It's time to add digital picture frames to the group of consumer products that could carry computer viruses and Trojan horse programs. In the past month, at least three consumers have reported that photo frames - small flat-panel displays for displaying digital images - received over the holidays attempted to install malicious …
Turn of autorun!
There's an easy solution to this: turn off the bloody autorun "feature"! There is really no reason to have autorun. What was so difficult about opening My Computer, selecting the CD drive, then selecting the setup.exe file? Why did Microsoft have to make a way (turned on by default, no less) to automatically run a program upon insertion of a disc/device? Any idiot can tell you that automatically running unknown (and hence untrusted) code upon insertion of a disc/device is a stupid idea and is bound to cause problems.
This is why I always kill auto run on any new Windows install. Between CDs and DVDs that want to install crap, or software that runs the installer every time I put the CD in, it's a pain I can live without. And that's just the "legitimate uses" add virus and trojan crap and it's another BAD Microsoft idea like hiding file extensions and activex that trade security for ease of use.
@ Chris C
"Why did Microsoft have to make a way (turned on by default, no less) to automatically run a program upon insertion of a disc/device?"
They didn't "have to"; they chose to for reasons that seem pretty obvious: either MS wants to simplify Windows so any idiot can use it, or MS thinks the users ~are~ idiots.
Two expressions of this attitude or design goal, whichever it is, are (a) guessing what the user intended when he makes a mistake and (b) doing favors for the user he didn't ask for. The dividing line between these categories is not sharp.
[An alternative analysis points at MS's arrogance,their patronizing attitude toward customers, and their "wasn't invented here" attitude toward lessons other people learned the hard way. Maybe it all amounts to the same thing.]
The minute you start trying to guess what the user intended, you are guaranteed to make mistakes. And those unasked-for favors will turn out to be mistakes of their own some of the time. Artificial intelligence is not yet a sufficiently advanced field to make either approach practicable.
Chris C again: " Any idiot can tell you that automatically running unknown (and hence untrusted) code upon insertion of a disc/device is a stupid idea and is bound to cause problems."
You're right, and this just demonstrates how flawed MS's p.o.v. is.
I conjecture that it's impossible to implement an idiot-proof system on a general purpose, programmable platform, but I'm not enough of a logician to be able to prove this.
A corollary to all this palaver of mine is that Windows, being designed for in-home use by idiots, is de facto not appropriate for serious applications.
PH as an example of "idiot" -- only seemingly, of course. That girl is smarter than she's given credit for.
Why the hell should you have to worry about a fresh piece of hardware containing a trojan it would seem to me the least the manufacturer could do would be to make sure there wasn't any. I hate MS as much as anyone but I don't expect hardware to come with shit on it tell me I'm wrong to expect that. As far as I am concerned if you sell me a peripheral with preloaded malware it's your malware no matter what and it's your ass i'll sue.
Why the hell should I cook my joint of beef before I eat it ? Surely the cow should be verified before I get it ,and if I do catch something horrible, I'll sue the farmer !
Why should I wear a condom ? If the girl says shes clean, I should be able to take that at face value. If I do get AIDS, I'll just sue her !
This is what's wrong with society today -
Waah waah waah, it's not MY fault, why are people so nasty to me ?
(hint- look after yourself, don't expect others to look out for you)
Oh yeah - "I hate Microsoft as much as anyone, but I STILL USE THEIR SHITTY PRODUCTS then whine about it when I get hurt"
RTFArticle. There are any number of ways this sort of thing can occur, at virtually any point in the journey from manufacturing to sales (including resale of returned items in merchantable condition).
Indulge your hatred. This is a legitimate pointing of the finger at M$. Autorun is a "convenience feature" that has all the convenience of hiding the key under a "welcome" mat.
Coming soon to a toaster near you...
"Consumers will have to be careful with any device that can be connected to a PC, including USB thumb drives, GPS devices, mobile phones, video players, set top boxes, portable hard drives, memory card readers, and eventually even microwave ovens and other appliances, he said."
"Kodak works very closely with our suppliers to see that they have the latest version of antivirus software on the manufacturing systems," Landry said. "We also ask that any PCs in the factory are not connected to the Internet."
Kodak is not among the manufacturers whose products were allegedly compromised by the Trojan horse program.
This appears to be BS ("Business-Speak" :)
The local CVS Pharmacy has a Kodak photo development kiosk. I use it because it accepts USB thumbdrives. When I first used it it was glacial slow, and the storeperson said it had become infected. Another issue was that it was out of a special paper it used in one bin, and I got to observe the boot process. Win2k with NO anti-virus!
My general comment at the time was to always scan your media (memory card, thumbdrive, whatever) when returning from a public kiosk. (I didn't consider Trojan Horses, actually. But that was before the Sony rootkit incident and most people didn't know what a rootkit was.)
I suppose microwaves, toaster ovens, coffee machines and even the lowly toaster will soon have "recipe cards" that can piggyback something that could give you a $30,000 phone bill. Imagine trying to explain that it was your toaster that made all those calls to AnalCreamPieCumFartCocktailAssault.com...
This is one of those things Vista actually does right
Disclaimer: I'm no MS fanboi. Had my applications been available on my favourite platform (FreeBSD + X), I would have replaced windows as my primary workstation (see: Laptop!) os at once.
That being said, some of the changes Microsoft has done to Windows Vista deserves praise. By default Vista ships with the action for autorun being "ask" (even if there exists an autorun application, the action is to ASK if you want it run). Only thing I dislike with it, is that there is a checkbox for "always do this action in the future" (thus, disabling a rather vital security feature by trusting all autorun information on removable devices!).
This is also a point where Adobe deserves to be spanked. Hard.
Regardless of your autorun settings, Adobe Lightroom insists on firing up and starting the import process whenever it detects a removable USB-Blockdevice (disk), or USB-MTP (Media Player, such as mp3-player) being connected. All it takes to use this infection-port is to find some image format that lightroom uses a broken implementation of, so arbitrary code can be run. If you disable the Braindead adobe photo importer software, it simply pops back after a reboot. Removing it from the registry autostart (HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run), works. Until you start up Lightroom again, that is (Lightroom re-inserts the photo-downloader, and is kind enough to start the exe itself).
So for once Adobe needs spanking, and Microsoft has done something right. Maybe tomorrow will prove black white, and we'll all get run over at the next Zebra crossing?
@ Chris C , I choose to differ
"Artificial intelligence is not yet a sufficiently advanced field to make either approach practicable." .... By RW Posted Saturday 12th January 2008 02:34 GMT
It is probably always going to be the case, RW, that the advanced field of Artificial Intelligence will remain Enigmatic and quite a lot more sophisticated and practicable because of IT...... and that is ITs Present State across a Diverse Field of Network InterNetworking Disciplines ..... 42 Challenge Moribund Perceptions.
Not just autorun?
Even with autorun turned off XP (and Vista I think from my short time operating it) installs drivers for some devices automatically - the new hardware wizard does not always run.
Re: This is one of those things Vista actually does right
To Mr Skogen,
Get yourself a software firewall which blocks execution (or do a search on "host intrusion protection systems"). Then Adobe can add all the junk they want to the "startup" list as it'll never get executed anyhow.
And as you'll have the option to allow/block which programs get executed on your system, the opportunity for malware to cause problems is reduced.
// "El Diablo" Gates: because users running on admin by default AND autorun being on by default is surely the work of.. um.. Mr.Gates