Best Virus Removal

Misleading Application

According to recent political opinion polls, U.S. President Obama’s approval rating currently stands at 65%. It is clear that when his first 100 days in office are analyzed, spammers also view him favorably. In the last few weeks there has been a noticeable boost in the number of spam messages that use his name and popularity to promote certain spam products and services.

Computer viruses got their name because they spread just like biological viruses. There are other parallels as well; for instance, best practices. In the medical world they are called preventative measures, but really they are best practices.

Customers have heard us say over the years that the threat environment is an ever-evolving one. That means that one of our jobs in working to keep customers safe is to continually monitor the threat environment and make changes to adapt to it.

< ?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /> 

Today, we’re announcing modifications in Windows that adapts to recent changes in the threat environment. Specifically, we’re announcing changes to the behavior in AutoPlay so that it will no longer enable an AutoRun task for devices that are not removable optical media (CD/DVD.).  However, the AutoRun task will still be enabled for media like CD-ROM. There are more details on the change over at the Windows 7 blog as well as at the Security Research and Defense (SRD) blog.

The reason we’re making this change is that we’ve seen an increase, since the start of 2009, in malicious software abusing the current default AutoRun settings to propagate through removable media like USB devices. The best known malicious software abusing AutoRun is Conficker, but it’s not alone in that regard: there is other malicious software that abuses this feature. You can get more details on this change and others in the threat environment from the Microsoft Malware Protection Center’s blog.

Because we’ve seen such a marked increase in malicious software abusing AutoRun to propagate, we’ve decided that it makes sense to adjust the balance between security and usability around removable media. We’ve tried to be very measured in this adjustment to maximize both customer convenience and protection. Since non-writable media such as CD-ROMs generally aren’t avenues for malicious software propagation (because they’re not writable) we felt it made sense to keep the current behavior around AutoPlay for these devices and make this change only for generic mass storage class devices.

This change will be present in the Release Candidate build of Windows 7. In addition, we are planning to release an update in the future for Windows Vista and Windows XP that will implement this new behavior.

Thanks.

Christopher

*This posting is provided “AS IS” with no warranties, and confers no rights.*

The swine flu outbreak in Mexico and the United States is making news headlines all over the world, with updates coming out in real time from the Centers for Disease Control and Prevention. The scare has spawned a spamming frenzy, like sharks smelling blood in the water. Symantec has been monitoring the spam and is continuing to analyze the underlying intentions of the associated messages.