Slashdot Mirror
Olympus Digital Camera Ships With a Worm
An anonymous reader writes "Olympus Japan has issued a warning to customers who have bought its Stylus Tough 6010 digital compact camera that it comes with an unexpected extra — a virus on its internal memory card. The Autorun worm cannot infect the camera itself, but if it is plugged into a Windows computer's USB port, it can copy itself onto the PC, then subsequently infect any attached USB device. Olympus says it 'humbly apologizes' for the incident, which is believed to have affected some 1,700 units. The company said it will make every effort to improve its quality control procedures in future. Security company Sophos says that more companies need to wake up to the need for better quality control to ensure that they don't ship virus-infected gadgets. At the same time, consumers should learn to always ensure Autorun is disabled, and scan any device for malware before they use it on their computer."
The despotic People's Republic of China - where the worst of company town practices are in an entire country(if not region).
Twitter supports and protects racists - by smearing their critics with the "Hate Speech" label.
What kind of compensation are the makers going to offer everyone who's system they hosed?
Job? I don't have time to get a job! Who will sit around and bitch about being broke and unemployed then?
Seriously?
It's getting to the point where running a computer is turning into a full time job. I need to scan every single product I buy before using it? Isn't that why I bother to pay a premium to get name-brand products from legitimate outlets?
I'm annoyed that the ultimate time-saving device is becoming more and more of a chore. I'm expected to spend hours researching the ways in which to harden my browser against cookie tracking, to rate virus scanners using contradictory and confusing standards, to assess information that requires a degree in computer science everytime I want to get a PC game to work, to pull out my law degree everytime I use an online product or dive through an EULA, and now this?
I mean come on, where's it going to end? Should I do independant surge tests on the next microwave I buy before plugging it in? What about my printer, does it need a scan too? Should I take my newly purchased tires to an independant assessor? How about that new CD I bought?
Didn't see it mentioned in the few dozen comments at the moment, but "more companies need to wake up to the need for better quality control to ensure that they don't ship virus-infected gadgets. At the same time, consumers should learn to always ensure Autorun is disabled" blames the manufacturer of the drive, blames the consumer, but skirts around blaming the OS in question.
I know it's somewhat passe to pick on an OS because it remains the one commonality in malware infections, but seriously, a design as defective as Autorun's implementation should be beaten with large sticks every chance we can get until it's a bloody pulp, or no more than a stain. Srsly.
How do we know the image for the card wasn't put together in Japan? The camera says Made in China, the software perhaps not.
If God forks the Universe every time you roll a die, he'd better have a damned good memory.
I wonder what bright soul at Microsoft thought it a good idea to extend autorun to all types of removable media. It was tolerable if annoying for CDs and DVDs, but it became downright dangerous once USB sticks and similar rewritable media were included. I wonder why they haven't decided to push an update that disables or limits the damage that this misbegotten feature can do.
Qu'on me donne six lignes écrites de la main du plus honnête homme, j'y trouverai de quoi le faire pendre.
Civil and criminal penalties should be imposed on manufacturers that ship hardware that's pre-loaded with malware. As of right now, there are no consequences, which means that this will continue to happen. The only remedy that will stop, or at least curb this behavior is serious civil or criminal charges.
Companies may blame this on outsourcing, but they have chosen to outsource. They may blame it on poor quality control, but quality control is their responsibility! There is no excuse for this, and the executives that make decisions that lead to this type of security hole must be held accountable. I wish I could say that I was surprised by this news, but I'm not. It's commonplace. And until hardware and software companies are held accountable, this will continue to happen.
Facts have a liberal bias.
Between intentional and accidental is "a Google". :)
If you are exposed just quote "“As we said before, this was a mistake,” Google spokeswoman Christine Chen"
http://www.wired.com/threatlevel/2010/06/google-wifi-debacle/#ixzz0qJdk9Bjv
Wait, stonewall, wait a bit more and the press moves on
Domestic spying is now "Benign Information Gathering"
Someone mod this man up! I totally agree that blaming the OS is a bit passe, but Autorun is also the worst "feature" I've ever encountered - "Oh, you plugged something in that has a filesystem I understand? And an executable it wants me to run? Ok."
