Slashdot Mirror
Visual Studio .Net: Now with more Viruses
News.com breaks the story (and 8000 readers submit) that Microsoft distributed Nimda-infected copies of Visual Studio .Net in Korea. I don't even know what to say here; nothing seems adequate, except to point out that "trustworthy computing" does not seem to have had any effect whatsoever. News.com just updated their story to point out that it probably won't infect the people who installed Visual Studio .Net, but it's still a rather nasty faux pas for a company that's supposed to be cleaning up its act.
Did McAfee or Norton give this press release?
--fetch daddy's blue fright wig, i must be handsome when i release my rage
I mean, come on, anyone ELSE see this as similar to when the Cult of the Dead Cow released Back Oriface 2000 with CIH preinstalled? :)
Seriously, before any of the "OH ITZ M$, THY SUXX!!!1111" posts come out, lets be honest. Any company can make that mistake. It takes a special moron in Quality Assurance to release that one.
I have to ask though... what would YOU do if you were MS in this case?
--- Ãther SPOON!
"breakable"
:-)
or maybe that doesn't quite say it. Hmmm, what am I trying to get at.
"trivially breakable"
It only infects one file that's never referenced by the system, and there are all sorts of unlikelihoods that prevent this from being executed. Still, bad press is bad press.
If I were MS, I'd buy all 3 computers in Korea and give them new ones.
This sounds like a case for Catbert: 'Evil HR Director.'
Aw, fuck it. Let's go bowling. - The Big Lebowski
If they only had been using a Walmart Lindows box......
The guy who wrote that virus should sue Microsoft for distributing it without his permission. We're talking about theft of intellectual property here!
I'm an American. I love this country and the freedoms that we used to have.
Seriously. Wasn't ms getting angry at that area for it's lax piracy laws? I'm not sure about korea, but think about it. You want to punish software pirates, and local governments don't want you to. What better way than to give them a virus?
They must have realized how well it's worked for McAfee and Symantec and decided to give it a go themselves :)
"Ask not what your country can do for you." --John F. Kennedy
And yet they still argue that "theoretically" open source is the bigger security threat.
For the love of God, vote Nader.
Hell, nimda is a better feature than that stupid paperclip thing!
None of your shoddy open-source crap here, no sir!
Carousel is a lie!
I'ts not a virus/spyware.. it's a feature that enhances your web experience.
If Microsoft products weren't filled with bugs, they wouldn't be Microsoft, now would they? Microsoft is supposed to be a source for buggy virus-filled software. If they sanded off all the rough edges, their products would cease being products that I would want to use. Microsoft has been running its company for how many years now? If you don't like their products, don't buy them! Life is too damn short to worry about bugs in Microsoft software!
We're talking about South Korea, not North Korea.
"You probably won't get any viruses from installing our software!"
-Restil
Play with my webcams and lights here
"breakable"
or maybe that doesn't quite say it. Hmmm, what am I trying to get at.
"trivially breakable"
In this case, "broken" is what your looking for.
Well, I was sitting at home the other day, watching Korea tie the US, and I thought, "Y'know, in that stadium there must be 65000 screaming Koreans. At least 10 of them are partially responsible for all of the Nimbda traffic I see and twice that many are responsible for the various Dick Cream spams I get each day." I should have known it had nothing to do with slack ass Korean sysadmins and had everything to do with Redmond. Everytime I fall into that trap, Gates bails me out....
Comparing it to Windows will be a moot point, since El Dorado is going to have a 40% larger code base than XP.
he added, it's almost impossible to get the worm to execute on computers with Visual Studio .Net installed
How did this get infected in the first place?
Why is this under the BillBorg icon, and not the Monty Python "it's funny!" foot?
Oh, when I read this first I thought that Microsoft was distributing the Nimda code as one of thier sample projects. That would be cool, a virus creation wizard. This reminds me of the story a while back about someone modifying a virus to check for security holes so the could be filled.
The "third party" that translated the software into Korean had something to do with the problem.
i bought a computer with a virus on it once, oh what was it called? oh yeah, windows!
I want 2D games back.
South Korea, you ignorant fool! And please, don't ask whether I know Glen from Canada!
RTFArticle already
Just pissing in the wind, I guess
Well, at least we can still trust Microsoft on one count...
If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
Does this mean all the spam I'm getting from kornet.com will also have Nimda attached? Wow...maybe that overpriced antivirus software can now be used as a spam filter too!
We now return to our regularly-scheduled MS flaming, already in progress...
(Yes, this is an attempt at humor. Moderate accordingly.)
