Just a few comments to update people on some of the issues in this thread. Fast forward to 2008. Phishing and drive-by downloads have become a real problem. Rootkits are still extremely hard for most anti-virus programs to detect or remove. As a result, I expect that threats travelling via USB drives will grow much more popular. So, people need to be careful. NEVER put an unknown device into your computer, whether you are running a Mac, Linux or any other OS.
It's not just autorun programs that are a problem. If they can put files on the device that will get people to click on them, they can launch programs that will run on any computer. It could take you to phishing sites, or emulate a login page of a bank to steal passwords, or they can install software on your computer that allows for remote execution - basically turning it into a slave for attacking other computers (even Mac's have security vulnerabilities that can allow this).
Now, if you don't think there's anyone naive enough to fall for this, ask yourself why it still makes economic sense for spammers to keep operating the way they do.
At my site, I'm running an experiment to illustrate what the level of public awareness is to threats based on mobile devices. About 40 percent of the devices I "lose" containing passive content tracking (image source links in HTML files) found by people in the public domain get plugged in and have at least one file opened. Please visit the site at http://www.honeystickproject.com for more info, and make a comment. Note: the project does not deploy any software on the devices, and does not collect any other information except what was clicked on. This makes it cheap and easy to use for measuring awareness.
Now that we've thrown 'em off the trail, use the form below to get in touch with the people at Engadget. Please fill in all of the required fields because they're required.
Just a few comments to update people on some of the issues in this thread. Fast forward to 2008. Phishing and drive-by downloads have become a real problem. Rootkits are still extremely hard for most anti-virus programs to detect or remove. As a result, I expect that threats travelling via USB drives will grow much more popular. So, people need to be careful. NEVER put an unknown device into your computer, whether you are running a Mac, Linux or any other OS.
It's not just autorun programs that are a problem. If they can put files on the device that will get people to click on them, they can launch programs that will run on any computer. It could take you to phishing sites, or emulate a login page of a bank to steal passwords, or they can install software on your computer that allows for remote execution - basically turning it into a slave for attacking other computers (even Mac's have security vulnerabilities that can allow this).
Now, if you don't think there's anyone naive enough to fall for this, ask yourself why it still makes economic sense for spammers to keep operating the way they do.
At my site, I'm running an experiment to illustrate what the level of public awareness is to threats based on mobile devices. About 40 percent of the devices I "lose" containing passive content tracking (image source links in HTML files) found by people in the public domain get plugged in and have at least one file opened. Please visit the site at http://www.honeystickproject.com for more info, and make a comment. Note: the project does not deploy any software on the devices, and does not collect any other information except what was clicked on. This makes it cheap and easy to use for measuring awareness.