ASSUME your gadgets are sick - even the new ones - until you have checked them for viruses and know for sure that they are in the pink of health.

Otherwise, be wary when you buy anything - from digital photo frame to music player to satellite navigation gear: They may come pre-installed with viruses designed to steal information such as passwords and trade documents, which could lead to the thief prying confidential data or, worse, clearing out your bank account.

Such surreptitious programs, called malware, are not new. But the fact that they are now appearing in everyday gadgets - and not just PCs or software - is worrying, said experts.

Most recently, the Associated Press reported last month that a Los Angeles computer consultant's new digital picture frame bought from retail store Target was infested with four viruses, including one that steals passwords. He was alerted to the threat by his PC's antivirus program after plugging in the frame.

'This isn't the first time this kind of accident has happened and it's unlikely to be the last,' warned Graham Cluley, a senior technology consultant at Sophos.

Vu Nguyen, McAfee Avert Labs field research consultant, called for a change in user habits as 'consumers can no longer assume products are safe'.

The standard protocol these days is to scan for vulnerabilities in electronic gadgets before using them, he said.

Graham likened disinfecting gadgets to washing fruits. 'You may buy shrink-wrapped fruits from the supermarket, but you would still wash them before eating.'

Clean it first

SIMILARLY, an updated antivirus software can detect and remove a known strain of virus. The gadget and computer are both safe to use after that.

If it is an unknown strain, the protection program would not be able to terminate the virus. But the way your computer is configured can limit the harm done.

Security software vendors Symantec, Sophos and McAfee said they have not received reports of brand new gadgets in Singapore being infected so far.

But in the US and Japan, there were already several cases.

In late 2006, McDonald's Japan recalled around 10,000 MP3 players given away as promotional prizes. Some of the them were found to be infected with malware.

Around that time, Apple also admitted that some of its video iPods were shipped with a Windows virus called RavMonE.exe.

Consumer gadgets aren't the only products infected at source.

In November last year, Seagate posted a warning on its website that some of its Maxtor Basics Personal Storage 3200 hard drives were shipped with a malicious program that steals passwords for online games.

To date, little has been done to make manufacturers liable for security flaws.

'Manufacturers are not taking any responsibility. The consumer has all the responsibility,' outspoken author Bruce Schneier told Digital Life.

The founder and chief technical officer of security services provider BT Counterpane has been crusading for hardware and software makers to be liable for bad security for years.

He has been poking holes at current laws that do not hold vendors liable for flawed software.

'Somewhere in the middle there is a reasonable amount of liability, and that's what I want the courts to figure out,' he wrote in his blog. (www.schneier.com/blog)

He believes that security should not be an add-on at additional cost and inconvenience the user.

Bruce has made some progress recently. Late last year, the UK government recommended steps to improve Web security, including stronger measures to hold technology product vendors accountable for security flaws.

Defensive action

• Disable the autoplay feature in your computer. A lot of malware look for the autoplay script called autorun.inf.
• 
  
• Update your computer's antivirus program. Instruct the antivirus software to scan the removable device. If the viruses are known, they will be removed. If the vermins are new, which is likely the case, proceed to the next step.
• 
  
• Use a firewall. Firewall programs can stop trojans that sneak pass the antivirus program. But the firewall is not designed to remove the trojan. You have to report the infection to the security vendor for a fix to be developed.
• 
  
• Report an infection. Antivirus programs have features that automatically report an infection.
• 
  
• Do an update. Once the fix is developed, users have to manually update their antivirus software to incorporate the new antidote.

This article was first published in Digital, The Straits Times on Apr 1, 2008.