Spikes Detected In Autorun Malware 140
msm1267 writes "Researchers recently have seen a major increase in the volume of autorun malware in some countries, thanks to a couple of new worms infecting those older machines. The two new worms, Worm.JS.AutoRun and Worm.Java.AutoRun, both take advantage of the autorun functionality to spread, and the JavaScript worm has other methods of propagation, as well. Researchers at Kaspersky Lab say that the volume of autorun worms has remained relatively constant over the last few months, but there was a major spike in those numbers in April and May, thanks to the distribution of the two new pieces of malware."
Re:Windows Right? (Score:5, Informative)
The only way to eliminate this risk would be to force the user into a walled garden. That may be feasible on smartphones and tablets, but it's not acceptable on workstations.
apple has successfully closed holes for this sort of stuff through gatekeeper and mac app store. gatekeeper has three settings, and at its most restricitve setting you can only run programs that have been registered wtih apple. medium setting throws a stern warning, and low setting is off.
the mac app store takes it one step further by porting the security of ios app store to mac.
Re:Windows users are chumps. (Score:3, Informative)
Re:Windows Right? (Score:5, Informative)
The terms "closed platform" and "walled garden" have a very specific meaning, and it doesn't apply to Windows. From Wikipedia [wikipedia.org] (my emphasis):
It's obvious that Microsoft has absolutely no control over what software can be run on Windows. Compare that to Apple's iPad, where you can't install anything that's not approved by Apple (unless you jailbreak it first). That makes iOS a "walled garden".
Now, maybe we agree that it was foolish for Microsoft to enable any kind of "autorun" feature. The point is that in an "open platform" (that is, one where the user has complete control over what can be run on it), the user must also have enough power to do dumb things like running an unknown program from a pendrive that was just plugged in. How easy it should be for the user to do that is another discussion.