Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Olympus Digital Camera Ships With a Worm

kdawson posted more than 4 years ago | from the do-not-get-too-close-to-the-viewfinder dept.

Security 249

An anonymous reader writes "Olympus Japan has issued a warning to customers who have bought its Stylus Tough 6010 digital compact camera that it comes with an unexpected extra — a virus on its internal memory card. The Autorun worm cannot infect the camera itself, but if it is plugged into a Windows computer's USB port, it can copy itself onto the PC, then subsequently infect any attached USB device. Olympus says it 'humbly apologizes' for the incident, which is believed to have affected some 1,700 units. The company said it will make every effort to improve its quality control procedures in future. Security company Sophos says that more companies need to wake up to the need for better quality control to ensure that they don't ship virus-infected gadgets. At the same time, consumers should learn to always ensure Autorun is disabled, and scan any device for malware before they use it on their computer."

cancel ×

249 comments

Sorry! There are no comments related to the filter you selected.

Dodged a bullet. (3, Funny)

0100010001010011 (652467) | more than 4 years ago | (#32505024)

Whew, glad my Canon doesn't mount itself as a external disk. Think of all the grief I've saved myself by having to launch something to get photos off of it.
[/sarcasm]

So, where did these cameras originate? China, Japan, Taiwan?

Re:Dodged a bullet. (2, Insightful)

sethstorm (512897) | more than 4 years ago | (#32505052)

The despotic People's Republic of China - where the worst of company town practices are in an entire country(if not region).

In Soviet Russia, worm camera ships! (-1, Redundant)

Anonymous Coward | more than 4 years ago | (#32505430)

/funny!)

Re:Dodged a bullet. (2, Insightful)

Anonymous Coward | more than 4 years ago | (#32505650)

The Autorun worm cannot infect the camera itself, but if it is plugged into a Windows computer's USB port, it can copy itself onto the PC, then subsequently infect any attached USB device.

Remember folks, that's Microsoft Windows (R)(TM). Too bad it has no effective enabled-by-default security system to prevent this sort of thing. Like I dunno, limited user accounts and non-executable mounts?

Re:Dodged a bullet. (5, Insightful)

Anonymous Coward | more than 4 years ago | (#32505182)

Didn't see it mentioned in the few dozen comments at the moment, but "more companies need to wake up to the need for better quality control to ensure that they don't ship virus-infected gadgets. At the same time, consumers should learn to always ensure Autorun is disabled" blames the manufacturer of the drive, blames the consumer, but skirts around blaming the OS in question.

I know it's somewhat passe to pick on an OS because it remains the one commonality in malware infections, but seriously, a design as defective as Autorun's implementation should be beaten with large sticks every chance we can get until it's a bloody pulp, or no more than a stain. Srsly.

Re:Dodged a bullet. (5, Insightful)

denmarkw00t (892627) | more than 4 years ago | (#32505290)

Someone mod this man up! I totally agree that blaming the OS is a bit passe, but Autorun is also the worst "feature" I've ever encountered - "Oh, you plugged something in that has a filesystem I understand? And an executable it wants me to run? Ok."

Dumb.

Re:Dodged a bullet. (0)

antdude (79039) | more than 4 years ago | (#32505548)

No, it's the user. Autorun was meant to be usability easiness and laziness.

Re:Dodged a bullet. (-1, Troll)

Anonymous Coward | more than 4 years ago | (#32505622)

No, its' MS. Autorun was meant for MS to allow stealthy "updates" without user permission. That's why they made it so incredibly hard to disable.

Re:Dodged a bullet. (4, Insightful)

Mr. Freeman (933986) | more than 4 years ago | (#32505904)

I turned autorun off on every computer I've ever had without much issue. That's windows 98, 2000, XP, vista, server '08, and win 7. All of them made it easy enough to turn it off. I'm not sure what the hell you're talking about.

Re:Dodged a bullet. (1, Insightful)

causality (777677) | more than 4 years ago | (#32505674)

No, it's the user. Autorun was meant to be usability easiness and laziness.

The decision to accommodate laziness by default and to then advertise it as "easy to use!" for non-technical people was not the users' decision.

Re:Dodged a bullet. (4, Insightful)

grcumb (781340) | more than 4 years ago | (#32505626)

Someone mod this man up! I totally agree that blaming the OS is a bit passe, but Autorun is also the worst "feature" I've ever encountered - "Oh, you plugged something in that has a filesystem I understand? And an executable it wants me to run? Ok."

Who's blaming the OS? We're blaming the company that made the OS. The same company, by the way, that brought us ActiveX in Internet Explorer, executable attachments in Outlook, Word Document viruses, IIS prior to 7, and 'run as Administrator by default'.

