backtop


Print 83 comment(s) - last by AntDX316.. on Aug 28 at 1:58 AM


  (Source: travelbrook.com)
Report links flash drive to Flight 5022

A corrupted USB stick contributed to Spain's worst air disaster on record, according to a 12,000-page report cited by the Spanish newspaper El Pais and USA Today.

It was initially believed that the crash of Flight 5022 that killed 154 people in 2008 was the result of pilot error, but investigators have now concluded that a computer infection spread through an infected USB stick may have contributed to the crash. 

Investigators speculate that trojan malware may have slowed down system alerts at the airline's headquarters which could have canceled or delayed the doomed flight. The report indicates that the computer failed to detect three problems (including one issue with the airplane's wing flaps being in the incorrect position for takeoff) in a fail-safe monitoring system and that those problems were brought on by a malicious program that came from the USB thumb drive. 

Spanair has been ordered by a judge to provide all of the company's computer logs from the days before and after the crash.  A final report from crash investigators is expected by December.

One expert warns that with continued use of flash drives and other third party devices in systems like these, this type of tragedy could happen again.

Senior manager of security research at Arbor Networks, Jose Nazario, said that many USB thumb drive attacks take advantage of security weaknesses in Windows auto run, a basic component built into the Windows operating system.

"Think about how many USB sticks you have. You're probably under counting. Everyone does," said Nazario.  "Now think about how many sticks in the past month your laptop has used, and think about how many other systems you have used your USB sticks on. This is like those classic HIV commercials, where you're with everyone that person has been with before."

 





Comments     Threshold


This article is over a month old, voting and posting comments is disabled

First Question
By SnakeBlitzken on 8/23/2010 4:23:47 PM , Rating: 5
There's no anti-virus/malware on flight computers? I wonder what part of the story we're missing?




RE: First Question
By Drag0nFire on 8/23/2010 4:31:52 PM , Rating: 5
Better yet, why on earth would you plug a USB drive into a flight computer?!

And why would a flight computer that accepts USB drives run an OS that is susceptible to a common Trojan?!


RE: First Question
By omnicronx on 8/23/2010 5:14:09 PM , Rating: 3
Better yet, why on earth is a flight system of any kind windows driven?????

Even if you were using Windows, there absolutely no reason why these systems should not have been locked down beyond belief (i.e the system should be on the domain and the user should only have enough privilages to open the program he needs to due his work duties, attacks that stem from things such as auto start of USB drives should be completely useless in this kind of environment) . There is absolutely no reason that these systems should be used for anything but air flight control.

Systems like these should be proprietary PERIOD. I'm sorry but no consumer OS of any kind should ever be used in such a system. I don't care how good its security is.


RE: First Question
By nangryo on 8/23/2010 5:50:25 PM , Rating: 4
Even if it was under domain, if those malware/virus is using windows vulnerability/bug it still by pass those restriction.

So I must agree that this kind of thing should use custom/propietary system.


RE: First Question
By omnicronx on 8/23/2010 6:12:57 PM , Rating: 3
quote:
Even if it was under domain, if those malware/virus is using windows vulnerability/bug it still by pass those restriction.
Oh for sure, but the article specifically mentions USB auto start as the possible culprit, and this sort of thing can't happen if its disabled. Someone would have to manually open/do something with the USB stick.

Still agree though, even if it is locked down, Windows is hardly a good fit for such a system such as this.


RE: First Question
By chick0n on 8/24/2010 10:01:38 AM , Rating: 3
Thats because most stupid "so called IT administrators" don't know wtf they're doing. They just can't lock the computers down for shit.

I use Windows server for all my servers, anybody can bring any Cd/USB/drive/whatever and try to see if any of the USB port would run anything. It won't. and all the workstation computers I secured it so tight that they can run any USB device they want, the virus will not have access to anything.

Anybody can be an "IT administrator", but my question is how many of them are actually good at it.


RE: First Question
By Chocobollz on 8/25/10, Rating: 0
RE: First Question
By GoodBytes on 8/23/2010 8:36:27 PM , Rating: 2
I have a feeling they were using Windows XP to make things worse.


RE: First Question
By Belard on 8/24/10, Rating: -1
RE: First Question
By XZerg on 8/24/10, Rating: 0
RE: First Question
By seamonkey79 on 8/24/2010 9:34:01 AM , Rating: 2
I have a feeling that most people will just run into something when their brakes fail and all they have left is a handbrake, or something of the like... airplanes should have more capable controls than that, though.


