Guess what: It usually took me less than ten minutes to run Putty. I am not a hacker, I am a power user at best. It’s just that Windows doesn’t provide a mechanism to control execute access. I recall three instances where I ran Putty:
- At Kinko’s I could run Putty after renaming it into “notepad.exe”.
- At an Airport Internet Terminal, I could doubleclick the file I downloaded to the desktop. Before I could get to the file, I had to disable active desktop, which previously kept it out of sight.
- At EasyInternet in Times Square in New York, I saved the file, saved it a second time, and when the “Save as…” dialog popped up, I could right-click the previously saved copy of Putty and select “Open”, which executed it.
Ask yourself whether you consider executing any application a security risk (even if other resources like the hard drive are secured). I think it is, as this really allows anybody to launch truly untrackable attacks.