Thunbnailing *is* a sort of autorun
Automatically generating thumbnails is a restricted sort of autorun - it runs an executable, possibly containing known bugs, on input files under the control of an attacker. It's therefore an unsafe thing to do by default. Unsafe, but useful.
There may be sane half-way houses. Refuse to thumbnail any removeable device. Refuse to thumbnail any NTFS oir FAT filesystem. Refuse to thumbnail any file not owned by the user. Absolutely refuse to thumbnail if the user is root.
The trouble is that most non-root users are going to open a file with a reader to see what it is, even if the system doesn't automatically thumbnail it for them. Also they can unknowingly download an attack vector off the internet without involving a removeable device. Their web-browser is probably far more of a danger!
At the end of the day, at least on Linux your user is an unprivileged account. (Also just about possible on Windows, but very many users do everything with Administrator privilege on their own PC, whereas you have to be actively perverse to do that on Linux)
- Asteroid's SHOCK DINO MURDER SPREE just bad luck - boffins
- BEST BATTERY EVER: All lithium, all the time, plus a dash of carbon nano-stuff
- Stick a 4K in them: Super high-res TVs are DONE
- Review You didn't get the MeMO? Asus Pad 7 Android tab is ... not bad
- FTC to mobile carriers: If you could stop text scammers being jerks that'd be just great