Re: DLL hijacking with Autorun on a USB drive

[Dan Kaminsky <dan () doxpara com>]

On Aug 31, 2010, at 6:49 PM, paul.szabo () sydney edu au wrote:

> Dan Kaminsky <dan () doxpara com> wrote:
>
> > iexplore.exe has a security model. Explorer.exe doesn't ...
>
> Very dim view. So, there is no way for a Windows user to access his
> "desktop", e.g. any data on a CD or USB stick, in a safe way? Seems so
> wasteful for MS to try and plug autorun viruses, then...
>
> Thankfully, you are wrong. All decent OSs have some security. (Some  
> are
> more decent than others.)

Ok. Which desktop shell doesn't behave just like explorer?

More instructively -- what would a secure desktop look like?


> Cheers, Paul
>
> Paul Szabo   psz () maths usyd edu au   http://www.maths.usyd.edu.au/u/psz/
> School of Mathematics and Statistics   University of Sydney     
> Australia

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/