Slashdot Mirror

← Back to Stories (view on slashdot.org)

Olympus Digital Camera Ships With a Worm

Posted by kdawson on from the do-not-get-too-close-to-the-viewfinder dept.

An anonymous reader writes "Olympus Japan has issued a warning to customers who have bought its Stylus Tough 6010 digital compact camera that it comes with an unexpected extra — a virus on its internal memory card. The Autorun worm cannot infect the camera itself, but if it is plugged into a Windows computer's USB port, it can copy itself onto the PC, then subsequently infect any attached USB device. Olympus says it 'humbly apologizes' for the incident, which is believed to have affected some 1,700 units. The company said it will make every effort to improve its quality control procedures in future. Security company Sophos says that more companies need to wake up to the need for better quality control to ensure that they don't ship virus-infected gadgets. At the same time, consumers should learn to always ensure Autorun is disabled, and scan any device for malware before they use it on their computer."

19 of 249 comments (clear)

  1. Intentional or accidental? by Nemilar · · Score: 5, Interesting

    I hate to ask the obvious question, but the article doesn't address it -- could this be intentional, or is it accidental?

    I would imagine that some shady overboss would be willing to pay a relatively sizable amount of money (especially considering that the amount of money you'd have to pay someone in a Chinese factory to do this would not be very high) for the opportunity to infect potentially tens of thousands of computers.

    --
    Nemilar http://www.techthrob.com - Visit Me!
  2. Re:Keep It by couchslug · · Score: 4, Funny

    "So I took it back to Best Buy "

    I'd post AC too if were I admitting that. Eeew.

    --
    "This post is an artistic work of fiction and falsehood. Only a fool would take anything posted here as fact."
  3. So.. by Renraku · · Score: 4, Insightful

    What kind of compensation are the makers going to offer everyone who's system they hosed?

    --
    Job? I don't have time to get a job! Who will sit around and bitch about being broke and unemployed then?
  4. Seriously? by Anonymous Coward · · Score: 5, Insightful

    At the same time, consumers should learn to always ensure Autorun is disabled, and scan any device for malware before they use it on their computer."

    Seriously?

    It's getting to the point where running a computer is turning into a full time job. I need to scan every single product I buy before using it? Isn't that why I bother to pay a premium to get name-brand products from legitimate outlets?

    I'm annoyed that the ultimate time-saving device is becoming more and more of a chore. I'm expected to spend hours researching the ways in which to harden my browser against cookie tracking, to rate virus scanners using contradictory and confusing standards, to assess information that requires a degree in computer science everytime I want to get a PC game to work, to pull out my law degree everytime I use an online product or dive through an EULA, and now this?

    I mean come on, where's it going to end? Should I do independant surge tests on the next microwave I buy before plugging it in? What about my printer, does it need a scan too? Should I take my newly purchased tires to an independant assessor? How about that new CD I bought?
     

    1. Re:Seriously? by Anonymous Coward · · Score: 5, Insightful

      No, but it does connect to my electrics. Should I have to worry that every new gadget in my place is going to cause a fire? No, because we as a society decided that was not the way we wanted to live our lives and we adjusted the legal landscape accordingly.

    2. Re:Seriously? by indiechild · · Score: 4, Insightful

      Good points. This is why "appliance computing" ala iPad and the like will become increasingly popular over the next few years. Slashdot geeks will decry it as dumbed down computing for the unwashed masses, but in reality, it's computing made usable.

  5. Re:Dodged a bullet. by Anonymous Coward · · Score: 5, Insightful

    Didn't see it mentioned in the few dozen comments at the moment, but "more companies need to wake up to the need for better quality control to ensure that they don't ship virus-infected gadgets. At the same time, consumers should learn to always ensure Autorun is disabled" blames the manufacturer of the drive, blames the consumer, but skirts around blaming the OS in question.

    I know it's somewhat passe to pick on an OS because it remains the one commonality in malware infections, but seriously, a design as defective as Autorun's implementation should be beaten with large sticks every chance we can get until it's a bloody pulp, or no more than a stain. Srsly.

  6. Autorun?! by dido · · Score: 5, Insightful

    I wonder what bright soul at Microsoft thought it a good idea to extend autorun to all types of removable media. It was tolerable if annoying for CDs and DVDs, but it became downright dangerous once USB sticks and similar rewritable media were included. I wonder why they haven't decided to push an update that disables or limits the damage that this misbegotten feature can do.

    --
    Qu'on me donne six lignes écrites de la main du plus honnête homme, j'y trouverai de quoi le faire pendre.
    1. Re:Autorun?! by bragr · · Score: 4, Interesting

      At the single biggest security problem at the place were I work. We tried disabling it, but we had too many problems of people putting in flash drives or cd and the stupid flash based window not popping up like it did "on their home computer" and that "their computer was broken." Sometimes, its just easier to clean up afterwards, then to preempt it and deal with people complaining.

