Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Spikes Detected In Autorun Malware

Soulskill posted about a year ago | from the going-back-to-the-classics dept.

Security 140

msm1267 writes "Researchers recently have seen a major increase in the volume of autorun malware in some countries, thanks to a couple of new worms infecting those older machines. The two new worms, Worm.JS.AutoRun and Worm.Java.AutoRun, both take advantage of the autorun functionality to spread, and the JavaScript worm has other methods of propagation, as well. Researchers at Kaspersky Lab say that the volume of autorun worms has remained relatively constant over the last few months, but there was a major spike in those numbers in April and May, thanks to the distribution of the two new pieces of malware."

Sorry! There are no comments related to the filter you selected.

Windows Right? (-1)

Anonymous Coward | about a year ago | (#44019363)

This is a Windows thing right?

Re:Windows Right? (1)

Anonymous Coward | about a year ago | (#44019393)

Yes. Whenever windows sees new data from any source, it immediately executes it... for security reasons ya know.

Re:Windows Right? (1)

Anonymous Coward | about a year ago | (#44019417)

Yes. Whenever windows sees new data from any source, it immediately executes it... for security reasons ya know.

The worm didn't cause so much stupidity. It only brought our attention to it.

Re:Windows Right? (1)

davester666 (731373) | about a year ago | (#44020349)

You would think more people would listen after 20+ years.

Re:Windows Right? (0)

Anonymous Coward | about a year ago | (#44022405)

The people from 20 years ago ARE listening, it's all the new ID10Ts coming online that don't know any better. And since the # of new idiots being produced is greater than the number of people becoming former-idiots, the trend towards complete stupidity continues.

Re:Windows Right? (5, Insightful)

JDG1980 (2438906) | about a year ago | (#44019635)

Yes. Whenever windows sees new data from any source, it immediately executes it... for security reasons ya know.

Not really. That security hole was patched over four years ago [microsoft.com] . What does happen is that when removable media is installed, the user is prompted for what to do; this can include opening the folder to view the files, or running a setup file if one is present. Yes, if someone *chooses* to run the setup.exe file and it's infected, then they can get a virus or trojan. But that's part of the cost of having an open platform without executable signing. The only way to eliminate this risk would be to force the user into a walled garden. That may be feasible on smartphones and tablets, but it's not acceptable on workstations.

Re:Windows Right? (4, Informative)

noh8rz10 (2716597) | about a year ago | (#44019795)

The only way to eliminate this risk would be to force the user into a walled garden. That may be feasible on smartphones and tablets, but it's not acceptable on workstations.

apple has successfully closed holes for this sort of stuff through gatekeeper and mac app store. gatekeeper has three settings, and at its most restricitve setting you can only run programs that have been registered wtih apple. medium setting throws a stern warning, and low setting is off.

the mac app store takes it one step further by porting the security of ios app store to mac.

Re:Windows Right? (2)

AmiMoJo (196126) | about a year ago | (#44020573)

Gatekeeper sounds a lot like UAC on Windows. It differentiates between signed and unsigned apps. Much like the Mac App Store we now have the Windows App Store or whatever they call it.

Unfortunately most users are not happy with those restrictions. They want to be able to buy software and install it, e.g. games. I keep saying it: if you are dumb enough to click though all the dire warnings and install some unknown application you were not expecting to install then there really is no help for you, other than a crippled PC. Buy a tablet or etch-a-sketch instead, or perhaps a Chromebook.

Re: Signed apps (3, Insightful)

King_TJ (85913) | about a year ago | (#44021099)

One thing we've recently seen in my workplace is a Trojan horse virus embedded in a fake Flash player update which carries a valid Adobe signature.

So even allowing only signed apps to install is no guarantee of security.

The main difference with something like UAC versus Apple's Gatekeeper is that Apple made the effort to sell as many programs as possible in their own online store for the Mac, and Microsoft didn't really have an equivalent. So Apple was in a position to put something in place allowing only those store purchased items to be installed by end users (while admins of a box could still have less restrictive settings and load whatever they wished). This allows configuring a system with everything a user needs up front, but still giving the user freedom to buy and load a wide selection of programs after the fact, while ensuring they all come from a known, safe source.

Re: Signed apps (0)

Anonymous Coward | about a year ago | (#44022561)

You know, Microsoft started out having programs available from Microsoft. Then they got hit with an antitrust suit. Didn't end too well for them either. Can this please happen to every corporation who is guilty instead of just 1?

Re:Windows Right? (0)

Anonymous Coward | about a year ago | (#44021265)

Buy a tablet or etch-a-sketch instead, or perhaps a Chromebook.

What's the difference? Except maybe for etch-a-sketch being more usable as an actual computer...

Re:Windows Right? (1)

jittles (1613415) | about a year ago | (#44021751)

The only way to eliminate this risk would be to force the user into a walled garden. That may be feasible on smartphones and tablets, but it's not acceptable on workstations.

apple has successfully closed holes for this sort of stuff through gatekeeper and mac app store. gatekeeper has three settings, and at its most restricitve setting you can only run programs that have been registered wtih apple. medium setting throws a stern warning, and low setting is off. the mac app store takes it one step further by porting the security of ios app store to mac.

You've been drinking too much of the Kool-Aid man. I use Macs almost exclusively right now but even I know that I have to be careful what I execute on my Mac. Sure I could turn on Gatekeeper and only run software that has been blessed by his Holiness, but then I would not be able to run all sorts of software I need for work. But you know what, you can crank up the UAC permissions on Windows Vista+ and get the same results. Plus OP specifically indicated that a walled garden like the Gatekeeper crap you just spouted as being unacceptable to him and to many others.

Re:Windows Right? (1)

noh8rz10 (2716597) | about a year ago | (#44022135)

I don't think gatekeeper means what you think it means. It's not a walled garden. It's not uac. It's a sensible anti malware tool. What, do you root for the bad guys now?

