You want examples of auto-run abuse… I saw many usb keychains with autorun.ini and a lot of hidden files combined with links to other hidden files to simulate the “regular” files after spreading the malware if you click them.
It explores many vulnerabilities: auto-run, hidden extensions, no protection to running not signed binaries, links that are not simple filesystem links…
Windows evolved in a time when solutions for usability problems did not consider security. Now, in the name of compatibility, these vulnerabilities had to be maintained and users were trained to believe that was the right way to do things.
This gave windows users a reputation of being negligent, but most are not. They were trained like dogs to behave like that.
It explores many vulnerabilities: auto-run, hidden extensions, no protection to running not signed binaries, links that are not simple filesystem links…
Windows evolved in a time when solutions for usability problems did not consider security. Now, in the name of compatibility, these vulnerabilities had to be maintained and users were trained to believe that was the right way to do things.
This gave windows users a reputation of being negligent, but most are not. They were trained like dogs to behave like that.