Comments on: Be safer than NASA: Disable autorun

A worm has infected machines on the International Space Station. But a few simple precautions likely could have prevented it.

[Carlos_Hawes]

The FACT of the matter is that a computer running Windows was infected. It would not have happened if it were Mac or Linux. So instead of dealing with the hypothetical (Linux COULD be hacked), lets stick to reality (windows machine WAS hacked)

[ZetaZeta_]

What the article doesn't discern is the purpose of that Windows machine. Was it just some random recreational machine that wasn't even hooked up to the NASA ship's network, or was it an actual research machine? The fact that NASA told everyone that this even happened, the fact that the machine seemed to not be running virus scan software, and the fact that someone put an infected (probably personal) USB driver in there in the first place suggests it was a PC with no particular purpose. This was probably originally supposed to be a comedic tech-based anecdote than a serious look at the security of the operating system,

>> "lets stick to reality (windows machine WAS hacked)"

Let's stick to the reality: Windows runs most apps available nowadays, and while linux with wine could be a solution, I bet NASA doesn't trust open source software. However who's to say they can't just develop a unix system of their own? Well again, maybe they have, but this isn't even a machine that's supposed to be "mission-critical" as Microsoft calls it.

>>lol and how??? do you even trust windows to stop a virus and not be dumb? lol

Windows doesn't stop virusus. Virus scan software does.

>>at least get norton or mcafee or something HAAHHAAHAHAHAHA

This guy's right. Something as simple as that would have solved this.

>>One word people. Apple.
>>Mac OS X has eveyrthing...
>>Switched 18 months ago to Mac OS X and have experienced improvements in security
>>Anything about linux security

The reason your systems are "more secure" (at least in this case) is because fewer people use your OS/distribution, It's certainly not worth a hacker's time to make a virus for you, when they could stick it to the multi-billion dollar Microsoft, and the OS everyone but the haters run.

[electromanvern]

Wrong Carlos,
I've done some tech with NASA in the past and there are no connections between critical, secondary, and open (unreliable) systems).

The only issue here (if there even is one) is that a PC was infected, and to understand the impact and situation that allowed it. Since EVERY PC OS has been hacked at some time, it really doesn't matter what OS was on the PC.

All the modern, in use PC OS systems cannot prevent improper configuration choices for a particular situation. Any situation which allows an end user to load an unverifiable program onto a PC has the opportunity to cause distruction -- ON ANY OS. And no matter the OS, we all have access to tools to lock down removable media, and downloads, and to prevent execution of anything not sanctioned.

[Fritz4cast]

lol and how??? do you even trust windows to stop a virus and not be dumb? lol

[sungolem]

ROFL. I've stated this before and I'll state it again: "Autorun is one of the dumbest mis-features of the Windows operating system and it should be disabled permanently by Microsoft."

I've personally seen this happen so many times that it really shouldn't be funny anymore. The operating system should not, under any condition, run arbitrary binaries, scripts, or anything else on behalf of the user. Period. The excuse by Microsoft is the same old garbage about 'helping' the user by finding the CDROM or Flash Drive and 'helpfully' running or offering to run whatever is there. I much prefer having to take the extra step of determining whether I want to run the malicious executable on my flash drive. Then it is my fault or NASA's fault. Now it is just one more thing we can blame Microsoft for choosing to do for us.

[alegr]

Autorun off writeable media whould have never been there, in the first place. This is where Microsoft screwed up. It's still wrong that Vista asks to run it. It should ignore autorun.ini altogether on the writeable media.

[supoman]

How about: "Be Safe Than NASA and Don't Use Windows!!!"

[Matthew Saroff]

That's it. I'm flying Russian.

[supoman]

Wow!!! The guy that said "upgrade to Vista" would probably heal a bee sting by cutting off his arm!!!

[rob___]

"One word people. Apple"

OK I looked in CERT for apple..... Monthly entries for hundreds of vulnerabilities (http://www.us-cert.gov/cas/techalerts/index.html) I only expaned one out. Whoops! The apple might have a few brown spots like everyone else!