RE: First Question
By MrFord on 8/24/2010 4:09:58 PM , Rating: 2
The main crash cause was attempting takeoff without flaps. It is doable, but you most likely will end up running out of runway or exceed rated tire speed limit.

In that case, they tried to rotate at the calculated Vr for a properly configured take-off and ended up stalling as soon as they lost ground effect.

The whole malware on the computer thing is just a monitoring computer for dispatch that would've alerted them that something wasn't normal with the plane at that point, and with the previous 2 aborted take-off, it would've raised a flag.

But in any case, malware or not, take-off with no flaps was pretty much impossible. There is a Take-off configuration warning that i supposed to sound in the cockpit when something like this happens, maybe the breaker was pulled?


RE: First Question
By leexgx on 8/25/2010 7:45:49 PM , Rating: 2
quote:
but in any case, malware or not, take-off with no flaps was pretty much impossible. There is a Take-off configuration warning that i supposed to sound in the cockpit when something like this happens, maybe the breaker was pulled?


but the computer most likely issued that warning, computer fail no warning


RE: First Question
By leexgx on 8/25/2010 7:49:06 PM , Rating: 2
ok its DT been gay with its Wording again of the article, Virus was not on the plane was in the monitoring systems


RE: First Question
By drycrust3 on 8/27/2010 5:11:47 PM , Rating: 2
From the sounds of it, it sounds like the plane's avionics required computers that weren't on the plane to do anything. Maybe the problem wasn't so much the virus but the link between the computers and the plane.


RE: First Question
By AntDX316 on 8/28/2010 1:58:51 AM , Rating: 2
it's like playing on a computer game online where you have hacks and scripts to run, once admins and the game developers see what is happening, they implement measures to prevent and deny hacks from using the same method, games and operating systems rn't designed to think out what loopholes could happen until they happen, it's like learning new advanced math in school when you only know kindergarten math then you find out you can make fomulas and other things with advanced math like calculus, once u learn calculus u know how to fix and what is wrong because u know how it works, until then u cannot fix it or make preventive measures unless u have people on the job to create problems and find ways to fix but that cost money and the government won't spend unless its absolutely necessary, they will just say don't plug USB things into the computer if they do and they r caught on camera they will be jailed


RE: First Question
By MrFord on 8/24/2010 4:10:34 PM , Rating: 2
The main crash cause was attempting takeoff without flaps. It is doable, but you most likely will end up running out of runway or exceed rated tire speed limit.

In that case, they tried to rotate at the calculated Vr for a properly configured take-off and ended up stalling as soon as they lost ground effect.

The whole malware on the computer thing is just a monitoring computer for dispatch that would've alerted them that something wasn't normal with the plane at that point, and with the previous 2 aborted take-off, it would've raised a flag.

But in any case, malware or not, take-off with no flaps was pretty much impossible. There is a Take-off configuration warning that i supposed to sound in the cockpit when something like this happens, maybe the breaker was pulled?


RE: First Question
By cjc1103 on 8/26/2010 8:43:26 AM , Rating: 2
It was pilot error, attempting a takeoff without flaps. The Takeoff Warning System (TOWS) is supposed to sound a warning if the throttles are advanced for takeoff without the flaps extended, but it was malfunctioning. Ed Bott over at ZDNet has an exhaustive report on what went wrong - it has nothing to do with a virus on a flight computer, the airplane in question is not even controlled by a computer, it's all cables and hydraulics.
http://www.zdnet.com/blog/bott/fact-check-malware-...


RE: First Question
By Etern205 on 8/23/2010 5:46:24 PM , Rating: 1
Better yet does onboard flight computers even have any USB ports?

Also USB flash drive should have a hardware write protect switch (like them SD cards)to prevent malware from affecting the flash drive. Some of them old drive have it, don't know why the new ones doesn't.


RE: First Question
By Belard on 8/24/2010 5:21:52 AM , Rating: 3
Ya know... if you read the article, you'd know they were NOT talking about the onboard flight computer - but the central servers/workstation that monitor the planes's health.

Like when the AIR France that went down over the Atlantic, all dead and no "black box" recovered because the plane went down in basically an under-water mountain range. That Plane was reporting its basic info and errors over the air-waves.

Science and tech is fun this way. Its not magic.


