Questions

april 1st virus

Tags:
+
0 Votes
Locked

april 1st virus

wolfsden515
please help me, i am a grandfather on disability raising three grandchildren. we have 4 computers and i am the only one that runs scans everyday. how do i protect these computers from this new virus. what i have running is avg free 8.5 and avira antivir personal and ccleaner.i also use mozilla firefox for my browser. i update at least 5 to 9 times a day. i can't afford to replace all of these computers with new motherboards and new hard drives all the time. is there anymore free anti-virus programs out there that i can get to help with this virus. i read tech republic everyday and certain ones i keep to reread. i am not an it person so some of the jargon used goes over my feeble brain.i would really like any help thrown my way. it would be greatly appreciated. thomas
  • +
    0 Votes
    Jacky Howe

    to have installed in case of an attack.

    Download Malwarebytes Anti-Malware, install it and update it.
    <a href="http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe" target="_blank"><u>Malwarebytes</u></a>

    Download Spybot - Search & Destroy and install it. Update it.
    <a href="http://www.safer-networking.org/en/download/index.html " target="_blank"><u>Spybot</u></a>

    +
    0 Votes
    Jacky Howe

    I might suggest that you have all of your Backups up to date just in case.

    http://blogs.techrepublic.com.com/security/?p=1218

    +
    0 Votes
    OH Smeg

    You should be perfectly OK with what you already have and provided that there is a working Internet Connection when you turn on the computers they will remain updated with the newest Possible Virus Definitions as both of the listed AV Products try to update whenever the computer that they are loaded on are turned on.

    You may like to use Malware Bytes as well because that is a very good utility it's available for a free download here though if you want to you can buy a copy from the same web site.

    http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?tag=mncol&cdlPid=11004434

    If you have any problems just ask and we'll try to help you is clear English terms.

    Col

    +
    0 Votes
    alan

    1. I recommend use of a Firewall.
    I use the free firewall from Comodo.
    It protects against incoming malware,
    and also protects against outgoing private data that has been harvested by anything that has got in (e.g. via USB Flash Drive).
    The standard Windows Firewall is weak against incoming, and does nothing to stop outgoing.
    2. You should NOT run more than one real-time antivirus product at a time, they may well conflict and ignore the real enemy.
    You may however do on-demand scans with different products at different times.
    3. Firefox is a good choice - safer than I.E.
    4. I use CCleaner to remove old junk from the disk - but it does NOT do anything to protect against malware.
    5. If your computers should suffer malware, there are many sites that give free help to remove it. The worst-case would be the need to re-install software, which can be a pain.
    I use Acronis which every week takes 6 minutes to make an image of my system to an external drive. If the system should be totally destroyed by a virus I can restore it back in 6 minutes.

    6. Whatever happens, there is no realistic danger that the motherboards and hard drives would need replacing.

    Regards
    Alan

    +
    0 Votes
    seanferd

    with Windows Update patches, you are fine.

    This isn't a new virus, it is Conficker/Downadup. It can only exploit an unpatched Windows machine.

    What is happening on April 1 has been happening all along- the virus will call home for instructions. Some people suspect that it may actually start doing malicious things on April 1, as it has done nothing so far.

    Again, if you have Windows up to date, you are not vulnerable to this. (You shouldn't have to replace hardware if the system becomes infected with something, anyway.)

    Edit:

    See also this post, about disabling autorun:
    http://techrepublic.com.com/5208-1009-0.html?forumID=101&threadID=305388&messageID=3046484

    This is important if the grandkids bring those little flash drives over and plug them into the computers, after plugging them into other computers which may be infected. This is also true with other viruses/malware.

    +
    0 Votes
    Slayer_

    So I'll try to remove your fears.

    The Conficker will only hurt you if your windows is not up-to-date.

    Both AVG and Avira have virus definitions for Conficker, so you are safe there. You do not require both virus scanners running at once, and infact I recommend against it. I am a personal fan of Avira, make sure to do full system scans at least once a week.

    I don't believe it is a browser vulnerability, using FF won't make any difference.

    Why are you replacing your computers motherboards and HDD's all the time? A well built motherboard should last at least 14 years and the average life expentancy of a HDD is 7 years? What does this have to do with viruses?

