Microsoft slammed over security advice

Nibble CERT says Downadup workaround is dumb

By Nick Farrell

Thu Jan 22 2009, 13:07

US COMPUTER Emergency Readiness Team (US-CERT) has warned that Microsoft's advice about how to beat the Downadup worm is flawed.

Vole recommended switching off Windows' Autorun feature as a method of stopping one of the fastest-spreading attacks on the Web.

However US-CERT said Microsoft's instructions on turning off Autorun are "not fully effective" and "could be considered a vulnerability." µ

L'Inq
CERT

Microsoft says zero-day exploits are not a major threat Under one per cent of attacks use them Tuesday, 11 October 2011, 13:41 PM Read more	Siemens industrial control systems are vulnerable to attack A range of SCADA systems are open to abuse Friday, 8 July 2011, 16:35 PM Read more
Mega patch day passes for Microsoft and Adobe Acrobat sandboxed, but Flash needs another fix Wednesday, 15 June 2011, 11:52 AM Read more	Siemens patches industrial controller flaws, but weaknesses remain There's still work to do Monday, 13 June 2011, 16:58 PM Read more
Researcher blasts Siemens over 'power plant hack' vulnerability He says the clock is ticking Tuesday, 24 May 2011, 16:25 PM Read more	Paypal gets hit with a sophisticated phishing attack Able to bypass browser security Monday, 21 March 2011, 10:08 AM Read more

< Previous article| Next article >

Comments

Sandisk Cruzer GB usb drives,

the program will not let you delete the part of the usb drive it's on. If anyone knows how to do this please reply ;-)

If Sandisk are selling USB drives like this then it's no surprise that virus writers are exploiting Sandisk's usb drives.

PS - I know it's not just Sandisk, but still I'll start there ;-).

PPS - The Inq, please FIX THE COMMENT PARAGRAPH BUG.

posted by : interested_party, 25 January 2009 Complain about this comment

Programmer

Once you HAVE the virus, you can no longer download updates from Microsoft and most antivirus software vendors. One thing the virus does is block requests from you computer to these web sites. Following the steps from a site I found - http://www.downadup.com - downloading a free removal tool, disabling AutoPlay, and repairing the registry - you can remove this virus and protect from infection.

posted by : PhilB, 25 January 2009 Complain about this comment

Dumb de dumb...

I can't believe anyone dumb enough to ALLOW any autorun feature on their machine in the current environment.... It's one of the first things I disable on any new computer.

posted by : Chubster, 22 January 2009 Complain about this comment

Technical Cyber Security Alert TA09-020A

Here's the US-CERT article in question (TA09-020A):
http://www.us-cert.gov/cas/techalerts/TA09-020A.html

posted by : cybersaur, 22 January 2009 Complain about this comment

Call the police

The INQ misleading? Posting incomplete information? No reasons or evidence? I wonder why it was labelled 'Nibble'?

Just a thought.

posted by : The Green Crayon, 22 January 2009 Complain about this comment

article misleading

The linked CERT advisory tells us that they method in which Microsoft says to disable Autorun is not fully effective. They outline an example to prove it and also how to properly disable it for all drives. The article is not specifically about the recent worm outbreak, merely about a flaw in one of Microsoft's recommended workarounds.

posted by : Jason, 22 January 2009 Complain about this comment

Why?

Would you mind telling us why?

You have given a statement that their advice to turn off autorun is not fully effective, but why? I know it may seem obvious, but a good article does not just make statements - it backs them up with reasons and evidence.

Also, where is the mention of the Windows update file they released? If turning off autorun is their advice, why release an update? Clearly their 'advice' is also to keep up to date with Windows updates.

Come on, if you are going to post an article, do a decent job and post a more complete article.

posted by : Dan, 22 January 2009 Complain about this comment

INQ White papers

Databases

Network management

Security

Service oriented architecture

Storage

INQ Jobs

Automation Tester Up To £

Roc Search (ISEB/ISTQB, Aut...

INQ Poll

Authorities in several countries raided Megaupload recently, shut down all of its services, seized hundreds of servers and arrested several of its executives on criminal charges.

Do you think the move was justified?

Yes, companies should suffer an immediate death penalty upon being accused of copyright infringement.

Yes, the coppers said the company was breaking the law so it must be guilty.

No, the company and the people accused are innocent until proven guilty.

No, the company had millions of customers who have been harmed by having access to their data files cut off.

I don't care, I never used Megaupload anyway.

View other polls

© Incisive Media Investments Limited 2012, Published by Incisive Financial Publishing Limited, Haymarket House, 28-29 Haymarket, London SW1Y 4RX, are companies registered in England and Wales with company registration numbers 04252091 & 04252093

SEARCH :

Site Credentials:

Business & Technology websites:

Business research resources:

Products:

Investment Market IT websites:

Find out what you are worth:

Salary Calculator

Search for a job:

Recruitment Agency A-Z Directory

Accreditations:

Digital Publisher of the Year 2010

Microsoft slammed over security advice

Share this:

Nokia Lumia 710 video review

CES: Lenovo K800 smartphone video demo