On Fri, Mar 20, 2009 at 1:58 PM, HELP_PC <[email protected]> wrote: > That is the reason of MS KB 967715 so urgently deployed ?
I still say the registry INI redirection trick[1] is a better defense. It worked years before Microsoft got their head out of their butt on this one. [1] http://nick.brown.free.fr/blog/2007/10/memory-stick-worms.html Anyone aware of any independent analysis of what the MSKB 967715 patch actually does? I mean, sure, Microsoft *says* it prevents AUTORUN.INF from being read. But Microsoft has said similar things before. *Several times*[2]. At this point, I'm not trusting them to get it right. Not if they can't figure out the software equivalent of an on/off-switch... [2] References: MSKB 967715 - The latest supposed fix. "This time for sure." MSKB 953252 - An earlier iteration of 967715, with different downloads offered. So what do the patches for 967715 do differently? The original Group Policy setting which supposed disables Autorun, apparently didn't actually disable Autorun, which is why MSFT had to release *two* patches to fix it. MSKB 155217 - How to disable autorun. But only for CD-ROM drives. It didn't work for USB drives. It also didn't disable modifying context menus or the default action (double-click). Has recently been removed from the website; I guess Big Brother Bill was embarrassed. But MSKB 172078 still mentions and links to it, in case you think I'm making this up. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