    +
    0 Votes
    The Scummy One

    it can only hurt you if not up to date statement.
    I have read on several places that, the patch only helps in some instances (like an infection from the Internet), however, it can still infect from flash drive or local network (network share). Note, the US-Cert even states to disable autorun


    US Cert sent this to me this morning, I include it because it gives a few links to test if you have it.

    National Cyber Alert System

    Technical Cyber Security Alert TA09-088A


    Conficker Worm Targets Microsoft Windows Systems

    Original release date: March 29, 2009
    Last revised: --
    Source: US-CERT


    Systems Affected

    * Microsoft Windows


    Overview

    US-CERT is aware of public reports indicating a widespread
    infection of the Conficker worm, which can infect a Microsoft
    Windows system from a thumb drive, a network share, or directly
    across a network if the host is not patched with MS08-067.


    I. Description

    The presence of a Conficker infection may be detected if a user is
    unable to surf to the following websites:

    * http://www.symantec.com/norton/theme.jsp?themeid=conficker_worm&inid=us_ghp_link_conficker_worm
    * http://www.mcafee.com

    If a user is unable to reach either of these websites, a Conficker
    infection may be indicated (the most current variant of Conficker
    interferes with queries for these sites, preventing a user from
    visiting them). If a Conficker infection is suspected, the
    infected system should be removed from the network. Major
    anti-virus vendors and Microsoft have released several free tools
    that can verify the presence of a Conficker infection and remove
    the worm. Instructions for manually removing a Conficker infection
    from a system have been published by Microsoft in
    http://support.microsoft.com/kb/962007.


    II. Impact

    A remote, unauthenticated attacker could execute arbitrary code on
    a vulnerable system.


    III. Solution

    US-CERT encourages users to prevent a Conficker infection by
    ensuring all systems have the MS08-067 patch (part of Security
    Update KB958644, which was published by Miscrosoft in October
    2008), disabling AutoRun functionality (see
    http://www.us-cert.gov/cas/techalerts/TA09-020A.html), and
    maintaining up-to-date anti-virus software.


    IV. References

    * Virus alert about the Win32/Conficker.B worm -
    <http://support.microsoft.com/kb/962007>

    * Microsoft Security Bulletin MS08-067 - Critical -
    <http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx>

    * Microsoft Windows Does Not Disable AutoRun Properly -
    <http://www.us-cert.gov/cas/techalerts/TA09-020A.html>

    * MS08-067: Vulnerability in Server service could allow remote code
    execution -
    <http://support.microsoft.com/kb/958644>

    * The Conficker Worm -
    <http://www.symantec.com/norton/theme.jsp?themeid=conficker_worm>

    * W32/Conficker.worm -
    <http://us.mcafee.com/root/campaign.asp?cid=54857>

    ____________________________________________________________________

    The most recent version of this document can be found at:

    <http://www.us-cert.gov/cas/techalerts/TA09-088A.html>
    ____________________________________________________________________

    Feedback can be directed to US-CERT Technical Staff. Please send
    email to <cert@cert.org> with "TA09-088A Feedback VU#827267" in
    the subject.
    ____________________________________________________________________

    For instructions on subscribing to or unsubscribing from this
    mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
    ____________________________________________________________________

    Produced 2009 by US-CERT, a government organization.

    Terms of use:

    <http://www.us-cert.gov/legal.html>

    +
    0 Votes
    Slayer_

    to disable autorun from flash drives and such?

    I remember cause there was a patch, then a week later another patch to actually do what the first patch was intended to do.

    I am curious how this virus resides on a flash drive. If the drive does not autorun, does this virus just appear as a file or something?

    +
    0 Votes
    The Scummy One

    it replicates to this the same way it replicates to a network share.

    I am not sure about an autorun patch, whenever I plug in a flash drive it asks me what I want to do, however, does it open the virus first?
    I am pretty sure that I do not have it, however, I am still going to double check with those websites later and turn my system off for a few days.
    I still got the linux machine working, so no problem with Internet or other things.

    +
    0 Votes
    Slayer_

    I mean, doesn't a virus have to plant itself somewhere where the OS will run it?


    If this is true, how does a virus use a network share to infect? Like I can picture how you place a file there, but how do you get the target OS to run it?

