Big Red Brother (and his buddy) are Watching You

What would you say about the software that silently installs another piece of software from third-party vendor to your computer, which, in turn, collects information regarding your computer's security features (the presence and version of firewall, anti-virus software etc.) and requires Internet connection (!) to be available?

The software is called Adobe Flash Player extension for Firefox; the silently installed third-party tool is McAfee Security Scan Plus. That's it -- having installed a minor extension to a browser, you get a system-wide trojan curios piece of software installed to your PC.

Leaving aside the moral and legislative aspects of such scheme (and please don't say it's just business -- similar schemes were neglected even by Russian gangsters in 1990ths), just wish to warn you to be careful with these. Nobody knows what exactly information collects and sends out the installed tool, neither what is the purpose of collecting such information.

Autoinfect

The invention of autorun (and, similarly, autoplay) feature, in the form it exists today, is one of the biggest platform developers' mistake. A feature with doubtful impact, it has become an easy mechanism for malicious software to reproduce itself. Desktops in Internet cafes and copy centers proved to be excellent friendly hubs where viruses and trojans use to spawn.

What is quite beyond my understanding is that at the same time the very most of the flash drives released today do not promote a write protection switch! This forces me to use my good old 128Mb Chinese noname in public places (such as e-cafes or hotels), as neither of my newer ones provides write resisting capabilities.

As raw criticism is not that constructive, I will explain my own point of view on how autorun should have been implemented correctly (if it should have been):
- Never, NEVER runs without prior OS notification (stating the name of the file, the vendor etc.). If invoked under administrator account, OS displays another dialog proposing to run it under guest account.
- No binaries (neither unmanaged nor managed), no scripts. DHTML (runs in default browser), maybe Silverlight or Flash. "Web" security policy.
- Turned off by default.

It is necessary to understand that autorun is the easiest way to run unknown code on the machine. By simply inserting the untrusted (not yours or write-unprotected) flash card or CD into the drive you can stuff your PC with a swarm of parasites. No further actions are needed. Just keep in mind that someone might silently plug his malicious tiny flash into your notebook's USB when you are drinking your martini at the airport. So the best choice in today environment would consist of three basic rules:

I. Turn autorun off and forget about it.

II. Use a USB flash card with write protection switch and disable writing wherever possible. It would be ideal to only enable writing when inserting the card into your computer.

III. Wherever possible, use "passive" approach to file distribution. Ask your friend to copy down the files you need from his computer to his flash disk; disallow writing on that disk before inserting it to your computer. The same rule applies to the reverse process: copy down the files your friend needs to your flash disk and disallow writing before inserting it to your friend's computer. Such approach will help protect your computer from infecting with the viruses living in your friend's computer, and your friend's one with the viruses living in yours.

Following these three simple rules above will decrease the speed of epidemic spread and make your computer (and the computers of your mates) healthier.