Gmail Will Soon Block JavaScript File Attachments

Starting February 13, 2017, Google will not allow JavaScript files to be sent as an attachment via Gmail in an effort to reduce malicious attacks. Android Police reports: Malicious emails often attach various forms of executable programs and trick users into running them. These include standard Windows executables (.exe), batch files (.bat), and even JavaScript files (.js). If you're not familiar with web development, JavaScript is a common language used when developing web applications, and JS files are often loaded as part of web pages. However, opening an unknown JS file on Windows can be dangerous, as it runs inside Windows Script Host by default. From there, the script can easily run Windows executables. While blocking .js attachments is a step in the right direction, it is unclear if any warnings will be shown when receiving emails with JS files attached. Source: G Suite Updates

Re:WTF

[Cajun+Hell]

God forbid the default action for a script is to execute it.

Agreed. It's not 1988 anymore, so people generally shouldn't be running whatever random code somebody on the Internet sends them. It's forgiveable for OSes to have lagged a bit, but by the late 1990s it's pretty fucking stupid for an OS to do that.

I mean personally I just like scripts for the bed time reading with their riveting plots and all, but I guess there's probably some people who would prefer scripts to actually do what they claim to do.

Those other people can easily be accomodated. After they read the script or otherwise determine that it's something they'd like to run, they can indicate to the OS when they want to run it. chmod +x or however it works for their platform.

Malware unfriendliness is user unfriendliness.

Wait, I don't agree with you anymore. One of the things that makes my computer so friendly, is that it runs software for me, rather than for someone else (especially adversaries). Malware and users are in zero-sum: what's unfriendly for malware is friendly for the user, and vice-versa.

Piss them off with frustrating defaults, burry them under an endless string of confirmation boxes, or just trust them to break their computer if they so chose.

Yeah, and the last option is the friendliest. If someone wants to execute a script, they should totally be able to, and easily. But in such an exceptional and rare situation as wanting to treat a freshly-downloaded file as executable, they're going to have to tell the computer at least once, "This is an unusual situation. I want to execute this, rather than what I normally do 99% of the time with unvetted scripts (look at them in my editor)."