Dumb.

Dumb, indeed.

(I'm not even going to get into the myriad other objectionable actions and statements that they've indulged in since the beginning of the '90s. They're not germane to this discussion.)

Re:Dodged a bullet. (1)

causality (777677) | more than 4 years ago | (#32505810)

Who's blaming the OS?

I'd imagine it's the same people who blame crime on things like guns and drugs and video games, as though they were something other than inanimate objects and ideas.

You could "blame" the OS in the sense of recognizing that its design or implementation are definitely involved in the cause-and-effect sequence of this infection. Still, I think the blame you're talking about belongs to the moral/ethical realm of accountability. As long as you have large masses of people who will pay money for such systems, many companies would love a large marketshare. You can blame Microsoft only for being the one to become dominant.

Right now they're so dominant that the lack of any real mention about Windows and its vulnerabilities to these infections was omitted. I don't think that's because Microsoft applied bribery or some other pressure. I think that's because most people who use a PC have real experience only with Windows and have come to believe that rampant malware infections are a normal downside to owning a computer.

I saw for myself that most users felt this way about BSODs prior to Windows XP, when Windows 98 and then Windows ME were dominant. It wasn't something they questioned and it didn't inspire any curiosity about whether other systems are like that or even exist. They just dutifully pressed the reset or power button and rebooted. At the time I had been running Linux for a couple of years and it was (and is) quite stable, so I did see it as a strange contrast and as something I'd rather not put up with.

Microsoft has greatly improved the core OS stability of Windows over the years. A modern Windows system that crashes or needs to be rebooted as often as Windows 98 or Windows ME once did would now be regarded as unusual and in need of attention. Still the rampant malware is accepted as normal. That's the next thing that needs to change, whether or not Microsoft and their software is involved in the solution.

Re:Dodged a bullet. (2, Insightful)

schon (31600) | more than 4 years ago | (#32505450)

blames the manufacturer of the drive, blames the consumer, but skirts around blaming the OS in question.

Well duh - consider the source.. it's an antivirus company. They wouldn't be in business if not for Windows.

An antivirus company saying that Windows in insecure would be like BP saying that we should all switch to solar power and stop using oil.

Re:Dodged a bullet. (0)

Anonymous Coward | more than 4 years ago | (#32505510)

Hardware is assumed to be trusted. This has always been the case and Linux is no different in this regard.

Re:Dodged a bullet. (0)

Anonymous Coward | more than 4 years ago | (#32505538)

I'd discuss the issue, but nobody will read it, and registered guys get 2, Insightful for writing "Yo!".

So, for me, /. is passé.

Just the way good ol' M$ planned. Congrats!

Re:Dodged a bullet. (1)

Ethanol-fueled (1125189) | more than 4 years ago | (#32505702)

Heh, well, you could always try trolling... [slashdot.org]

This is such a disaster. Someone please provide links: I know that even now after the Exxon Valdez spill in Alaska there is ongoing environmental damage and hardship for the people who live in the area. From that example, speculate on what will happen in the Gulf.

Problem with old-skool trolls is that it's often difficult to figure out if they're actually trolling or whether Slashdot's readership actually needs the verbal equivalent of a laugh track to decide how to feel and what to say.

Sometimes I think that all of Slashdot's 2-million "users" are really just one guy behind the curtain. I know it's tough, but couldn't you at least try, guy? Maybe even hire a second person when the economy picks up.

Re:Dodged a bullet. (0, Troll)

Anonymous Coward | more than 4 years ago | (#32505184)

Oly cameras are mediocre at best anyway. Get a Panasonic or Canon P&S.

Re:Dodged a bullet. (2, Funny)

djupedal (584558) | more than 4 years ago | (#32505854)

Dodged a bullet....? when using windows is like sticking the gun in your mouth? Are you kidding me?

Here's a news item...stop using windows!!

Keep It (-1, Troll)

Anonymous Coward | more than 4 years ago | (#32505026)

I had my Windows Vista machine infected this way. I took it to Best Buy to be cleaned, but it came back even SLOWER. So I took it back to Best Buy and told them to put the worm back on. I found it actually ran better.

Re:Keep It (4, Funny)

couchslug (175151) | more than 4 years ago | (#32505076)

"So I took it back to Best Buy "

I'd post AC too if were I admitting that. Eeew.

Re:Keep It (1)

tywjohn (1676686) | more than 4 years ago | (#32505476)

I'd re-gift it

Re:Keep It (1)

robthebloke (1308483) | more than 4 years ago | (#32505692)

the worm or the pc?

With offshoring as it is... (3, Funny)

sethstorm (512897) | more than 4 years ago | (#32505030)

Third World factories seem to keep on making these mistakes.

