Security Basics mailing list archives
Re: Basic Windows Security Question
From: Ansgar -59cobalt- Wiechers <bugtraq () planetcobalt net>
Date: Tue, 5 Apr 2005 12:13:14 +0200
On 2005-03-31 David Gillett wrote:
I think we're overdue for a "don't permit code execution from removable R/W devices" OS security policy entry. Doesn't matter whether it's a floppy, a thumb drive, a USB/firewire hard drive.... (The 'R/W' qualifier is to allow autorun CDs to be handled separately.)
I have to disagree with that. There is (almost) no point in preventing execution of files on removable media since a user could copy the executable file to his %USERPROFILE% (or someplace else he can write to) and execute it from there. Plus I don't see why one would want to handle CD-R differently from other media. Malware may just as well reside on a user-burnt CD as it may on a USB stick or something else. What you really want (from a security point of view) is to prevent autoplay in general. Automatic execution of code is evil. You may also want to whitelist the executables users are allowed to run. For Windows 2000/XP there is a policy to prevent autoplay all drives (both user and computer configuration: administrative templates\system). Also you have Software Restriction Policies that allow for whitelisting of executables. Regards Ansgar Wiechers -- "All vulnerabilities deserve a public fear period prior to patches becoming available." --Jason Coombs on Bugtraq --------------------------------------------------------------------------- Earn your MS in Information Security ONLINE Organizations worldwide are in need of highly qualified information security professionals. Norwich University is fulfilling this demand with its MS in Information Security offered online. Recognized by the NSA as an academically excellent program, NU offers you the opportunity to earn your degree without disrupting your home or work life. http://www.msia.norwich.edu/secfocus_en ----------------------------------------------------------------------------
Current thread:
- RE: Basic Windows Security Question David Gillett (Apr 04)
- Re: Basic Windows Security Question Ansgar -59cobalt- Wiechers (Apr 05)
- <Possible follow-ups>
- Re: Basic Windows Security Question Doug . Janelle (Apr 04)
- RE: Basic Windows Security Question Herman Frederick Ebeling Jr. (Apr 04)
- Re: Basic Windows Security Question Steve (Apr 05)
- Re: Basic Windows Security Question Sebastian (Apr 06)
- Re: Basic Windows Security Question Danny Puckett (Apr 04)
- Re: Basic Windows Security Question Steve (Apr 04)
- Re: Basic Windows Security Question C. Francis Pineda (Apr 05)
- RE: Basic Windows Security Question Dante Mercurio (Apr 06)
- Re: Basic Windows Security Question Barrie Dempster (Apr 12)