> The second workaround—disabling the WebClient service—blocks the vector attackers would most likely use to wage remote exploits. Even with this measure in place, it’s still possible for remote attackers to run programs located on the targeted user’s computer or local network. Still, the workaround will cause users to be prompted for confirmation before opening arbitrary programs from the Internet.
... why doesn't WebClient also prompt users before opening programs via things from the internet then?
It basically makes anything that calls an internet service in authenticated apps, like Windows Explorer's image preview pane, a vector for loading arbitrary programs without warning.
Am I missing something here? Some way this would be really annoying or pointless?
I know Android never bit the bullet with making any internet access require a privacy confirmation, which I'm guessing might be overwhelming to the average user. But I still think it should be an option, like an opt-in Little Snitch for network access that includes embedded webkits.
... why doesn't WebClient also prompt users before opening programs via things from the internet then?
It basically makes anything that calls an internet service in authenticated apps, like Windows Explorer's image preview pane, a vector for loading arbitrary programs without warning.
Am I missing something here? Some way this would be really annoying or pointless?
I know Android never bit the bullet with making any internet access require a privacy confirmation, which I'm guessing might be overwhelming to the average user. But I still think it should be an option, like an opt-in Little Snitch for network access that includes embedded webkits.