Re:Windows Right? (-1, Troll)

Anonymous Coward | about a year ago | (#44019949)

This is the first time that I have seen a description of Windows as "an open platform" and that it is not a "walled garden".
This is absolutely a mind-blowing statement.
Windows is a closed platform.
Windows is a walled "garden".
Its problems are totally of Microsoft's own creation. They knew better but choose to ignore the security hole they created. They have chosen to let the security hole remain.

Re:Windows Right? (0)

Anonymous Coward | about a year ago | (#44020171)

i remember some kind of story about a box, a special box, something about it held the evil of the world, it belonged to someone who's name started with the letter P. Hmmm, what was that name, oh, that's right, it was Pandora's box, and it wasn't supposed to be opened, oops, it was opened, and now what was in it can't be put back in the box. oh well.

maybe microsoft found pandoras source code

Re:Windows Right? (5, Informative)

FrangoAssado (561740) | about a year ago | (#44020505)

The terms "closed platform" and "walled garden" have a very specific meaning, and it doesn't apply to Windows. From Wikipedia [wikipedia.org] (my emphasis):

A closed platform, walled garden or closed ecosystem is a software system where the carrier or service provider has control over applications, content, and media and restricts convenient access to non-approved applications or content. This is in contrast to an open platform, where consumers have unrestricted access to applications and content.

It's obvious that Microsoft has absolutely no control over what software can be run on Windows. Compare that to Apple's iPad, where you can't install anything that's not approved by Apple (unless you jailbreak it first). That makes iOS a "walled garden".

Now, maybe we agree that it was foolish for Microsoft to enable any kind of "autorun" feature. The point is that in an "open platform" (that is, one where the user has complete control over what can be run on it), the user must also have enough power to do dumb things like running an unknown program from a pendrive that was just plugged in. How easy it should be for the user to do that is another discussion.

Re:Windows Right? (1)

symbolset (646467) | about a year ago | (#44021959)

It's obvious that Microsoft has absolutely no control over what software can be run on Windows.

Unless that software is Lotus, Borland, Novell, or one of the hundreds of other software packages that Windows has prevented from running well to give Microsoft's apps an unfair advantage.

Re:Windows Right? (1)

Anonymous Coward | about a year ago | (#44020627)

This is the first time that I have seen a description of Windows as "an open platform" and that it is not a "walled garden".
This is absolutely a mind-blowing statement.

You're confusing the term "open platform" with "open source."

Re:Windows Right? (1)

jones_supa (887896) | about a year ago | (#44020787)

This is the first time that I have seen a description of Windows as "an open platform" and that it is not a "walled garden". This is absolutely a mind-blowing statement. Windows is a closed platform. Windows is a walled "garden". Its problems are totally of Microsoft's own creation. They knew better but choose to ignore the security hole they created. They have chosen to let the security hole remain.

In one sense it is an open platform because it allows any software or hardware developer to release their stuff to the system without Microsoft's consent.

(BTW it seems that Slashdot's quote feature eats the original line breaks as can be seen above)

Re:Windows Right? (0)

Anonymous Coward | about a year ago | (#44020969)

Windows is not a walled garden.

Re:Windows Right? (0)

Anonymous Coward | about a year ago | (#44020661)

> Not really. That security hole was patched over four years ago

Really wasn't a security hole, it was a feature that could be disabled by changing a registry key since 1995.

It was a default configuration issue.

Re:Windows Right? (1, Insightful)

Runaway1956 (1322357) | about a year ago | (#44020769)

"The only way to eliminate this risk would be to force the user into a walled garden."

Yes, of course you are correct. It would be totally unfeasible just to disable autorun. I mean, I can't do that on Debian, or BSD, or Red Hat, or much of anything. And, it certainly can't be done on Windows. I wonder what would happen though, if autorun were just disabled? You know - a guy puts a removable media into his machine, and NOTHING HAPPENS!! How would the average person react to that? Would NO ONE open a file browser, and navigate to that media, and select that file he was interested in? NO ONE AT ALL?

Then, having selected the file, would NO ONE ever bother to scan the file with a virus detecting tool? Would NO ONE open the file in a text editor, to see what it really is, as opposed to what it claims to be?

"The only way to eliminate this risk would be to force the user into a walled garden."

Sorry, Pal, but millions of Windows users with a clue can prove you wrong. And, millions more Linux and BSD users can prove you wrong again. The fact that most people have poorly configured systems does NOT make a case for a walled garden. Your walled garden is but one possible approach to solving the problem of poorly configured systems. That approach seems to work for some people. Another approach is to treat all removable media with suspicion, and just don't permit it to run anything on your system.

One doesn't even require a modern machine, or a modern operating system to configure the system properly.

I've never actually looked - can autorun just be uninstalled on a Windows system? I know that a lot of stuff can be. I excised huge pieces of Windows XP using Nlite.

Re:Windows Right? (2)

VGPowerlord (621254) | about a year ago | (#44023543)

I've never actually looked - can autorun just be uninstalled on a Windows system?

Uninstalled, probably not. But it can be disabled... and that feature has been in Windows for at least 10 years.

For that matter, Windows Vista and newer don't autorun directly*... they instead bring up a number of options when removable media is inserted, with the top one being the autorun program if one exists.

*Although I seem to remember some atrocity of a flash drive protocol named U3 [wikipedia.org] that did some trickery to autorun its launchpad software, but that may have been back on WinXP.

WHICH AV SELLER IS PUTTING THIS OUT ?? (-1)

Anonymous Coward | about a year ago | (#44019405)

Time to sell more AV !! Let the sheep fear the big bad wolf !!

Re:WHICH AV SELLER IS PUTTING THIS OUT ?? (1, Funny)

Anonymous Coward | about a year ago | (#44019625)

"Which AV seller ..." It's Kapersky you dickfuck. It's right there in the fuckin summary. Jeez.

