Warning: Unknown “Thumbdrives” may be unsafe

Microsoft recently released notice of a new security problem with Windows. It’s concerning but we can take steps to avoid problems.

In summary, a bad guy can put specially-designed files onto a USB flash drive (some folks call them “Jumpdrives” or “thumbdrives”). This file can make a virus-like program run just by looking at the contents of the drive in Windows Explorer. This could also be made to work with CDs, DVDs, and files or folders downloaded to your hard drive.

Microsoft is currently working on an update that will fix this. However, it’s a good time to remember some basic rules about working with removable drives, etc:

  1. Don’t stick it in if you don’t know where it’s been. Our natural curiosity leads us to look at the contents of a “lost” drive. Maybe we want to try to determine its owner. Whatever your motivation, don’t.
  2. Don’t plug your USB drive into machines you don’t know,  or that may not be safe. Infections can spread rapidly to all of the machines that you use.
  3. Label your portable drives with a name, e-mail address, and phone number. Language like “Reward for Return” can help a lost drive find its way home if you’re willing to pay a few bucks. Also consider a service like StuffBak, IMHonest, or BoomerangIT for “lost stuff return.”
  4. Automatic scanning when a device is found. While a virus scan won’t find every form of malware it’s better than nothing.
  5. Limit your use of portable drives. Use your Small Business Server or Windows Home Server for file sharing and storage. Also consider services like SkyDrive, Box.net, and JungleDisk for online storage and backup of your files.

Bottom line: Don’t plug in that thumbdrive that you found in the parking lot.

Advertisements
Post a comment or leave a trackback: Trackback URL.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: