Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

USB Autorun Attacks Against Linux

CmdrTaco posted more than 3 years ago | from the don't-put-strangers-in-there dept.

Open Source 274

Orome1 writes "Many people think that Linux is immune to the type of Autorun attacks that have plagued Windows systems with malware over the years. However, there have been many advances in the usability of Linux as a desktop OS — including the addition of features that can allow Autorun attacks. This Shmoocon presentation by Jon Larimer from IBM X-Force starts off with a definition of autorun vulnerabilities and some examples from Windows, then jumps straight into the Linux side of things. Larimer explains how attackers can abuse these features to gain access to a live system by using a USB flash drive. He also shows how USB as an exploitation platform can allow for easy bypass of protection mechanisms like ASLR and how these attacks can provide a level of access that other physical attack methods do not." I've attached the video if you are curious. Skip the first 2 minutes if you don't care where the lost and found is.

cancel ×

274 comments

Sorry! There are no comments related to the filter you selected.

The price of easy and automatic (5, Interesting)

clang_jangle (975789) | more than 3 years ago | (#35128246)

I always knew that when they made *nix idiot-proof all hell would break loose security-wise. Android has proven that really thoroughly. It's too bad, really. I had high hopes for it once. Maybe they'll get it together yet though.

Re:The price of easy and automatic (-1, Troll)

clang_jangle (975789) | more than 3 years ago | (#35128284)

Oops, now watch me get modded down to hell for "trolling linux". Just in case you thought that, I was pointing out that making things idiot-proof without making them insecure is extremely hard to do.

posted via gentoo linux, BTW.

Re:The price of easy and automatic (3, Informative)

HermMunster (972336) | more than 3 years ago | (#35128352)

I think negative mods would only be given for not addressing what the researcher was talking about. Android isn't using an autorun feature. In fact, he specifically states that his speech addresses only Ubuntu 10.10 and gnome (and not the other desktop managers).

Re:The price of easy and automatic (2)

clang_jangle (975789) | more than 3 years ago | (#35129312)

I think negative mods would only be given for not addressing what the researcher was talking about. Android isn't using an autorun feature.

You misunderstood, I never said it did. Android was cited as another example of the pitfalls of "easy and automatic".

Re:The price of easy and automatic (1)

$RANDOMLUSER (804576) | more than 3 years ago | (#35128422)

Just curious here: do you run "emerge --update world" from a root crontab entry?

Re:The price of easy and automatic (0)

Anonymous Coward | more than 3 years ago | (#35128488)

why would anyone ever do that? after a while your system would end up completely broken

Re:The price of easy and automatic (0)

Anonymous Coward | more than 3 years ago | (#35128688)

gentoo? hello?

Re:The price of easy and automatic (1)

dpilot (134227) | more than 3 years ago | (#35128778)

From cron I run "emerge --sync' and "emerge -ptuvDN world". I'll agree, you'd have to be nuts to actually update from cron. At the very least etc-update requires personal care to function with the updates, but not hose your configuration tweaks. At worst, every now and then there's a fiasco like libexpat. Plus there are certain packages that are nearly always problematic, like major XOrg or MythTV revisions.

Re:The price of easy and automatic (1)

$RANDOMLUSER (804576) | more than 3 years ago | (#35128980)

Agreed that sync and "update fetchonly" are harmless. The question is how much automation do you allow before you have to use neurons to prevent The Bad Thing from happening.

Re:The price of easy and automatic (1)

$RANDOMLUSER (804576) | more than 3 years ago | (#35128720)

I've actually seen people in forums say they do this - the point was "Who do you trust"? Frankly, I find many of the more drool-proof new features in both Linux and KDE4 to be less than useless.

When you only make computers for idiots, only idiots will have computers.

Re:The price of easy and automatic (1)

ffreeloader (1105115) | more than 3 years ago | (#35129160)

I think this is an overblown situation. Nautilus has settings in Preferences that run the full gamut of choices.

1. You can have the system do nothing.
2. You can browse the media without allowing any software to execute.
3. You can auto run anything you insert
4. You can have the system ask you want you want to do.
5. You can choose what application to run upon insertion depending on the content: music, video, software, etc....

I don't remember what the defaults were as it's been a long time since I originally built this computer, but I think it was that auto run was disabled. I run Debian so I don't know what kind of foolishness Ubuntu is doing. .

Re:The price of easy and automatic (1)

Belial6 (794905) | more than 3 years ago | (#35129288)

The choice I want is to be able to authorize that specific USB device to autorun from now on. I don't want all USB devices to be able to execute files, but I do want to be able to have specific one do it.

Re:The price of easy and automatic (0)

Anonymous Coward | more than 3 years ago | (#35128446)

Let's be honest here--making things secure is really hard. It's just that up to this point, Linux hasn't done much for you (I can remember just a few years ago when not even mounting a usb drive was automatic), so a)non-techies really didn't use Linux and b)you had to choose to run things, so the security experts could say that it wasn't their fault after all, since you told them to do it.

I don't want to bash linux either--I agree that it is probably the most secure widely available operating system in existence. The more interesting question is whether these kinds of vulnerabilities can ever be resolved, or whether it is an unsolvable problem.

Re:The price of easy and automatic (2)

jedidiah (1196) | more than 3 years ago | (#35128880)

Solaris did automount in the 90s. That didn't mean that it did the sort of stupid things that causes trouble with Microsoft products.