RE: First Question
By Funksultan on 8/24/2010 8:29:44 AM , Rating: 5
LoL, don't bother Belard. I think more people are interested in venting rage, wrong or right, rather than actually READING THE ARTICLE.

(perhaps the issue is people are better at venting than reading)

"USB stick" "Plane" "Crash"

ZOMG ZOMG ZOMG!! WHY THE HELL WAS THE PILOT TRYING TO STEER THE PLANE WITH A USB STICK?!? WHY DIDN'T HE USE HIS HANDS!?!1?!ONE!ONEONE

At least it's entertaining...


RE: First Question
By flatrock on 8/24/2010 1:05:42 PM , Rating: 2
From the article:

Investigators speculate that trojan malware may have slowed down system alerts at the airline's headquarters which could have canceled or delayed the doomed flight.

The trojan wasn't on a flight computer. It wasn't on the plane at all. It was apparently on a computer used to analyze data gathered about their planes and look for potential problems.

Why someone inserted a USB stick into those computers is an equally good reason. I think the point being made is that if these other computers play such an important role they need to limit how those systems are accessed and make sure not to use infected media.

For a flight critical system you need to use a DO178B complian OS such as Green Hills Integrity. This system wasn't really flight critical, so using Windows may not be inappropriate if proper security measures are in place and followed. The hardest part is getting people to actually follow security proceedures.


RE: First Question
By Cheesew1z69 on 8/23/2010 4:32:01 PM , Rating: 3
I would begin with more of this question, why in the hell is anyone allowed to plug in a USB stick in the first place. Most companies have policies against this type of thing specifically for this reason.


RE: First Question
By Lerianis on 8/24/2010 1:06:27 PM , Rating: 2
A lot of companies are having to back off those policies, because of the people who work on these things needing a USB drive or something similar to transfer data.


RE: First Question
By Cheesew1z69 on 8/24/2010 1:09:50 PM , Rating: 2
Then they need to provide a way for that specific user that access, not everyone. And most companies aren't backing off that policy as it's a disaster waiting to happen as we have seen here. And not everyone needs USB access to do their job.


RE: First Question
By funkyd99 on 8/23/2010 4:32:59 PM , Rating: 3
And since when do flight computers run Windows and have USB connectivity? I'm thinking there is a huge part of the story that we're missing...


RE: First Question
By mjcutri on 8/23/2010 4:35:01 PM , Rating: 5
Misleading headlines once again from Dailytech. This had nothing to do with the aircraft flight computers.
From the USA Today Article:
quote:
The report says a malicious program precipitated failures in a fail-safe monitoring system at the airline's headquarters in Palma de Mallorca. The system was slow in sending out alerts that might have led to delaying or canceling the departure.


So a USB drive infected a DESKTOP computer in the airline's headquarters that slowed down alerts that may have delayed/stopped that flight from departing. It didn't actually have anything to do with the plane crash itself.


RE: First Question
By Cheesew1z69 on 8/23/2010 4:37:20 PM , Rating: 2
Regardless, there should have been a policy against employees using USB sticks at work. I almost guarantee after this, there will be no such thing allowed.


RE: First Question
By Reclaimer77 on 8/23/2010 6:43:16 PM , Rating: 2
Policies don't mean someone still wont do it. Look at all the policies and rules that were ignored/broken leading up to the BP oil spill.

The system is flawed imo, not the policies.


RE: First Question
By flatrock on 8/24/2010 1:13:48 PM , Rating: 2
Getting people to follow policies is much harder than making them. Even if you have such a policy, there is a need to move data onto computer systems, even if it is only for a software update.

Auto-run viruses can also be transferred by CD or USB Hard Drive. You can scan the media, but there is often a lag between when a vulnerability is discovered and when there is a anti-virus signature added to detect it. Some times it can be a pretty long lag if the person discovering the vulnerability is more interested in exploiting it than notifying someone who will fix it.


RE: First Question
By funkyd99 on 8/23/2010 4:52:28 PM , Rating: 1
Also, the logged errors had nothing to do with vital systems in the plane... they noted a temperate sensor not required for the flight was inoperative. The pilot didn't know the sensor was inoperative and was going to turn back to the airport to land.


RE: First Question
By funkyd99 on 8/23/2010 5:07:03 PM , Rating: 2
Annnd the article is edited to include more information, making all of our bitching irrelevant.


