|
Let’s be honest here. The
issue is the human, not the computer or the software. It’s called
the dancing bunny problem. No matter how many clicks, popups, checkboxes,
or warnings you give the user – they will click them all to see the
dancing bunny. Sure, turn off AutoRun – I do even
for CDROM drives. But it could be a linux system with a person on the
console. If you placed a CD on the table with 3 items: shell, make, ./appname
– and they’ll do it. I see software install instructions that
say “Please disable firewall and anti-virus software before running this
install to ensure it installs properly”. I mean COME ON! As long as it doesn’t say “touch
fire”, everyone’s learned that lesson. /David. From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of chuck5566 "I would have loved
to be on the inside of the building watching as people started plugging the USB
drives in, scouring through the planted image files, then unknowingly running
our piece of software." I suspect it wasn't autorun, this time, based on the last part of that sentence from the article's author. If autorun was used, then the malware probably, *probably*, would
started immediately and there wouldn't be a need for the victims to "then
unknowingly". Also, the following is from Microsoft's Web site. I wonder how
many people are going to go through the trouble. Chuck The Autorun capabilities are
restricted to CD-ROM drives and fixed disk drives. If you need to make a USB
storage device perform Autorun, the device must not be marked as a removable
media device and the device must contain an Autorun.inf file and a startup
application. The removable media device setting
is a flag contained within the SCSI Inquiry Data response to the SCSI Inquiry
command. Bit 7 of byte 1 (indexed from 0) is the Removable Media Bit (RMB). A
RMB set to zero indicates that the device is not a removable media device. A
RMB of one indicates that the device is a removable media device. Drivers
obtain this information by using the StorageDeviceProperty
request. On Jun 9, 2006, at 4:48 PM, K.S. Bhaskar wrote:
Autorun has to be how the Trojan got in. -- Bhaskar _______________________________________________ Hardhats-members mailing list |
_______________________________________________ Hardhats-members mailing list Hardhats-members@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/hardhats-members