Re: WHICH AV SELLER IS PUTTING THIS OUT ?? (1)

donnie Freyer (2881319) | about a year ago | (#44019723)

I just spit cereal all over my arm laughing! Bahahawaha!

Re: WHICH AV SELLER IS PUTTING THIS OUT ?? (0)

Anonymous Coward | about a year ago | (#44019819)

I just spit cereal all over my arm laughing! Bahahawaha!

You, sir, have a sense of humor. Unlike the dickfucks who keep modding up bullshit like the 9x10^99th iteration of "sharks with lasers on their heads" because they're so terribly desperate to feel like they're part of a shared culture.

Re: WHICH AV SELLER IS PUTTING THIS OUT ?? (0)

Anonymous Coward | about a year ago | (#44019975)

OMG! Sharks with lasers on their heads?! That's some funny shit, man. Did you come up with that one yourself?

Re: WHICH AV SELLER IS PUTTING THIS OUT ?? (1)

beelsebob (529313) | about a year ago | (#44020705)

I hate to tell you, but many of us have a more refined sense of humor than "zomg, he said dickfuck lawlawlawlawlawl" ;)

Re: WHICH AV SELLER IS PUTTING THIS OUT ?? (1)

jones_supa (887896) | about a year ago | (#44020927)

He didn't claim so.

Of course (-1)

Anonymous Coward | about a year ago | (#44019465)

It's Bush's fault!

Quick get Clapper to deny it under oath (0)

Anonymous Coward | about a year ago | (#44019477)

Well they were likely behind STUXNET, and they did promote the threats of Stuxnet to get funding for themselves.

Windows users are chumps. (1, Insightful)

bmo (77928) | about a year ago | (#44019505)

Because they keep being screwed by things like this all the time and there is no rioting band of geeks with pitchforks and shovels and rakes (and implements of destruction /Guthrie) demanding that this be removed from Windows.

>autorun.inf

The most dangerous thing to ever come out of a computer company. That this feature made it past review demonstrates the utter disregard for the most basic security at all, especially since boot sector worms had been around for years in DOS and Win3.1 before Win95 ever graced us with its presence. Since Windows 95, it's been trivial to write auto executing code because Microsoft deliberately yanks down the pants and underwear of the end user and says "Go to it!"

The fact that autorun still exists in modern versions of Windows is even more telling. "Backwards compatability" is more important than keeping users safe. Yes, I know that it's turned off by default since Vista, but the option to turn it on should never be there in the first place. Autorun in The Year of Our Lord and Savior Jesus Christ Twenty-Thousand-And-Thirteen is beyond the pale.

--
BMO

Re:Windows users are chumps. (5, Insightful)

JDG1980 (2438906) | about a year ago | (#44019689)

>autorun.inf
The most dangerous thing to ever come out of a computer company. That this feature made it past review demonstrates the utter disregard for the most basic security at all, especially since boot sector worms had been around for years in DOS and Win3.1 before Win95 ever graced us with its presence. Since Windows 95, it's been trivial to write auto executing code because Microsoft deliberately yanks down the pants and underwear of the end user and says "Go to it!"

You're indulging in some 20/20 hindsight here. At the time Windows 95 was released, the only media that supported autorun.inf on insertion was CD-ROMs. (Floppy disks didn't do this, if only because the OS could not reliably detect when a disk was inserted in the drive.) Remember, at that time, CD-R drives were not mainstream computing devices; they were still very expensive and rare. (According to Wikipedia, the first CD-R drive under $1000 was not released until September 1995.) When Windows 95 was released, the idea was that only pressed CDs would autorun, and presumably MS thought that the vendors could be trusted not to ship malware. (The Sony rootkit scandal proved that was a mistake, but no one anticipated something like it at the time.) And let's be honest, in 1995, IT security wasn't really on the radar for home users.

The real problem came with Windows XP. By this time, recordable CDs (and, later, DVDs) were commonplace. But Microsoft's biggest mistake was reusing their autorun code for other forms of removable media – such as thumb drives. Again, when thumb drives were first released, they were pretty expensive (I remember paying $100 for a 1GB thumb drive about a decade ago), so the best explanation is that Microsoft didn't think it likely someone would put malicious software onto a thumb drive and just leave it laying around or give it away – at the time, that would have been a rather costly strategy.

Over time, as thumb drives became dirt-cheap, it was clear that allowing INF-based autorun on rewritable removable media was a bad idea. It probably shouldn't have taken Microsoft until 2009 to get rid of this. But the decisions made earlier in the process were not as clear-cut as you're making them out to be.

Re:Windows users are chumps. (1)

Anonymous Coward | about a year ago | (#44019915)

This is all just my opinion, my perspective. I don't find you persuasive even though what you say makes sense. If you care to read it, I can tell you why.

Autorun reflects a basic underlying philosophy behind Windows design, historical and current. The user is a moron with no ability to take even the simplest steps reliably, so let's reinforce and legitimize that notion by trying to make it more of an appliance and less like a general-purpose computer. That's what having things start up automatically and unnecessarily (without even asking) is all about. I don't think they took a look at it any more deeply than that. So they didn't notice the ways that it was exploitable and were very slow (2009?!) to make even a small change to it.

I think that's long after evidence it was being exploited, much longer if you already understood the concent from boot-sector viruses. That's not the way things have to be, that's a perspective, a worldview and a corporate culture. In my opinion the sociopaths who run these things don't care about the impact to users, not when sales are steady.

Especially with the kind of resources and talent at their disposal, no spin you can apply to the situation will make Microsoft look very good.

You're an apologist for Microsoft's shoddy design decisions. I assume you're an amateur one and not a professional. Maybe you just want to show off how even and fair-minded you pride yourself for being. I don't particularly care why you're doing this but I admit it's mildly fascinating. In this one instance you're not so fair-minded as you think because you're ignoring the bottom line. Your "gee willickers Batman, they tried their best!" doesn't repay the lost time, money, and resources this kind of Windows malware has cost businesses and users everywhere over the years. It doesn't refund their frustration either. And all of that was preventable. That's the part you're failing to address.

Re:Windows users are chumps. (4, Insightful)

anagama (611277) | about a year ago | (#44019937)

You're indulging in some 20/20 hindsight here. At the time Windows 95 was released, the only media that supported autorun.inf on insertion was CD-ROMs

I don't think it would have taken any hindsight at all -- floppy based viruses predated CD-ROMs by a long time. If a virus could spread by floppy, why not a CDR?

Re:Windows users are chumps. (0)

Anonymous Coward | about a year ago | (#44020643)

Cost. To make CDs in 1993/1994 (when Windows 95 was being coded) required very expensive CDR equipment. Hell, even CD-ROMs were not cheap back then. So basically no one had CDRs.

Re:Windows users are chumps. (1)

bmo (77928) | about a year ago | (#44021541)

That doesn't excuse Windows 98SE and all succeeding versions of Windows up until Vista in 2009 having autorun turned on, or existing at all.

--
BMO

Re:Windows users are chumps. (0)

Anonymous Coward | about a year ago | (#44022451)

And Billy G of all people should have known about that fallacy by 1993/1994.

Remember when he said "640k ought to be enough for anybody" ??
Yeah...technology will never progress in a significant manner. Apparently he still thinks that way!

Re:Windows users are chumps. (0)

Anonymous Coward | about a year ago | (#44022373)

"When Windows 95 was released, the idea was that only pressed CDs would autorun, and presumably MS thought that the vendors could be trusted not to ship malware", as JDG1980 points out.

If you could press your own CD at the time, you would buy a several thousand dollar machine and give away a $10-20 CD... to POSSIBLY infect someone.

Re:Windows users are chumps. (1)

hairyfeet (841228) | about a year ago | (#44023655)

Because most malware writers didn't have 15k+ to spend on a CD press? Dude I got one of the very first DVD burners in my state, know how much that bitch cost? $600 and media was over $4 a pop for that sucker. CD burners were likewise crazy priced and the media was expensive as hell so it really wasn't a big threat vector, at the time you could buy floppies for 8c a pop and CDR was $2, an RW was closer to $5.

I swear, these kids...they have NO clue how expensive shit was back then! I bet my fellow greybeards can back me up, when Win95 came out I had a MASSIVE 100MB HDD and that bitch cost a damned pretty penny, nobody even thought about slapping a burner in because the cost was so insane. hell how many floppies did Win95 come on again? I can't recall but it was a shitload. My first flash stick was based on CF and cost a whopping $200 for a 64Mb capacity so the risk of Joe Average having one? Really wasn't there.

Re:Windows users are chumps. (4, Insightful)

bmo (77928) | about a year ago | (#44019955)

>The real problem came with Windows XP. By this time, recordable CDs (and, later, DVDs) were commonplace

No, CD-Rs were commonplace by the time Windows 98 came out. I think there were more burned copies of Windows 98 than there were official pressed ones at that time. The first "under $1000" CD-R drive was in 1995, and 3 years to "affordability by ordinary people" in electronics had become the norm even then.

Autorun from 1998 onward revived the spread of malware by removable media. Nobody was doing bootsector viruses on floppies anymore in 1998 because the number of people booting their machines with an OS floppy was minuscule. Autorun malware took the place of bootsector malware. It was so commonplace that it was recommended by everyone who knew anything about preventing the propagation of malware by pirated software that autorun be turned off.

In 1998.

Speaking of convenience, if a software install CDROM (you know, an official one) had an autorun.inf that didn't check to see if the software was already installed, the installer would start. If you merely wanted to pick a file off the CD, you had to cancel the install and open Explorer, rather than simply pop the disk in and browse the drive. This was even before the popularity of burned disks.

While you can say this was the publisher's fault, it illustrates the dubious value of autorun even as an installation "feature"

It took a full 10 years of autorun being a problem for it to be turned off in Vista instead of in a service pack or in 98SE and NT4. That shouldn't have happened, and autorun should now not even exist.

--
BMO

Re:Windows users are chumps. (0)

Anonymous Coward | about a year ago | (#44020597)

It took a full 10 years of autorun being a problem for it to be turned off in Vista instead of in a service pack or in 98SE and NT4

Because every single hardware device that people purchased came with the instructions : "Put the CD in the drive and the installer with run automatically"
Its a good automation type feature for people who had no idea what an "installer" was. Besides, I think if MS intentionally removed a feature that a company relied on to sell a product you'd see a ton of lawsuits.

But then again nobody claimed said anti-ms trolls like you had any sense to begin with. So.. troll away...

Re:Windows users are chumps. (2)

Runaway1956 (1322357) | about a year ago | (#44020803)

And, we are right back to the point made in an earlier post. People who don't even know what an installer is, should not be installing stuff. In the long run, the clueless computer owner who wanted to install something, and didn't know how, would have saved money by going to his local computer guy, and HAVE THE SOFTWARE INSTALLED.

BMO was modded a troll above - but he makes a very valid point. Microsoft's strategy of permitting any type of autorun was flawed. Computing should have remained something of a mystery, and local witch doctors should have presided over the installation of software. Given time, more witch doctors should have been trained. Given enough time, home users should have become qualified witch doctors in their own right. Becoming a witch doctor should have required a few semesters of genuine "Computer Science" classes (as opposed to Microsoft-centric "keyboarding" classes and other such nonsense). The mistake was to hand over all the magic talismans to every untrained fool who imagined himself to be smarter than the witch doctors.

