I am not talking and never was talking about ME and how I could or not could prevent this.
I am pointing to something, where I honestly think, that DT need to have SANE defauls for ALL users of DT!
And this mean esp. something that does NOT need any action of any single users, but a default for ALL users.
And yes, I am aware that this seems to be a problem of ExFat and that this also may only be relevant for a subset of users - but, as this is the only inter-OS file system and also be the file system of choice for users of VeraCrypt, I had hopes for a more positive resonse instead of lecturing me or pointing out, how I could change this.
Yes your points are very clear, but are IMHO along with other people here that to expect and demand DEVONthink to control this risk which is both unrealistic and inappropriate. It is the job of the operating system (OS) and for the operating system to give you as user the ability to tweak your own settings to lock it down as you see fit. And in this instance there is nothing that can be done to control the disk as the ExFAT does not provide such features. time to give this one a rest, I think. Less than a molehill and not the mountain as claimed.
Right: DT is not running anything ever. It is simply opening something with the default application for that type of file. I suppose the OP has their reasons for insisting on this being more a problem of DT then the finder’s file association. Which they could easily change if they’d really believe the risk to be as horrendous as they make it seem here.
I think / assume because whilst the behaviour is logical, it was not expected. If that is so, it suggests a subset of users will be surprised. Which brings me back to my “is it helpful for DT to be able to open executables” question. If not, we could all merrily agree that it’s a function which could be done away with and at least has potential to mitigate risk for some users.
DT purports to open any file for which an application is registered in the OS. The apps you mentioned do not provide that functionality, with the exception of Apple’s Photo app, perhaps: That one can actually open images in another program.
From the point of view of a program that simply passes an URL to the OS to open this URL with the registered app, all files look the same. Why would it inspect the execute bit?
Also, compiled (Apple)Scripts are executable and will be executed when double clicked. Is that desired behaviour or isn’t it?
DT3 is not a PDF viewer. It is one of the few remaining true extremely customizable, extremely scriptable power-user applications for the Mac.
The ability to use DT3 to not only view but also launch apps is IMHO a feature, not a bug. Sure there are “security” risks involved, just as there are similar security risks in any app that strongly supports scripting and smart rules. I eagerly accept those risks in return for the benefits that I get.
For those who prefer a more locked-down and non-customized experience, there is no shortage of apps with that philosophy.
Do you use the UI to launch apps per se (ie directly launching the executable), or only to open with? Or do you only launch apps from e.g. scripts? Just trying to get use scenarios here.
I also launch Javascript code directly as part of HTML pages stored in DT3. Sure that is a huge security risk if I do not control access to my database. But if I am the only one accessing the database then security is not really relevant - I prefer global privileges in that situation.
Indeed many desktop apps and web apps lock down Javascript these days - I understand why they do it, but at the same time I am very grateful that DevonTech does not and instead lets me manage security as I wish.