Re: Nearly undocumented NT security feature - the solution to executable attachments?

[Vanja Hrustic <vanja () pobox com>]

On Tue, 07 May 2002 22:28:33 +0200
"KJK::Hyperion" <noog () libero it> wrote:

> MYTH: Windows NT users cannot defend from e-mail borne malware, because 
> unlike in Unix all files in Windows NT are executable, and the only 
> protection against this is antivirus software (read on Usenet)
>
> FACT: all files, in Windows NT, are merely executable *by default*. In
> fact not only execution of files can be restricted on a per-file basis,
> but it can be restricted more efficiently than on Unix, and using only
> features of the operating system

Yeah, right.

Something I *really* want to find out (and is not intended to be a flame),
is:

Is it possible to have an NTFS partition under Windows 2000 (or XP, if
that matters) 'mounted' in the same way as UNIX partition is mounted with
'noexec' option? For example, if I wish that nothing can be executed on D:
disk (for example, which is not a disk where Win2000 resides, in my case),
what would I have to do?

I am very well aware that 'noexec' doesn't help much (at least on Linux)
if someone wants to execute a binary. That's not what I am interested in,
anyway. I would like to know how I can prevent 'accidental' execution of
binaries in Windows 2000/XP, on a partition level, not on a 'directory
level' (with ACLs).

Thanks in advance.

Vanja