Please create an account to participate in the Slashdot moderation system

 


Forgot your password?
Close
typodupeerror
×
Security Microsoft United States

US-CERT Says Microsoft's Advice On Downadup Worm Bogus 290

Posted by samzenpus from the protect-yourself-at-all-times dept.
CWmike writes "Microsoft's advice on disabling Windows' 'Autorun' feature is flawed, the US Computer Emergency Readiness Team (US-CERT) said today, and it leaves users who rely on its guidelines to protect their PCs against the fast-spreading Downadup worm open to attack. US-CERT said in an alert that Microsoft's instructions on turning off Autorun are 'not fully effective' and 'could be considered a vulnerability.' The flaw in Microsoft's guidelines are important at the moment, because the 'Downadup' worm, which has compromised more computers than any other attack in years, can spread through USB devices, such as flash drives and cameras, by taking advantage of Windows' Autorun and Autoplay features."
This discussion has been archived. No new comments can be posted.

US-CERT Says Microsoft's Advice On Downadup Worm Bogus More

US-CERT Says Microsoft's Advice On Downadup Worm Bogus

Comments Filter:

  • Re:News? (Score:5, Interesting)

    by cbiltcliffe ( 186293 ) on Wednesday January 21, 2009 @10:42PM (#26555571) Homepage Journal

    Sometimes they come out with something good....I think.

    But they've always been completely screwed up on anything whatsoever to do with autorun.

    It was a bad idea from the start, and it's just managed to get worse.

  • TweakUI anyone? (Score:3, Interesting)

    by whoever57 ( 658626 ) on Wednesday January 21, 2009 @11:23PM (#26555909) Journal
    Why did neither MS or CERT suggest the use of TweakUI to turn off Autorun?

  • Re:Hmmm... (Score:5, Interesting)

    by lysergic.acid ( 845423 ) on Thursday January 22, 2009 @12:15AM (#26556223) Homepage

    um, what are you talking about? if there is a worm going around that exploits the AutoRun, then naturally the thing to do would be to disable AutoRun. so why is it bad on the researchers for advising people to disable a feature that makes their system more vulnerable to an ongoing security threat. and how is US-CERT or ComputerWorld "trolling" by pointing out that Microsoft's instructions for "disabling AutoRun" doesn't actually disable AutoRun?

    Microsoft is the one who created a feature that is now an active malware infection vector. they are the ones who set this feature to be enabled by default. and they are the ones who made it near impossible to turn off (without downloading additional software). and to make things worse, they release inaccurate advice on how to "disable" this feature, which could potentially lull users into a false sense of security.

  • Re:Windows itself is a vulnerability. (Score:4, Interesting)

    by betterunixthanunix ( 980855 ) on Thursday January 22, 2009 @12:39AM (#26556367)
    SELinux goes a long way toward containing viruses, as long as the distro maintains decent default policies. For example, only files from the Mozilla packages should be able to modify ~/.mozilla/ or any files in that directory, and Fedora's SELinux policy puts those files in their own context. A virus attempting to install some sort of keylogger in Firefox is forced to attack through Firefox (or another Mozilla program); compare with malware in Windows, that could attack through specially crafted music file and install a keylogger in IE.

  • Re:Non-Windows User Here (Score:5, Interesting)

    by syousef ( 465911 ) on Thursday January 22, 2009 @12:44AM (#26556387) Journal

    Brain surgery and rocket science are also easy if you already know how to do these

    Let me get this straight. You're comparing opening up regedit, browsing through a tree of values, and modifying one with brain surgery and rocket science??? You call it "the art of registry editing". I could teach any even semi-competent person how to use regedit in an hour max assuming nothing more than windows knowledge.

    As for the abomination that is the windows registry I agree it's awful and for more than just the reasons you point out, but it's no harder to change a single registry entry than to change an ini file field value. I wouldn't compare the use of notepad to edit an ini file to brain surgery or rocket science either.

  • Re:Windows itself is a vulnerability. (Score:5, Interesting)

    by clarkn0va ( 807617 ) <<apt.get> <at> <gmail.com>> on Thursday January 22, 2009 @01:35AM (#26556739) Homepage

    If you put these types on OSX or Linux they would break just as much as they do on Windows.

    You had me up to that line. I have managed 4 desktop computers at a youth drop-in center for a year and a half now. We have all three of your types using these machines on a nightly basis.

    On my first day all four computers ran xp Home with the youth using just the guest account. All four computers were heavily infested with you-name-it. The hard drives never stopped churning and the router lights never stopped blinking, 30 minutes after logging out.

    I spent that first evening exorcising the demons on what appeared to be the worst of the four stations. I gave it a clean bill of health, tightened up security here and there, and called it a night. I decided that night that I would clean out one machine per week.

    I went back for round 2 a week later and the one I had cleaned the week previous was back to its original state.

    I spoke to the management and obtained permission and funds to do some minor hardware upgrades on the office computer. All the hard drives got pulled from the youth computers and assembled into a RAID on the office computer, on which I did a fresh default install of Ubuntu and ltsp. I created an account for every youth that wanted one and told them to have fun. I even installed limewire and showed some of them how to grab torrents using deluge and transmission.

    A year and a half later and not a single breakage. No pop-ups, no churning disks, no dead family of five. I'm effectively unemployed with this organization.

    Go ahead and tell me that Windows can be made secure. Yeah, I know. I work in 3 schools and it's all Windows or nothing, and the IT people (not me) have done a great job of locking things down and generally keeping things ticking. But that's far from default configuration.

    no, "these types", the same ones who had 4 xp desks in a perpetually broken state, even with AV and limited accounts, haven't broken a default linux install yet.

  • Re:Hmmm... (Score:3, Interesting)

    by SL Baur ( 19540 ) <steve@xemacs.org> on Thursday January 22, 2009 @04:31AM (#26557503) Homepage Journal

    Microsoft is the one who created a feature that is now an active malware infection vector.

    Microsoft is the one who recreated a feature that is an active malware infection vector.

    There, fixed that for you. Executing anything coming from the outside by default has ALWAYS been a horrible idea.

    How many decades has it been since we all disabled uux and such from our UUCP configurations?

    Now, GET OFF MY LAWN!

  • Re:Windows itself is a vulnerability. (Score:4, Interesting)

    by drsmithy ( 35869 ) <drsmithy@nOSPAm.gmail.com> on Thursday January 22, 2009 @05:54AM (#26557783)

    Except that in OSX and Linux (and BSD and Solaris and all *nix systems) files have to be explicitly declared executable.

    There was an outbreak of malware a while back that required users to open a password-protected zip file, and execute the contents within.

    You really think having to set a file +x, or running it from a commandline with 'bash file.sh' is really going to slow them down ?

Slashdot Top Deals

The one day you'd sell your soul for something, souls are a glut.

Close