Jim,
Thanks for your question:
How can console(_dot_)user(_at_)home(_dot_)com know if the attached
executible
file is safe or not?
If I knew that, I wouldn't be trying to stop complacency
about the promiscous exchange of self-extracting archives.
The best attempts to address the issues so far involve
"certificate-signed executables", a cryptological method of
verifying that some certificate authority approves of a
given fixed string of bits. Do a search on that and/or
"application signing" to learn more. A caveat in practice,
though, so far signed executables do not seem to have
caught on. At best, they are complicated to get right and
involve an increased support cost if done wrong. At worst,
the certificate authorities, who often have a strangle-hold
on such technologies, often because of poor regulations,
are too greedy to have helped these catch on yet.
Cheers,
James