Thunbnailing *is* a sort of autorun
Automatically generating thumbnails is a restricted sort of autorun - it runs an executable, possibly containing known bugs, on input files under the control of an attacker. It's therefore an unsafe thing to do by default. Unsafe, but useful.
There may be sane half-way houses. Refuse to thumbnail any removeable device. Refuse to thumbnail any NTFS oir FAT filesystem. Refuse to thumbnail any file not owned by the user. Absolutely refuse to thumbnail if the user is root.
The trouble is that most non-root users are going to open a file with a reader to see what it is, even if the system doesn't automatically thumbnail it for them. Also they can unknowingly download an attack vector off the internet without involving a removeable device. Their web-browser is probably far more of a danger!
At the end of the day, at least on Linux your user is an unprivileged account. (Also just about possible on Windows, but very many users do everything with Administrator privilege on their own PC, whereas you have to be actively perverse to do that on Linux)
- iPad? More like iFAD: We reveal why Apple ran off to IBM
- +Analysis Microsoft: We're making ONE TRUE WINDOWS to rule us all
- Climate: 'An excuse for tax hikes', scientists 'don't know what they're talking about'
- Analysis Nadella: Apps must run on ALL WINDOWS – PCs, slabs and mobes
- Apple: We'll unleash OS X Yosemite beta on the MASSES July 24