the Windows generic application icons (resembles a little empty Windows window). If someone clicks on something that looks like an application thinking they are opening a bookmark (which some variant of the MSIE document icon), they are stupid. The whole point of an icon-based GUI is to be able to identify files by the, um, icons representing them, right?

— The Raxis

[ J’raxis·Com | Liberty in your lifetime ]

Generic icons... (4.50 / 2) (#23)
by WWWWolf on Mon Jan 28, 2002 at 09:28:31 PM EST

If someone clicks on something that looks like an application thinking they are opening a bookmark (which some variant of the MSIE document icon), they are stupid.
The problem: Generic icons.

People don't often see the "generic application icon". They're used to seeing the .exe's own application icon.

"Hey, what the hell is this? Looks like a web browser window or something, let's click on it..."

Another problem: non-descript icons or misleading icons.

Remember when the "Love Letter" was the virus du jour? Now what did it look like to average user?

"Uh, it has a paper... and scroll of some kind... and it says 'love letter' under it... It's a letter! Let's click on it..."

Absolutely clever engineering. I bet the Love Letter author was drunk one day, saw the .vbs file icon, and thought "hey, that looks just like a love letter!" and made a love letter virus based on vbscript. =)

-- Weyfour WWWWolf, a lupine technomancer from the cold north...


[ Parent ]
True, sort of (4.00 / 2) (#29)
by J'raxis on Tue Jan 29, 2002 at 12:20:34 AM EST

I suppose. Never underestimate the ignorance of any given user.

Anyone who has ever looked in a large directory-full of executables should recognize that EXE/COM icon; when one opens a directory full of apps (such as the win32 directory or whatever), for the first second or so all the applications are usually generic icons. Then Windows finds the right icons and applies them one by one down the list of files.

The script icon is appropriate; after all VBS is Windows’ knock-off of an inter-application scripting language — Apple had one of these years earlier, called AppleScript, and guess what its icon looks like? Little scrolls.

The problem is people not knowing generic classes of icons, I guess, or Windows not having a de facto standard set of them. On Macintosh, there are a whole slew of these generic icons that one should become familiar with ’ a sideways piece of paper with a hand holding a pencil across it is an app. One facing the opposite way is a desk accessory, sort of like a mini-app you would find in the Apple menu. A top-right dog-eared piece of paper is a document. A top-left dog-eared piece of paper is a system document, usually a sound file, font, etc. A piece of paper dog-eared in the lower-left is a piece of reusable stationery. A square box with a slider-bar down the bottom is a control panel. What looks like a chunk out of a puzzle is a system extension (think like a plug-in). Suitcases are library-like packages, containing system code, sets of fonts, and so on.

The nice thing about Macintosh is nearly all applications build upon this design: third-party apps nearly always use the top-right dog-eared docs (they just slap their logo on top of the icon), the stationery docs, and so on. Applications are the only anomaly here, and the general rule is that if an icon does not look like one of the above things, it would be an application. Although, some applications do use the generic-icon symbolism; an executable AppleScript (as opposed to a source file) is a scroll-paper with the pencil-and-hand upon it. Hypercard used to use a stack of documents as its document icon, and the app stood out as being a stack with the hand on it.

— The Raxis

[ J’raxis·Com | Liberty in your lifetime ]
[ Parent ]

I would agree except ... (4.00 / 1) (#33)
by ouija147 on Tue Jan 29, 2002 at 01:47:02 AM EST

in Outlook the damn thing looks like a web link. There is no icon, just underlined text that looks like a web link. If we didn't block ALL executable files at the email server, our network would have been a mess.

[ Parent ]
.COM Not Obsolete (4.33 / 3) (#18)
by Bad Harmony on Mon Jan 28, 2002 at 08:07:41 PM EST

Microsoft may not support the .COM format with their Visual Studio software development tools, that doesn't make it obsolete. I believe you can still create .COM files with MASM and LINK.

I use WATCOM C/C++ (now Microsoft roadkill), which supports 16-bit and 32-bit memory models, .COM and .EXE formats, DOS, OS/2, Netware, Windows, and some other stuff that I have forgotten about. Some of the older Borland compilers also supported .COM.