Dumb.
A system has to load the image over usb! so maybe that system has a worm on it.
Why isn't the memory card formatted and completely blank?
No, companies should stop selling memory cards with unnecessary crap installed.
blames the manufacturer of the drive, blames the consumer, but skirts around blaming the OS in question.
Well duh - consider the source.. it's an antivirus company. They wouldn't be in business if not for Windows.
An antivirus company saying that Windows in insecure would be like BP saying that we should all switch to solar power and stop using oil.
Someone mod this man up! I totally agree that blaming the OS is a bit passe, but Autorun is also the worst "feature" I've ever encountered - "Oh, you plugged something in that has a filesystem I understand? And an executable it wants me to run? Ok."
Who's blaming the OS? We're blaming the company that made the OS. The same company, by the way, that brought us ActiveX in Internet Explorer, executable attachments in Outlook, Word Document viruses, IIS prior to 7, and 'run as Administrator by default'.
Dumb, indeed.
(I'm not even going to get into the myriad other objectionable actions and statements that they've indulged in since the beginning of the '90s. They're not germane to this discussion.)
Crumb's Corollary: Never bring a knife to a bun fight.
The Autorun worm cannot infect the camera itself, but if it is plugged into a Windows computer's USB port, it can copy itself onto the PC, then subsequently infect any attached USB device.
Remember folks, that's Microsoft Windows (R)(TM). Too bad it has no effective enabled-by-default security system to prevent this sort of thing. Like I dunno, limited user accounts and non-executable mounts?
No, it's the user. Autorun was meant to be usability easiness and laziness.
The decision to accommodate laziness by default and to then advertise it as "easy to use!" for non-technical people was not the users' decision.
It is a miracle that curiosity survives formal education. - Einstein
I turned autorun off on every computer I've ever had without much issue. That's windows 98, 2000, XP, vista, server '08, and win 7. All of them made it easy enough to turn it off. I'm not sure what the hell you're talking about.
-1 disagree is not a modifier for a reason. -1 troll, flaimbait, redundant, overrated are NOT acceptable substitutes.
Everybody harping on autorun. The larger problem is insecure defaults. Autorun hasn't been nearly as bad as "Hide file extensions". For people like myself, it lead to filenames like foo.txt.txt before I realized that stupidity was turned on. For people who weren't paranoid enough, it was the legendary HotChick.jpeg.exe kind of stuff.
But I digress. The real problem is poor default choices. Again and again. MS needs to realize that you can't pander too much to the very stupidest users who haven't used their product EVER. Double-clicking a CD icon, file extensions, and the permission dialog for Active X controls should be taught on day one.
In other words, MS needs to back off just a bit from the cult of useability, and educate the users ever so slightly. I mean, this is one time when their incredible market share would be helpful. It's not like all Windows users are just going to get up and leave. In the long run, it'll help them stay too.
Give up on the "cup holder" people (CHPs). They will either move beyond that stage, or they won't; but you can't, Can't CAN'T design an OS that can be used by CHPs without also making it useful for script kiddies... unless maybe you go to an AppStore model, and that's got other issues.
For all intensive purposes, "whom" is no longer a word. That begs the question, "who cares"?
That's the biggest problem, MS is able to release inferior products and then drive user's expectations down to match. When you tell people that they wouldn't have these problems using something else they don't believe you because it sounds "too good to be true".
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
For non-experienced users, hiding the extension is sensible, and makes Windows a bit more like those other OSs.
No it wouldn't; see the other comment responding to yours. It isn't anything at all like other OSes.
It was always a problem that an inexperienced user would inadvertently change the file type, merely by renaming the filename.
That's another problem other OSes lack, and I used to run across it all the time from co-workers who would do just that. Fortnately, explaining it to them was easy. The Windows kludge shouldn't have been there in the first place.
So you'd say that all those non-Windows OSs are also insecure, because you could have a file "picture", that actually was an executable virus when you doubleclicked
Other OSes don't do that; as the other poster pointed out, you have to manually make the file executable. I imagine that's why many Windows stories here are tagged "defectivebydesign".
Free Martian Whores!