So, there's really no news article to this. I'm sort of thinking out loud because someone I know recently sent me a Powershell script to get them back auto-run functionality for thumb drives. Now, while the autorun functionality that removable media brings to the table is useful, it's problematic in that it is too trusting. Honestly, without some kind of verifiable trust relationship, pretty much anything can/will get launched from those things, and it's not like thumbdrives aren't a common vector for infection or anything. Actually, now that I think of it... *adds a vaguely-related URL*. Let me say right now that I would consider this post to be prior art. I am not rushing out to try and scribble up a patent because I believe strongly that restrictive patent controls should never be applied to something like this. If someone reads this, goes and writes something up and sells it, you owe me a soda or a strippergram or something. Subsequently suing other people writing their own code to do the same thing makes you a craven bastard who murders defenseless kittens and orphans. In short, there probably should be an autorun facility for removable media, just because of it's utility. In practice, this is dodgy as hell because media get tampered with. The proper solution, IMHO, is as follows: 1. Detect insertion of removable media. 2. Upon insertion, OS should examine filesystem looking for instruction as to what should be executed or read (in the case of HTML files or Flash media that can not be said to be "executed") from the drive. 3. Optionally generate some sort of unique identifier based on various parts of the filesystem when the type of filesystem is not strictly data, as with CDs and DVDs. 4. OS should then generate cryptographic data based on the contents of the files referenced from #2. This may include, but should not be limited to: __a. Multiple, disparate checksums __b. Fully-fledged cryptographic signatures based on public/private keys 5. Using either the index in #3 or the results from #4 the machine should then consult a local trust database on the (or network share, or even a freaking LDAP directory if you like) and look for record of a pre-existing trust relationship indicated by the actual user. 6. The data should then be executed/displayed/played if and only if a pre-established trust relationship has been recorded. If no such relationship has been recorded, you've basically got a few options depending on your relative level of caution. __I. Do nothing. __II. Warn the user of the possible execution (probably ideal), and require a trust relationship (either temporary or permanent) be recorded before going further. __III. Disallow further interaction with the media. Post Scriptum: There's a reason for both A and B above, and an appropriate time/mode for using each. Post Post Scriptum: No I don't care that this is relatively "obvious". There are plenty of people craven enough to file for a patent on such things anyway. If they didn't already do it, too f'ing bad. Trust and thumbdrives |