You think they'd try making these in Japan, with full Japanese citizens making them for once?

Re:With offshoring as it is... (3, Interesting)

hedwards (940851) | more than 4 years ago | (#32505096)

The problem there is that I don't think Japanese workers are any cheaper than American ones are. And in order to actually get any cost savings you have to overlook precautions and externalities. If you don't do that the price of production tends to be about the same no matter where you choose to fabricate the items.

Re:With offshoring as it is... (3, Insightful)

newcastlejon (1483695) | more than 4 years ago | (#32505202)

How do we know the image for the card wasn't put together in Japan? The camera says Made in China, the software perhaps not.

A system has to load the image over usb! (3, Insightful)

Joe The Dragon (967727) | more than 4 years ago | (#32505304)

A system has to load the image over usb! so maybe that system has a worm on it.

No it is cheapness (1)

Ilgaz (86384) | more than 4 years ago | (#32505462)

It has nothing to do with where it is made. It is just, Olympus who isn't a no name company doesn't buy 3 of best antiviruses and setup a system where every single byte which goes out of company (digitally or physically) is checked. "All files regardless of content and header" in Kaspersky fashion.

As a Video guy, once I had to ship a CD with Video players (back in days when you need to install a mpeg player) and I clearly remember buying 3 antiviruses from leading companies of that time (didn't change a lot) and scanning the file in master ISO before giving it out. A single video guy does that at home. It doesn't cost much anyway.

I heard IBM made a similar mistake recently, it is plain sad, once the undisputed king of AV/Security suites, the big blue...

Intentional or accidental? (5, Interesting)

Nemilar (173603) | more than 4 years ago | (#32505074)

I hate to ask the obvious question, but the article doesn't address it -- could this be intentional, or is it accidental?

I would imagine that some shady overboss would be willing to pay a relatively sizable amount of money (especially considering that the amount of money you'd have to pay someone in a Chinese factory to do this would not be very high) for the opportunity to infect potentially tens of thousands of computers.

Re:Intentional or accidental? (2, Interesting)

shadowbearer (554144) | more than 4 years ago | (#32505250)

  Without more information as to what exactly the worm does, I can only speculate, but I'd bet that it's a trojan downloader or something else that brings in more malware, and that it was planted on some of those cards by a blackhatass who happens to work in their factory. The fact that it's only on a small portion of the cameras seems to indicate one individual somewhere on the production line.

  In any case it's not likely much of a threat if the users who get those cameras have decent AV software installed. Autorun trojans are fairly easy to detect IIRC.

SB

 

Re:Intentional or accidental? (0)

Anonymous Coward | more than 4 years ago | (#32505676)

I think this is accidental. From the description of the worm in the summary it spreads itself on to any usb device it sees and then to the host os. I would bet someone brought in a infected device (maybe a prototype was taken home, infected there by the desktop, brought back to work to be re-imaged for the next firmware test and infected the imaging computer.)

Re:Intentional or accidental? (2, Insightful)

AHuxley (892839) | more than 4 years ago | (#32505282)

Between intentional and accidental is "a Google".
If you are exposed just quote "“As we said before, this was a mistake,” Google spokeswoman Christine Chen"
http://www.wired.com/threatlevel/2010/06/google-wifi-debacle/#ixzz0qJdk9Bjv [wired.com]
Wait, stonewall, wait a bit more and the press moves on :)

So.. (4, Insightful)

Renraku (518261) | more than 4 years ago | (#32505156)

What kind of compensation are the makers going to offer everyone who's system they hosed?

Re:So.. (-1, Troll)

Anonymous Coward | more than 4 years ago | (#32505728)

Get down on your knees and SUCK MY COCK.

Re:So.. (0)

Anonymous Coward | more than 4 years ago | (#32505804)

None. It's buyer beware, so vote with your wallet, and never purchase anything Olympus again.

Personally, Olympus just got added to the growing list of companies I'll never do business with again. I find this is the only true way to get proper change in tech industry. Set your standard high enough, and the companies who haven't royally screwed their consumers become quite clear.

Re:So.. (0)

Anonymous Coward | more than 4 years ago | (#32505870)

I gotta ask, who is left?

autorun? in 2010? (0)

Anonymous Coward | more than 4 years ago | (#32505158)

It's kinda like this:

*Smack* -> *Ow!*
*Smack* -> *Ow!*
*Smack* -> *Ow!*
*Smack* -> *Ow!*
*Smack* -> *Ow!*

Would you eventually start to duck, even if you didn't understand all the reasons the fist was swinging around at nose level? But most people seem not to care about the whole hitting in the face part of things like this.