All the world's an analog stage, and digital circuits play only bit parts.
What kind of fucktard are you?
Verizon Guy?
Are you getting paid for this?
As my father lik@(munch munch)...
Morons.
Slashdot is rapidly becoming useless with the constant derision it heaps on Microsoft. Let's have more computer news and stuff about FreeBSD and Linux and less "make fun of" news about Microsoft. As if Linux doesn't have it's problems. You might end up like Larry Ellison and his ridiculous "Unbreakable" claims.
Of course, that's a problem with the Linux crowd. Feer of being, and being seen as, professional.
Do we get a copy of nimda if we click through?
According to the Article, it appears that "Microsoft's flagship developer tools picked up the digital pest when a third-party company translated the program into Korean...".
Ultimately it was MS's responsibility to verify they did not shit in their own bed, but how many of us look at every line of code in a distibuted or outsourced project.
Just my $.0199999
If we don't fight for ourselves no one will.
Bwahahahahhahahahahahahahahahahaha! ROFL!
Uhm. How do these twats still have an ounce of credibility? For god sake - that happens to high schools and newbies running Personal Web Server.
loply.com
"And if the worm did execute somehow, he said, it couldn't spread to the developer's system because the virus only runs on systems running Internet Explorer 5.5 and lower, and Visual Studio .Net requires version 6.0 of the browser. "
.Net installed. "
and
"There have been no recorded infections," Flores said. In fact, he added, it's almost impossible to get the worm to execute on computers with Visual Studio
Yer right, all zero of them.
If you're in the software biz (and serious about it), you ALWAYS scan a new release with anti-virus software before you let it out the door.
ALWAYS.
It's easy, it's prudent and it keeps you from getting nasty PR.
MS isn't the first to get caught this way (in fact, didn't this happen once before?) and it's cheap to learn from someone else's mistakes.
Has anyone ever heard of the following:
Secured Development environment?
Anti-Virus Software??
Don't they run A/V software on the development workstations and servers?
At least an aggressive manual scan before packaging seems a good idea.
Aside from the Trustworthy Computing crap, what does this really say about the industry-wide practice of outsourcing product translations? Anybody who's done software development knows that even the best products give internationalization secondary consideration, but I don't think anybody ever considered how little consideration is given by US companies to the translation and distribution of international versions of software. Perhaps this should serve as a sort of larger wake-up call for all of us.
Mod the parent up.....score +5 Funny. I was the first to find this thing on our servers and I understand why we got.....Microsoft getting it is TOO funny!
Gorkman
I have never seen so many one or two liner post after a slashdot article.
This may be the first time Slashdot readers are left speechless.
-Pete
Soccer Goal Plans
what would YOU do if you were MS in this case?
Hari-kari?
But that's Japan, not Korea.. damn.
Leave out the middleman when it comes to distibuting viruses! Give it straight to your customers!
The revolution will be televised. Blackout restrictions apply.
Could this be some cheap retaliation when MSFT lost the gov't contract to sell their OS and office instead won over by a S.Korean open sourced OS and office app?
it does not spread itself around **automatically** :)
3.243F6A8885A308D313
I only you would bother to even read the story, it would be clear that 3rd party company who translated the software is behind this. Not Microsoft. But who cares though these glasses anyway.
Read the fucking article!! The chances of someone actually being infected are almost ZERO, because the virus needs IE 5.5 or lower and Visual Studio .NET requires IE 6!!
A spokes person from Microsoft was quoted as saying "This is the best chance we have at cleaning up our image."
This is a repost of one of my comments from the MacAfee story. The quotes are from that story: ".... you have to have already been infected by ANOTHER virus..." "They only affect Microsoft Windows. If you aren't running Windows, you are safe. " This speaks for itself....
I do remember some 3-4 years ago Microsoft sending out a notification that some of their, I think, Technet CD's were being sent out with a MS-Word Macro virus on it.
They've submitted a virus with a security patch before
..that the Korean government is investing in linux systems?
Or maybe this is just another sleazy MS retaliation tactic?
The fact that it backfired might just be proof.
OK, someone messed up.. but it isn't as bad as it sounds. First off, it wasn't MS that put the virus in, it was some third party thing they used to convert the language to Korean. However, MS should have at least run virus scan on it before they shipped it. Second, the person running VS.NET would actually have to install IE 5.5 over IE 6 (why would anyone do that) and browse a certain help file in order for it to get infected.
I'm not trying to defend MS. Just pointing out the facts (or at least how they were stated in the article). On one hand it's kind of funny to read through all the quick one-liner jokes about MS (definitely worth a chuckle) but I think MS isn't quite as bad as they're being made out to be.
