US-CERT Says Microsoft's Advice On Downadup Worm Bogus 290
CWmike writes "Microsoft's advice on disabling Windows' 'Autorun' feature is flawed, the US Computer Emergency Readiness Team (US-CERT) said today, and it leaves users who rely on its guidelines to protect their PCs against the fast-spreading Downadup worm open to attack. US-CERT said in an alert that Microsoft's instructions on turning off Autorun are 'not fully effective' and 'could be considered a vulnerability.' The flaw in Microsoft's guidelines are important at the moment, because the 'Downadup' worm, which has compromised more computers than any other attack in years, can spread through USB devices, such as flash drives and cameras, by taking advantage of Windows' Autorun and Autoplay features."
News? (Score:1, Funny)
Why is this considered news? Microsoft's security recommendations have never been taken seriously. We're supposed to still not take them seriously? Ok. But not news, as, obviously, this is nothing new. Obviously.
Re:I'm a linux what's a worm? (Score:4, Funny)
There's a new sound, the newest sound around
The strangest sound that you have ever heard
Not like a wild boar or a jungle lion's roar
It isn't like the cry of any bird
But there's a new sound, it's deep down in the ground
And everyone who listens to it squirms
Because this new, new sound so deep under the ground
Is the sound that's made by worms
Re:Hmmm... (Score:3, Funny)
Microsoft supplied the software that allows people's computers to become infected, then gave them false information leading them to believe they're safe, when they're not really.
Suspicious...
Yeah, it's almost like they value convenience over security (having autorun), and don't know how to write perfect bug-free software like the space shuttle people do (look at the "Update:" at the end of the advisory, the fix instructions should have worked, but they don't without a patch).
Re:Are there pies in space? (Score:1, Funny)
Yes, but because there's no gravity in space, we have to use very powerful electric currents to magnetise our pies.
We call them magpies and eat them at our space-football games with hot chips and source.
Go Collingwood! Yeah.
Re:Would like to see a worm disable Vista's DRM (Score:5, Funny)
The 1 step guide to getting cheap mod points on Slashdot
1) Mention DRM
Re:Why so hard to diable autorun (Score:3, Funny)
> Have there been any cases where animals wandered through the automatic doors into some
> large store?
Yes, but not nine million of them.
Re:I'm a linux what's a worm? (Score:5, Funny)
Re:Default settings are a blessing and a burden (Score:3, Funny)
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Couldn't find package omgponies
Hey... That didn't work.
Re:Non-Windows User Here (Score:3, Funny)
You clearly underestimate the necessity of such a useful feature as autorun. Sure, Microsoft innovates in this area, but the feature is becoming more common in all devices.
My cell phone has auto-answer. My dvr has auto-record. My paper shredder even automatically runs when you put paper in.
There is a downside of course. The auto-run on the disposal has mangled a fork and a few spoons. The auto-run on the table saw was the most disconcerting, but if you're on your toes about precautions nothing bad will happen.
Re:I'm a linux what's a worm? (Score:3, Funny)
Try working in software support then.
I've heard it called much worse.
Re:Non-Windows User Here (Score:1, Funny)
On your advice I purchased a table saw with an auto-run feature, all was going well until I tried your advice of being on my toes, sadly I will no longer have said toes
Re:RANT / was(Re:I'm a linux what's a worm?) (Score:5, Funny)
Do you really think that people use passwords like this
makepasswd --char=32 --count=10
CLWwBsm1c15IFadg4KTjrHhCBjFP8RNI -- for slashdot
RLQaXqSEfRHgLnwjjbgoJU5y4Uya2hM6 -- for gmail
NebgFMATH990vB8US8CE4zMgeR7uum02 -- for Administrator
SFa0qT5nIQuLYtTsq44I8336ghEBApiD -- for user account
smcruMr8rzE6PFHzus8AmPcIoKNFy0Rh -- for facebook
L6wynpgAHoINdQm2CWwXdfSiJrBzQ8YG -- for myspace
Q3D1JBVXtgPNNo4bm16WAcKPMhox8s6C -- for banking
L1hEhuisoFcnoyGEYxPYqW8Hq4Qs2EmY -- for retirement account
2RqaobNEKyQIIoUVoFPty6EruLQhVE0F -- for work login
s0zJFsLiWCSN0e5fCEvpi48GV4D0PjyH -- for paypal
Hey! How come you know all the combinations to my luggage?