Easiest way to avoid infection... (-1, Flamebait)

Anonymous Coward | more than 4 years ago | (#32505160)

Don't run a POS OS like Windows.

(Had to be said.)

Re:Easiest way to avoid infection... (1)

mogness (1697042) | more than 4 years ago | (#32505716)

Oh wow, I didn't see that one coming. Whoop whoop, you're so original.

Re:Easiest way to avoid infection... (1)

layingMantis (411804) | more than 4 years ago | (#32506000)

Fail.

Seriously? (5, Insightful)

Anonymous Coward | more than 4 years ago | (#32505176)

At the same time, consumers should learn to always ensure Autorun is disabled, and scan any device for malware before they use it on their computer."

Seriously?

It's getting to the point where running a computer is turning into a full time job. I need to scan every single product I buy before using it? Isn't that why I bother to pay a premium to get name-brand products from legitimate outlets?

I'm annoyed that the ultimate time-saving device is becoming more and more of a chore. I'm expected to spend hours researching the ways in which to harden my browser against cookie tracking, to rate virus scanners using contradictory and confusing standards, to assess information that requires a degree in computer science everytime I want to get a PC game to work, to pull out my law degree everytime I use an online product or dive through an EULA, and now this?

I mean come on, where's it going to end? Should I do independant surge tests on the next microwave I buy before plugging it in? What about my printer, does it need a scan too? Should I take my newly purchased tires to an independant assessor? How about that new CD I bought?
 

Re:Seriously? (3, Insightful)

Saeed al-Sahaf (665390) | more than 4 years ago | (#32505238)

Should I do independant surge tests on the next microwave I buy before plugging it in?

Does your microwave connect to your network?

Re:Seriously? (5, Insightful)

Anonymous Coward | more than 4 years ago | (#32505416)

No, but it does connect to my electrics. Should I have to worry that every new gadget in my place is going to cause a fire? No, because we as a society decided that was not the way we wanted to live our lives and we adjusted the legal landscape accordingly.

Re:Seriously? (1)

fuzzyfuzzyfungus (1223518) | more than 4 years ago | (#32505432)

It tries; but the other devices(those that survive) complain that the 802.11 compliance of a $50 1.2 kilowatt cavity magnetron leaves something to be desired...

Re:Seriously? (1)

Ethanol-fueled (1125189) | more than 4 years ago | (#32505788)

Which is funny because not a lot of people realize that one of the bands used by 802.11, 2.4 GHz, is the same frequency your magnetron uses to quickly excite watery bags of meat.

Re:Seriously? (1)

StuartHankins (1020819) | more than 4 years ago | (#32505648)

Please don't give them any ideas. Wasn't it GE that had a computer in a fridge? I can just imagine the havoc the microwave could cause if it turned on for an extended time with nothing in it. Couldn't be good.

Re:Seriously? (1, Informative)

Anonymous Coward | more than 4 years ago | (#32505392)

These guys are idiots that have no idea what they are talking about. Disabling autorun was the common tech practice back in 2003. One of the most significant features announced by Windows Vista was its intention to interrupt this auto-execution behavior with a pop-up autoplay window. In other words, solved since 2007. It came 10 years too late, but arrived nonetheless.

Re:Seriously? (1)

El_Oscuro (1022477) | more than 4 years ago | (#32505578)

Your printer probably does. A lot of network enabled printers and copiers ship with open telnet ports with widely known root passwords. This has been around for a while, but pwning Windows boxes is so much easier.

eve (-1, Offtopic)

Anonymous Coward | more than 4 years ago | (#32505180)

Our company sales sports jerseys, NFL Jerseys, NHL Jerseys, NBA Jerseys and micro bikini [dkfly.com] . Besides you could also find other apparel like t-shirts,
ED Hardy bikini [dkfly.com] hats and jackets. With best quality, faster delivery, and favorable price, we have won many stable and reliable clients from worldwide. We are pleasure to cooperate with friends from all over the world for long-term business
bikini [dkfly.com] . If you are interested in our products, when you feel free, please do not hesitate to contact us.

Go spam somewhere else, chinks. (-1)

Anonymous Coward | more than 4 years ago | (#32505214)

N/T

Fuck you, racist asshole. (-1)

Anonymous Coward | more than 4 years ago | (#32505420)

Yes, YOU.

gee thats a nice website you have... (2, Informative)

RobertLTux (260313) | more than 4 years ago | (#32505434)

it would be a shame if 30,000 pissed off geeks were to hit it (or do any number of "interesting" things to it)

[Picture of nice store front] This is your webstore

[Picture of smoking hole] This is your webstore on Slashdot

Re:gee thats a nice website you have... (1)

robthebloke (1308483) | more than 4 years ago | (#32505808)

hmmmmm.... slashdotting spam off the face of the earth? Why did no one think of this before? Tomorrow is a new dawn for nerds everywhere:
"No, I'm not time wasting, I'm slashdotting for the benefit of mankind!"