The things to avoid are well understood. Anyone that ignores the past should be flogged repeatedly.

autorun != automount

Re:The price of easy and automatic (5, Informative)

Vanderhoth (1582661) | more than 3 years ago | (#35128354)

I agree with you. Although, based on what I saw in the clips I was viewing the attacks seem to be more related to fancy sloppy interfaces such as auto loading thumbnails of pictures stored on a USB drive. Not so much because *nix is idiot proof, but because there is more of a focus on making a nice looking interface instead of a secure ok looking interface.

I could be wrong.

Re:The price of easy and automatic (4, Informative)

asvravi (1236558) | more than 3 years ago | (#35128850)

User-friendly
Secure
Functional

Pick any two...

Re:The price of easy and automatic (2)

postbigbang (761081) | more than 3 years ago | (#35129054)

I hate to throw in a well-used aphorism here, but nothing is foolproof because fools are so ingenious. It's the imflamatory nature of the post that attracts so many hits to this.... it turns out that you can hurt almost anything thru blatant misconfiguration. The scope of the attack is comparatively tiny. And you might get all of an attack plane of a half-million users on a good day, provided they use removable storage, and they'll accept something from unvetted sources.

Oh, wait....

Re:The price of easy and automatic (1)

Anonymous Coward | more than 3 years ago | (#35129120)

To be fair, this is more of a UDEV, and WM/DE problem in mainstream distro's, rather than specific Linux kernel issue itself, but I won't let the headline, article/video presentation detract from that fact.

Case in point, I can plug infected USB drives into my Linux system all day long without issue (and I do, btw). There is no autorun, mount, and execute set up upon device identification for my system. Yes, I may be the exception rather than the rule, but it's fairly clear to me that the distro. camps, in their efforts to gain notoriety as a desktop replacement against Windows, have implemented shotty security practices to boot. True to form, they truly have provided a desktop replacement for Windows, security failures and all.

With regard to security on Linux, you're either going to do it for them, or teach them to do it for themselves. There is no half measures in the Linux security ball game. You and I both know that because of the versatility and danger that a compromised Linux machine has.

Re:The price of easy and automatic (1)

jd (1658) | more than 3 years ago | (#35128372)

Can't speak for others, but I understand what you mean. And, yes, the easier something is, the harder it is to maintain security. Sandboxing all autorun code might help but that would degrade the ease-of-use.

Re:The price of easy and automatic (2)

Sal Zeta (929250) | more than 3 years ago | (#35128454)

Fast. Or Secure. Or Useful for the common layman.

Pick Two.

Re:The price of easy and automatic (1)

hedwards (940851) | more than 3 years ago | (#35128570)

You mean, Fast, secure, convenient or useful for the common layman.

Pick Two.

The problem with autorun is that it's convenient without having any security involved. By its nature it isn't secure, and I'm not sure why it would be more secure on Linux than Windows, other than it being limited to the user's privileges and needing to be written to handle Linux. And MS has in recent releases done a lot to make it easier to run the OS without always being admin.

Re:The price of easy and automatic (0)

Anonymous Coward | more than 3 years ago | (#35129062)

One thing that should be done with "removable media" if you are going automout it, at least do it noexec. That would stop all kinds of BS right there. You certainly still could have attacks though with image files desinged to cause buffer overflows in thumbnail browsers etc. Still it would be way better than just mounting it user.

Re:The price of easy and automatic (2)

camperdave (969942) | more than 3 years ago | (#35129168)

The problem with autorun is that it's convenient without having any security involved.

What is it convenient for, other than as a malware vector? (Which it seems to be really good at, judging from my virus detection reports).

Re:The price of easy and automatic (1)

cozzbp (1845636) | more than 3 years ago | (#35128492)

There comes a point when security is no longer the responsibility of the corporation, but the customer. How much can you really protect an idiot from getting a virus?

Re:The price of easy and automatic (3, Insightful)

morcego (260031) | more than 3 years ago | (#35128756)

Shoot him.

Re:The price of easy and automatic (2)

elrous0 (869638) | more than 3 years ago | (#35128536)

The harsh reality is that it's very difficult to make an OS that's both safe and popular. Make it too safe, and it's too complicated and annoying for the common user. And the only way to make it popular with the masses is to remove some of the safety features and usability roadblocks. It's a tightrope that MS and Apple have to walk every day. MS walks it by fighting each security issue that comes up individually. Apple walks it by increasingly turning towards locked-down systems.

Exactly (1, Insightful)

boristhespider (1678416) | more than 3 years ago | (#35128820)

MS *tried* to fight it (in part) by effectively adding a GUI sudo prompt into Windows Vista. A million people -- including Linux users posting on Slashdot -- immediately flew into fits of nerd rage about how annoying it was to have a GUI sudo prompt. (I never saw an issue with it myself, actually. Seemed no more irritating than going sudo on Linux or OSX's own authentication prompt. Unlike many, I actually really quite liked Vista, although I use OSX most of the time.) MS listened to their users and allowed them to scale it back in Windows 7, creating a million new security holes and causing a million people -- including Linux users posting on Slashdot, although not necessarily the same ones -- to complain about security flaws in Windows.

MS have made many stupid mistakes over their history and not least due to the ancient and creaking XP (and, even worse, the immediately-owned ME) have a history of shit security. Thing is they tried to patch it up in an easy way and people bitched and puled enough that they had to make it less secure again.

That, of course, ignores the other few million security flaws riddling the kernel. I'm just talking about the UAC here.

Re:Exactly (4, Informative)

Nimey (114278) | more than 3 years ago | (#35129264)

Did you ever use the original Vista? Ever use Ubuntu or OSX from the same time period? Vista's prompt was a lot more annoying, because for some operations it would go off several times, while for the other two it'd ask you ONCE and then get the hell out of the way. Ubuntu would even remember your sudo credentials for a few minutes so you could do other tasks as root. Really a superior design.