Re:Windows users are chumps. (0)

Anonymous Coward | about a year ago | (#44022403)

In the long run, the clueless computer owner who wanted to install something, and didn't know how, would have saved money by going to his local computer guy, and HAVE THE SOFTWARE INSTALLED.

Except, almost nothing in life ever works that way. "In the long run" is only understood properly when you're at the end of the long run. If you can create an entire predictive economic model that correctly models daily commerce and predicts trends you might have a shot. So far... nobody has created this. Its easy to sit and say how "obvious" certain decisions should have been.

Product A says "Put CD in drive and device will work automatically" .. Product B says "Call a technician or bring your PC in before using this product". I wonder which one is going to sell well.

The mistake was to hand over all the magic talismans to every untrained fool who imagined himself to be smarter than the witch doctors.

As is already known, Microsoft is not in the business of advancing any technology frontier or educating people about computers. They simply want to make money by encouraging a larger and larger segment of businesses and individual customer to rely on their products. Autorun made perfect business sense. But they missed the boat there. What should ideally have happened is the devices themselves should contain the drivers .. so the devices enumerates itself as a tiny storage device and the OS just copies over the driver files. That would have eliminated the need for CDROMs altogether. But then again.. its easy to make such "obvious" recommendations now.

The reason all your darling operating systems can arbitrarily make major design changes is because nobody in the world cares when then do that and there is very little business backlash/lawsuits.

Re:Windows users are chumps. (1)

hairyfeet (841228) | about a year ago | (#44023801)

So you are basically saying that only the ones that meet your criteria should be allowed to have a PC? Nice to know elitist douchebaggery isn't dead. One of the reasons I gave up on Linux was their forums were fricking filled with those that were like "If they don't feel comfortable around editing in a CLI then maybe they should have a PC at all?" kind of elitist douchebaggery.

Autorun made it easier for companies to deploy their software, made it easier to install drivers, if it wasn't for assholes ruining it frankly it was a nice little feature to have. A lot of the reason MSFT had to stick with it was the antitrust made the idea of keeping everything in a single repo unworkable, see how you had them threatened with lawsuits when they first offered Windows Defender and even had a couple of fucking spyware companies sue because MSFT was actually "blocking their software" from infecting machines!

But the fact that you are basically proposing a fucking guild system so that only the "blessed" can install just shows how damned elitist you are, no different than how RMS addresses everyone as "hackers" because the thought that normal people may be using PCs? Doesn't really cross his mind.

Re:Windows users are chumps. (1)

drinkypoo (153816) | about a year ago | (#44021605)

It took a full 10 years of autorun being a problem for it to be turned off in Vista instead of in a service pack or in 98SE and NT4. That shouldn't have happened, and autorun should now not even exist.

There is nothing wrong with autorun. There is everything wrong with it being fully automatic. A prompt is what you want. Also, a simple setting to disable it.

Re:Windows users are chumps. (1)

yuhong (1378501) | about a year ago | (#44023025)

But they still could not automatically infect other CD-Rs as far as I know. Someone would have to deliberately put it on there.

Re:Windows users are chumps. (1)

hairyfeet (841228) | about a year ago | (#44023725)

It is obvious that you never worked corporate or had to deal with multi-thousand dollar software because then you'd know, it was corporate and dongles that kept the feature for so long.

Was it a great idea in hindsight? Nope but like ActiveX once a corp has spent several million dollars investing in a technology you had BETTER give their ass plenty of time to switch to something else before you break it or that is your ass, and that was the problem that MSFT faced with autorun. I was getting corporate CDs and flash sticks as late as Dec 2010 that had autorun set up to load their little presentation or whatever so it was just hard as hell to get the corps off of it. Hell look at how damned many users of IE 6 are left and that is all thanks to corporate intranet IE 6 only ActiveX crap, so you can see that corporate does NOT turn on a dime.

Re:Windows users are chumps. (3, Informative)

peppepz (1311345) | about a year ago | (#44020083)

I challenge what Wikipedia says; I was there in 1995, and for new computers that shipped with Windows '95 having a CD-ROM drive was the norm and not the exception. Installing Windows '95 from floppy disks required a very tall pile of them, and I know few people who can recount the experience of installing the OS out of them. CD burners were much rarer, but using burnt CDs coming from a third party was commonplace.

Re:Windows users are chumps. (0)

Anonymous Coward | about a year ago | (#44020143)

CD burners were about one thousand dollars in 1995.

Most computers had a CD reader in 1995.

At least I am not so old as to no longer be able to remember this stuff.

Re:Windows users are chumps. (0)

Anonymous Coward | about a year ago | (#44020685)

The parent talks about CD-R drives, that is, CD-Recordable drives. Yes in 1995 you would get a CD-ROM drive, for reading discs, with anything but the cheapest computers, but if you wanted to burn CD's, you would usually have to get not just an expensive CD-R drive, but also an expensive SCSI interface card to plug it into. And it would write at 1x speed, and even then still produce coasters every so often.

Re:Windows users are chumps. (2)

Runaway1956 (1322357) | about a year ago | (#44020821)

In my own experience, I'm pretty sure it was 98 before I found a CD writer that I could afford. It may have been 99, I'm not quite certain. I remember the day I walked into a store outside of Los Angeles on Interstate 10. I just can't precisely place the date.

As for CD readers, I had one on a 386 SX, a couple of years before Win95 was released. That was just a bit of luck - I found it at an estate sale, and the ladies didn't know the value of the thing. They gave me the whole computer, and a couple boxes of floppies and a small box of CD's for fifty bucks. Helluva bargain . . . .

Re:Windows users are chumps. (2)

Zontar The Mindless (9002) | about a year ago | (#44020125)

1. Floppy disk viruses were already commonplace, even without autorun.

2. I burned my first CD in 1997, using my Win95C desktop's built-in burner.

It took Microsoft better than a decade to put 1 and 2 together (to get 4, mind you--and they managed to be that close only because everybody was shouting the correct answer at them).

You seem to think this is acceptable. I do not.

Re:Windows users are chumps. (2)

dbIII (701233) | about a year ago | (#44020245)

No we are not. Some of us knew it was a fucking stupid idea when it was introduced in 1995. Anybody that listened to the antivirus companies grumbling about it for instance. Then the fools went and repeated the stupidity with the first version of Active-X years later - and it was so widely seen as a stupid idea that a librarian warned me about the consequences and was 100% correct.

Re:Windows users are chumps. (4, Insightful)

Runaway1956 (1322357) | about a year ago | (#44020847)

Hey now - you stress the "librarian" thing as if you expect librarians to be clueless. Not fair, I say. In my experience, about half of today's librarians are pretty savvy. Someone has to be administrator on library systems, after all, and in small towns, that will almost invariably be the librarian. Those little old frumpy ladies are generally pretty intelligent, and they don't make the same stupid mistakes repeatedly. Sure, some of them never really get the hang of it, but even those ladies can generally follow directions when given a rigid guideline to follow.

Maybe I read your post incorrectly, maybe not. I just want to give librarians their due!

Re:Windows users are chumps. (1)

dbIII (701233) | about a year ago | (#44020897)

Hey now - you stress the "librarian" thing as if you expect librarians to be clueless

You are getting it backwards. It's to point out that somebody in a different field could see the looming disaster while many in IT were thinking a stupid idea may just work out if it's MS doing it. I seem to remember discussions here where fanboys insisted the malware swamp we are now living in that mostly came from that was just bad SF.

Re:Windows users are chumps. (1)

BlindRobin (768267) | about a year ago | (#44020599)

Not really hindsight. I remember having this argument when Windows 95 came out and while many of us simply found it an annoying behaviour the potential for abuse and misuse was very obvious at the time.

Re:Windows users are chumps. (0)

Anonymous Coward | about a year ago | (#44020641)

You're indulging in some 20/20 hindsight here.

No, he's not. (I think it's the second most annoying security hole, the first one being "hiding file extensions.txt .exe")

Good security practice: Show the full filename of every file. Require a positive action to run anything from SETUP.EXE to pwnme.sh

What MS implemented in Win95: Hide the file extension because Mac people didn't want to see the inelegant .doc in "a file name with an extension.doc" and "insert anything from a floppy drive to a burned CD-ROM and the computer plays it for you like a record."

I might let it slide for Win3.1, but since Win95 there has been no excuse for either of those misfeatures to continue to exist. They are the first things disabled by any IT professional or any semi-competent home user, and if it weren't for the fact that MS telemetry is the second thing disabled by any IT professional or present-day semi-competent home user, MS's user stats would bear that out.

Re:Windows users are chumps. (0)

Anonymous Coward | about a year ago | (#44023297)

(According to Wikipedia, the first CD-R drive under $1000 was not released until September 1995.)

Which is where whoever wrote that section in Wikipedia has written a load of bollocks. That statement is completely false. On PC game "The 7th Guest" popularised CD-ROM's on PC's and that came out in 1993.

Re:Windows users are chumps. (1)

hairyfeet (841228) | about a year ago | (#44023605)

Actually they kept in XP for so long (I believe it was right after SP3 or right before they put out a patch that killed it) was because of corporate dongles, a lot of companies used dongles in the early days of XP and by having autorun on the dongle they could just plug in the dongle and it would run the check and fire up the software it was connected to so it WAS a handy feature to have.

I don't know how many 4 port USB cards I had to install back then because of all the damned dongles that the high end software companies used, for awhile it was dongle madness. Of course that was before flash sticks became cheap as dirt so tying multi thousand dollar software to a USB dongle was actually a pretty decent anti piracy method.

Re:Windows users are chumps. (0)

Anonymous Coward | about a year ago | (#44019693)

Yes, I know that it's turned off by default since Vista, but the option to turn it on should never be there in the first place.

Yeah because users love not having any choice, that's why Linux is completely closed source.

Re:Windows users are chumps. (0)

Anonymous Coward | about a year ago | (#44020157)

You're a fucking moron, mkay? Kthxbye.

Re: Windows users are chumps. (2, Insightful)

Anonymous Coward | about a year ago | (#44019777)

Nix isn't immune against malicious wares either. The only folks who believe it is are, either, misinformed or blatantly incompetent.

Ease of use for end-users was how MS moved to become the dominant player. Any platform is subject to malicious intent and the propogation of said software. I appreciate nix but end-users still find it a struggle. Microsoft, at least, provides native management tools for hardening security, which is another reason its platforms remain the leader in the markets. You can't knock something for being susceptible to becoming vulnerable when its exposure is due to its wide adoption, that was spurred by bringing to the table the stuff competitive platforms continually lack. Nix has come a long way but it is still too fragmented to bring together the same level of native management tools that Microsoft's platform has to offer.

Re: Windows users are chumps. (0)

Anonymous Coward | about a year ago | (#44020003)

Nix isn't immune against malicious wares either. The only folks who believe it is are, either, misinformed or blatantly incompetent.

Can you link to any currently active examples?

Re: Windows users are chumps. (1)

bmo (77928) | about a year ago | (#44020033)

He doesn't have any.

I'll agree with him that *nix isn't immune, but most *nix malware has to do with Layer 8 vulnerabilities than anything else.

And there isn't any anti-malware for stupid except education.

That said, I can attest to the fact that Bagle runs just fine in Wine and is well behaved. But stuff like that is really rare.

--
BMO

Re: Windows users are chumps. (1)

Anonymous Coward | about a year ago | (#44020775)

He doesn't have any.

