http://blogs.technet.com/steriley/archive/2008/02/18/throw-away-your-digital-picture-frames.aspxSurely time itself has warped and it's suddenly April 1st. Come on, if you read the following, wouldn't you first think it was a hoax, as did I? Virus from China, the gift that keeps on giving An insidious computer virus recently discovered on digitalen-USCommunityServer 2.1 SP1 (Build: 61025.2)http://blogs.technet.com/steriley/archive/2008/02/18/throw-away-your-digital-picture-frames.aspx#2909195Tue, 19 Feb 2008 07:40:14 GMTd5e57398-b9ef-4490-9955-07cbb4e4a80d:2909195Apple » Throw away your digital picture frames<p>PingBack from <a rel="nofollow" target="_new" href="http://apple.joejoeblogs.info/?p=17929">http://apple.joejoeblogs.info/?p=17929</a></p> http://blogs.technet.com/steriley/archive/2008/02/18/throw-away-your-digital-picture-frames.aspx#2909566Tue, 19 Feb 2008 10:30:26 GMTd5e57398-b9ef-4490-9955-07cbb4e4a80d:2909566Nick Brown<p>Steve, I think you may be inadvertently trying to gloss over something here:</p> <p>&gt;If you own one of these frames, SANS suggests that </p> <p>&gt;you take it to a friend who has a Mac or Linux box</p> <p>&gt;and plug it in there. Yeah, that's good advice; there</p> <p>&gt;exist no viruses for these operating systems,</p> <p>&gt;correct?</p> <p>I think that a bar chart of &quot;# of malware in the wild (or even in the lab) per OS&quot; would show up the nature of the risk. &nbsp;There may even be an (as in, one) autorunning USB worm for the Mac or Linux. &nbsp;But there are hundreds for Windows, which is why the factory that make the digital photo frames has them.</p> <p>It's also the case that people run with full privileges on Windows because, when you don't, strange things happen, or unexpectedly don't. &nbsp;I still remember a product manager for NT 4.0 Workstation - touted as highly secure when it came out - dismissing the Nth privilege elevation exploit, with &quot;well, 3/4 of corporate customers give full admin rights to their users anyway, so this doesn't represent a threat at all&quot;.</p> <p>Anyway, if anyone wants a *permanent* fix to this and all other USB-drive worms, head on over to </p> <p><a rel="nofollow" target="_new" href="http://nick.brown.free.fr/blog/2007/10/memory-stick-worms.html">http://nick.brown.free.fr/blog/2007/10/memory-stick-worms.html</a></p> <p>Cheers</p> <p>Nick</p> http://blogs.technet.com/steriley/archive/2008/02/18/throw-away-your-digital-picture-frames.aspx#2916270Wed, 20 Feb 2008 21:28:14 GMTd5e57398-b9ef-4490-9955-07cbb4e4a80d:2916270Steve Riley<p>Yes, but another bar chart shows that Microsft products place you in the fewest days of risk -- that is, we acknowledge and repair vulnerabiliites more quickly than other operating systems. Yet another bar chart shows that of currently-available operating systems, Windows has the fewest number of vulnerabilities. Check out some of Jeff Jones's research.</p> <p>People run with full privs on Windows because so many third-party apps fail otherwise (even our own apps had this problem once upon a time). We've been advocating for years now that developers write for standard users, customers are now demanding that products run as standard user, and UAC is compeling vendors to write for standard user. There is no longer any excuse for a product to require admin privs -- I consider such products to be fundamentally broken.</p> http://blogs.technet.com/steriley/archive/2008/02/18/throw-away-your-digital-picture-frames.aspx#2931894Tue, 26 Feb 2008 02:43:33 GMTd5e57398-b9ef-4490-9955-07cbb4e4a80d:2931894marcelo e. sauaf<p>I searched Secunia and Sans and didn't find any about 'mocmex', wasn't strange? regards!</p>