They made it less annoying with SP2 and again with Win7, yes, but the original setup was shit.

Re:The price of easy and automatic (1)

bonch (38532) | more than 3 years ago | (#35128890)

Everything in the universe is a trade-off. Make something more popular and accessible, and you lose security and stability. Lock down the software like Apple did to retain security and stability, and you gain the wrath of the online freedom warriors.

Re:The price of easy and automatic (1)

SnarfQuest (469614) | more than 3 years ago | (#35129142)

It's hard to make software idiot-proof, because idiots are so ingenius.

Oh boy (-1, Troll)

nametaken (610866) | more than 3 years ago | (#35128348)

      Year of the linux desktop indeed!
      Already fixed.
      Noobs. FreeBSD ftw !%!
      Ubuntu sux it's too easy.
      Ahem, my Mac does not do this.
      Feature parity w/ windoze!

Re:Oh boy (1, Insightful)

HermMunster (972336) | more than 3 years ago | (#35128560)

Has there really ever been anyone responsible for Linux making claims of "the year of Linux"? Or has it just been some random users that once made a reference?

Re:Oh boy (2)

DrgnDancer (137700) | more than 3 years ago | (#35129324)

It was quite popular about 8-10 years ago for various media outlets to declare the "year of the Linux Desktop". I can't be arsed to look up specific examples, but they definitely existed. The irony being that Linux has improved dramatically as a desktop OS since most of those claims were widely circulated, yet no one expects it anymore. As far as I can tell, three things have ended the hype:

1) Probably most important: People have realized that what most desktop users want is something Linux will probably never give them. Hand holding and a person to call when things break. Windows' monopoly created a huge pool of reasonably skilled amateur technicians; as well as an ecosystem of professionals ranging from the guy with fliers on the apartment bulletin board, to Best Buy's Geek Squad, to highly skilled consultants and everything in between. Apple answered that with their Genius Bar and highly rated customer service. Linux has answers to it as well, but people don't like searching web sites and such. Red Hat and a few others actually have excellent customer service and tech support, but buying from them (in small volumes, they're way cheaper than MS for high volume sales) makes Linux as expensive as Windows.

2) A credible alternative to Windows on the Desktop emerged in OSX. Sure the hardware is kinda premium, but Apple released an easy to use Unix based OS on fairly affordable hardware. They also tied this with the launch of their retail stores and Genius Bars which provided the kind of hand holding and quick fix solutions that people are used to on Windows.

3) Software and hardware vendors never saw value in cooperating. Next to to the lack of hand holding, this is probably the biggest issue. No thanks to the vendors, the hardware situation is much better than it used to be, but software remains a major hurdle. There are analogs and replacements for a lot of stuff, but they're rarely quite as good, always require a learning curve (on top of learning the new OS), and often times have file conversion issues. Apple got around this because they've always been Microsoft's "see, we're not a really a monopoly" hitching post so a lot of vendors (including MS themselves) have always maintained a MacOS version. Apple's recent success just means that they're making money on it.

So now the Linux vendors concentrate on the server space (which has always been their strength), while producing steadily more polished Desktop OSes that don't get nearly the hype they used to. Meanwhile increasing numbers of tablets, smartphones, and PDAs may make the whole thing irrelevant in ten years. Not that desktop or laptop computers are going anywhere, but portable platforms will probably overtake them in usefulness for non-technical people at some point in the next decade.

Stop copying Windows please! (5, Insightful)

JustNiz (692889) | more than 3 years ago | (#35128416)

Autorun as a concept just sucks.
Copying whatever Windows does, warts and all, into Linux, just sucks.
When is this insanity going to end?

Re:Stop copying Windows please! (2, Insightful)

pclminion (145572) | more than 3 years ago | (#35128494)

Yeah, having a computer automatically react to a piece of media... What a stupid idea. Next thing you know they'll be using computers to compute things, and then we've just gone straight to hell.

Re:Stop copying Windows please! (0)

Anonymous Coward | more than 3 years ago | (#35128602)

I wouldn't worry about it until you can access the Internet with computers.

Re:Stop copying Windows please! (1)

meerling (1487879) | more than 3 years ago | (#35128726)

Why would anyone do that, my cat likes being plugged into the router...

Re:Stop copying Windows please! (5, Insightful)

hedwards (940851) | more than 3 years ago | (#35128612)

It really depends how you do it. It's one thing to go the UAC route and have the computer notify the user that something has been inserted and request authorization to do something, and quite another to make that decision for the user. Certain actions really shouldn't be allowed to be completed completely on their own, autorun is definitely a candidate for that.

Re:Stop copying Windows please! (2)

mlts (1038732) | more than 3 years ago | (#35129228)

Not just a piece of media. A piece of untrusted media. The computer needs to consider all media as suspect and require the user to take action. It shouldn't do anything else.

The media should be mounted, and mounted noexec, nosuid, no-nothing. That's it. No autorun, no autoplay, no autoboot, no -nothing-. The user can decide what to do with the media once it is mounted. If the user wants to run stuff from the media, they can remount it with the permissions ready.

Of course, there is always the issue of PEBKAC errors, but short of yanking root from the user a la Android or iOS, there isn't much the OS can do here.

Re:Stop copying Windows please! (1)

ddd0004 (1984672) | more than 3 years ago | (#35129362)

I agree that autorun isn't completely wrong, but as always the weakest link in the security is the user. If you were to disable autorun, you could probably accomplish a similar effect by writing "execute the file named xxxx and enter your root password" on the disc or usb drive. Most users wouldn't question it for a second.

Re:Stop copying Windows please! (1)

0123456 (636235) | more than 3 years ago | (#35128508)

When is this insanity going to end?

When developers stop listening to new users who say 'But I can do this in Windows, why can't I do it in Linux?'

Re:Stop copying Windows please! (0)

Anonymous Coward | more than 3 years ago | (#35129038)

>>When developers stop listening to new users

great idea for getting a wider acceptance for Linux and OSS desktops.

Congratulations, here is an intraweb for you.

Re:Stop copying Windows please! (1)

SudoGhost (1779150) | more than 3 years ago | (#35129286)

But I can blame Microsoft for my computer getting viruses in Windows, why can't I do it in Linux?

Re:Stop copying Windows please! (-1)

Anonymous Coward | more than 3 years ago | (#35128646)

Amen! Right on! Bravo! Hear, hear!

I am convinced that KDE and GNOME are part of a secret Microsoft conspiracy to make Linux worse than Windows. They clearly underestimated the difficulty of the task, but made substantial progress already, and will get there some day...

Re:Stop copying Windows please! (0)

Anonymous Coward | more than 3 years ago | (#35128658)

I use fluxbox. What insanity are you talking about?

Oh wait, I used to use GNOME, until their interface caused windows to be switched at a very slow pace. This was caused by rendering the updated mini-window in the Alt-Tab, like Windows does. Then I switched to Fluxbox and I've been quite happy.

Mind you, the problems described in the video deal not with the "autorun", but with vulnerabilities in the entire chain of code that is run when you plug in a USB device. From the USB device code => SCSI code => FS system code. You can compromise a system even without mounting the file system if there is holes at a low enough level.

So yes, TFS (The Fine Summary) is not quite correct and TFV (The Fine Video) is just what happens when you plugin unknown hardware.

Re:Stop copying Windows please! (4, Insightful)

$RANDOMLUSER (804576) | more than 3 years ago | (#35128660)

Exactly.

87.3% of all the biggest forehead-whapping Windows security bugs have come from Microsoft's (really Bill Gates) love of whizzo features that look really cool in a developers conference keynote but don't survive the first three minutes of critical thought or exposure to the real world.

I'm specifically referring to things like where IE or Windows Explorer execute code of unknown provenance to provide "previews". Windows Explorer once had a bug which could execute arbitrary code via JPEG preview. Of course, the Outlook preview exploits are LEGION, but we can also include VB macros included in Word and Excel "data" (hahaha) files. Only a sick love of flashy features, consequences be damned can account for this.

Re:Stop copying Windows please! (1)

OzPeter (195038) | more than 3 years ago | (#35128740)

Autorun as a concept just sucks. Copying whatever Windows does, warts and all, into Linux, just sucks. When is this insanity going to end?

I insert a DVD into my player - and it just plays.

I put film into my (now older camera) and it it loaded it up for me ready to use when I shut the back

I'm sure there are a zillion other examples of systems that just start doing things in readiness of what the would like. So why do you think the average consumer is *not* going to expect things happen automatically?

Re:Stop copying Windows please! (2)

0123456 (636235) | more than 3 years ago | (#35128846)

I insert a DVD into my player - and it just plays.

A DVD player has one intended use and only one intended use: playing DVDs.

I put film into my (now older camera) and it it loaded it up for me ready to use when I shut the back

A camera has one intended use and only one intended use: taking photos.

So why do you think the average consumer is *not* going to expect things happen automatically?

Computers are used for many things other than playing DVDs. Why should the operating system assume that just because I put a DVD in the drive, I want to play it?

Re:Stop copying Windows please! (1)

Anonymous Coward | more than 3 years ago | (#35129102)

Are you in the habit of inserting media you don't intend to actually access? I mean, really.

Re:Stop copying Windows please! (2)

0123456 (636235) | more than 3 years ago | (#35129232)

Are you in the habit of inserting media you don't intend to actually access?

Yes. The last time I remember this happening, I put a DVD in the drive because I was going to play it after I finished reading my email and the stupid operating system decided to start up the DVD player, getting in the way of what I was going at the time.

And I'm definitely, absolutely, certainly, 100% in the habit of inserting media where I don't want to open up a browser window which runs random buggy codecs in order to display thumbnails that I 100% don't give a damn about.

Re:Stop copying Windows please! (0)

Anonymous Coward | more than 3 years ago | (#35129372)

I would say that in the first case, you did intend to access said media, just maybe not right this second. Any particular reason you had autoplay enabled in the first place then? Or was this the first DVD you had ever inserted into this machine since installation? Otherwise, sounds like your problem for inserting said DVD before you needed to without disabling Autoplay.
 
As to the second, well, again- if you don't care for the default behaviour, why have you not turned off Autoplay? In windows, it takes roughly 5 seconds to do.

Re:Stop copying Windows please! (1)

Imagix (695350) | more than 3 years ago | (#35128858)

I insert a DVD into my player - and it just plays.

What else is it going to do, but play the DVD?

I put film into my (now older camera) and it it loaded it up for me ready to use when I shut the back

Again, what else are you going to do with it? Those are only two examples of nearly single-purpose items doing that single purpose. Easy to figure out what that's going to do.

Re:Stop copying Windows please! (1)

phtpht (1276828) | more than 3 years ago | (#35128914)

It's ok to start playing the movie or load up a slide show of the photos, because all that is just data. What's not ok and where the autorun FAILS is the possibility to execute arbitrary software without user's consent or notice. The same distinction goes with HTML vs Javascript.

Re:Stop copying Windows please! (2)

flight666 (30842) | more than 3 years ago | (#35129000)

But the whole point of this discussion: What if there is a bug in the library that renders that *data*? All of a sudden, your data is no longer very data-y, and much more executable-y than you might have intended.

For reference, take a look at the (lengthy) list of bugs in any of the image processing libraries.

Re:Stop copying Windows please! (1)

sourcerror (1718066) | more than 3 years ago | (#35129174)

You seem to fear buffer overflow. Then write it in Java. /ducks

Re:Stop copying Windows please! (1)

bonch (38532) | more than 3 years ago | (#35128904)

Autorun as a concept just sucks.

Why?

Copying whatever Windows does, warts and all, into Linux, just sucks.

If that's true, then you'd better not use GNOME or KDE.

Re:Stop copying Windows please! (1)

Sal Zeta (929250) | more than 3 years ago | (#35128958)

The concept is useful enough, if you realize what the user needs. They don't care about autorun per se, they care just about displaying the content from their media in less time as possible. That's their problem.

The feature, "Autorun" in such case, is a solution. And if you try to re-implement a solution without understanding the original problem, you're doomed to make the same errors of the first implementation. By looking at the GNOME interface, despite its really good production values, it's apparently a common error.

Re:Stop copying Windows please! (3, Insightful)

Jonner (189691) | more than 3 years ago | (#35129334)

The presenter in TFV says that because autorun always prompts the user, it's not a big security risk. He spends much more time talking about exploiting bugs in various software layers, including kernel, root-running userspace, and normal user processes.

I'm not sure that I agree that always asking permission to autorun something is safe enough, but it is far less onerous than how Windows used to work.

Re:Stop copying Windows please! (0)

Anonymous Coward | more than 3 years ago | (#35129356)

i've always found autorun on windows to be annoying...ever since the win98 days...i've always disabled. i plug my drive in, i open explorer, go to my computer and just as i'm about to click on my drive...BAM! annoying autorun window pops into my way...

They never learn (1)

udoschuermann (158146) | more than 3 years ago | (#35128478)

Any system is vulnerable when it automatically opens or executes email attachments, automatically executes arbitrary commands delivered on a removable volume, and hides file name extensions to fool users into executing things that looked like something harmless.

Any software vendor who thinks about adding such features should receive a savage thrashing. If they actually enable such features by default, they should be shot with prejudice.

Re:They never learn (0)

Anonymous Coward | more than 3 years ago | (#35128744)

I really don't get it.

There is no auto-run thing in Linux. They seem to be talking about thumbnail previewers. So, a buffer overrun may execute some code. OK, that may happen with to local data files, and has nothing to do with USB, execpt for the fact that Gnome tends to open a Nautilus window for inserted USB sticks.

Any program which loads data is sensitive to these vulnerabilities; for instance, OpenOffice importing one of such images, or Evince itself when opening a PDF file. Btw, afaik Evince cannot execute javascript embedded into PDF files, which is what you are suggesting (or at least what I understand from your complaints).

A different thing would be if Nautilus executed any autorun.sh included in a opened directory.

Yes, I know you have not explicitly asked the thumbnails be generated. Dolphin, for instance has previews disabled until you enable them. On the other hand, I really find useful that Nautilus generates the previews of PDF files and images.

Thanks, Miguel (2)

Compaqt (1758360) | more than 3 years ago | (#35128486)

Anybody want to post a quick-fix to avoid turn off AutoRun in Ubuntu?

Re:Thanks, Miguel (1)

Anonymous Coward | more than 3 years ago | (#35128596)

Use Kubuntu instead.

Re:Thanks, Miguel (-1)

Anonymous Coward | more than 3 years ago | (#35128606)

Sure, just boot from a Windows 7 install DVD and format the drive and install Windows 7. Honestly, Windows 7 does not do AutoRun out of the box, although you can turn it on. Now, it does do AutoPlay (where it asks if you want to view pictures, open the folder for viewing, etc.). However it no longer happily runs whatever autorun.inf says to run like Windows used to do.

Re:Thanks, Miguel (1)

Rockoon (1252108) | more than 3 years ago | (#35128806)

Win7 most definitely does some of the things mentioned in the article out of the box, such as loading resources from executables and producing thumbnails for images on USB drives.

Its likely that you can dig out of any modern OS sandbox (Linux or otherwise) when giving them malformed input.. look at how much effort Apple has put into protecting iOS, and contrast that with how many ways that its already been rooted... and thats a completely locked down example of failure. Now imagine how badly Windows, Linux, and mainstream BSD must be at sandboxing.

As Raymond Chen would say... this stuff is going on on the wrong side of the airtight hatchway.

Re:Thanks, Miguel (0)

Anonymous Coward | more than 3 years ago | (#35128814)

...install Windows 7.

Sweet! Is there an open source equivalent of that?

Re:Thanks, Miguel (2)

HermMunster (972336) | more than 3 years ago | (#35128628)

On option the researcher is explains how to turn it off the option to browse media when a removable storage device is inserted. Nautilus > Edit > Preferences > Media tab

Un-check the box for "Browse media when inserted".

It won't be long before the code is examined and corrected.

Keep in mind his speech is about Ubuntu 10.10 and specifically gnome running as the desktop manager.

Re:Thanks, Miguel (1)

lilo_booter (649045) | more than 3 years ago | (#35129298)

Yes, but he also shows how the vulnerabilities stem from libraries which the desktop uses, and how, potentially, there are vulnerabilities all the way down, right to the kernel itself. No simple fix - short of turning off all automatic execution of processes against any unknown source (which is what I have done for quite some time - I do have thumbnail generation on local files, but after watching that, I think I'll give that the boot too :)).

