Comments on: Image File Execution Options http://blogs.mcafee.com/mcafee-labs/image-file-execution-options Wed, 23 May 2012 15:26:06 +0000 hourly 1 http://wordpress.org/?v=3.3.1 By: johnny http://blogs.mcafee.com/mcafee-labs/image-file-execution-options/comment-page-1#comment-155696 johnny Wed, 06 Jul 2011 11:52:10 +0000 http://www.labs.com/research/blog/?p=761#comment-155696 Thanks for your detail explanation. It is so fantastic with screenshot. Thanks again. Thanks for your detail explanation.
It is so fantastic with screenshot.

Thanks again.

]]> By: Ankur http://blogs.mcafee.com/mcafee-labs/image-file-execution-options/comment-page-1#comment-20368 Ankur Sun, 26 Sep 2010 08:20:42 +0000 http://www.labs.com/research/blog/?p=761#comment-20368 Thanks Lokesh..very well explained... @ken most end users run their machine logged in as admin. Thanks Lokesh..very well explained…
@ken most end users run their machine logged in as admin.

]]> By: MySpace Comments http://blogs.mcafee.com/mcafee-labs/image-file-execution-options/comment-page-1#comment-20357 MySpace Comments Wed, 10 Dec 2008 20:25:07 +0000 http://www.labs.com/research/blog/?p=761#comment-20357 Thanks for explaining image file execution stuff. Thanks for explaining image file execution stuff.

]]> By: Tyler http://blogs.mcafee.com/mcafee-labs/image-file-execution-options/comment-page-1#comment-20356 Tyler Wed, 10 Dec 2008 17:04:31 +0000 http://www.labs.com/research/blog/?p=761#comment-20356 Um, Ken/suc - most users run with admin privs. Thats how malware gets a hold in the first place. Thanks Lokesh - informative post. Um, Ken/suc – most users run with admin privs. Thats how malware gets a hold in the first place.

Thanks Lokesh – informative post.

]]> By: Bruce http://blogs.mcafee.com/mcafee-labs/image-file-execution-options/comment-page-1#comment-20355 Bruce Wed, 10 Dec 2008 16:10:23 +0000 http://www.labs.com/research/blog/?p=761#comment-20355 Ken - the author never said this was a hole. This is just bringing attention to another technique to autorun something malicious. Malware authors take advantage of it seems like a dozen or more methods to autorun their programs, and many do require admin rights. Malware authors also take advantage of uncountable attack vectors that will get at your users PC's. And guess what? most shops run with users as admins as do most home users. but more importantly, IT administrators need to know about these techniques so we can intelligently fight new malware ourselves when our AV vendor's product does not have an update yet. Ken – the author never said this was a hole. This is just bringing attention to another technique to autorun something malicious. Malware authors take advantage of it seems like a dozen or more methods to autorun their programs, and many do require admin rights. Malware authors also take advantage of uncountable attack vectors that will get at your users PC’s. And guess what? most shops run with users as admins as do most home users. but more importantly, IT administrators need to know about these techniques so we can intelligently fight new malware ourselves when our AV vendor’s product does not have an update yet.

]]> By: suc http://blogs.mcafee.com/mcafee-labs/image-file-execution-options/comment-page-1#comment-20354 suc Wed, 10 Dec 2008 13:21:01 +0000 http://www.labs.com/research/blog/?p=761#comment-20354 writing in HKey_Local_Machine requires administrative privileges. writing in HKey_Local_Machine requires administrative privileges.

]]> By: Ken Hagan http://blogs.mcafee.com/mcafee-labs/image-file-execution-options/comment-page-1#comment-20353 Ken Hagan Wed, 10 Dec 2008 13:14:50 +0000 http://www.labs.com/research/blog/?p=761#comment-20353 This has been in NT since the outset. Yes, it's intended as a debugging aid, but it is hardly a malware hole. You need admin rights to tweak it. This has been in NT since the outset. Yes, it’s intended as a debugging aid, but it is hardly a malware hole. You need admin rights to tweak it.

]]>