TA08-079A Apple Updates for Multiple Vulnerabilities March 19, 2008 (http://support.apple.com/kb/HT1897)
AFP Server CVE-ID: CVE-2008-1027
Apache CVE-ID: CVE-2005-3352, CVE-2005-3357, CVE-2006-3747, CVE-2007-1863, CVE-2007-3847, CVE-2007-4465, CVE-2007-5000, CVE-2007-6388
AppKit CVE-ID: CVE-2008-1028
Apple Pixlet Video CVE-ID: CVE-2008-1577
ATS CVE-ID: CVE-2008-1575
CFNetwork CVE-ID: CVE-2008-1580
CoreFoundation CVE-ID: CVE-2008-1030
CoreGraphics CVE-ID: CVE-2008-1031
CoreTypes CVE-ID: CVE-2008-1032
CUPS CVE-ID: CVE-2008-1033
Flash Player Plug-in CVE-ID: CVE-2007-5275, CVE-2007- 6243, CVE-2007- 6637, CVE-2007-6019, CVE-2007-0071, CVE-2008-1655, CVE-2008-1654
Help Viewer CVE-ID: CVE-2008-1034
iCal CVE-ID: CVE-2008-1035
International Components for Unicode CVE-ID: CVE-2008-1036
Image Capture CVE-ID: CVE-2008-1571
Image Capture CVE-ID: CVE-2008-1572
ImageIO CVE-ID: CVE-2008-1573
ImageIO CVE-ID: CVE-2007-5266, CVE-2007-5268, CVE-2007-5269
ImageIO CVE-ID: CVE-2008-1574
Kernel CVE-ID: CVE-2008-0177
Kernel CVE-ID: CVE-2007-6359
LoginWindow
Mail CVE-ID: CVE-2008-1576
ruby CVE-ID: CVE-2007-6612
Single Sign-On CVE-ID: CVE-2008-1578
Wiki Server CVE-ID: CVE-2008-1579
TA08-043B Apple Updates for Multiple Vulnerabilities February 12, 2008
TA08-016A Apple QuickTime Updates for Multiple Vulnerabilities January 16, 2008
TA08-162C Apple QuickTime Updates for Multiple Vulnerabilities June 10, 2008
TA08-150A Apple Updates for Multiple Vulnerabilities May 29, 2008
TA08-094A Apple Updates for Multiple Vulnerabilities April 3, 2008


People make mistakes == People make software == Software has mistakes.

It's not the software that makes the system secure. It?s the user.

[JHPIEGO]

Here is the best explanation of the issue that I have seen.
http://autorun.synthasite.com/index.php
We disabled autorun but still had computers get infected until we understood EDDC -Execution of the Drive's Default Command.

[Jester2138]

haha great idea johnnypopper. let me guess, you own both iphones, at least three ipods, every macbook made, and have an apple sticker on the back of your mini cooper.

yeah, anyway, great idea about the government "switching" to apple. FIRST, let me say they don't run windows like you think they do. anything important is on custom written unix computers or something. do you seriously think they run a commercial os in the fbi or cia or whatever? dude.

further, the government would NOT save money by "switching" to Apple from linux. time to come out from under that rock. apple is MORE expensive than any other computer. MORE, not less. did you know they charge 80% markup on much of their hardware? on linux they can just write their stuff themselves or something.

third: ever wonder why the only server on the internet that runs Mac OS X is apple dot com? because apple os x SUCKS for anything network related or intense IT related... guess what they run? either Windows server 2003 or linux/apache... (thats right, WINDOWS) trust me. go look around. you WONT find any servers aside form apple.com running mac os x. and government stuff is more similar to running servers than average joe computing.

finally, im done. i get pissed off at ignorant mac fanboys like you. do you know what ram is? do you know what dns is? do you know what a cmos chip is? do you know what a kernel is? do you know what freebsd is (and that apple took their os kernel from it) do you know what a server really is? probably not. so dont talk about computers as if you know something pls. you just embarrass yourself.

[nenslo]

What I love about these comments, apart from listening to people who don't know much about computers (There is not a single OS around that doesn't have or will have some kind of vunerability, it's how you prevent and deal with them that counts), is how everyone has blown this story out of proportion. The virus was a year old, most likely brought in by someone playing some crappy online game and infecting the USB stick, it was on A STAND-ALONE LAPTOP running a nutritional research program. I'd be surprised if there was a USB port anywhere in the ISS itself. Yes it was foolish that the machine didn't have virus protection; yes it was foolish that someone was able to connect an unscanned USB stick; but this has not got to do with which OS is best, nor who's smart or dumb. Even NASA admitted this wasn't the first time a computer virus had gone into space, in the end this is a non-story.

[mhinnewyork]

You are assuming that everything NASA says is true. Not everyone would make that assumption. Large organizations rarely come clean - totally and voluntarily - when faced with embarrassing situations. Michael Horowitz

[Dalkorian]

Funny how many comments from the winblows fanbois sound just like an M$ sound bite. "It's not winblows fault that it sucks donkeys, it's because the users are to stupid to use it right." Yeah, that's the ticket. Keep deluding yourselves fanbois, maybe someday you'll convince someone other than yourself.

[electromanvern]

Dalkorian:

So then when Linux servers get nailed by the likes of Phalanx2, then you can't blame the poor admins either, must be the poorly written OS.

Thanks for proving that Linux is no more bulletproof than Windoze, M$, or anything else in this world. Us FANBoyz just love your help. ** Joke mode when using OS basher slang **

Geez, I can't believe how silly the arguments get here. Instead of coming back with an intelligent argument, this guy brings up donkeys.

[electromanvern]

@johnnypopper

Johnny baby, reality check please. Security software is an extremely small portion of the software budget for the federal government. Switchig to OSX would require tens of thousands of software applictions to be replaced. Which wouldn't be possible because most enterprise applications just aren't available on the Mac. And even if the apps were available, it would cost hundreds of $billions of dollars.

[outpostprime]

Windows XP and Vista are extremely stable. Problem is with people using archaic software and using old/badly coded drivers. I've never got a BoSD on XP or Vista. Unless, I knew it was going to happen. For example using beta drivers/software or overclocking.
Auto run btw has nothing to do with how his machine got infected. If you read it it clearly states that his machine got infected by a virus after inserting a USB flash drive. This means that the drive was already infected 'duh'. He connected it to a machine (most likely his home computer) that was infected. This is just as bad as floppy disks used to be (old school way to spread viruses I.E floppynet). This sort of virus can infect any x86 machine since they are low level viruses. He most likely didn't have partition/BIOS protection enabled in his bios settings. If he had that enabled this wouldn't have happened.
When you insert a flash drive it only caches the file structure to memory. This is because of the very slow read/write speeds on flash devices. Disabling Autorun WILL NOT SAVE YOU! The OS has to read and mount the partition anyway. When it does this you'll get infected. These viruses hide in the MBR (Master boot record) of the partition. The Auto run you guys are referring to is used on CD's and DVD's. THIS IS NOT THAT SORT OF AUTORUN!

[electromanvern]

Good Eye in seeing the distinction between USB and CD/DVD autorun. I didn't catch that mistake in the article until now.

USB flash drives require special configurations to autorun, but it is possible. For example, my company makes one model which emulates a USB CD drive. This emulation is done in the flash controller hardware. So it appears to the OS as a CD drive and can autorun when inserted.

But, in reality hardly any drive on the market has this functionality, so most likey you are correct this infection must have been low level at the mbr.

[ultimatetux]

Well.. I hate the idea of getting to pay for an Operating System which I am aware of its performance and stability and also I am aware that they just work out their TODO list by listing all functionalities and features in a Linux distribution and start working on implementing it, People using Mac OS X just feel so white but their day turns black of the billions of applications they can't run or searching for a compatiblity link between an application they work on and try to find an alternative for Max OS X, Yeah a wealthy man won't suffer a lot buying everything he wants however Linux gives another man everything he wants to pay the bills and buy groceries, as well as being able to run a _secure_space_craft :D

[Marlene88]

I always disable the autorun. Good advice.

Marlene88
www.evergreenspace.com