Guess what: It usually took me less than ten minutes to run Putty. I am not a hacker, I am a power user at best. It’s just that Windows doesn’t provide a mechanism to control execute access. I recall three instances where I ran Putty:

  • At Kinko’s I could run Putty after renaming it into “notepad.exe”.
  • At an Airport Internet Terminal, I could doubleclick the file I downloaded to the desktop. Before I could get to the file, I had to disable active desktop, which previously kept it out of sight.
  • At EasyInternet in Times Square in New York, I saved the file, saved it a second time, and when the “Save as…” dialog popped up, I could right-click the previously saved copy of Putty and select “Open”, which executed it.

Ask yourself whether you consider executing any application a security risk (even if other resources like the hard drive are secured). I think it is, as this really allows anybody to launch truly untrackable attacks.

1 Comment
  1. It’s not that they’re not trying – Easy has 700 terminals in Times Square! Unbelievalble that they don’t put more effort into securing so many machines!