    +
    0 Votes
    seanferd

    there were still vulnerabilities exposed even after patching. Much complaining ensued.

    The Scummy One does have a very good point.

    +
    0 Votes

    You say you have AVG, so as long as it is up to date i would not worry too much about this Virus that is supposed to be roaming the internet. Bad things happen but they can be repaired or re-installed again. So chin up, as my dad says to me. There are more good things to think about instead of this so called virus. If you are still too concerned then pull the plug for the whole day on April 1st, that way you will have piece of mind. :)
    If not we will be here to help you out with any problems that you may have. :)

    +
    0 Votes
    Kenone

    You really should have at least a software firewall on each PC, a hardware firewall would be better. The MS patch is KB958644 and, yes autorun should be disabled. As for the grandkids I won't let mine on any machine that doesn't have Threatfire installed, I find that it's pretty good at blocking bad stuff before it downloads.

    +
    0 Votes
    OH Smeg

    You should be perfectly OK with what you already have and provided that there is a working Internet Connection when you turn on the computers they will remain updated with the newest Possible Virus Definitions as both of the listed AV Products try to update whenever the computer that they are loaded on are turned on.

    You may like to use Malware Bytes as well because that is a very good utility it's available for a free download here though if you want to you can buy a copy from the same web site.

    http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?tag=mncol&cdlPid=11004434

    If you have any problems just ask and we'll try to help you is clear English terms.

    Col

    +
    0 Votes
    alan

    1. I recommend use of a Firewall.
    I use the free firewall from Comodo.
    It protects against incoming malware,
    and also protects against outgoing private data that has been harvested by anything that has got in (e.g. via USB Flash Drive).
    The standard Windows Firewall is weak against incoming, and does nothing to stop outgoing.
    2. You should NOT run more than one real-time antivirus product at a time, they may well conflict and ignore the real enemy.
    You may however do on-demand scans with different products at different times.
    3. Firefox is a good choice - safer than I.E.
    4. I use CCleaner to remove old junk from the disk - but it does NOT do anything to protect against malware.
    5. If your computers should suffer malware, there are many sites that give free help to remove it. The worst-case would be the need to re-install software, which can be a pain.
    I use Acronis which every week takes 6 minutes to make an image of my system to an external drive. If the system should be totally destroyed by a virus I can restore it back in 6 minutes.

    6. Whatever happens, there is no realistic danger that the motherboards and hard drives would need replacing.

    Regards
    Alan

    +
    0 Votes
    seanferd

    with Windows Update patches, you are fine.

    This isn't a new virus, it is Conficker/Downadup. It can only exploit an unpatched Windows machine.

    What is happening on April 1 has been happening all along- the virus will call home for instructions. Some people suspect that it may actually start doing malicious things on April 1, as it has done nothing so far.

    Again, if you have Windows up to date, you are not vulnerable to this. (You shouldn't have to replace hardware if the system becomes infected with something, anyway.)

    Edit:

    See also this post, about disabling autorun:
    http://techrepublic.com.com/5208-1009-0.html?forumID=101&threadID=305388&messageID=3046484

    This is important if the grandkids bring those little flash drives over and plug them into the computers, after plugging them into other computers which may be infected. This is also true with other viruses/malware.

    +
    0 Votes
    Slayer_

    So I'll try to remove your fears.

    The Conficker will only hurt you if your windows is not up-to-date.

    Both AVG and Avira have virus definitions for Conficker, so you are safe there. You do not require both virus scanners running at once, and infact I recommend against it. I am a personal fan of Avira, make sure to do full system scans at least once a week.

    I don't believe it is a browser vulnerability, using FF won't make any difference.

    Why are you replacing your computers motherboards and HDD's all the time? A well built motherboard should last at least 14 years and the average life expentancy of a HDD is 7 years? What does this have to do with viruses?

    +
    0 Votes

    You say you have AVG, so as long as it is up to date i would not worry too much about this Virus that is supposed to be roaming the internet. Bad things happen but they can be repaired or re-installed again. So chin up, as my dad says to me. There are more good things to think about instead of this so called virus. If you are still too concerned then pull the plug for the whole day on April 1st, that way you will have piece of mind. :)
    If not we will be here to help you out with any problems that you may have. :)

    +
    0 Votes
    Kenone

    You really should have at least a software firewall on each PC, a hardware firewall would be better. The MS patch is KB958644 and, yes autorun should be disabled. As for the grandkids I won't let mine on any machine that doesn't have Threatfire installed, I find that it's pretty good at blocking bad stuff before it downloads.

  • +
    0 Votes
    Jacky Howe

    to have installed in case of an attack.

    Download Malwarebytes Anti-Malware, install it and update it.
    <a href="http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe" target="_blank"><u>Malwarebytes</u></a>

    Download Spybot - Search & Destroy and install it. Update it.
    <a href="http://www.safer-networking.org/en/download/index.html " target="_blank"><u>Spybot</u></a>

    +
    0 Votes
    Jacky Howe

    I might suggest that you have all of your Backups up to date just in case.

    http://blogs.techrepublic.com.com/security/?p=1218

    +
    0 Votes
    OH Smeg

    You should be perfectly OK with what you already have and provided that there is a working Internet Connection when you turn on the computers they will remain updated with the newest Possible Virus Definitions as both of the listed AV Products try to update whenever the computer that they are loaded on are turned on.

    You may like to use Malware Bytes as well because that is a very good utility it's available for a free download here though if you want to you can buy a copy from the same web site.

    http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?tag=mncol&cdlPid=11004434

    If you have any problems just ask and we'll try to help you is clear English terms.

    Col

    +
    0 Votes
    alan

    1. I recommend use of a Firewall.
    I use the free firewall from Comodo.
    It protects against incoming malware,
    and also protects against outgoing private data that has been harvested by anything that has got in (e.g. via USB Flash Drive).
    The standard Windows Firewall is weak against incoming, and does nothing to stop outgoing.
    2. You should NOT run more than one real-time antivirus product at a time, they may well conflict and ignore the real enemy.
    You may however do on-demand scans with different products at different times.
    3. Firefox is a good choice - safer than I.E.
    4. I use CCleaner to remove old junk from the disk - but it does NOT do anything to protect against malware.
    5. If your computers should suffer malware, there are many sites that give free help to remove it. The worst-case would be the need to re-install software, which can be a pain.
    I use Acronis which every week takes 6 minutes to make an image of my system to an external drive. If the system should be totally destroyed by a virus I can restore it back in 6 minutes.

    6. Whatever happens, there is no realistic danger that the motherboards and hard drives would need replacing.

    Regards
    Alan

    +
    0 Votes
    seanferd

    with Windows Update patches, you are fine.

    This isn't a new virus, it is Conficker/Downadup. It can only exploit an unpatched Windows machine.

    What is happening on April 1 has been happening all along- the virus will call home for instructions. Some people suspect that it may actually start doing malicious things on April 1, as it has done nothing so far.

    Again, if you have Windows up to date, you are not vulnerable to this. (You shouldn't have to replace hardware if the system becomes infected with something, anyway.)

    Edit:

    See also this post, about disabling autorun:
    http://techrepublic.com.com/5208-1009-0.html?forumID=101&threadID=305388&messageID=3046484

    This is important if the grandkids bring those little flash drives over and plug them into the computers, after plugging them into other computers which may be infected. This is also true with other viruses/malware.

    +
    0 Votes
    Slayer_

    So I'll try to remove your fears.

    The Conficker will only hurt you if your windows is not up-to-date.

    Both AVG and Avira have virus definitions for Conficker, so you are safe there. You do not require both virus scanners running at once, and infact I recommend against it. I am a personal fan of Avira, make sure to do full system scans at least once a week.

    I don't believe it is a browser vulnerability, using FF won't make any difference.

    Why are you replacing your computers motherboards and HDD's all the time? A well built motherboard should last at least 14 years and the average life expentancy of a HDD is 7 years? What does this have to do with viruses?

    +
    0 Votes
    The Scummy One

    it can only hurt you if not up to date statement.
    I have read on several places that, the patch only helps in some instances (like an infection from the Internet), however, it can still infect from flash drive or local network (network share). Note, the US-Cert even states to disable autorun


    US Cert sent this to me this morning, I include it because it gives a few links to test if you have it.

