Well it’s believed it entices users to click the malware to run by disguising itself as the last accessed folder with the same name and folder icon.
In that case having the option to always show extensions enabled would be helpful for trained users who care to be careful.
It’s not that interesting sounding given we know the NSA and eyes countries have developed compromised firmware for certain hard drives to enable true spread without interaction or hope of prevention. Whenever I see one of these I wonder if it’ll be a case of compromising the device itself but it’s this old stuff instead which can be defeated with a good security posture.
When the drive is mounted noexec it’s not possible to run any programs on it. You can also mount any user writable directories noexec so they can’t copy the program somewhere else and run it.
It seems like they could be rendered ineffective by simply disabling auto run and forcing removable drives to mount noexec.
This should be the default on all PCs.
I thought we learned that like two decades ago.
https://en.wikipedia.org/wiki/Sony_BMG_copy_protection_rootkit_scandal
Maybe the target systems are more than 2 decades old.
Does any Linux distro have autorun? Because Windows isn’t really an OS anyway.
Windows isn’t an OS? What kind of nonsense is this?
I’d say the team from DEC who created it, would differ.
Yes, Linux has autorun and some distros have it enabled by default.
Yeah our corporate machines won’t run any external media. I assumed that was standard practice.
You would be shocked at the amount of times employees would bring devices into our air gapped network.
Well it’s believed it entices users to click the malware to run by disguising itself as the last accessed folder with the same name and folder icon.
In that case having the option to always show extensions enabled would be helpful for trained users who care to be careful.
It’s not that interesting sounding given we know the NSA and eyes countries have developed compromised firmware for certain hard drives to enable true spread without interaction or hope of prevention. Whenever I see one of these I wonder if it’ll be a case of compromising the device itself but it’s this old stuff instead which can be defeated with a good security posture.
Hidden file extensions is such a terrible default it amazes me that Microsoft is still doing that
When the drive is mounted noexec it’s not possible to run any programs on it. You can also mount any user writable directories noexec so they can’t copy the program somewhere else and run it.