Brian Krebs from The Washington Post has been advising the average Windows user on various things. A while ago, people started asking him if they could trust a Service Pack for the .Net framework. While you probably are well aware about .Net, what it is and what it does, many people are not. So Brian took it upon himself to test the SP and after some time gave it a go.

However, it seems now that when installing this update, Microsoft is so friendly to add their own add-on for FireFox. While it is nice to see that MS is acknowledging FF as a major player in the browser world, it is not the normal way to install add-ons. One of the great features of FF has always been it extendability, but moreover the choice what & when to extend it.

No big deal right? Let’s just go and remove this unwanted extension. Right, this would work with any other developer, but we are dealing with Microsoft, which means the ‘Uninstall’ button is disabled, and removing the add-on is only possible through some obscure registry hacks, with which you don’t only risk in breaking the good operation of your favorite browser, but also your whole OS when you don’t really know what you’re doing.

Nobody really knows how this add-on behaves, but personally I don’t like this situation at all. Like Brian says in his article, it makes you wonder what else Microsoft’s installs behind your back… Maybe calling this malware is a bit over the top, but nevertheless I’m going to tag this post with it, since such behaviour is typical for malware, and it’s not because it’s coming from MS that we should keep one eye closed.

It’s already bad enough the Redmond company does not seem to be able to create a decent browser of their own, but now they seem to have to mess up the work of others as well. I for one am not very happy with this. In fact this makes me going to avoid Microsoft software even more than before, and I hope the same for you as well… Remember, it’s for your own good .

Downadup is one of the nastiest worms I’ve seen in my professional history. Having quite the amount of hands-on experience with it myself, I can say that I haven’t seen such a persistent one before. And I’m not alone… F-Secure reported Friday in a blog-post that they estimate the number of affected machines to be over 8 million. EIGHT MILLION!!! My god…

So what happened? Well the worm seems to be detected first late September, using a flaw in one of Windows’ services which allowed it to brute-force account passwords it spread rapidly. Once successful, it starts spreading itself through network shares, USB-sticks and other computers affected by the same security hole. Late October, Microsoft released an emergency patch to fix the hole, but a lot of machines still remain unpatched, thus very vulnerable.

A lot of corporate networks got infected as the worm spread havoc using the exploit. It locked users out of their accounts by keeping on guessing the password. Once on the machine, it starts securing the places it uses by removing all access rights to parts of the file system and registry, making it very hard to remove. Once your network is infected, it feels like your efforts to wipe out the worm are like carrying water to the sea. Counter-measures like installing the MS-patch and updating your anti-virus solution do help, but seem to only slow down the spreading. Use of USB sticks should definitely be heavily restricted, or if possible be banned completely.

To make things worse, the worm in some cases renders the infected computer useless, using methods like stopping services or using excessive bandwidth. It’s ability to install third-party malware such as trojans and other viruses, which gives full control over the machine to the worm author(s), doesn’t help either.

I think we haven’t seen the last of this one yet. The biggest question I think is, if you ever get your network clean again, how can you be sure no remnants are left behind. After all, as with any virus or malware, can you ever be sure you are completely safe? I guess only time will tell…