You are kidding right? Or do you seriously believe that there are no compromised Linux servers out there [threatpost.com] (and please don't stop the moment you see the word Apache, it's more.. and this is just one of multiple examples if you really are interested)? If so you are less informed than some of the Windows users being ridiculed here.

Re: Windows users are chumps. (0)

Anonymous Coward | about a year ago | (#44020621)

Yes, All the hundreds of thousands of rooted unix servers that are hosting malware ..

Linux + Security vulnerabilities is a regullar occurence.. given all the millions android phones being sold currently can be rooted with kernel vulnerabilities. I thought open sores ppl wanted to keep reducing vulnerabilities, why do linux devs keep adding them in every single version?

Re: Windows users are chumps. (0)

Anonymous Coward | about a year ago | (#44020951)

Yes, All the hundreds of thousands of rooted unix servers that are hosting malware ..

Linux + Security vulnerabilities is a regullar occurence.. given all the millions android phones being sold currently can be rooted with kernel vulnerabilities. I thought open sores ppl wanted to keep reducing vulnerabilities, why do linux devs keep adding them in every single version?

I agree, this is an issue that should be taken seriously.

Re: Windows users are chumps. (1)

smash (1351) | about a year ago | (#44022651)

Can you link to any currently active examples?

Sure [crowdstrike.com] , we can do that [packetstormsecurity.com] .

Re:Windows users are chumps. (0)

Anonymous Coward | about a year ago | (#44019833)

Twenty thousand and thirteen?

You're from the year 20,013?

Idiot.

Re:Windows users are chumps. (0)

Zontar The Mindless (9002) | about a year ago | (#44020173)

Awwww, I'm sorry your faith in the infallibility of BMO has been shaken.

'Tis human to make the occasional slip-up, and divine to make allowances for them, or to point such things out in a civilised manner.

Cretin.

Re:Windows users are chumps. (0)

Anonymous Coward | about a year ago | (#44021243)

Awwww, I'm sorry your faith in the infallibility of BMO has been shaken.

'Tis human to make the occasional slip-up, and divine to make allowances for them, or to point such things out in a civilised manner.

Cretin.

Tis more divine to know one is human and use the fucking Preview button and the 10 seconds it takes to proofread.

Try applying your own advice to yourself before you tell others how to think. Dipshit.

Re:Windows users are chumps. (0)

Anonymous Coward | about a year ago | (#44019851)

Yeah and apparently there's a chump born every minute. Maybe Gates is the PT Barnum of our times.

Course people like Barnum saw lots of suckers out there and rejoiced instead of seeing it as a sign of the sad world in which we live and questioning how it might be meaningfully improved. Amazing what greed does.

Re:Windows users are chumps. (0)

Zontar The Mindless (9002) | about a year ago | (#44020071)

Autorun in The Year of Our Lord and Savior Jesus Christ Twenty-Thousand-And-Thirteen is beyond the pale.

I knew it'd be a long time before we had any chance of getting rid of Windows, but---18,000 years?

How very completely and utterly depressing.

Re:Windows users are chumps. (1)

bmo (77928) | about a year ago | (#44020145)

I was saddened and embarrassed by my mis-type, but upon reading your post, I'm gonna stand by it.

Yes, it would be depressing indeed. But not unexpected. :-D

--
BMO

Re:Windows users are chumps. (0)

Anonymous Coward | about a year ago | (#44020193)

You should be more embarrassed by the fact your a Linux zealot who likes trolling on-line.

Re:Windows users are chumps. (0)

Anonymous Coward | about a year ago | (#44020229)

You should be more embarrassed by the fact you'd fail an 8th-grade English class.

Re:Windows users are chumps. (1)

flyingfsck (986395) | about a year ago | (#44020721)

Me fail English? That's unpossible!

Re:Windows users are chumps. (1)

Zontar The Mindless (9002) | about a year ago | (#44020243)

It made me laugh on a rainy Sunday morning. Cheers.

Re:Windows users are chumps. (0)

Anonymous Coward | about a year ago | (#44020781)

Jesus Christ, Zontar. Why don't you suck BMO's dick while you're at it?

Re:Windows users are chumps. (1)

yahwotqa (817672) | about a year ago | (#44021363)

Projecting your latent homosexual tendencies? I see nothing more than two random like-minded users on the internet sharing a chuckle.

Re:Windows users are chumps. (0)

Anonymous Coward | about a year ago | (#44021849)

I see nothing more than two random like-minded users on the internet sharing a chuckle.

You obviously don't know BMO very well. Consider yourself lucky.

Re:Windows users are chumps. (1)

Billly Gates (198444) | about a year ago | (#44021865)

No it is not ... unless you run unpatched pirated XP sp 2 from 2004 with updates turned off due to a failed Windows genuine advantage tool.

Windows Vista fixed this and MS patched this for XP in 2009. IT is fud. The problem is according to the article third world countries all run the pirated version of Windows and even though MS relented with update it is so so out of date that even WIndows Update wont work in a sp2 system. I tried it in a VM. You need to manually run fixits from microsoft.com before it can even execute. Non techie users do not know what that is.

Hell in China 35% of all users still run IE 6 for that reason.

Old Linux from 2001 had a big vulnerability if you want to bash where you had to be root to use Netscape and dial out with a modem?? Seriously

Re:Windows users are chumps. (1)

hairyfeet (841228) | about a year ago | (#44023575)

Uhhh...dude? Yeah hate to break the news to ya but that was actually removed by a patch YEARS AGO and the only ones getting hit by this? Pirates and those that still think that 30 day trial of Norton they got with the system in 2005 actually does anything.