The 16-bit small memory model and the .COM file format is perfectly adequate for many simple CLI programs. It loads faster than an .EXE, there being no need for a link fixup phase in the loader.

5440' or Fight!

Besides.. (4.00 / 1) (#34)
by Ranieri on Tue Jan 29, 2002 at 01:50:54 AM EST

I still use debug.com regularly :)
--
Taste cold steel, feeble cannon restraint rope!
[ Parent ]
Nonexistent *.com limitations (5.00 / 4) (#19)
by localroger on Mon Jan 28, 2002 at 08:35:25 PM EST

Since DOS 4 or so, the OS has been able to execute files which actually have the structure of EXE files even if they have COM extensions. So COM is actually a format with extra capabilities, as it can support super-tiny quick-loading apps while EXE files must have an EXE header.

Incidentally, people who program in assembly language will not be happy if COM goes away, as it is by far the most natural (and usually quite adequate) format for such code. Hint. Hint. Hint.

I can haz blog!

Calc.com does work.... but is this good? (3.00 / 2) (#21)
by Blarney on Mon Jan 28, 2002 at 08:57:34 PM EST

Good point! I just renamed my calc.exe to calc.com, and it successfully ran. So a .com file doesn't have to be a DOS-box application like www.myparty.yahoo.com. It can even be a 32-bit GUI application! Joy.

That's just redundant and stupid. So any executable can be named .com and still work. That makes this an even bigger problem when people think they're going to a website and launch an executable instead.

[ Parent ]

Works the other way too (3.50 / 2) (#26)
by localroger on Mon Jan 28, 2002 at 11:05:56 PM EST

I just tested that -- one of my binary *.com files runs fine if I name it *.exe. So I withdraw my objection; we should be able to bar .com files from the more common launches since those of us who need them can just rename them *.exe. And everyone knows those are programs.

OTOH I wonder how the launcher tells the difference between a flat .com and a non-program file like a renamed .txt file. The .exe launcher can tell there is no valid header. Maybe this is why Windoze whines if you rename files from .exe/.com to non-.exe/.com extensions or vice/versa...

I can haz blog!
[ Parent ]

How the OS tells (4.00 / 2) (#35)
by roiem on Tue Jan 29, 2002 at 03:07:34 AM EST

As long as its actual extension is either .com or .exe, the OS can run it by checking the first two bytes. If they're MZ (someone's initials), it's a .exe, otherwise it's a .com. But if the extension isn't one of those, the OS won't try to run it. If you rename a .txt (or whatever) to .com (or .exe), the text will be interpreted as instructions, most probably causing nasty things to happen.
90% of all projects out there are basically glorified interfaces to relational databases.
[ Parent ]
Tiny executables (4.25 / 4) (#20)
by sketerpot on Mon Jan 28, 2002 at 08:36:22 PM EST

You can make very nice tiny executables with the COM format. For instance, you can crash Windows 3.x, 95, 98, and ME with a four byte program. Just go into your favoite assembler and assemble this:

cli
foo: jmp foo

This is very compact and will freeze a computer beyond CTRL-ALT-DELETE. How could you do that with EXE?

Are you sure? (4.00 / 2) (#28)
by Kalani on Mon Jan 28, 2002 at 11:30:00 PM EST

That should only freeze programs that run in Virtual 8086 mode. Protected mode programs shouldn't be affected.

-----
"I [think] that ultimately physics will not require a mathematical statement; in the end the machinery will be revealed and the laws will turn out to be simple, like the checker board."
--Richard Feynman
[ Parent ]
Horrors from the past.... (4.00 / 2) (#22)
by WWWWolf on Mon Jan 28, 2002 at 09:18:02 PM EST

Obligatory Jab:

The l33t k1dd33z who now write viruses probably would get absolutely shocked if they looked at old books about DOS viruses - "1813 bytes? what the hell? my l33t skR1pty is much bigger than that! You can't even think of viruses as small as 1813 bytes!"

::watches the virus-punk armada open the books on how to write really compact assembly code:: =)

...

Okay, as pointed out by others, it's easy to wreak havoc with even small .com programs. Some time ago, I was laughing at the maker of "Century" variant of Jerusalem virus, but I don't laugh - the Millennium has gone, and went, and DOS was still in use. And it still is for years to come.

