Anti-virus software critical, says Whitech

Reports over the past week that Fujifilm kiosks in Big W stores have infected customers’ USB drives with the Conficker B virus provide an opportunity to look more broadly at the issue of kiosk software security.

According to Whitech managing director, Steve Delnawaz (pictured right), it’s a case of ‘when’ rather than ‘if’ unless basic PC housekeeping procedures are adhered to: ‘All PCs (including kiosks) need to have their Windows Auto Update and antivirus virus definition updates enabled, or they will eventually be infected with “a” virus,’ he told Photo Counter. Obviously, this requires kiosks to be online.

All kiosks should have anti-virus software installed, he explained, and most anti-virus solutions will protect against common viruses.

‘Obviously the better brands like Norton, MicroTrend or Macfee will have a solution to any new virus a day or two ahead of the rest,’ he said.

‘Worth paying a couple of hundred extra per machine? Tough to say but probably, given it’s a business tool.’

He continued: ‘Windows itself offers many free security tools that can block what their weak OS allows in to begin with! In this particular case [the Conficker virus] almost all Windows PCs can be affected if they didn’t have the relevant Windows patch.

‘The virus bypasses the ‘Disabled Media Auto-run’ setting of Windows when using the USB drives. Microsoft has a patch for this security hole.’

But what about a virus moving beyond a single kiosk and infecting the store’s network?

‘The virus can affect the local network that it’s in direct contact with, provided the network security and passwords are weak. Otherwise it is contained to the local machine and any USB drive inserted.’

He said that there was ‘no chance’ of a virus affecting the Whitech or Photo Create network, as it goes through the Whitech system initially which is very secure and closely managed, and the Photo Create network is also sophisticated and secure.

‘Putting that aside, we transfer triple encrypted files and if any virus attached itself to the file, it would become unusable as it would fail the decryption security check-sum and would trigger a request to re-transmit.

‘After three failed attempts our Admin would then be alerted to act. So far we haven’t seen any alerts.’

He said that Whitech has provided instructions to its customers on how to remove the Conficker virus and links to the free Windows toolkit. In addition Whitech will provide hands-on support if required.

‘But so far we are unaware of any customers affected,’ he added.

While Big W’s kiosks run Whitech software, the direct customer relationship is with Fujifilm.

‘You will need to speak with Fujifilm in relation to the virus issue detected on some Big W kiosks as Whitech is unaware of the arrangement in place between Big W and Fujifilm,’ he explained.

Fujifilm is reported to be working towards a solution with Big W. Surprisingly, it appears that the 1800 kiosks in Big W stores have been operating without robust antivirus software, with a Big W spokesperson anticipating a roll-out commencing ‘in the next few months’. Reports of infections from Big W kiosks stretch back to at least September, 2009, according to website comments, but the issue has only attracted publicity over the last week.

There are no obvious alerts or instructions on how to protect against viral infections on Fujifilm’s dedicated retailer website, http://www.frontierlive.com.au.

Peter Michael, managing director of Michael’s CVD in Elizabeth Street Melbourne said that Michaels had also experienced virus infections on its Fujifilm kiosks, but had no trouble since installing (AVG) anti-virus software.

Cleaning up Conficker

Steve Delnawaz helpfully provided Photo Counter with detailed instructions on how to check for and remove the Conficker virus. These instructions apply to any kiosk running on Windows, not only kiosks running Whitech software:
– Ensure Windows is fully updated to fix the MS08-067 vulnerability that the Conficker family of worms uses to spread.
– Ensure that all removable storage devices are scanned after being connected to a computer infected with the Conficker family of worms.
– Ensure HIPS and buffer overflow prevention are both turned on and that ‘Alert Only’ mode is turned off.
– Ensure the on-access scanner is turned on and that ‘On Write’ scanning is enabled.
– If W32/ConfikMem-B is detected on the computer, clean up this item first, and then immediately run another full scan. Cleaning up W32/ConfikMem-B removes the worm from memory and allows Sophos Anti-Virus to scan files that may have been locked by the virus while it was running.
– If a full scan reports unscannable files and W32/ConfikMem-B is not found in memory, ensure the on-access scanner is enabled and the virus data is up-to-date, reboot the computer and immediately perform another full scan. This causes the on-access scanner to prevent the Conficker worm from loading as a service, and should unlock those files so they can be scanned.
– After cleaning up an active infection of the Conficker worm, a reboot may be required.

Useful sites:

Microsoft Malware Protection Centre: Information on this virus and links to patch the Windows vulnerability:
http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Win32/Conficker

A free standalone tool to remove the virus can be downloaded from:
http://www.sophos.com/products/free-tools/conficker-removal-tool.html

For a more detailed guide to cleaning up a Conficker infection on a Windows network, refer to the Sophos knowledge base article:
http://www.sophos.com/support/knowledgebase/article/51169.html>


Leave a Reply

Your email address will not be published. Required fields are marked *

Recent Related Posts