Slashdot Mirror
Olympus Digital Camera Ships With a Worm
An anonymous reader writes "Olympus Japan has issued a warning to customers who have bought its Stylus Tough 6010 digital compact camera that it comes with an unexpected extra — a virus on its internal memory card. The Autorun worm cannot infect the camera itself, but if it is plugged into a Windows computer's USB port, it can copy itself onto the PC, then subsequently infect any attached USB device. Olympus says it 'humbly apologizes' for the incident, which is believed to have affected some 1,700 units. The company said it will make every effort to improve its quality control procedures in future. Security company Sophos says that more companies need to wake up to the need for better quality control to ensure that they don't ship virus-infected gadgets. At the same time, consumers should learn to always ensure Autorun is disabled, and scan any device for malware before they use it on their computer."
Whew, glad my Canon doesn't mount itself as a external disk. Think of all the grief I've saved myself by having to launch something to get photos off of it.
[/sarcasm]
So, where did these cameras originate? China, Japan, Taiwan?
Third World factories seem to keep on making these mistakes.
You think they'd try making these in Japan, with full Japanese citizens making them for once?
Twitter supports and protects racists - by smearing their critics with the "Hate Speech" label.
I hate to ask the obvious question, but the article doesn't address it -- could this be intentional, or is it accidental?
I would imagine that some shady overboss would be willing to pay a relatively sizable amount of money (especially considering that the amount of money you'd have to pay someone in a Chinese factory to do this would not be very high) for the opportunity to infect potentially tens of thousands of computers.
Nemilar http://www.techthrob.com - Visit Me!
"So I took it back to Best Buy "
I'd post AC too if were I admitting that. Eeew.
"This post is an artistic work of fiction and falsehood. Only a fool would take anything posted here as fact."
What kind of compensation are the makers going to offer everyone who's system they hosed?
Job? I don't have time to get a job! Who will sit around and bitch about being broke and unemployed then?
Seriously?
It's getting to the point where running a computer is turning into a full time job. I need to scan every single product I buy before using it? Isn't that why I bother to pay a premium to get name-brand products from legitimate outlets?
I'm annoyed that the ultimate time-saving device is becoming more and more of a chore. I'm expected to spend hours researching the ways in which to harden my browser against cookie tracking, to rate virus scanners using contradictory and confusing standards, to assess information that requires a degree in computer science everytime I want to get a PC game to work, to pull out my law degree everytime I use an online product or dive through an EULA, and now this?
I mean come on, where's it going to end? Should I do independant surge tests on the next microwave I buy before plugging it in? What about my printer, does it need a scan too? Should I take my newly purchased tires to an independant assessor? How about that new CD I bought?
Every piece of new writable media gets formated immediately. I also have autorun killed on all my windows boxes.
I wonder what bright soul at Microsoft thought it a good idea to extend autorun to all types of removable media. It was tolerable if annoying for CDs and DVDs, but it became downright dangerous once USB sticks and similar rewritable media were included. I wonder why they haven't decided to push an update that disables or limits the damage that this misbegotten feature can do.
Qu'on me donne six lignes écrites de la main du plus honnête homme, j'y trouverai de quoi le faire pendre.
Civil and criminal penalties should be imposed on manufacturers that ship hardware that's pre-loaded with malware. As of right now, there are no consequences, which means that this will continue to happen. The only remedy that will stop, or at least curb this behavior is serious civil or criminal charges.
Companies may blame this on outsourcing, but they have chosen to outsource. They may blame it on poor quality control, but quality control is their responsibility! There is no excuse for this, and the executives that make decisions that lead to this type of security hole must be held accountable. I wish I could say that I was surprised by this news, but I'm not. It's commonplace. And until hardware and software companies are held accountable, this will continue to happen.
Facts have a liberal bias.
For the customers you have the appropriate product is in trouble indeed grateful, bon appétit do so as follows: anti-virus support, thank you.
Translation issues aside, they do 'fess up honestly:
Cause
The lack of production management, computer virus has been contaminated with the camera.
"At the same time, consumers should learn to always ensure Autorun is disabled, and scan any device for malware before they use it on their computer"
But what if that malware, as it seemingly often is these days, is an actual intentional part of a product?
A system has to load the image over usb! so maybe that system has a worm on it.
Why isn't the memory card formatted and completely blank?
No, companies should stop selling memory cards with unnecessary crap installed.
Olympus should send an Ubuntu CD to their customers.
On a fully secured (DEP, non Admin account, all updates) Windows machine, I can see "quarantined" items which all appear to be "autorun.xxx.worm" , pick anything you like. It is already out of hand.
If something happened like this on Apple OS X land, Apple would roll out an operating system update and disable Autorun. Perhaps, they could show a help document about installing applications with double clicking.
