said by mysec:I read both the article and blog when they appeared. I've tested many times with my XP laptop and have never found the mountpoints2 entries to stick once the CD is removed from the drive, or USB drive unplugged.
Nick doesn't elaborate on the cache setting, so I don't know what he is referring to.
Regarding your friend: is he concerned about his own computer, or government computers?
If his own, just install a White List execution prevention program and he's safe.
----
rich
It's their own computer they're trying to protect. They've been attacked 3 times in recent days, and there's a concern that sooner or later their AV may not hold against the flood... the most recent attack was related to an autorun-triggered Win32/PSW virus varient that only made it onto their AV's signature list three days or so before the attack occurred.
·