Thursday, February 14, 2008

Vista and the Instant Search Box - useful but.. be careful

People who are using Vista are already familiar with the embedded Instant Search box via the Start Menu.
Basically, you can run almost every application from there. Just type the name of the exe in the Search Box and hit enter.
If UAC is enabled, you'll get an extra warning first, where you have to allow the application to run.
If you want to run the application with administrator rights, then type the name of the application in the Instant Search box, but instead of enter, use CTRL-SHIFT-ENTER

Easy huh?

The only, although important issue I see here is the fact that the embedded box is called Search, but you can actually run applications from it.

Scenario:

A user gets infected...
UAC was not enabled in the first place.
Even in case if UAC was enabled - malware may disable it again.
User follows some online instructions where it is explained what files to delete.
Starts Taskmanager to end the badfile.exe process in case if it's running.
Then via the start > types the badfile.exe in the embedded Search Box and hits enter...


Whoops! It's running again and downloads everything again that was deleted previously (this in case if it's a bundled installer)

Yes, the Search Feature has much improved in Vista, but imho, as it says: "Search", it should search only, not execute if you hit enter.

Related Posts by Categories