'BOUT TIME WE CAN COMPETE WITH WINDOWS !! (0)

Anonymous Coward | more than 3 years ago | (#35128490)

Hip-hip-horray !!

Hip-hip-horray !!

Hip-hip-horray !!

We are movin' on up, to the east side
To the deluxe apartment in the skyyyy
MoooVin' on up, yeah !!

OSes should be immune from this out of the box (2)

davidwr (791652) | more than 3 years ago | (#35128500)

Auto-run is convenient and all but systems should NOT automatically execute content from devices unless the user has specifically told them it's okay.

A recommendation for out-of-the-box "autorun" experience:

Query the type of the media, but do so without running any code of any type on the media.
Authenticate the data used to determine the type of the media AND any "auto run" code typically associated with that type of media OR decide you can't authenticate it.

Present a box to the user for "trusted" content:

This disk claims that it contains [a program | music | video | files | whatever ]. This claim is sign by [company] and its chain-of-authentication includes [highest-level signer], a company trusted by [operating system vendor | you]. To see more details click [here].

What do you want to do? [list of choices, including "do nothing," "open as a folder," "run the disk" (aka autorun), "play music," "play video," etc.]

[ X ] Do the same for other media of this type signed by this signer.
[ _ ] Do the same for other media of this type signed by any trusted signer.
[ _ ] Do the same for other media of this type even if it is not signed.

Present a box to the user for signed content that cannot be authenticated:

WARNING: This disk claims that it contains [a program | music | video | files | whatever ]. This claim is sign by [company] but this signature cannot be authenticated. To see more details click [here].

What do you want to do? [list of choices, including "do nothing," "open as a folder," "run the disk" (aka autorun), "play music," "play video," etc.]

[ _ ] Trust this signer in the future.
[ _ ] Do the same for other media of this type signed by this signer.
[ _ ] Do the same for other media of this type signed by any trusted signer.
[ _ ] Do the same for other media of this type even if it is not signed.

Present a box to the user for unsigned content, which would typically be "unlabeled" content that the computer has to figure out for itself:

This disk appears to contain [a program | music | video | files | whatever ].

What do you want to do? [list of choices, including "do nothing," "open as a folder," "run the disk" (aka autorun), "play music," "play video," etc.]

[ _ ] Do the same for other media of this type [bold]NOT recommended[/bold]

Almost all media would be "unsigned" until a standardized method of signing is developed. Signing would typically only authenticate the type of media the disk claimed to as well as the executable code of any autoexec.exe-type program that runs if the user "runs the disk" or any media-type-specific on-disk code that runs if the user "plays the media," not the entire disk.

Re:OSes should be immune from this out of the box (1)

Sal Zeta (929250) | more than 3 years ago | (#35128706)

This is not a "out-of-the-box" experience. It's looks like more to a Tax-Form experience. You would spend more than 10 minutes trying to understand what to do.

And the attention span of the common user is around 7 minutes. Yahoo Answer would be filled in less than half an hour with questions on how to disable it.

Re:OSes should be immune from this out of the box (1)

Anne Thwacks (531696) | more than 3 years ago | (#35129096)

You will be out of your box after having to deal with this a few times.

It's bad but not the end of the world. (2)

Beelzebud (1361137) | more than 3 years ago | (#35128526)

Linux servers, that run on command line don't have these issues. I know this is shocking to some people, but 99.99% of the world doesn't really give a shit about what you have on your home pc's hard drive. Security is good, but paranoia isn't. Anyone that actually cares about safeguarding their data won't be running a server with a GUI on it anyway. Even the Apache Foundation had to learn this the hard way.

Re:It's bad but not the end of the world. (1)

hedwards (940851) | more than 3 years ago | (#35128650)

I don't think that this problem is limited to servers, I don't see any reason why this wouldn't work against a person's personal computer. Which is the real problem, folks that are administrating a server shouldn't be regularly putting thumbdrives and such in and shouldn't be allowing random other people to do that either. All this really demonstrates is that a computer where people can access the console is not secure. That's been known for how many decades now?

Re:It's bad but not the end of the world. (2)

andrewd18 (989408) | more than 3 years ago | (#35128692)

99.99% of the world doesn't really give a shit about what you have on your home pc's hard drive

Correct. Instead they care about installing a keylogger to your hard drive and then accessing your credit card information.

Tools and Ignorance (0)

Anonymous Coward | more than 3 years ago | (#35128540)

No tool will ever be safe in the hands of somone who does not know how to use it, let alone what it actually does. I am not saying computers should be made deliberatly archane, but to much effort is put into concealing what they do and removing the need to learn anything about how to operate one. The more we enable the ignorate the poorer the outcome will be. Case in point identity theft and data leaks are a growing problem not a shrinking one dispite awareness of the risk. I would say the likely cause of that is more people are doing more with computerized information without an understanding of the conseqences.

Linux's Appeal to a Mass Market (1)

Major_Small (720272) | more than 3 years ago | (#35128582)

It appears to me that Linux may have started thinking about focusing all it's efforts on being a more stable, secure OS, but to gain acceptance in a more mass market, they need to do things that, while they reduce security, increase their general user base. Sure, it's Linux, so you can strip it down to near nothing and have a rock-solid, dependable, secure system designed for a specific hardware setup, but if they want to stay alive, they may need to realize that they need less secure measures that allow the typical end-user to use their OS behind the scenes without any extra effort on their part. TLDR:To (Probably most) people, ease of use is more important than security, and some software developers working around Linux may be seeing that. However, being Linux, the hardcore can always build their system to be the fort Knox of data. If anything, this is a good thing IMO. Keep the security-conscious aware of issues, but let the average end-user go about their business as they will.