Shrink wrapped/boxed software is _dead_. Even if it is not dead, it is trivial to add the "install software" control panel back. Just a line needed to be on box or "driver cd". That is all. It won't be the first time some convenience is given up for security. How many times people install the same software anyway?
it would be a shame if 30,000 pissed off geeks were to hit it (or do any number of "interesting" things to it)
[Picture of nice store front] This is your webstore
[Picture of smoking hole] This is your webstore on Slashdot
Any person using FTFY or editing my postings agrees to a US$50.00 charge
Well, one way to find out...
CG Pin-Ups?
Recently I helped a friend who had 1TB disk formatted in FAT32 to convert it to HFS+ Journaled. As I image the disk, I notice some really strange things, like .exe files in Pictures folder, the _hard disk_ itself having autorun.exe. It is not some Taiwanese invention either, it is the Western Digital.I believe it is one of the most expensive ones.
It turns out, WD _idiots_ had this great idea of installing their USB drivers named something TURBO (no kidding!) who are supposed to speed up the drive transfer. I bet it does some cache hacks etc. It also does some very unwelcome things like adding itself to startup, not removing itself automatically (of course!), does trivial and dangerous hack of adding some "WD" logo to OS X icon of the drive. OS X, of course doesn't have autorun functionality, I believe on Windows, that drive is the ultimate driver hell machine which will _also_ install couple of viruses!
That is one of the most prestigious Hard Disk manufacturers. Just imagine what those no name freaks do.
The rest of files? Some really bad worms who _all_ uses autorun functionality. If I was responsible for security of Windows, I would really say "please, get a life" to those autorun loving companies and disable it the next day. Just output of ClamAV scan for that disk should make anyone who did anything about security alerted.
MS spent billions for security and fixing their image and yet, they just can't give up the absolutely stupid idea of automatically running an executable.
Jesus, don't you guys ever get tired of bashing windows?
Not as long as the ongoing barrage of malware built on Windows bugs continues and the PHBs of the world keep shoving Windows "solutions" down our throats at work while the bulk of computer-using humanity continues to use it at home.
Once it's no longer a blight on humanity we'll stop telling everybody what a blight on humanity it is. (Maybe we'll occasionally reminisce about what a blight on humanity it WAS, once that utopia arrives. B-) )
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
If something happened like this on Apple OS X land, Apple would roll out an operating system update and disable Autorun. Perhaps, they could show a help document about installing applications with double clicking.
There were Apple viruses as of the original Macintosh, which had a similar feature for automatically loading drivers, software updates, and such.
They've been there, had that done to them, and moved on.
For some reason it took Microsoft decades to get the same message.
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
It's a feature!
I regret that I only have one mod point to give per post.
This is how I fix it:
Start->Run->gpedit.msc /force
Local Computer Policy->Administrative Templates->Windows Components->AutoPlay Policies
Turn off Autoplay -> Enabled, all drives
Don't set the always do checkbox -> Enabled
Turn off AutoPlay for non volume devices -> Enabled
Default Behavior for AutoRun -> Enabled, set do not execute any autorun commands
gpupdate
My beef is why this is not the default on all Windows machines. AutoPlay and AutoRun are separate entities, so one needs to make sure both are disabled.
I've ran into this worm before (or one like it). One of my clients got an external HDD full of video data. They're into video production (not porn), so often they will require data from their clients. Anyways, this worm hides in a fake Recycle Bin folder which is executed by the autorun.inf file. In turn, the infected PC will replicate to all possible drive letters. Once on a server share, all other clients will soon get infected.
It's real annoying. But if all your PCs and Servers have an up-to-date anti-virus scanner, it they should now all prevent from getting infected.
Life is not for the lazy.
Everybody harping on autorun. The larger problem is insecure defaults. Autorun hasn't been nearly as bad as "Hide file extensions". For people like myself, it lead to filenames like foo.txt.txt before I realized that stupidity was turned on. For people who weren't paranoid enough, it was the legendary HotChick.jpeg.exe kind of stuff.
But I digress. The real problem is poor default choices. Again and again. MS needs to realize that you can't pander too much to the very stupidest users who haven't used their product EVER. Double-clicking a CD icon, file extensions, and the permission dialog for Active X controls should be taught on day one.
In other words, MS needs to back off just a bit from the cult of useability, and educate the users ever so slightly. I mean, this is one time when their incredible market share would be helpful. It's not like all Windows users are just going to get up and leave. In the long run, it'll help them stay too.
Give up on the "cup holder" people (CHPs). They will either move beyond that stage, or they won't; but you can't, Can't CAN'T design an OS that can be used by CHPs without also making it useful for script kiddies... unless maybe you go to an AppStore model, and that's got other issues.
For all intensive purposes, "whom" is no longer a word. That begs the question, "who cares"?