    National Cyber Alert System

    Technical Cyber Security Alert TA09-088A


    Conficker Worm Targets Microsoft Windows Systems

    Original release date: March 29, 2009
    Last revised: --
    Source: US-CERT


    Systems Affected

    * Microsoft Windows


    Overview

    US-CERT is aware of public reports indicating a widespread
    infection of the Conficker worm, which can infect a Microsoft
    Windows system from a thumb drive, a network share, or directly
    across a network if the host is not patched with MS08-067.


    I. Description

    The presence of a Conficker infection may be detected if a user is
    unable to surf to the following websites:

    * http://www.symantec.com/norton/theme.jsp?themeid=conficker_worm&inid=us_ghp_link_conficker_worm
    * http://www.mcafee.com

    If a user is unable to reach either of these websites, a Conficker
    infection may be indicated (the most current variant of Conficker
    interferes with queries for these sites, preventing a user from
    visiting them). If a Conficker infection is suspected, the
    infected system should be removed from the network. Major
    anti-virus vendors and Microsoft have released several free tools
    that can verify the presence of a Conficker infection and remove
    the worm. Instructions for manually removing a Conficker infection
    from a system have been published by Microsoft in
    http://support.microsoft.com/kb/962007.


    II. Impact

    A remote, unauthenticated attacker could execute arbitrary code on
    a vulnerable system.


    III. Solution

    US-CERT encourages users to prevent a Conficker infection by
    ensuring all systems have the MS08-067 patch (part of Security
    Update KB958644, which was published by Miscrosoft in October
    2008), disabling AutoRun functionality (see
    http://www.us-cert.gov/cas/techalerts/TA09-020A.html), and
    maintaining up-to-date anti-virus software.


    IV. References

    * Virus alert about the Win32/Conficker.B worm -
    <http://support.microsoft.com/kb/962007>

    * Microsoft Security Bulletin MS08-067 - Critical -
    <http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx>

    * Microsoft Windows Does Not Disable AutoRun Properly -
    <http://www.us-cert.gov/cas/techalerts/TA09-020A.html>

    * MS08-067: Vulnerability in Server service could allow remote code
    execution -
    <http://support.microsoft.com/kb/958644>

    * The Conficker Worm -
    <http://www.symantec.com/norton/theme.jsp?themeid=conficker_worm>

    * W32/Conficker.worm -
    <http://us.mcafee.com/root/campaign.asp?cid=54857>

    ____________________________________________________________________

    The most recent version of this document can be found at:

    <http://www.us-cert.gov/cas/techalerts/TA09-088A.html>
    ____________________________________________________________________

    Feedback can be directed to US-CERT Technical Staff. Please send
    email to <cert@cert.org> with "TA09-088A Feedback VU#827267" in
    the subject.
    ____________________________________________________________________

    For instructions on subscribing to or unsubscribing from this
    mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
    ____________________________________________________________________

    Produced 2009 by US-CERT, a government organization.

    Terms of use:

    <http://www.us-cert.gov/legal.html>

    +
    0 Votes
    Slayer_

    to disable autorun from flash drives and such?

    I remember cause there was a patch, then a week later another patch to actually do what the first patch was intended to do.

    I am curious how this virus resides on a flash drive. If the drive does not autorun, does this virus just appear as a file or something?

    +
    0 Votes
    The Scummy One

    it replicates to this the same way it replicates to a network share.

    I am not sure about an autorun patch, whenever I plug in a flash drive it asks me what I want to do, however, does it open the virus first?
    I am pretty sure that I do not have it, however, I am still going to double check with those websites later and turn my system off for a few days.
    I still got the linux machine working, so no problem with Internet or other things.

    +
    0 Votes
    Slayer_

    I mean, doesn't a virus have to plant itself somewhere where the OS will run it?


    If this is true, how does a virus use a network share to infect? Like I can picture how you place a file there, but how do you get the target OS to run it?

    +
    0 Votes
    seanferd

    there were still vulnerabilities exposed even after patching. Much complaining ensued.

    The Scummy One does have a very good point.