RE: First Question
By MrTeal on 8/23/2010 4:39:50 PM , Rating: 5
The malware wasn't on the flight computer, it was on the airline's central computer. The crash itself was caused by the plane taking off in an incorrect configuration with the flaps and slats retracted. It was the fault of the pilot and copilot. The malware just prevented the airline HQ from detecting the problem and stopping the flight.

And just to clarify and lift a quote from XKCD, if you need anti-virus on your flight computer "you're doing it wrong"


RE: First Question
By PrinceGaz on 8/23/2010 9:29:04 PM , Rating: 1
That's quite correct.

Of course things have moved on from then and you'd probably be safer today on a plane with a "pilot" which was actually a triple-parallel system each running under Windows 7 which flew the plane provided two of the three agreed, with a trained human pilot on standby should the computers be unable to come to a majority decision or should automated landing guidance be unavailable.

Who would you trust most to fly your plane? A human pilot who may be distracted by personal issues, or three PCs running Windows 7?


RE: First Question
By robinthakur on 8/24/2010 6:59:35 AM , Rating: 2
Whilst I like Windows 7 on my desktop, there's no way in hell I would trust my life to even 3 seperate computers running it. I would bet you anything that if it became known that a Microsoft OS was basically flying your plane, nobody would want to fly anymore...


RE: First Question
By GotDiesel on 8/24/2010 11:48:20 AM , Rating: 2
The pilot of course..


36 sticks!
By Iaiken on 8/23/2010 4:34:52 PM , Rating: 5
Every time I kiss my computer I am going to taste 36 other USB sticks!




RE: 36 sticks!
By RedemptionAD on 8/23/2010 5:13:20 PM , Rating: 3
In a row?


RE: 36 sticks!
By chagrinnin on 8/23/2010 5:31:08 PM , Rating: 2
Yeahhhh,...I'm probably gonna stop sucking on my USB too. Maybe buy a virgin. :P


mission critical OS
By jconan on 8/23/2010 6:52:59 PM , Rating: 1
If airplanes rely on mission critical OS, why are they running Windows? More so is the version of Windows a Mission Critical version otherwise this incident would never have happened.




RE: mission critical OS
By GreenEnvt on 8/24/2010 8:29:34 AM , Rating: 2
The Dailytech staff got this article quite overhyped and inaccurate.

The infected computer was a computer on the ground at the airlines office. If a plane had the same failure reproted X times in Y days, it would send an alert that would get the plane pulled from service for maintenance. This plane did have the same issue a few times, a sensor overheating. The sensor had absolutely nothing to do with the crash though. The sensor has a backup, which was working fine.

The crash itself was caused by the pilots forgetting to extend the flaps on take off, which means the plane couldn't take off a the normal speed.

The physical plane in use really didn't matter in this crash. The issue was the pilots getting distracted during their checklist which caused them to not set the flaps.


RE: mission critical OS
By GotDiesel on 8/24/2010 11:55:10 AM , Rating: 3
Aircraft flight systems use a proprietary FAA validated OS, build with validated tools.. as stated above, the plane was not compromised.. it was the ground system.
Windows is not and never will be a mission critical OS.. it was designed from the ground up ( no pun intended ).. to be a desktop OS. you would have to be a total moron to put Windows or Linux in control of any vehicle in a public place.


RE: mission critical OS
By Justin Time on 8/25/2010 9:35:12 PM , Rating: 2
Exactly, Windows is not used on flight systems (nor would Linux be used).

Furthermore, MS don't even warrant or approve Windows for this type of application or any real-time scenario.

To quote MS KB-22523: In no sense can Microsoft Windows be considered a "real-time" system. It is a message-driven, event-polling system, with nonpreemptive scheduling.


RE: mission critical OS
By Justin Time on 8/25/2010 9:44:19 PM , Rating: 2
Note: Obviously this refers to 16-bit versions and the nonpreemptive scheduler bit doesn't apply to the NT family, but the messaging and event handling systems are still the main reason it's not a real-time O/S.


12,000 Page Report
By KIAman on 8/23/2010 5:08:23 PM , Rating: 2
Holy mother of God, did they type the report in 60 pt font?!?




RE: 12,000 Page Report
By IcePickFreak on 8/24/2010 7:22:39 AM , Rating: 2
Sounds like it's a Spanish government investigation, government workers are masters of job security. The majority of it is probably systems operations that they copy/pasted from technical manuals.


