Search This Blog

Thursday, January 22, 2009

Microsoft Fix for Downadup is flawed

The full story started at:

To cut the crap, basically what Microsoft has recommened in their fix to remove the autorun function in their blog is imcomplete because they had not considered all the scenario which autorun can be activated. The example given was when the user double click on the drive in the explorer.

Another argument was that without the autorun dialog which show you actions you can perform (including the one the bad guys planted), there is simply no dialog at all. It also means that if not protected properly, the worm executes silently. I guess, it all depends on how you look at this. For a common user such as my grandma, if she is still alive, this will spell trouble.

However, CERT has posted a solution to permenant disabling the autorun function in the link above. Microsoft has also posted an update (kb953252) to address this issue. The update can be downloaded via:

But that is interesting is that there may be a hidden agenda here. The keyword is DRM. There are many companies which uses DRM in the form of a autorun (which in my opinion is really dangerous and easily disabled). Microsoft may have the priority to protect these customers instead of the user. Therefore, their "flawed" fix for the Downadup worm might had been deliberate. U3 is another application which uses a similar technology to mount the drive and if autorun is disabled or the virtual CD is not allowed to execute, the drive will remain locked if there was a password set on it. Well, I know I mentioned the U3 hack such as Hacksaw etc that can break the U3 authentication, but thats pretty out of scope here.

So, my advise? Leave autorun on. Install the patch. Look and think two or three times before you allow any action to be executed when you insert a media. If that media has a tendency to be infected, pay extra attention to it. 

No comments:

Amazon Gift Cards!

Thanks for viewing!

Copyright © 2008, All rights reserved.