Re:Linux's Appeal to a Mass Market (1)

Rich0 (548339) | more than 3 years ago | (#35129016)

Sure, it's Linux, so you can strip it down to near nothing and have a rock-solid, dependable, secure system designed for a specific hardware setup, but if they want to stay alive, they may need to realize that they need less secure measures that allow the typical end-user to use their OS behind the scenes without any extra effort on their part.

Uh, define "stay alive" for me? It is an operating system. It isn't alive, so it can't stay alive. It will exist in perpetuity, or until the last person deletes their copy of the source code.

Most of the people who maintain linux don't really need these features, and they will likely continue to maintain it indefinitely without them - unless something better comes along (and then why should we want linux maintained anyway?). Sure, it might have microscopic market share on the desktop, but I don't get paid to manage linux desktops, so that doesn't really bother me...

Autorun ist stupid (4, Interesting)

gweihir (88907) | more than 3 years ago | (#35128592)

Doesn't depend on platform. Autorun is always a huge security risk. It was invented for lazy users that do not want to know how to use their computer properly. At this time (and for the foreseeable future) this kind of laziness comes at a price and that is vulnerability to rather simple to execute attacks.

The real benefit of Linux here is that, unlike Windows, you can get distributions that would not dream of implementing something as stupid as autorun. On others, you can reliably turn it off reliably without a cryptic adventure through the mess called the "registry". But implementing insecure features will of course make Linux insecure. Nobody sane debates that.

Re:Autorun ist stupid (0)

dkleinsc (563838) | more than 3 years ago | (#35128702)

Ja, ze autorun ist stupid ze way zey currently do it.

But methinks zey could reduce ze risk by jailing ze autorun processes, maybe in a chroot environment or virtual komputermachine.

Re:Autorun ist stupid (1)

gweihir (88907) | more than 3 years ago | (#35128862)

Wups, need to spell-check headlines as well....

Re:Autorun ist stupid (0)

bonch (38532) | more than 3 years ago | (#35128938)

Autorun is always a huge security risk. It was invented for lazy users that do not want to know how to use their computer properly.

Ah, another Slashdotter who doesn't understand that computers are appliances to the general public. Outside the little bubble here, people use computers to get a job done, not as a hobby to learn.

Re:Autorun ist stupid (1)

gweihir (88907) | more than 3 years ago | (#35129040)

I understand this very well. We spend half a decade or more to tech our kids to read and write. If a fraction of that would be applied to computer usage, the problem would go away. There is no excuse for incompetence with regard to widely used cultural tools. If you do not have the basic skills to use that tool, stay away from it.

Autorun is not something that can be made secure, ever. So it should not be implemented anywhere and people should learn how to do without it.

Re:Autorun ist stupid (1)

Anonymous Coward | more than 3 years ago | (#35129136)

Who needs to edit the registry? Windows versions since 9x have GUI configuration tools to disable auto-run. Any "modern" Windows OS since 2000 has very sensical GUI tools, no cryptic adventure through obscure configuration files scattered throughout the filesystem is necessary. ;)

Re:Autorun ist stupid (1)

Anonymous Coward | more than 3 years ago | (#35129332)

it can be imposed through group policy, and in Windows 7 you just need to uncheck a box.. nothing cryptic about it..

The Backup Virus (0)

Anonymous Coward | more than 3 years ago | (#35128630)

Remember it?

Step 1. Insert target drive to be backed up.
Step 2. Format wrong target
Step 3. Backup wrong Drive
Step 4. Realize something is wrong
4a try to recover for 24 hours
4b realize something is whacked bad
Step 5. Freak out and start removing the wrong drive
Step 6. Insert Wrong Drives again because of losing track
Step 7. Backup Wrong Size Drive to Wrong Drive
Step 8. Realize all original drives have been formatted several times
Step 9. Invite friend with computers over
Step 10. Offer a drink and tell your story while setting up
Step 11. Format his own drive and mistakenly think you have an old backup which fails to boot
Step 12. Get a sharpie marker and Start marking the drives up
Step 13. Invite more friends to assist
Step 14. Look for even more people with boot stick repair experience
Step 15. Try a Linux Demo
Step 16. Everyone tries and goes home with data loss and different linuxs
Step 17. Profit at every other step.

autorun is the worst thing to happen to windows (1)

mshenrick (1874438) | more than 3 years ago | (#35128672)

this is why i disable it. autorun is the worst thing to happen to windows

Of course (0)

Anonymous Coward | more than 3 years ago | (#35128784)

I never liked the "linux is more secure" sentimentality.

When Linux was small, streamlined, highly optimized for specific purposes, its hard to attack.

But as you make Linux more user friendly, feature rich, easier to use, it becomes easier to attack.

The Linux/Open Source community just doesn't understand this. Making something with 10 features makes it easier to secure and overall more stable and better performing. Adding 100 features makes it prone to security and stability issues. About the hardest thing to do in software design is to make software "idiot" proof. I firmly believe there is a correlation between software ease of use and software complexity. As you make software easier to use, the code complexity grows exponentially. The amount of effort required to protect people from themselves is incredible. I think most Open Source projects are starting to realize that as you try to match long entrenched retail software feature for feature, you can't keep claiming you are better then the rest, eventually you become just like the rest.