RE: 12,000 Page Report
By whiteyd on 8/24/2010 11:37:12 AM , Rating: 3
Maybe it was a Spanish Inquisition, noone expects those


RE: 12,000 Page Report
By borismkv on 8/25/2010 6:50:48 PM , Rating: 2
Nah. Like any government document, it's 6000 pages of Explanation about what each section has, 2000 pages of Acronym definitions, 500 pages of actual information, and 4500 pages of lorem ipsum.


By DougF on 8/24/2010 8:35:04 AM , Rating: 5
quote:
The report indicates that the computer failed to detect three problems (including one issue with the airplane's wing flaps being in the incorrect position for takeoff) in a fail-safe monitoring system and that those problems were brought on by a malicious program that came from the USB thumb drive.


Wrong again. I've read the report and it CLEARLY states that the aircrew had the aircraft in "flight" mode, where the weight on wheels (WOW) switch is overridden in the cockpit. Normally, this is used for ground maintenance troubleshooting, and is NOT an approved part of pre-flight switchology. With the WOW switch in "flight" mode, the temperature probe registered a fault, which was then turned off as it is redundant for flight. With the aircraft in "flight" mode, there would have been NO warning or error logged as part of the takeoff process, as the aircraft already thinks it's in flight. The "problem" is that the aircrew was monkeying around with switches and put themselves and the passengers in grave danger.

The aircrew successfully defeated THREE SAFTEY PROCEDURES: 1) They had the WOW in "flight" mode for takeoff; 2) The aircrew said, but did NOT check the indication for flaps/slats in the cockpit; and 3) The aircrew failed to conduct a MANDATORY visual inspection for the flaps/slats from the cockpit windows.
Those three safety violations killed the aircrew, the passengers, and destroyed the aircraft, NOT a virus on the airline's mainframe. The virus did affect the showing of multiple faults, but that had NOTHING to do with this accident. The enquiry is simply finding additional problems that need to be addressed, they are not saying the virus had anything to do with this crash.
C'mon read the report...




Windows?
By ChrisHF on 8/23/2010 4:35:06 PM , Rating: 1
The plane is running Windows?




RE: Windows?
By Azure Sky on 8/23/2010 4:37:50 PM , Rating: 2
no, but if its running linux you would have to worry about kernel panics if they replaced the blackbox with a new model :P


Vague article?
By jasonmicron on 8/23/2010 4:40:27 PM , Rating: 3
I can't tell if the writer of this article is doing this on purpose or is just rewriting what other news outlets have already posted. Is the system in question an AIRPORT system or an onboard system? If onboard, how did the flash drive get plugged into the plane? I'm no pilot and don't fly that much, but I'm fairly positive that planes don't have USB inputs.

If it was from an airport system, who's drive is it, what type of malware was it and - more importantly - why is the system not protected?




C'mon guys....
By Amiga500 on 8/23/2010 6:03:42 PM , Rating: 3
Don't you get someone else to proof read your articles?

Surely there is some kind of internal checking on the site before an article is put up?!?!

Even after multiple edits, many of the key sentences are still ambiguous.




Infected USB key
By MasterGladius on 8/23/2010 6:29:15 PM , Rating: 3
So that's why I keep crashing when I play Microsoft Flight Simulator!




USB Stick??
By bwave on 8/23/2010 6:49:52 PM , Rating: 1
Wow, the writer called a flash drive 3 different things in the same article: "usb stick", "flash drive", and "thumb drive", so which is it? I feel flash drive would be the most professional term and should have been used consistantly throughout the article. Flash drive is the only thing I hear anyone with common sense call them.

USB stick confuses the article by making it seem like there was a usb flight control stick in the cockpit. That or a stick toy that plugs into usb. This is really the first time I've EVER heard someone call a flash drive a USB stick!

Thumb drive is antiquated slang from what about 6+ years ago now.

Oh well, I'm going to go download some porn onto my usb thingie now.




RE: USB Stick??
By Chocobollz on 8/25/2010 4:23:03 AM , Rating: 2
I'd say "USB Thumb Flash Drive Stick" is the most professional term :D


Keep editing
By MrTeal on 8/23/2010 5:21:27 PM , Rating: 2
As you edit the article it's slowing becoming readable, but it still needs work.

quote:
The report indicates that the computer failed to detect three problems (including one issue with the airplane's wing flaps being in the incorrect position for takeoff) in a fail-safe monitoring system and that those problems were brought on by a malicious program that came from the USB thumb drive.


