If you use Windows software on Ubuntu 10.04, chances are you've encountered the new feature in Lucid Lynx that prevents .exe files from being run without the executable bit set.  This might be good and well for some users, but is it really the best approach to security?  Here are some thoughts.

In the past, .exe files could be run simply by right-clicking and opening them with "Wine Windows Program Loader," regardless of whether they had the Unix executable bit set.  In Lucid, however, "Wine Windows Program Loader" doesn't call the Windows emulator wine at all, but instead executes a utility named cautious-launcher, which presents this complaint when the .exe file lacks executable permissions:

Cautious-Launcher screenshot.

Why this is bad

I'm all for a security policy that protects innocent users from running things they'll regret.  But I'm also a big fan of usability and user-friendliness, and the dialogue above is less than consistent with those values.

I'd venture a guess that the vast majority of people who download .exe files don't want a lecture on Ubuntu's security policy and how it helps protect them from malware.  Nor do they want to read an exhaustive explanation of Unix permissions that doesn't even mention how to make a file executable without using the command line.

Most users just want to run their program.  Towards this end, the cautious-launcher dialogue should at least include a link to simple instructions for setting file permissions without having to use the terminal.  Better yet, it should provide a button for setting the executable bit then and there.  Or best of all, the utility could just take the Windows 7/Vista approach and ask for confirmation before executing the file in question.

The concept behind cautious-launcher is also bungled because you can't set the executable bit for files on a CD or DVD.  That's a major, major problem that non-geeks can't be expected to solve.


Granted, this is hardly the greatest of Ubuntu's flaws. It's also easy enough to get around cautious-launcher by calling wine directly.

All the same, this concept smacks of pedantry and represents the wrong direction for Ubuntu to take. If we want to bring Linux to the masses, we need to worry more about making it super-easy to get stuff done, and less about ensuring that everyone understands what the letters rwx mean.