We have seen this as FireFox has evolved. Initially a small, streamlined browser, now becoming slow and bloated and prone to security issues the more features and content they add.

Of course everybody complained about how insecure and poor performing Windows has been, but few realized that Windows is the easiest to use OS in use today and so is more feature rich and prone to problems then something like Linux, which traditionally has been a difficult OS to use by the average computer user. As companies like Ubuntu try to make Linux "nice" they are running into the same issue as Microsoft has had over the years.

Sorry, not to start a flame war or anything, but the reality is that so many people underestimate the effort required to make something like Windows which, for better or worse, outnumbers all other OS installations on the order of thousands to 1. The world runs on Windows and I think it is short sighted and narrow-minded to assume that Linux is a 1:1 replacement to Windows. Its not. And as Linux evolves it will hit the same growing pains as Microsoft has had, people might come to realize the effort required to produce something like Windows.

And don't suggest that features like this need to be removed, or the OS "smartened" up so it requires more intelligence to use. Realize that the single biggest reason why no other OS is actually gaining market share on Windows is just that no other OS has reached Windows on ease of use. Sure, I know, some of you are going on about how many years you used Linux or OS X, but these operating systems are, for the uninitiated, a pain in the ass to use compared to Windows.

Bottom line is, if you want your favourite OS to stay at 5%, then suggest to remove these features. If you ever want Linux to surpass Windows then it going to have to be used by the masses, idiots and all, but you can't have it both ways. There is no way to maintain an OS as something for elite users while also making it safe and secure and easy to use for everyone else. You can't claim that Linux > Windows and then suggest it remove features Windows has had for years.

Re:Of course (1)

0123456 (636235) | more than 3 years ago | (#35128908)

You can't claim that Linux > Windows and then suggest it remove features Windows has had for years.

Linux has traditionally been better than Windows precisely because it didn't have features like 'autopwn' that Windows has had for years.

Re:Of course (2)

jedidiah (1196) | more than 3 years ago | (#35128954)

> But as you make Linux more user friendly, feature rich, easier to use, it becomes easier to attack.

Of course you can point us to the inevitable viruses, worms and trojans that now afflict MacOS?

If not then your entire rant is just thoughtless jibber jabber.

You get system vulnerabilities from bad engineering practices, not a consumer focused mindset.

Sure I can have it both ways. Just don't do obviously stupid stuff. Don't do things that were proven wrongful in the 80s before any of the current malware innovations were developed.

Smart distros default auto-run (0)

Anonymous Coward | more than 3 years ago | (#35128856)

Smart distros default auto-run settings to disabled.

Re:Smart distros default auto-run (1)

jedidiah (1196) | more than 3 years ago | (#35128998)

A smart distro would disable auto-run entirely and make you go through hoops to install it.

more like hotplug (1)

tthomas48 (180798) | more than 3 years ago | (#35128896)

I think people think he's referring to autorun when I believe what he's talking about is more the "hot-plugging" ability of usb. I.e. I plug in a USB device and some linux kernel device code gets run. These are standard hardware vulnerabilities, it's just that most hardware can't be plugged into a computer as easily as usb.

Flawed Linux security model (1, Insightful)

Animats (122034) | more than 3 years ago | (#35128924)

Linux still has the antiquated "user, group, everyone" security model from the 1970s. By now, we know that outside data can't be given all the privileges of the user. But Linux's legacy security model is so deeply embedded in the UNIX/Linux world that it's almost impossible to get beyond that.

Yes, there's SELinux. But there isn't a whole distribution with a full range of applications which can run under a mandatory security model.

Re:Flawed Linux security model (2)

jedidiah (1196) | more than 3 years ago | (#35128986)

A more complicated security model is not going to prevent an environment that can trash the user's files from trashing the user's files.

That capability is somewhat hard to avoid as you can't really do work for the user otherwise.

Re:Flawed Linux security model (1)

0123456 (636235) | more than 3 years ago | (#35129260)

But Linux's legacy security model is so deeply embedded in the UNIX/Linux world that it's almost impossible to get beyond that.

That 'legacy security model' is there because anything more complex becomes insanely difficult to administer. Do you really think that a user who demands 'autopwn' for convenience is going to be setting up ACLs so that autopwn programs can't trash their data?

And any useful autopwn program is likely to require at least user permissions for whatever the user plans to do with it..

If they have physical access... (0)

Anonymous Coward | more than 3 years ago | (#35129076)

Then your machine is not secure. It's really that simple.

OT: MS instructions for controlling in Windows (4, Informative)

behindthewall (231520) | more than 3 years ago | (#35129090)

Maybe OT, but here's MS's information for controlling this "feature" in Windows.

There've been various sets of instructions and registry hacks floating around, but this appears to be from the horse's mouth, relatively recently updated, and addresses some of the shortcomings of previous fixes.

Article ID: 967715 - Last Review: September 9, 2010 - Revision: 6.2
How to disable the Autorun functionality in Windows

http://support.microsoft.com/kb/967715 [microsoft.com]

(I'm posting this due to the confusion all the various instructions / search results can create, and because this article addresses Autoruns and so I expect a number of Windows users will be having a look out of curiosity.)

FreeBSD is much better. (2)

Blackout for Hungary (1970198) | more than 3 years ago | (#35129242)

It doesn't even recognise my thumb drive, so I don't have to worry about security

Superuser? (1)

Eggbloke (1698408) | more than 3 years ago | (#35129250)

I didn't watch the video but on my system to make any significant changes such as install something a program superuser access is required. Without me entering my password for a program to do something the most it can do it mess around with pretty trivial stuff.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>