I sort of agree: naming files "something.com" will open its doors to many sorts of semantic attacks, and DOS-based Windowses are still in wide use (regrettably).

-- Weyfour WWWWolf, a lupine technomancer from the cold north...


Win 95/98 ... perhaps ME? (4.00 / 1) (#27)
by haflinger on Mon Jan 28, 2002 at 11:24:46 PM EST

I've been migrating away from Windoze. But I do know that Win95 and Win98 both load win.com as the last step in the boot process. Just like Win 3.1. I doubt this applies to NT (2000/XP as well) though. At least, I hope not.

BTW - .com only makes sense in x86 assembly because of the x86's gross, irritating, thoroughly dumb memory management architecture. What's wrong with a real 32-bit address space? Sigh.

Did people from the future send George Carlin back in time to save rusty and K5? - leviramsey

PIF! (3.50 / 2) (#30)
by J'raxis on Tue Jan 29, 2002 at 12:27:08 AM EST

What about PIF files? These things server any purpose nowadays? Just seems like another ancient executable format that virus writers seem to enjoy due to its scarcity.

— The RAXIS~1.AVI.PIF

[ J’raxis·Com | Liberty in your lifetime ]

Perl and Python must die (4.00 / 2) (#37)
by AndrewH on Tue Jan 29, 2002 at 05:20:02 AM EST

After all, someone might click on a .pl or .py file.
John Wilkes Booth, Lee Harvey Oswald, John Hinckley Jr — where are you now that we need you?
Filetyping (4.00 / 2) (#38)
by Znork on Tue Jan 29, 2002 at 08:27:57 AM EST

Filetyping by extension is idiocy. Microsoft should remove that entire misfeature; it was obsolete even in the 80's.

Executeable files (4.00 / 1) (#41)
by alge on Tue Jan 29, 2002 at 02:34:04 PM EST

Oh yes oh yes oh yes, I'd LOVE to have executeable .doc files!! (= Seriously though, when you have a filesystem without exec bits, how are you going to remove the filetypes? Make everything executeable? I can't see this happening before _noone_ is using fatXX. I have no idea when that's going to happen - ich bin ein linuxer. But backward compability seems to be TheLaw in redmond, so don't hold your breath.

vi er ikke lenger elsket her

[ Parent ]
Filetyping by magic. (5.00 / 1) (#42)
by Znork on Tue Jan 29, 2002 at 03:22:34 PM EST

Most binary files have a magic number. These are a few bytes in the beginning of the file by which whatever program that is trying to load the file can decide wether or not it is a file it should actually be able to open, or the OS can decide how or what should run the file. These are usually what is actually used, and the OS should decide how to display what those files are based on the actual content in the file, not by some easily changed file extension. The use of file extensions for some things and not for a lot of other things (altho not the actual problem in this case) causes a lot of inconsistencies and has caused several security holes in MS products.

[ Parent ]
You got me on this one... (4.75 / 4) (#39)
by JonesBoy on Tue Jan 29, 2002 at 10:21:18 AM EST

Another case of "I'm a weenie who opens every e-mail I get from people I don't know, and click on every possible thing I can, repeatedly. Microsoft should make less things runnable because I am stupid"

Com files are just lines of computer code to execute. Translating CP/M stuff may be one use, but it is in no way exclusive to the format. Someone has a sig somewhere that says "DOS is not an OS, it is a program loader with memory resident extensions" Exactly. COM files get loaded into memory with a 100 byte offset and then run. Simple, elegant, blazing fast. They represent one of the few times your computer is really running real time. They are the workhorse that has allowed you to boot for the past 20+ years, and more (boot disks) Try formatting your new hard disk without coms. They are usually coded in Assembly, in which 64k of memory is plenty. I have most of my file moving utilities written as coms, and some bulk image manipulation programs in com files. About a year ago, I had to work with some high speed data acquisiton equipment. The windows driver sucked, and the best sampling rate achievable was pathetic. In 2 days I had a debugged com program that was maxing out the DAQ boards and filtering with cycles to spare. The other day I had to dump a file out the serial port. ~300 bytes of debug. Done. Take a look at http://www.computerhope.com/rdebug.htm for some neat stuff you can write with com files. (to make the routines com files, start with a100. Use 'n' to name your file, and put the size in CX with 'rcx'. 'w' writes your com file to disk)

And what other clickable things shall we remove? Pif, bat? Windows scripting, craptive X? You can even put malicious stuff in movie files. Hell, look how many fools click on .txt.exe crap. I bet you can send out a message saying "You just received a free virus update! Click here to install" and people would.

You problem is that your friend, like many computer users is incompetent and unaware. Luckily, she just received a memorable lesson on executable file types. Computers are still complex tools and not appliances. Learn to use it or quit bitching. Thankfully, unlike most tools, it was only some data and not fingers that got lost.

Speeding never killed anyone. Stopping did.
I agree that the capabilities are necessary ... (4.00 / 1) (#45)
by Kalani on Tue Jan 29, 2002 at 08:38:12 PM EST

... but the issue is really about a naming convention, not whether or not it's important to be able to do repetitive low-level tasks (obviously it's important). My serial port driver is in a vxd file, and it reads from the port's buffer in just the same way as a .com file would (obviously :).

Users don't care about the internal logic and mechanisms of a computer, they only work at the interface level. So what they want is a consistent interface (just like you want your logic to be consistent -- that's part of elegance). I like the Mac's way of making a file's type an entry in a table of meta-data about the file.

A user isn't stupid for not keeping all of the naming conventions straight, they're just uninformed (stupidity would be not seeing that something is easily derived from basic concepts ... like "rediscovering" that a "button" can be clicked for each button).

Also, to be pedantic, "craptive X" (I assume you mean ActiveX here) files are generally dll's with some special exports (DllGetClassObject, DllRegisterServer, DllUnregisterServer being the important ones ... though there's some OLE token to put into your version information resource to indicate that the library supports specific requirements of OLE). So, clicking on an ActiveX file wouldn't do anything.

-----
"I [think] that ultimately physics will not require a mathematical statement; in the end the machinery will be revealed and the laws will turn out to be simple, like the checker board."
--Richard Feynman
[ Parent ]
Clarification (4.00 / 1) (#46)
by JonesBoy on Wed Jan 30, 2002 at 12:04:03 PM EST

Sorry, I was just venting. I hate all these "new to computers" people complaining about usability. No, you can't "sit down and use it" just yet, and yes there are things you have to learn. People that don't bother to learn get burnt. I didn't mean to call your friend stupid, I am just venting.

In saying ActiveX, I was referring to some of the embedded web page scripting that MS had put into the browsers. My point was that there are a whole lotta things one can click on with negative results.

Forked files (like MAC and AppleII) are definately the way to go, but the backward compatability thing is really holding up progress. It will be a hard step to take, but it has to be done.

Speeding never killed anyone. Stopping did.
[ Parent ]
You think that's bad? (5.00 / 1) (#40)
by miles b on Tue Jan 29, 2002 at 12:22:08 PM EST

Try this URL: http://fucksociety.ca/chasey.jpg Microsoft's web browser is stupid enough to execute a script embedded in a .jpg file. Now this isn't a virus. It doesn't reproduce itself, and it's more of an annoyance than seriously malicious, but for a lot of people, it forces them to restart their machine. Luckily, being a Mac user, I'm basically immune to this. Mac Mozilla and Mac IE both see it as an error and do nothing. However, if somebody created something like w32.myparty, but which actually pointed to a real URL, it could be bad.

COM must die | 46 comments (42 topical, 4 editorial, 0 hidden)
Display: Sort:

kuro5hin.org

[XML]
All trademarks and copyrights on this page are owned by their respective companies. The Rest 2000 - Present Kuro5hin.org Inc.
See our legalese page for copyright policies. Please also read our Privacy Policy.
Kuro5hin.org is powered by Free Software, including Apache, Perl, and Linux, The Scoop Engine that runs this site is freely available, under the terms of the GPL.
Need some help? Email help@kuro5hin.org.
My heart's the long stairs.

Powered by Scoop create account | help/FAQ | mission | links | search | IRC | YOU choose the stories!