On TV.com: TOP 10 Shows CANCELED Too Soon
BNET Business Network:
BNET
TechRepublic
ZDNet
TalkBack 5 of 59:
Next »
« Previous
Please clarify one sentence from your blog
How did you get from this:
Even with this value set, Windows may execute arbitrary code when the user clicks the icon for the device in Windows Explorer.

to this:
This means that malware authors can place an Autorun.inf file on a device to automatically execute arbitrary code when the device is connected to a Windows system.

I haven't seen anything in any advisory that suggests that a default install of Vista will automatically execute arbitrary code without any user interaction. If you were talking about XP, fine, but shouldn't you clarify that your statement only applies to an OS that was replaced more than 2 years ago? Or am I incorrect in stating that default installs of Vista will not auto execute arbitrary code when you attach a device? If so, I wonder why that has never happened to me?
Posted by: NonZealot   Posted on: 01/21/09 You are currently: a Guest | Members login | Terms of Use
Reply to Story Reply to Message

Alert moderator to an offensive message

Subscribe to this discussion via Email or RSS

Why, why, why?  kd5auq | 01/21/09
What do you mean?  Lerianis | 01/21/09
Actually there's a very simple solution...  PollyProteus | 01/21/09
Re; Actually there's a very simple solution...  Me_too | 01/22/09
Please clarify one sentence from your blog  NonZealot | 01/21/09
XP may be superseded  Alan Smithie | 01/21/09
You don't think it is relevant to mention the affected OS?  NonZealot | 01/21/09
This affects all versions of Windows...  msalzberg | 01/21/09
"modified more than 2 years ago"  davidr69 | 01/21/09
Let me see if I understand this  NonZealot | 01/21/09
The obvious must be explained  davidr69 | 01/21/09
So let me explain the obvious!  NonZealot | 01/21/09
Yeah, but...  MGP2 | 01/21/09
that's what  rtk | 01/21/09
Phew, just seen update  Alan Smithie | 01/21/09
Still waiting for someone, anyone, to show how this is true in Vista  NonZealot | 01/21/09
RE: ... waiting ...  n0neXn0ne | 01/21/09
Even so  Michael Kelly | 01/21/09
There's still a problem  TristanGrimaux | 01/21/09
I've already stated that  NonZealot | 01/21/09
Yeah right! Your system wants to pass gas! Would you like to continue?  ja4509 | 01/21/09
Time for an analogy!!  NonZealot | 01/21/09
You know you are right!  ja4509 | 01/21/09
I know exactly what you mean  NonZealot | 01/21/09
and you can press ESC to get around the login  deaf_e_kate | 01/22/09
The user interaction isn't in the form one would be suspicious of, however  D. W. Bierbaum | 01/22/09
What's the Registry?  kozmcrae | 01/21/09
Here you go:  Grayson Peddie | 01/21/09
Heh! It should be easier to disable this than it is.  D. W. Bierbaum | 01/22/09
RE: US-CERT warning: Windows does not disable AutoRun properly  rparker009 | 01/21/09
The "Do Nothing" option not doing nothing, is the problem...  D. W. Bierbaum | 01/22/09
RE: US-CERT warning: Windows does not disable AutoRun properly  khariskh | 01/21/09
Thanks, Interesting link.  joe.smetona@... | 01/21/09
Serious Business . . .  brian ansorge | 01/21/09
RE: US-CERT warning: Windows does not disable AutoRun properly  Sunday Ironfoot | 01/21/09
Whoops  Sunday Ironfoot | 01/21/09
And executable still can't infect patched machines  NonZealot | 01/21/09
It presents a FALSE "Open folder" option that runs the file.  hkommedal | 01/22/09
RE: US-CERT warning: Windows does not disable AutoRun properly  h_rorarius@... | 01/21/09
Isn't Microsofts fault, really....  bruceslog | 01/21/09
RE: Isn't Microsofts fault, really....  trybble1 | 01/21/09
Think it is great  gogalthorp | 01/21/09
Theres only one persons fault  HexHammer67 | 01/22/09
Autoinstalling via Autorun is not really social engineering  deaf_e_kate | 01/22/09
It IS Microsofts fault this time.  hkommedal | 01/22/09
You've hit the problem  jumpa | 01/22/09
I've been saying this for many years  HexHammer67 | 01/22/09
I remember shop classes saying this very thing about calculators!  D. W. Bierbaum | 01/22/09
Naive thinking, very Windows like.....  deaf_e_kate | 01/22/09
RE: US-CERT warning: Windows does not disable AutoRun properly  wirecutter | 01/22/09
RE: US-CERT warning: Windows does not disable AutoRun properly  ceh4702 | 01/22/09
Slide rulers  Samun56 | 01/22/09
RE: US-CERT warning: Windows does not disable AutoRun properly  WireWrap | 01/22/09
So you are happy  HexHammer67 | 01/22/09
Changes Nothing  gbentley@... | 01/22/09
yet another reason to use Vista  qmlscycrajg | 01/22/09
RE: US-CERT warning: Windows does not disable AutoRun properly  bucks13 | 01/23/09
RE: US-CERT warning: Windows does not disable AutoRun properly  Jahm Mittt | 01/23/09
RE: US-CERT warning: Windows does not disable AutoRun properly  Scott Larson | 01/25/09

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

advertisement
advertisement

SmartPlanet

  • Thought-provoking progressive ideas on diverse topics that intersect with technology, business, and life, and matter to the world at large. Visit SmartPlanet
  • More from IBM
  • Innovate your business' process model, play against the market, compete against others on our scoreboards and WIN! Try INNOV8 2.0: A BPM Simulator
  • Enabling Real-World Business Transformation through IBM Service Management Read the EMA Analyst Report
Click Here