Re: DLL hijacking with Autorun on a USB drive

[Valdis.Kletnieks () vt edu]

On Fri, 27 Aug 2010 10:13:21 EDT, Dan Kaminsky said:

> Oh, come on.  MS puts more effort into delivering a secure platform than
> pretty much anyone at this point.  They're just not the low hanging fruit
> they once were.

Oh, I'll grant you that, they *have* done a great job in the past few years,
the biggest turn-around I've seen in 3 decades in this business.

The point is that we all know that *really* fixing some of these issues will
involve a *complete* re-architect of the system - and that's someplace they
really don't want to go.  Look at how many corporations were slow to jump on
Vista - now imagine if the corporations had to wait for pretty much *every
single app* to update to the New World Order.  Remember that one of the big
components of vendor lock-in is the cost of jumping ship.  Now if the next
WIndows release is as disruptive as jumping ship, you lose a lot of lock-in.
(And remember what people said about the *first* release of UAC in the beta? A
*lot* of people said it sucked hard enough to make them seriously consider
moving to Linux... so it got toned down a whole lot before release.)

Attachment: _bin
Description:

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/