• cmnybo
    link
    fedilink
    English
    arrow-up
    60
    arrow-down
    1
    ·
    3 months ago

    It seems like they could be rendered ineffective by simply disabling auto run and forcing removable drives to mount noexec.

    • expr@programming.dev
      link
      fedilink
      English
      arrow-up
      6
      ·
      3 months ago

      Yeah our corporate machines won’t run any external media. I assumed that was standard practice.

    • Majestic@lemmy.ml
      link
      fedilink
      English
      arrow-up
      3
      ·
      3 months ago

      Well it’s believed it entices users to click the malware to run by disguising itself as the last accessed folder with the same name and folder icon.

      In that case having the option to always show extensions enabled would be helpful for trained users who care to be careful.

      It’s not that interesting sounding given we know the NSA and eyes countries have developed compromised firmware for certain hard drives to enable true spread without interaction or hope of prevention. Whenever I see one of these I wonder if it’ll be a case of compromising the device itself but it’s this old stuff instead which can be defeated with a good security posture.

      • Chronographs@lemmy.zip
        link
        fedilink
        English
        arrow-up
        19
        ·
        3 months ago

        Hidden file extensions is such a terrible default it amazes me that Microsoft is still doing that

        • Prison Mike@links.hackliberty.org
          link
          fedilink
          English
          arrow-up
          2
          ·
          3 months ago

          macOS does this too shockingly despite using the file extension as a “hint” to the file type. I think it’s unique in that most UNIX/Linux systems use magic number and Windows blindly accepts that the file is of the type that matches the extension.

      • cmnybo
        link
        fedilink
        English
        arrow-up
        3
        ·
        3 months ago

        When the drive is mounted noexec it’s not possible to run any programs on it. You can also mount any user writable directories noexec so they can’t copy the program somewhere else and run it.