I have a standard policy (2, Interesting)

bragr (1612015) | more than 4 years ago | (#32505198)

Every piece of new writable media gets formated immediately. I also have autorun killed on all my windows boxes.

Re:I have a standard policy (4, Informative)

Anonymous Coward | more than 4 years ago | (#32505246)

Unnecessary unless you use an ancient decade-plus-old Windows version. Vista and 7 stop this attack automatically by displaying the Autoplay dialog when a new device is inserted.

In fact, Windows 7 removes the ability entirely to manually execute Autorun from a flash drive.

Re:I have a standard policy (1)

shadowbearer (554144) | more than 4 years ago | (#32505328)

  That's an excellent policy (except for blank CDs and DVDs, of course *g* - wouldn't THAT be a helluva nice vector for infecting machines, if it can be done...)

  I would like to point out that it should apply SPECIFICALLY to external hard drives one buys, especially used ones. I've had three customers in the last four months who bought used(2) and new(1) external hard drives off of Ebay and got infected with malware hidden either in the autorun or in the included software that comes with the drive. All three infections were malware downloaders, two got caught by their AV, one didn't and rendered her laptop unusable in about two hours.

  I advise all of my customers to immediately format any new media as well. It's the only way to be sure...

  Speaking of that, does anyone know of a way to create an icon on the desktop that can turn on/off the autorun feature, just to make it easier on users?

SB

Re:I have a standard policy (0)

Anonymous Coward | more than 4 years ago | (#32505530)

disable it completely. Long term it's the easiest thing for users....

Re:I have a standard policy (1)

shadowbearer (554144) | more than 4 years ago | (#32506022)

  Not necessarily for tech support, however ;-(

  "I put the new software disk in my drive and nothing happened. Now what do I do?" - phone calls at four AM...

  Microsoft thought they had the answer with UAC - click, click...

SB

Re:I have a standard policy (0)

Captian Spazzz (1506193) | more than 4 years ago | (#32505544)

I advise all of my customers to immediately set the drive on the ground and nuke it from orbit. It's the only way to be sure...

Sorry it was easy, I had to say it. ;-)

Re:I have a standard policy (1)

shadowbearer (554144) | more than 4 years ago | (#32506050)

  You must not have many repeat customers ;-)

SB

Re:I have a standard policy (1, Interesting)

Anonymous Coward | more than 4 years ago | (#32505398)

You should go further.

After your new writable media gets formatted you should create a directory called "autorun.inf", put a dummy file in it, and make both read-only. Most worms aren't (yet) smart enough to check whether an autorun.inf file already exists, let alone if a directory with a the same filename exists with a file in it that also has to be deleted, or that they are read-only. Most of them just blindly write their own autorun.inf file to the device. Thus, when they try to infect the device the worms usually fail.

Of course, it's probably only a matter of time before they get sophisticated enough to check first and deal gracefully with the problem, but for now it works splendidly to immunize removable devices you might plug into machines that are already compromised and that you have no control over (e.g., friend's machines). On all the worm-infected machines I've experimented with, nothing happens, although sometimes the worm tries to drop its payload into the Recycler directory as a hidden file, which will do nothing if it isn't activated by the autorun.inf file (or you're foolish enough to double-click it). You can then just delete it. Alternatively, you can also create a Recycler file rather than a directory, and make it read-only, which defeats that attempt too.

Re:I have a standard policy (0)

Anonymous Coward | more than 4 years ago | (#32505448)

You're just wasting time. Microsoft prevented loading of autorun.inf on all non-optical media in 7. It's not even an available option under autoplay.

Autorun?! (5, Insightful)

dido (9125) | more than 4 years ago | (#32505204)

I wonder what bright soul at Microsoft thought it a good idea to extend autorun to all types of removable media. It was tolerable if annoying for CDs and DVDs, but it became downright dangerous once USB sticks and similar rewritable media were included. I wonder why they haven't decided to push an update that disables or limits the damage that this misbegotten feature can do.

Re:Autorun?! (4, Interesting)

bragr (1612015) | more than 4 years ago | (#32505268)

At the single biggest security problem at the place were I work. We tried disabling it, but we had too many problems of people putting in flash drives or cd and the stupid flash based window not popping up like it did "on their home computer" and that "their computer was broken." Sometimes, its just easier to clean up afterwards, then to preempt it and deal with people complaining.