Come on, this clearly makes it sound like there was a specific program that caused the three problems, including the issue with the plane's wing flaps. That is completely different from every other media outlet that's reporting that infections from a USB stick simply delayed the warnings that would have caught the problems in time to save people. This was not a targeted attack. The USB key infection was not the primary cause of the crash. It was simply identified as a contributing factor.




Speaking of USB sticks
By corduroygt on 8/23/2010 5:47:47 PM , Rating: 2
It's been like 5 days since the PS3 Jailbreak USB stick surfaced, yet no news on DT?




By rcc on 8/23/2010 6:12:05 PM , Rating: 2
Shoot 'em all.

Seriously, yes I realize they should protect themselves better and have rules prohibiting the use of uncleared media etc. It's always good to protect yourself.

But, if they started shooting these guys when they found them, there would be a lot less new blood joining the club.

Or perhaps to steal a line from Starship Troopers (the book). Try cruel and unusual punishment. If it's not cruel or unusual, it's probably not going to accomplish much.

Yes, I know my comment is going to be unpopular, but I don't think I've ever received a -1, and it's about time. I think. Maybe.




Thank you
By buzznut on 8/24/2010 4:37:46 AM , Rating: 2
quote:
One expert warns that with continued use of flash drives and other third party devices in systems like these, this type of tragedy could happen again.


Was going to say something about "Captain Obvious", but I realized how un-original and crass that might sound.

How about, "Welll..DUH!" :)

I'm very glad they found an "expert" to explain this to a simpleton like me.




Windows? LOL
By ResStellarum on 8/25/2010 10:41:44 AM , Rating: 2
Anyone using windows for a critical system is simply moronic, They don't call it the swiss cheese OS for nothing. They should be using a system designed with security in mind from the ground up, such as a hardened GNU/Linux distro. I really have no sympathy at all.




Take it down or change the text
By Dorkyman on 8/25/2010 9:19:11 PM , Rating: 2
It is now (25 August) quite clear that this article puts a very inaccurate spin on this accident. I suggest either taking it down or rewriting it.




By mikepers on 8/26/2010 1:31:27 PM , Rating: 2
Anyone involved in posting this article should be ashamed of themselves. It's a completely inaccurate and misleading headline that's spreading misinformation.

The official document does not mention any computer problem or virus:

http://www.fomento.es/NR/rdonlyres/C16570DE-B439-4...

The plane is an older model that doesn't even have much in the way of computers on it.

The cause of the crash was a combination of pilot error and mechanical failure. The pilot tried to take off with their flaps in the wrong position and the alarm to let them know that failed.

The source of all this was a crap news story that mentioned the airline had a virus on a computer in their main office and they tried to spin it as if it were relevant. However that had nothing to do with the tragic crash.

It's amazing that no one here checks any facts before posting these articles.




By walk2k on 8/23/2010 4:46:56 PM , Rating: 1
or the plane will crash LOL!




It's about time...
By masamasa on 8/23/2010 7:49:12 PM , Rating: 1
It's about time they find out who wrote that virus, if it did indeed cause the crash, and execute that f*****r on national TV.




Death Penalty
By bob11d50 on 8/24/2010 12:23:42 AM , Rating: 1
So why don't we use this to go after the people who do this stuff and go for the death penalty. This should deter some people from doing stupid stuff. Not all but at least some.




Rate articles
By mjcutri on 8/23/10, Rating: 0
Viruses?
By Argon18 on 8/23/10, Rating: -1
RE: Viruses?
By Robear on 8/23/2010 5:04:08 PM , Rating: 4
Every system needs an interface, and desktop computers are predominantly windows. These systems must be connected to server systems, and as long as they're connected they are vulnerable. Although I agree that systems connected to mission-critical services should be better protected, it's not uncommon for desktop systems to have USB enabled. It's hard to tell how this proliferated through the system, but with security it's always the weakest link, and we just don't know where that link was.

The virus "Slowed" this system, and the system could have been Linux or Windows. For all we know it was the anti-virus that slowed the system. It could have been another number of things, such as a virus in a remote subnet that managed to perform some sort of DoS attack on the internal network, slowing down network traffic.

Speaking to Windows Versus Linux, there are advantages and disadvantages to both. I doubt you're qualified to tell them which they should use for their server OS.