    +
    0 Votes

    You say you have AVG, so as long as it is up to date i would not worry too much about this Virus that is supposed to be roaming the internet. Bad things happen but they can be repaired or re-installed again. So chin up, as my dad says to me. There are more good things to think about instead of this so called virus. If you are still too concerned then pull the plug for the whole day on April 1st, that way you will have piece of mind. :)
    If not we will be here to help you out with any problems that you may have. :)

    +
    0 Votes
    Kenone

    You really should have at least a software firewall on each PC, a hardware firewall would be better. The MS patch is KB958644 and, yes autorun should be disabled. As for the grandkids I won't let mine on any machine that doesn't have Threatfire installed, I find that it's pretty good at blocking bad stuff before it downloads.

    +
    0 Votes
    OH Smeg

    You should be perfectly OK with what you already have and provided that there is a working Internet Connection when you turn on the computers they will remain updated with the newest Possible Virus Definitions as both of the listed AV Products try to update whenever the computer that they are loaded on are turned on.

    You may like to use Malware Bytes as well because that is a very good utility it's available for a free download here though if you want to you can buy a copy from the same web site.

    http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?tag=mncol&cdlPid=11004434

    If you have any problems just ask and we'll try to help you is clear English terms.

    Col

    +
    0 Votes
    alan

    1. I recommend use of a Firewall.
    I use the free firewall from Comodo.
    It protects against incoming malware,
    and also protects against outgoing private data that has been harvested by anything that has got in (e.g. via USB Flash Drive).
    The standard Windows Firewall is weak against incoming, and does nothing to stop outgoing.
    2. You should NOT run more than one real-time antivirus product at a time, they may well conflict and ignore the real enemy.
    You may however do on-demand scans with different products at different times.
    3. Firefox is a good choice - safer than I.E.
    4. I use CCleaner to remove old junk from the disk - but it does NOT do anything to protect against malware.
    5. If your computers should suffer malware, there are many sites that give free help to remove it. The worst-case would be the need to re-install software, which can be a pain.
    I use Acronis which every week takes 6 minutes to make an image of my system to an external drive. If the system should be totally destroyed by a virus I can restore it back in 6 minutes.

    6. Whatever happens, there is no realistic danger that the motherboards and hard drives would need replacing.

    Regards
    Alan

    +
    0 Votes
    seanferd

    with Windows Update patches, you are fine.

    This isn't a new virus, it is Conficker/Downadup. It can only exploit an unpatched Windows machine.

    What is happening on April 1 has been happening all along- the virus will call home for instructions. Some people suspect that it may actually start doing malicious things on April 1, as it has done nothing so far.

    Again, if you have Windows up to date, you are not vulnerable to this. (You shouldn't have to replace hardware if the system becomes infected with something, anyway.)

    Edit:

    See also this post, about disabling autorun:
    http://techrepublic.com.com/5208-1009-0.html?forumID=101&threadID=305388&messageID=3046484

    This is important if the grandkids bring those little flash drives over and plug them into the computers, after plugging them into other computers which may be infected. This is also true with other viruses/malware.

    +
    0 Votes
    Slayer_

    So I'll try to remove your fears.

    The Conficker will only hurt you if your windows is not up-to-date.

    Both AVG and Avira have virus definitions for Conficker, so you are safe there. You do not require both virus scanners running at once, and infact I recommend against it. I am a personal fan of Avira, make sure to do full system scans at least once a week.

    I don't believe it is a browser vulnerability, using FF won't make any difference.

    Why are you replacing your computers motherboards and HDD's all the time? A well built motherboard should last at least 14 years and the average life expentancy of a HDD is 7 years? What does this have to do with viruses?

    +
    0 Votes

    You say you have AVG, so as long as it is up to date i would not worry too much about this Virus that is supposed to be roaming the internet. Bad things happen but they can be repaired or re-installed again. So chin up, as my dad says to me. There are more good things to think about instead of this so called virus. If you are still too concerned then pull the plug for the whole day on April 1st, that way you will have piece of mind. :)
    If not we will be here to help you out with any problems that you may have. :)

    +
    0 Votes
    Kenone

    You really should have at least a software firewall on each PC, a hardware firewall would be better. The MS patch is KB958644 and, yes autorun should be disabled. As for the grandkids I won't let mine on any machine that doesn't have Threatfire installed, I find that it's pretty good at blocking bad stuff before it downloads.