    2. Re:Autorun?! by rudy_wayne · · Score: 4, Insightful

      At the single biggest security problem at the place were I work. We tried disabling it, but we had too many problems of people putting in flash drives or cd and the stupid flash based window not popping up like it did "on their home computer" and that "their computer was broken."

      So your employees are too stupid/lazy to learn how to use a computer. Either train them or fire them.

    3. Re:Autorun?! by robthebloke · · Score: 4, Insightful

      The OP didn't say anything about employees - he said workplace. Every worked in a university? It's far easier to ghost the machines at the end of every day or session than deal with hundreds of queries a day from the vast majority of the 20,000 students who struggle to understand the basic concepts of computer security.

  7. Re:I have a standard policy by Anonymous Coward · · Score: 4, Informative

    Unnecessary unless you use an ancient decade-plus-old Windows version. Vista and 7 stop this attack automatically by displaying the Autoplay dialog when a new device is inserted.

    In fact, Windows 7 removes the ability entirely to manually execute Autorun from a flash drive.

  8. Criminal penalties are necessary by grahamsaa · · Score: 4, Insightful

    Civil and criminal penalties should be imposed on manufacturers that ship hardware that's pre-loaded with malware. As of right now, there are no consequences, which means that this will continue to happen. The only remedy that will stop, or at least curb this behavior is serious civil or criminal charges.

    Companies may blame this on outsourcing, but they have chosen to outsource. They may blame it on poor quality control, but quality control is their responsibility! There is no excuse for this, and the executives that make decisions that lead to this type of security hole must be held accountable. I wish I could say that I was surprised by this news, but I'm not. It's commonplace. And until hardware and software companies are held accountable, this will continue to happen.

    --
    Facts have a liberal bias.
  9. Re:Dodged a bullet. by denmarkw00t · · Score: 5, Insightful

    Someone mod this man up! I totally agree that blaming the OS is a bit passe, but Autorun is also the worst "feature" I've ever encountered - "Oh, you plugged something in that has a filesystem I understand? And an executable it wants me to run? Ok."

    Dumb.

  10. As usual the real problem is unnecessary crap by rudy_wayne · · Score: 4, Insightful

    but if it is plugged into a Windows computer's USB port, it can copy itself onto the PC, then subsequently infect any attached USB device.

    Why isn't the memory card formatted and completely blank?

    consumers should learn to always ensure Autorun is disabled,

    No, companies should stop selling memory cards with unnecessary crap installed.

  11. Re:Dodged a bullet. by grcumb · · Score: 4, Insightful

    Someone mod this man up! I totally agree that blaming the OS is a bit passe, but Autorun is also the worst "feature" I've ever encountered - "Oh, you plugged something in that has a filesystem I understand? And an executable it wants me to run? Ok."

    Who's blaming the OS? We're blaming the company that made the OS. The same company, by the way, that brought us ActiveX in Internet Explorer, executable attachments in Outlook, Word Document viruses, IIS prior to 7, and 'run as Administrator by default'.

    Dumb.

    Dumb, indeed.

    (I'm not even going to get into the myriad other objectionable actions and statements that they've indulged in since the beginning of the '90s. They're not germane to this discussion.)

    --
    Crumb's Corollary: Never bring a knife to a bun fight.
  12. Re:Dodged a bullet. by Mr.+Freeman · · Score: 4, Insightful

    I turned autorun off on every computer I've ever had without much issue. That's windows 98, 2000, XP, vista, server '08, and win 7. All of them made it easy enough to turn it off. I'm not sure what the hell you're talking about.

    --
    -1 disagree is not a modifier for a reason. -1 troll, flaimbait, redundant, overrated are NOT acceptable substitutes.
  13. Re:Dodged a bullet. by the_raptor · · Score: 5, Informative

    To turn USB autorun off on Windows XP you have to edit the registry. The GUI options do not apply to USB drives for some retarded reason.

    I was alerted to this when I bought a USB drive that came with autorunning software (to do encryption and other rubbish) and was surprised that it ran despite me turning autorun off as a part of standard configuration since the late 90's.

    --

    ========
    CINC, 4th Penguin Legion
  14. Re:Dodged a bullet. by petermgreen · · Score: 4, Informative

    edit: further for completely turning off autorun to be effective you must make sure you have a particular security update installed.

    http://support.microsoft.com/kb/967715

    the whole thing is a gigantic mess!

    --
    note: i'm known as plugwash most places but i screwd up registering that here somehow in the past and now can't register