RE: Viruses?
By Argon18 on 8/23/10, Rating: -1
RE: Viruses?
By Robear on 8/24/2010 2:11:10 AM , Rating: 5
1) Unix died with SCO in '05. There's no such thing as a "Commercial Unix Workstation"
2) Windows is not the "only OS that is susceptible [to viruses]". That's absurd. Every OS is, and I'm not sure in what way Windows "provokes" viruses, but I can assure you Linux has had and will continue to have various vulnerabilities from any connected device, be it USB or LAN. It is the nature of software.

Windows is the primary target for viruses because it is the most popular. If and when Linux becomes the desktop OS of-choice, then the majority of viruses will target that. The number of viruses that exist for windows reflects its popularity: not its security.

This is similar to Apple computers. As one security expert put it, everyone believes Mac to be protected by this "anti-virus pixy dust," but it's actually far more vulnerable than windows 7. It's security through obscurity. Apples-to-apples *pun*, the open-source nature of Linux actually makes it more susceptible to attack.

At any rate, as others have already pointed out, it sounds more like a software failure blamed on a virus, anyway.


RE: Viruses?
By themaster08 on 8/24/2010 5:00:16 AM , Rating: 3
I agree with your post entirely, but you're wasting your time. We have a new Mac nut in the house.

Even with a UNIX Workstation, it would still need to be locked down to the hilt in order to maintain its security. The problem isn't the OS (although you would presume that an airline would be using its own bespoke OS and software), it's the incompetence of their I.T staff.

It's not just us at DT or other technology related forums that claim Apple's security comes from obscurity. Most security professionals and hackers also agree with that sentiment. To proclaim that Windows is most vulnerable just goes to show how little this guy knows about operating systems and security.


RE: Viruses?
By robinthakur on 8/24/2010 7:19:21 AM , Rating: 3
I wouldn't say this has anything to do with Macs, nor did the poster mention them, so let's stay on subject. You lock down systems when they are used for mission critical environments such as these, whatever the operating system is. If either their company policy or system policy permitted the use of memory sticks, in flight checking systems this is corporate manslaughter.

You correctly asert that Windows is the most targeted system for malware and still has several rather huge vulnerabilities including the autorun one (at the time of the crash in 2008) but at the end of the day, any system is vulnerable if you can get a process to run as root, which is in theory restricted in both Windows, Linux and the MacOS. The higher rate of infection of Windows computers versus Linux is also because (generally) the average Linux users know more about their OS by necessity than the average Windows users though there are exceptions ;-) [Disclaimer, I use Windows 7 and Mac OS at home]


RE: Viruses?
By Chocobollz on 8/25/2010 4:34:43 AM , Rating: 2
If changing the OS is something that will remove let's say, 50% of all security issues, then why wouldn't we do it?


umm
By Azure Sky on 8/23/10, Rating: -1
RE: umm
By Wiggy Mcshades on 8/23/2010 4:59:35 PM , Rating: 2
new malware and trojans take time to get picked up by the companies that make anti-virus software and then even longer before they send out an updated scan definition for their software. They could of had every anti-virus software on earth going on that computer, but if the software from the usb stick was something new it wouldn't of mattered. Also you could be running the best hardware around and a well written virus can bring it to a complete halt.


RE: umm
By wiz220 on 8/23/2010 5:08:13 PM , Rating: 4
quote:
also if the computers so slow that a single virus causes a huge slowdown, I think its time to upgrade


Funny you should mention that. IMO, many AV programs slow down PC's more than most malicious software :p


RE: umm
By rcc on 8/23/2010 6:03:17 PM , Rating: 2
No surprise. Same programmers, same crap code. : )


RE: umm
By omnicronx on 8/23/2010 6:16:37 PM , Rating: 5
MSE is actually quite efficient and has the lower memory footprint than any AV software I've seen in a while (lower than Norton, McAfee, AVG, Trend Micro, you name it). Its pretty much transparent to the user. Heck I don't think i've ever even seen it use more than 10MB of memory and it normally idles at around 2MB.

Really have to hand it to MS on this one ;)


Windows?
By djbe on 8/23/10, Rating: -1
RE: Windows?
By djbe on 8/23/2010 4:40:10 PM , Rating: 2
Nvm, appearently it was some computer on the ground that was sending alerts, not some on board computer of the plane.


By Robear on 8/23/2010 5:21:03 PM , Rating: 2
Many "life-critical" systems run on windows. You'd be surprised how much health-care hardware runs on windows CE.


"Nowadays you can buy a CPU cheaper than the CPU fan." -- Unnamed AMD executive













botimage
Copyright 2015 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki