Robust_Mirror

I fully agree, there isn't a good reason. The issue is that flaw is a systemic one in Windows.

Modern operating systems should be operating under zero trust. The fact that Windows still operates on Intranet Era logic, where if a file is reachable, it’s probably safe, is exactly why these exploits keep happening.

The problem comes down to a Windows API called ShellExecute. When an application like Notepad passes a link to this API, it is effectively saying to the OS, The user wants to open this, figure out how to run it.

Windows looks at it and essentially says, Oh, it's an .exe on a network share? The user must want to run that software, launch it, rather than, This is executable code from a network location I don't control, download it and make the user double-click it themselves.

The main reason it does this is for legacy enterprise convenience. Decades ago Microsoft designed Windows so that companies could put internal tools on a shared drive and employees could run them instantly. They prioritised seamlessness over security by assuming the network perimeter was the security boundary, and everything on it was there because they wanted it to be.

Obviously that assumption is dangerous. Like you said, no remote executable should ever be treated as trusted by default, regardless of whether it came from the Store, an SMB share, or a web link. The action of clicking a link should never map directly to execution of code. It should map to retrieval of data. Microsoft basically turned a convenience feature into a permanent vulnerability.

Yeah I get your thought process, but the second vulnerability is actually just how Windows is designed to work. When Notepad follows a link, it isn't opening a web page, it's passing a command directly to the OS shell.

Because Notepad is a trusted native application, it bypasses many of the security checks that a browser has.

If the link uses the file:// protocol to point to an .exe on a remote server, or ms-appinstaller to trigger an install, the OS treats that as a direct instruction to launch that software, so it can trigger an app installation prompt or, depending on the exploit, silently side-load malicious packages.

No, I didn't.

This is akin to calling the police for the murder of your spouse BEFORE you commit the murder. There's literally no good reason not to wait until after.

Please, name me a logical reason why, before you commit the act, during the planning stage, or even when you are moments from planning to execute the plan, you would call someone entirely unrelated to prepare a document about what you are going to do, instead of calling them AFTER.

No, it doesn't.

This is akin to calling the police for the murder of your spouse BEFORE you commit the murder. There's literally no good reason not to wait until after.

Please, name me a logical reason why, before you commit the act, during the planning stage, or even when you are moments from planning to execute the plan, you would call someone entirely unrelated to prepare a document about what you are going to do, instead of calling them AFTER.

What I'm going to say is: technology. The calendar will never change because of technology. This would be the most expensive and extensive change in history. Every computer system, program, device everything.

And you have to either retroactively change past dates, or support 2 systems at the same time. It's almost insurmountable at this point.

Next year for Monday fans.

Why though. Why would you prepare the document the day before? Why do you need to have it "ready to go"? There's literally no logical reason to premake such a document. It doesn't benefit the murder plan at all.

But you need the code to THAT masterlock to use it to open the first masterlock.

.

Because there's no market for it. The fact they don't sell cases with keyboards while they do sell things like backbone makes it incredibly clear not many actually want this. Swipe typing is very fast once you're good at it.

I have a crap ton of things I really want but would never choose to spend the money on myself and wait for it as a gift. That's basically the entire point of gifts imo, getting things you want but can't justify spending the money on.

I would call that enthusiast level rather than rich person. It's not more than a decent drone or camera or many other technology hobbies. Less than half the price of a ps5 or meta quest 3.

Sure, you could argue it probably has less function and replay value than those. But it's still not ludicrously expensive if you REALLY want it.