Re:Autorun?! (4, Insightful)

rudy_wayne (414635) | more than 4 years ago | (#32505368)

At the single biggest security problem at the place were I work. We tried disabling it, but we had too many problems of people putting in flash drives or cd and the stupid flash based window not popping up like it did "on their home computer" and that "their computer was broken."

So your employees are too stupid/lazy to learn how to use a computer. Either train them or fire them.

Re:Autorun?! (2, Insightful)

TheGratefulNet (143330) | more than 4 years ago | (#32505576)

he's probably also talking about the *executives*. they tend to be the dumbest in terms of actual computer use.

fire them? yeah, go ahead and try.

Re:Autorun?! (4, Insightful)

robthebloke (1308483) | more than 4 years ago | (#32505628)

The OP didn't say anything about employees - he said workplace. Every worked in a university? It's far easier to ghost the machines at the end of every day or session than deal with hundreds of queries a day from the vast majority of the 20,000 students who struggle to understand the basic concepts of computer security.

Blame the victim (1)

SuperKendall (25149) | more than 4 years ago | (#32505774)

So your employees are too stupid/lazy to learn how to use a computer. Either train them or fire them.

So your brilliant solution is to fire people you spent training how to do an actual job, and replace them with people who need more training and still will not know how to use a flash drive "correctly".

All because Windows can't keep its virtual pants on at the sight of a new device.

Re:Autorun?! (1)

PinkyGigglebrain (730753) | more than 4 years ago | (#32505558)

Sounds like you turned off the "automatically mount new media" instead of "autorun".

I seem to remember that you could turn off the autorun but keep the automount. It has been awhile since I had to admin a Windows box though so I could be wrong.

Re:Autorun?! (1)

MobyDisk (75490) | more than 4 years ago | (#32505696)

You can disable autorun without disabling autoplay, which is what asks the user what to do. And you can adjust the contents of the autoplay window so that the option to run programs on the disk isn't there.

Yep... (0, Troll)

msauve (701917) | more than 4 years ago | (#32505358)

From the summary:

consumers should learn to always ensure Autorun is disabled

That _should_ read: "Microsoft should stop shipping its operating systems with security holes wide open."

Re:Autorun?! (0)

Anonymous Coward | more than 4 years ago | (#32505468)

I wonder why they haven't decided to push an update that disables or limits the damage that this misbegotten feature can do.

You mean, like the one they did release, nearly two years ago? Autorun now only works for CD/DVD/Bluray drives. Learn something before spreading misinformation.

Re:Autorun?! (1)

Ungrounded Lightning (62228) | more than 4 years ago | (#32505888)

I wonder what bright soul at Microsoft thought it a good idea to extend autorun to all types of removable media.

Actually that originated with Apple, back with the Macintosh (or maybe even earlier).

Idea was to automatically load drivers for new devices from the device, system upgrades from the medium containing the software, etc. for that "plug it in and it just works" experience.

Of course it wasn't long after the Mac got into users' hands and development tools were available that some bright kid decided to put some prank software on a disk...

Re:Autorun?! (1)

dbIII (701233) | more than 4 years ago | (#32506012)

Possibly a similar person to the one that decided that the microsoft help agent wasn't advertising itself enough and demanded it frequently manifest itself as "clippy" to make inane comments instead of it's original incarnation of appearing on the rare occasions where it would be helpful. It's the same stupidity of putting a feature directly in your face possibly just to win some pissing contest with internal Microsoft office politics. "We can run stuff off CDROMs, but let's make sure it happens ALL the time so the user knows our division did something".

Criminal penalties are necessary (4, Insightful)

grahamsaa (1287732) | more than 4 years ago | (#32505254)

Civil and criminal penalties should be imposed on manufacturers that ship hardware that's pre-loaded with malware. As of right now, there are no consequences, which means that this will continue to happen. The only remedy that will stop, or at least curb this behavior is serious civil or criminal charges.

Companies may blame this on outsourcing, but they have chosen to outsource. They may blame it on poor quality control, but quality control is their responsibility! There is no excuse for this, and the executives that make decisions that lead to this type of security hole must be held accountable. I wish I could say that I was surprised by this news, but I'm not. It's commonplace. And until hardware and software companies are held accountable, this will continue to happen.

Autorun became the absolute comedy (2, Interesting)

Ilgaz (86384) | more than 4 years ago | (#32505534)

Recently I helped a friend who had 1TB disk formatted in FAT32 to convert it to HFS+ Journaled. As I image the disk, I notice some really strange things, like .exe files in Pictures folder, the _hard disk_ itself having autorun.exe. It is not some Taiwanese invention either, it is the Western Digital.I believe it is one of the most expensive ones.

