MyDoom and VSTO
I've blogged a lot about the VSTO security model, and many customers have been frustrated / confused by the tight security policy we use. Why on earth would we not trust code just because it's on the local machine?
Well, one of our main scenarios for the VSTO model (and one that I demo-ed at TechEd last year) was a ZIP-based attack where a user receives an e-mail with a ZIP file containing a document and a DLL which they extract and then open. Of course at the time the attack was "theoretical" and some people laughed at such an idea...
Of course now the new MyDoom virus proves that users will extract files from a ZIP and then open them. The old Linux virus joke of "please add the following files to your kernel, re-compile it, and then forward this message to all your friends" gets closer to reality with each passing day... <sigh>
Comments
- Anonymous
February 02, 2004
The comment has been removed - Anonymous
February 02, 2004
Hey Martin,
You can definitely concoct lots of scenarios that will get users to open the attachment. I will not mention any of my own fears here because then I'd feel really bad if they ever happened.
As software becomes more secure, it is the users that will be attacked (as people like Kevin Mitnick have proved in the past)
- The freak ;-) - Anonymous
February 03, 2004
I hear ya. I'm just waiting for the day when I have to go back to my sister's house and reload Windows again because they had some "optimizer" (forget the ten copies of Gator) that corrupted the NTFS so bad I had to FDISK it for setup to even run. Don't you love getting a blue screen during setup, fdisk it, and everything installs just fine.