Here is the FACTS from the guy that builds and fixes these things, straight from the trenches...FACT: WinXP was/is the most pirated OS ON THE PLANET by a HUGE margin and thanks to WGA guess what ALL the pirates disable? Windows Updates. And I say is because I have run into machines not 6 months old running "XP Pro Razr1911 edition" put on by low rent fly by night shops and those selling PCs in flea markets and on CL. There is so many dual cores from 05-09 that don't have drivers for Win 7 I doubt this is gonna change for a while. If it gives anybody comfort pirated Win 7 is on the rise, of course those also have updates disabled so they'll be infected soon enough.

FACT: Autorun was disabled several years ago and if an XP system is fully patched? Then autorun doesn't work. Of course Vista, 7 and 8 doesn't have this at all but because many of the OEMs didn't put out drivers for any system older than 09 and most shops aren't gonna bother hunting for a driver, especially when MSFT charges over a hundred bucks for a copy of Win 7? Again they use Razr1911 XP that has all the drivers integrated. There is even an "XP Black Edition" that mimics the UI of WinVista/7 so the average clueless buyer won't even know.

So if you want to bitch about this? Bitch at the pirates and the fly by night guys using pirated software, because I can tell you that there isn't a legit XP box that has autorun on, not unless the user went in and disabled the updates several years back and if they did that? Well its hard to feel sorry for them, hell you disable security updates on ANY OS and your ass is gonna be swinging in the breeze, see MacDefender or the KDELook bug for just two examples.

Hmm (1)

MobSwatter (2884921) | about a year ago | (#44019541)

NSA did a predictive sales analysis for the XBone and decided to take matters into their own hands...

I don't think you ought to run Windows... (0, Troll)

knorthern knight (513660) | about a year ago | (#44019543)

...and you won't autorun a virus.

Re:I don't think you ought to run Windows... (0, Funny)

Anonymous Coward | about a year ago | (#44019711)

I know right! DAE thing windows is for lusers? I'm sure _this_ year will FINALLY be the year of the linux desktop!!!

Re:I don't think you ought to run Windows... (1)

Runaway1956 (1322357) | about a year ago | (#44020863)

If we manage yet another year without being the most pwned OS in the world, we'll still be doing better than Windows. And, just for the sake of argument, Android is more of a fork of Linux, than it is Linux. "Linux Based" does not equate to Linux. I'll note that Cyanogen Mod makes Android systems pretty damned secure!

Re:I don't think you ought to run Windows... (1)

VGPowerlord (621254) | about a year ago | (#44023457)

You are aware that this is the exact sort of situation that Stallman's differentiation between Linux and GNU/Linux fixes? Except to make things more confusing, you've replaced "Linux" with "Linux Based" and "GNU/Linux" with "Linux."

Re:I don't think you ought to run Windows... (1)

yuhong (1378501) | about a year ago | (#44023067)

Note that Linux desktop was not free of stupid features either:
http://www.geekzone.co.nz/foobar/6229 [geekzone.co.nz]

Android Malware exploits this, too (1)

tlhIngan (30335) | about a year ago | (#44020227)

A little while ago, there was some Android malware on Google Play [thenextweb.com] that had this as a side effect.

It not only infected your phone, but then installed an autorun script on SD cards so the next time you plugged your phone into your PC, it would infect Windows as well.

You can bet such things will continue... or if it was the cause of some of the spikes, as well.

Re:Android Malware exploits this, too (0)

Anonymous Coward | about a year ago | (#44020547)

sounds like android is just a pass-through carrier... like any linux mail server could be... windows is the target, where those who wrote the malware know that it will lead to infection

Time to move along (5, Interesting)

symbolset (646467) | about a year ago | (#44020317)

No doubt we'll see more of this type of article for the next year as the drive to bury XP intensifies. It's not going to yield the results they expect, but hey.

In related news... (0)

Anonymous Coward | about a year ago | (#44020559)

I tried to follow a perp earlier, but he'd gone and stuck a banana in my patrol car's tailpipe, and it stalled out.

Seriously, who the fuck is still running Windows, and still uses autorun? Whenever I help any of my less computer-savy friends with their computers, (those who refuse, or sadly for them, can't use Linux) with their Windows computers, I usually just back everything up using Linux, and do a clean reinstall. It's no longer worth my time to try to unfuck a Windows install, any version.

One time, I got so sick of this idiot who kept asking me to fix his laptop, that when he did it for the third or fourth time, (third or fourth virus or deleted critical system file...) that I backed up his machine's disk, installed Fedora 11. He'd simply said "please just fix it," but hadn't specifically authorized this... I interpreted his request for me to fix it as a tacit request to install Linux. When I was done, and he saw what I did, he threw the laptop. He literally picked it up, ripped the power cord out, and threw it.

But hey, I never had to unfuck his stupid XP install again, or listen to him bitch about how fucked up his computer was.

I bumped into him again and saw on his shiny new(er) laptop over his shoulder that he was using Ubuntu. There was no point to this story, but I thought it was funny and ironic.

as an actual hacker i have to say this (0)

Anonymous Coward | about a year ago | (#44021473)

THE ONLY reaosn this is done is from some rich govt wanting to spy on people
THEY aint rich? IF they was it would be done to newer machines and people with money....

SEE why attacking old old old windows xp isnt gonna get ya very rich or far.....
cheap buggers like myself know this and dont care

Autorun malware only runs on Windows .. (0)

dgharmon (2564621) | about a year ago | (#44022011)

"Once the worm is on a new [Microsoft Windows] PC, it extracts a DLL from its code and then copies itself to the temporary user folder. It also copies the Java executable from %ProgramFiles% to the same folder" link [threatpost.com]

Fixed This A Decade Ago (0)

Anonymous Coward | about a year ago | (#44022385)

ShellHWDetection
Provides notifications for AutoPlay hardware events.
Startup type: Disabled

autorun? (1)

smash (1351) | about a year ago | (#44022627)

Seriously? Who hasn't disabled autorun? I remember thinking autorun was a bad idea in 1995 when Windows first included it, and have disabled it on the corporate network for at least... 8 years?
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?