It turns out, WD _idiots_ had this great idea of installing their USB drivers named something TURBO (no kidding!) who are supposed to speed up the drive transfer. I bet it does some cache hacks etc. It also does some very unwelcome things like adding itself to startup, not removing itself automatically (of course!), does trivial and dangerous hack of adding some "WD" logo to OS X icon of the drive. OS X, of course doesn't have autorun functionality, I believe on Windows, that drive is the ultimate driver hell machine which will _also_ install couple of viruses!

That is one of the most prestigious Hard Disk manufacturers. Just imagine what those no name freaks do.

The rest of files? Some really bad worms who _all_ uses autorun functionality. If I was responsible for security of Windows, I would really say "please, get a life" to those autorun loving companies and disable it the next day. Just output of ClamAV scan for that disk should make anyone who did anything about security alerted.

  MS spent billions for security and fixing their image and yet, they just can't give up the absolutely stupid idea of automatically running an executable.

Re:Criminal penalties are necessary (1)

yuhong (1378501) | more than 4 years ago | (#32505762)

I would not go that far, especially because avoiding it is as easy as a reformat.

Sounds familiar! (1)

voodoo cheesecake (1071228) | more than 4 years ago | (#32505256)

Maybe they were trying to keep up with Sony's rootkit.

Olympus' warning... (3, Funny)

by (1706743) (1706744) | more than 4 years ago | (#32505274)

...is pretty funny when translated from the original Japanese [olympus.co.jp] (translated from Chrome):

For the customers you have the appropriate product is in trouble indeed grateful, bon appétit do so as follows: anti-virus support, thank you.

Translation issues aside, they do 'fess up honestly:

Cause

The lack of production management, computer virus has been contaminated with the camera.

Linux (1)

lavagolemking (1352431) | more than 4 years ago | (#32505288)

I'm sure glad I don't run Windows anymore.

Linux had that functionality (1)

Ilgaz (86384) | more than 4 years ago | (#32505598)

Well, Redhat Linux, back when the time they were shipping a Desktop Linux (5 I guess) had that neat idea of autorunning software from CD. Quake 3 from Loki did it.

Of course, as Redhat (and other vendors) have normal logic, they saw what is coming and it became a thing of past very quickly.

The problem with MS is, they even "extend" the functionality let alone getting rid of it. There is a huge risk of endless BSOD/system freeze in case of corrupt media since they made sure Windows Vista+ will check the contents of drive, reading whatever it can to show that nag window about what to do. Of course, if there is a flaw in their TIFF/JPEG etc. handling... Something way worse may happen like the Autorun/JPEG virus.

Re:Linux (1)

pastyM (1580389) | more than 4 years ago | (#32505640)

I was just telling my girlfriend this in another attempt to try and convert her, at no avail. At least I have been able to convince her that autorun is a bad thing and AV software is good.

Re:Linux (1)

mogness (1697042) | more than 4 years ago | (#32505750)

Jesus, don't you guys ever get tired of bashing windows? It's like you're a scorned lover or something.

Re:Linux (3, Funny)

Ungrounded Lightning (62228) | more than 4 years ago | (#32505966)

Jesus, don't you guys ever get tired of bashing windows?

Not as long as the ongoing barrage of malware built on Windows bugs continues and the PHBs of the world keep shoving Windows "solutions" down our throats at work while the bulk of computer-using humanity continues to use it at home.

Once it's no longer a blight on humanity we'll stop telling everybody what a blight on humanity it is. (Maybe we'll occasionally reminisce about what a blight on humanity it WAS, once that utopia arrives. B-) )

But Sony said to run it (3, Interesting)

linebackn (131821) | more than 4 years ago | (#32505298)

"At the same time, consumers should learn to always ensure Autorun is disabled, and scan any device for malware before they use it on their computer"

But what if that malware, as it seemingly often is these days, is an actual intentional part of a product?

As usual the real problem is unnecessary crap (4, Insightful)

rudy_wayne (414635) | more than 4 years ago | (#32505326)

but if it is plugged into a Windows computer's USB port, it can copy itself onto the PC, then subsequently infect any attached USB device.

Why isn't the memory card formatted and completely blank?

consumers should learn to always ensure Autorun is disabled,

No, companies should stop selling memory cards with unnecessary crap installed.

Re:As usual the real problem is unnecessary crap (2, Interesting)

digitalhermit (113459) | more than 4 years ago | (#32505986)

Why isn't the memory card formatted and completely blank?

Because it's getting more convenient for the user if the manufacturer ships the software on the device. Many laptops do not have CDROM drives. It can also save on packing costs not just for one unit, but for thousands of units. It allows more recent software to be shipped since and update doesn't require another CD manufacturing run..

  No, companies should stop selling memory cards with unnecessary crap installed.

No argument there.

