In addition to my previous suggestions, any application that will copy
hidden files, or will change the file attributes to hidden should notify the
user of the action. Although there should be a apply to all answer when
multiple files are selected.
Any users that will run an application or run an executable file from media
other than the hard disk, background or foreground, should warn the user of
the action. There's very few chance that users will run application from USB
and etc. Usually USB memory will contain data only. But I think the
additional warning is a small hassle to help user secure their computers.
"Mark Joya" wrote:
> I hope you can add the following features to further avoid virus from hiding
> in our file system.
> 1. Folder such as pictures and videos should be tagged with data only
> folder. For example, it's impossible for me to have Executable file (.exe) in
> my picture, music, videos and etc folder. So by default, it should tagged as
> data only folder and no executable file can run from that folder.
> 2. Microsoft only Application Executable folder. For example, in a server
> operating system, we have a folder C:\Windows\System32\wins. Blaster virus
> took advantage of that folderby hiding the virus file inside that folder. By
> default, those folders should be tagged as Microsoft Executables only folder
> so that no other executables from other 3rd party can run in that folder.
> 3. High risked folders security. For example, temporary internet files
> folder. By default, executable files that will run from that folder will run
> will be in low-privilege mode since it came from a high risked folder. This
> will disallow spywares to run since by default, any objects from internet get
> in to this folder.
> The closest security model I can suggest is that, it's like the zoning of
> internet explorer such as local intranet, internet zone, trusted sites and
> etc where it secures that user based on location of the URL. By this time,
> it's based on the location of the folder.
> I hope this get implemented by right away in vista, and a patch or service
> pack in Windows XP.
> -Mark Joya