Lesson learned from Sony CD infection

As the blogs go wild posting the latest tidbit about Sony BMG CDs (the story has even made The New York Times), I suggest we stop and reflect for a bit.

By placing active Windows programs on what was supposed to be an audio CD, Sony BMG in effect launched an attack on your system -- if you run Windows, that is. In most cases, the attack is successful. But why? What defensive measure let you down here?

One of the biggest annoyances with Windows is the Autorun feature. This is the feature where the operating system detects insertion of a CD and then decides for you what to do about it. Luckily, the real geeks at Microsoft, the ones who actually write the Windows code, knew that this feature should be optional. Even more luckily, the folks who produce the O'Reilly book series Annoyances have a website that tells you how to turn off Autorun. Do it. Turn it off.

Tags: , , , , , ,

No comments: