November 22, 2005

I just realized that I find it very amusing that the debacle that has arisen from the rootkit(s) installed by Sony has called so much attention to a message that those of us in the security world have been repeating for slightly more than a decade:

Disable the Windows “feature” called Autoplay (also Autorun).

This is what makes installation programs begin automatically when a CD is inserted in the drive, and, as has been revealed by Sony’s anti-customer actions, this software does not always have to be for your benefit.

Here’s the Microsoft article on how to disable Autoplay/Autorun: http://support.microsoft.com/default.aspx?scid=kb;en-us;126025

Also, a quick discussion of Rootkits, and how to tell if you’ve got one:
www.windowsitpro.com

And, a link directly to RootKit Revealer, widely considered the best utility out there for rootkit detection on Windows:
http://www.sysinternals.com/utilities/rootkitrevealer.html

About the Author Michael Santarcangelo

The founder of Security Catalyst, Michael develops exceptional leaders and powerful communicators with the security mindset for success.

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}

Don't know where to start?

Check out Security Catalyst Office Hours to meet your peers and celebrate the good, help each other, and figure out your best next step. We meet each Friday… and it’s free to attend.