NASA confirmed this week that a computer on the International Space Station is infected with a virus. (See "Houston, we have a virus" at The Register.)
The malicious software is called W32.TGammima.AG, and technically it's a worm. The interesting point, other than how NASA could let this happen, is the way the worm spreads--on USB flash drives.
Randy Abrams, director of technical education at ESET, alerted me about this. Touching on both interesting points, he said:
To start with, no computer going into space should have autorun enabled. Simply disabling autorun would have almost certainly rendered the worm inert. Given that age of the worm, and its low risk ranking, it is probable that current (antivirus) software was not being used either.
(Credit:
NASA)
Malicious software spread by USB flash drives and other removable media takes advantage of a questionable design decision by Microsoft. Windows is very happy to run a program automatically when a USB flash drive is inserted into a PC. How convenient, both for end users and for bad guys.
Abrams blogged about this back in December, and I wrote about it in March. In that posting, I described how to disable autorun for Windows XP and Windows 2000 and I just revised it to include Vista.
In his December blog, Abrams writes, "Fundamentally, there are two types of readers here. The first type will disable autorun and be more secure. The second type will eventually be victims."
Don't be a victim, disable autorun (also known as autoplay) for all devices. It may be a bit inconvenient going forward, but to me, the added safety is well worthwhile.
See a summary of all my Defensive Computing postings.
Many Windows users are annoyed by the Autoplay feature. But Leo Notenboom recently explained why it is dangerous, rather than annoying.
Many of us, when we run across an unknown USB flash drive (a.k.a. thumb drive, pen drive, memory stick, etc.) will stick it in a computer to see what's on the thing. It's at this point that Autoplay can screw you big time.
Unlike with CDs, Autoplay on a USB flash drive will run a program immediately, no questions asked. Quoting Leo "USB Thumbdrives or flash drives are a non-obvious but easy way to spread malware." The only thing most malicious software needs is for you to run the program. The Windows Autoplay feature, for flash drives, hands this service to the bad guys on a silver platter.
The question posed to Leo was "I found a USB thumb drive, plugged it in and now my system won't work. What happened?" His answer: the computer was probably infected with some type of malicious software.
Windows XP
To disable Autoplay totally, Leo suggests a free program from Microsoft for Windows XP called TweakUI. TweakUI is needed for Windows XP Home Edition users, but XP Professional can do this without the extra software (TweakUI will work on XP Professional).
The downloaded program, TweakUiPowertoySetup.exe, is only 146K. When you run the program it installs immediately, no questions asked, no decisions to be made. It does not create a desktop icon for itself, so you find it with Start -> All Programs -> Powertoys for Windows XP. To turn off AutoPlay system-wide, run TweakUI, start at My Computer -> Autoplay -> Types -> turn off the checkboxes.
Windows XP Professional can disable Autoplay using the built-in Group Policy feature (see above). To invoke the Group Policy Editor, click the Start button, then Run and enter "gpedit.msc" without the quotes. Go to Computer Configuration -> Administrative Templates -> System. Scroll down to "Turn off Autoplay" and double click on it. It starts out in a "Not Configured" state. Click on the "Enabled" radio button, then for "Turn off Autoplay on" select "All drives".
Windows 2000
Windows 2000 does not, by default, Autoplay on USB flash drives. Nonetheless, it supports Group Policies that can be used to disable Autoplay system-wide. Quoting the operating system itself:
"By default, Autoplay is disabled on removable drives, such as the floppy disk drive (but not the CD-ROM drive), and on network drives. If you enable this policy, you can also disable Autoplay on CD-ROM drives, or disable Autoplay on all drives."
The procedure to disable Autoplay system-wide is very much like that in XP Professional. Click the Start button, then Run, and enter "gpedit.msc" without the quotes. Go to Computer Configuration -> Administrative Templates -> System. Scroll down to "Disable Autoplay" and double-click on it.
At this point, the terminology couldn't be any worse. What does it mean to disable the policy that disables Autoplay? Do two wrongs make a right? As shown above, enable the policy and then "Disable Autoplay on All drives."
Windows Vista
As with Windows XP, the expensive versions of Vista (Business and Ultimate) include a Group Policy editor. To run it, click the Start button and in the search box type "gpedit.msc" without the quotes. Browse to Windows Components, then to AutoPlay Policies. Change the value of "Turn off Autoplay" to enabled.
The cheap versions of Vista, such as Home Premium, can do this in the Control Panel. Under Hardware and Sound, click on "Play CDs or other media automatically." Then uncheck the checkbox for "Use AutoPlay for all media and devices."
Is This Enough?
I have seen reports online that the above measures are not sufficient to fully protect you from autorun/autoplay in all instances. I can't evaluate these claims for myself, but even if they are true, there is no doubt that you are safer disabling autorun as described above than you are not disabling it.
Update: March 16, 2008: Just for good luck, make a Restore Point before changing the Autoplay default. See Four tips to using System Restore on Windows XP.
Update: March 17, 2008: Added section on Windows 2000.
Update: August 27, 2008: Added section on Windows Vista.
See a summary of all my Defensive Computing postings.
- prev
- 1
- next
