Microsoft has duty to fight malware says expert

16 Apr 2008

In light of the malware-infected USB keys mistakenly shipped by HP last week, Randy Abrams, CTO of security software firm Eset, said that Microsoft must develop updates which help PCs avoid infection.

Most malware from portable media devices such as USB keys makes it way onto a computer by exploiting a process known as autorun, Abrams explained, and Microsoft needs to develop an update that will allow Windows users to easily disable the autorun function.

Currently, it is very difficult for the average PC user to disable this feature and it really involves some level of technology expertise, Abrams claimed, going on to say that security experts within Microsoft also agree this should be made available.

Why is Microsoft not doing this? Marketing, Abrams said, and tech support costs too.

One way that malware, or malicious software, makes its way onto a device like a USB key is through bad or poor manufacturing practices, Abrams said.

“If there isn’t good digital security in place, a manufacturer might not be aware of all aspects that lead to infection.

“A lot of PCs used for spot testing portable media devices are connected to the internet without adequate antivirus and malware software so the irony is that only USBs checked for quality control get infected!”

Another source of infection is through industrial sabotage, Abrams said: “It can be done as a social engineering attack when the bad guy plants an infected USB in the car park of the competitor.

“An employee comes along, picks up the device and plugs it into their PC to find out who owns it. The autorun process then lets the malware install itself in the background.”

Apple do not do Microsoft any favours either Abrams said. If a user manages to disable autorun on his or her computer and then proceeds to install Apple iTunes, this software asks the computer to turn on autorun.

“Apple does not warn you that turning on autorun decreases the security of your PC,” Abrams added.

By Marie Boran