Siddhesh Poyarekar wrote:
On 6/17/07, Rony ronbillypop@yahoo.co.uk wrote:
Wouldn't the same risk be possible through driver CDs?
Yes, but it's a bit more difficult to get it this way. It's sort of like the difference between using a root account regularly and using sudo when required.
Even CD based driver installation will require admin privileges.
For devices that require drivers off a CD, you need to trust the device manufacturer or better, have access to the code. For others, the driver is in the OS distribution (be it Windows, Linux or anything else) and since you trust the OS to do all your work, you ought to trust the drivers they provide as well.
With auto-loading USB devices, you do not know what the USB device has loaded onto your system since that process is completely transparent.
Since the user is logged in as 'user', anyway the OS would ask for root privileges to load the auto-loading drivers. That security part if not existing today, can be added in the interpretors that are created for each OS and installed once.