<<< Date Index >>>     <<< Thread Index >>>

Re: First vulnerabilities in the SP2 - XP ?...



In-Reply-To: <200408180941.16239.radoslav.dejanovic@xxxxxxxx>


>This basically tells the user to open CMD and then execute the attachment in 
>command line. Now, someone has to be really, really dumb to do that.

People might forget that dragging and dropping to a command prompt actually 
executes the file.

I have 2 words, Batch files.. I did not get prompted when I double clicked a 
batch file containing one line "Malicious program.exe"

Sp2 did not also detect that Viri.zip downloaded from the internet and contains 
an EXE inside it...

I am not trying to create bad press for SP2, I personally think very highly of 
it...

But I do think people will enter the trap "Wel it's gonna alert me if it's not 
safe ain't it?" I think that's the biggest issue here