By the way, anyone know the company that wrote the nimda infected software?
From the article:
"It's extremely unlikely that a developer would ever accidentally get infected by Nimda," said Flores. "They would have to try hard just to run the worm."
So I guess its more like an Easter Egg. I hope this isn't World Cup related.
Microsoft breaks new ground by bundling the virus instead of waiting to be infected by third party virii.
Does the Justice Department know about this yet???
"And please, don't ask whether I know Glen from Canada"
Although I'm sure they're really, really nice.
Have you ever been to Korea, you moron? Those people are absolute technophiles. They love all of the newest little electronic gadgets. They're not always the highest quality little gadgets, but everybody has them. Koreans are not aborigonees living in a wasteland. They live in big, crowded cities like most of us, except they're usually bigger (the Seoul/Inchon area alone has something obscene like 14 million people) and they have lots more concrete (if you had ever been to Korea, you would know what I am talking about). You need to leave your momma's basement a little more often.
Today's Sesame Street was brought to you by the number e.
If you actually read the article, there are very valid reasons (albeit mistakes) that this happened, and the likelyhood of the virus actually running on the machine is next to none. The Help system wouldn't ever open it.
But hey, this is Slashdot. Let's all miss the relevant parts of the article and just bash "M$"! Yay, fun.
DrPascal: Not the language, the mathematician.
Microsoft's stock seems to have gone up on the news. I actually own stock in Microsoft (though only a half-share), but before you flame me, I'm not investing because I believe in the company, I'm investing because I think it's a good growth stock. I've hedged my portfolio with Sony, so its no big deal. Anyhoo: I just found it interesting that the stock has gone up about a dollar today. I guess most investors don't see this as much of a problem.
Viral Studio .NET??
I'd say fuck it and watch soccer. GO KOREA!! Thanks for the assist!
Hey jackasses,
Did any of you bother to read the article?
1: Visual Studio will *never* execute the file because it's unrelated to its operations. It's not a help file, it's simply in the help file directory.
2: If someone went into the directory and executed this file themselves, it wouldn't do anything, because IE 6.0 needs to be installed to use it. Furthermore, IE 5.5 SP2 is also immune.
This is certainly embarrassing for Microsoft, but the practical impact of this is absolutely insignificant and totally blown out of proportion by another tabloid Slanderdot headline.
Way to go champs!
Of when the Native Americans were given pox-ridden blankets by the early settlers..
Gee, thanks! [caugh, caugh]
Or maybe it was to get back at Korea for the Speed Skating events during the winter olympics
=)
Blocklevel: Practical Information Architecture
This is just another example of Microsoft trying to bundle everything with windows. Now that they are bundling Nimda, Melissa is going to go right out of business.
the McAfee virus story http://features.slashdot.org/article.pl?sid=02/06/ 14/1343223&mode=nested&tid=166&threshold=3 :))
and we got ourselves a real conspiracy theory
Flores said that under Microsoft's security policy, the company normally scans every file being transferred to the master of a program. But in this case, the company only analyzed files it expected to find. Since the Nimda-infected file had been added by the worm, the company overlooked it.
I would think one might look for something that shouldn't be there when trying to detect a virus. I guess MS has some more "advanced" method that I just can't grasp.
"The Most Fun Possible on 4 wheels" is at SunBuggy in Las Vegas
Then why can't they understand the advanced concept of "open relay" or "security patch". Fuck em' and blackhole them until they learn.
Truly, life indeed imitates art(satire). Microsoft Bundles Worm with IIS .
I only post comments when someone on the internet is wrong.
How would you know they'd fixed IE if they didn't distribute a virus that no longer worked?
...a loud thunderclad was heard in the Redmond regions. Police suspect it was the sound of Mr. Gate's asshole slamming shut.
Is not a prelude to Microsoft marketing a new anti-virus product. A mere $89.99 will buy you the software to get rid of the virus they handed you.
Anyone remember DOS 6.22? It was the pay-for-bugfixes to the almost nonfunctionally screwed up DOS 6.0. Microsoft has done this before.
I think that no snide comment of mine can truly do justice to this phenomenal screw of on Microsoft's part. But we can all try anyways!
42!
By the way, this is just another example of a premature attack by OS zealots. Just as the case of the cross-platform virus discussed previously, the Nimda file is installed as part of the help system, but is never loaded by the help system. As the tounge-in-cheek editorial posted by the illustrious Slashdot editors put it, "Only a complete moron would get infected by this virus." So unless someone in Korea is stupid enough to uninstall IE 6.0 (required for .Net to run), install IE 5.5, and then load the Nimda file, it is unlikely that they will get infected. For every MS goof, there is an equal goof in the OS community. (But we all know people that point that out get modded down....)