A Worm? (1)

MikeMacK (788889) | more than 4 years ago | (#32505336)

So it's like a bottle of tequila?

Re:A Worm? (1)

ZeBam.com (1790466) | more than 4 years ago | (#32505526)

No, it's like a bottle of mezcal [wikipedia.org] .

Olympus response (2, Funny)

Tuqui (96668) | more than 4 years ago | (#32505354)

Olympus should send an Ubuntu CD to their customers.

Why can't MS make the radical decision? (3, Informative)

Ilgaz (86384) | more than 4 years ago | (#32505404)

On a fully secured (DEP, non Admin account, all updates) Windows machine, I can see "quarantined" items which all appear to be "autorun.xxx.worm" , pick anything you like. It is already out of hand.

If something happened like this on Apple OS X land, Apple would roll out an operating system update and disable Autorun. Perhaps, they could show a help document about installing applications with double clicking.

Shrink wrapped/boxed software is _dead_. Even if it is not dead, it is trivial to add the "install software" control panel back. Just a line needed to be on box or "driver cd". That is all. It won't be the first time some convenience is given up for security. How many times people install the same software anyway?

Re:Why can't MS make the radical decision? (1)

StuartHankins (1020819) | more than 4 years ago | (#32505738)

Yes for all that people moan about Apple being a walled garden yada yada I can see Steve Jobs demanding a quick fix regardless of the consequences if there was this kind of foolishness in OS X.

At this point in my life when I see the same old things broken and no real fixes from Microsoft (short of taking things into your own hands and disabling it yourself -- something Grandma will never do) I wonder if the internet has been responsible for too many casual "push it out, fix it later" attitudes. The average Joe kind of expects their system to have viruses and extra crap running and doesn't care enough / doesn't have time to chase down a way to fix all these problems.

I think until there are more srious consequences for software and hardware manufacturers to deliver a product that doesn't get you owned the first time you connect to the Internet, or get infected just because you connected a hardware device, or actively attempt to infect you (as in this case) this will continue to be par for the course. I'm disappointed, disillusioned and a bit jaded and I have no more patience left for this type of foolishness. There's no excuse.

Re:Why can't MS make the radical decision? (1)

mogness (1697042) | more than 4 years ago | (#32505812)

Apple would roll out an operating system update and disable Autorun.

Oh really? Like how they responded to this [dhanjani.com] security issue? After two years I'm pretty sure it's still possible for a website to download and launch arbitrary local applications that handle registered URIs without the user's permission in Safari on OSX.

Re:Why can't MS make the radical decision? (0)

Anonymous Coward | more than 4 years ago | (#32505902)

They might, months after it was discovered and while threatening to sue the researcher (actually, they'll pay you too) to keep mum before the patch is out. They'd call it a new "feature" though while burying the security announcement 15 links below the announcement of the new "feature". And even then they'd call it a security hole in Safari (a lot of security holes in MacOS have to do with the image/video core of the OS, but Apple always calls them Safari vulnerabilities) and not the core OS itself.

Posting anonymously as I whistle my way to the bank (New Safari update!)...

Re:Why can't MS make the radical decision? (1)

NotQuiteReal (608241) | more than 4 years ago | (#32506006)

It won't be the first time some convenience is given up for security.

Sounds better the way Benjamin Franklin said it; "He who gives up freedom for safety deserves neither."

So, I guess we are saying Freedom is not Convenient?

It happened on Apple first. (2, Interesting)

Ungrounded Lightning (62228) | more than 4 years ago | (#32506010)

If something happened like this on Apple OS X land, Apple would roll out an operating system update and disable Autorun. Perhaps, they could show a help document about installing applications with double clicking.

There were Apple viruses as of the original Macintosh, which had a similar feature for automatically loading drivers, software updates, and such.

They've been there, had that done to them, and moved on.

For some reason it took Microsoft decades to get the same message.

Windows 7! (1)

microbee (682094) | more than 4 years ago | (#32505410)

I heard it no longer enables autorun on USB drives by default!

Re:Windows 7! (2, Funny)

ZeBam.com (1790466) | more than 4 years ago | (#32505518)

Well, one way to find out...

Re:Windows 7! (0)

Anonymous Coward | more than 4 years ago | (#32505688)

It doesn't need to be found out. Read the fucking news. [technet.com] This is as goddamn annoying as retards claiming Linux "dusnt support mah hardwair." It sounds stupid to anyone who has used it.

Re:Windows 7! (0)

Anonymous Coward | more than 4 years ago | (#32505556)

Not true, I plug in on win7 and it auto runs

Re:Windows 7! (1)

dingen (958134) | more than 4 years ago | (#32505856)

The box popping up and asking you what to do with the inserted medium is not the autorun screen.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?