Today I saw a note on ZDNet regarding the malicious usage of the new Microsoft Vista Speech Command. The basic idea is that if you create an audio file, lets say an .mp3, with commands, and someone opens a webpage that hosts this file, the OS will play it and may execute the commands. So if you record the command ‘Start, execute, CMD, shutdown -r’ , and a person enters on the webpage that plays this mp3, the computer will restart. Funny, huh? But just remember that this is not something really new. I remember last year, when I was chatting with a friend, and suddenly some out of order letters appeared in the chat room, like “hey, I was skdhgkahgjfag, then…” , and she thought that something was really wrong with her computer, like malware or something. Turns out that later, after AV scanning, etc… she figured out that her microphone was on and the speech recognition was on too, so for some of the sounds that she was saying at the time, out load or to her family, Windows was trying to ‘help’ her to write it…:)

I don’t really think that this Vista speech command is so bad after all, but, just like any other service, if you don’t need it, disable it!