Normally reside3nt antivirus software checks only files you try to run. Just some file with a virus lying somewere in the deep directory structure would be fiound only during a massive check up. And even in this cas people almost never check any file whose extention doesn't correspon do ususal virus bearers like .exe or .doc
secret attacks on them there chiphead south koreans?
well i'll be danged if that ain't the most downright American thing i've heard all week!
</bush impersonation>
"This kind of recklessness by Microsoft is criminal negligence!"
I think the phrase you're looking for is "disclaimed criminal negligence, supplied without warranty, nor claims of mercahantability or suitability for any particular purpose"
If they'd been supplied in Maryland, Virginia, Alaska or Hawaii, then UCITA would have made it criminally negligent. But it wasn't, and it isn't.
Bwaaaaaaahaaaaaaahaaaaaaahaaaaahaaaahaaaahaahaha ha hahahah!!
Microsoft. Where do you want to go today? Microsoft is a registered trademark of Microsoft Corporation. All other trademarks are the property of their respective owners. This virus is valuable intellectual property and is protected by copyright law and international treaty. Do not make illegal copies of this virus.
FreeBSD rocks.
... at least now we know MS uses their own product, IIS.
Hate me!
Even in the States you hardly can sue if you can't prove any resulting financial losses. In this case you need to make a real effort to lose any money because of the virus.
In typical lets bash MS fashion, slashdot doesn't even mention the most important part:
ITS IMPOSSIBLE TO GET THE NIMDA FROM THIS PRODUCT
I'm not sure he's so offbase.
If I shipped a coffee grinder to grandmas and included a grenade detonator mechanism in the package (by accident of course), but said that there's absolutely no chance of Grandma blowing herself up, I would still be in hot waters for sending grandma a piece of military hardware.
Dontcha think?
"Piter, too, is dead."
A lot of posts seem to revolve around "Who cares, it's an inert virus; it could happen to any [multi-billion dollar corporation outsourcing its flagship development product that claims to be working to eliminate any end-user paranoia from its product line]..."
But that's missing the point entirely. Seriously -- Nimda? What's that? People don't care about the statistics or logistics of the virus. No, people are concerned that a *known virus* was able to get into the code. Now ask yourself -- what if it was an unknown virus? What if a disgruntled contractor for the outsourced company snuck a new trojan horse in there? One that puts your MS Passport login info as a MIME header on whatever version of MSIE you're running?
This is a PR disaster of incredible proportions because it shows how naked the emperor still is, despite hiring new tailors.
Don't get me wrong, I make a lot of money off of writing Microsoft code. But the simple fact of the matter is that they're (supposed to be) going for "Trust" but their current habits are still hanging on "Hope".
Now, instead of meaning it ships with no viruses, it means they include them at no extra charge!
Open Source IS a bigger threaat. Imagine Microsoft distributing the virus with a well-commented source code!
But a third party company screwed this baby up in transition, not M$. Using this as a "M$-is-so-evil/incompetent" story is pretty inappropriate.
There's many, many other reasons to dislike Microsoft. Taking one out of context only strengthen's Microsoft's hand and makes those who oppose Microsoft look petty.
"The Sage treasures Unity and measures all things by it" - Lao Tzu
It also plans to send clean copies of the program to every registered customer free of charge and is attempting to contact developers who may have bought the product but not registered it.
Its not our fault...he never sent us his personal information and registered his product. Oh well, he'll learn for next time.
Thus releasing this article may help them sell their AV software...
Anything stupid coming from Micro$hit anymore, does not surprise me...
They suck and always will...
"Look where we worship" -- Jim Morrison
Nimda is not a security fopah, rather a remote administration feature soon to replace terminal server. I am disgusted that a "News for Nerds" site, would not recognize such remarkable innovation!
Awesome!
And yet MS stock was still up $0.41 at last check. Even with the Nasdaq dropping.
It's hard to tell the cool to chill, my favorite hotel room has a view to an ill.
Looks like that new development shutdown up there to clean stuff up and beef up security was really well spent.
And adds extra value to the software. This experience is very different from ejoying all those bugs.
Nah it's more like you hire Mailboxes etc to package your coffee grinder to grandma and they accidentally drop a grenade detonator mechanism in the package before shiping it off. Yea, you could've looked over their shoulders while they were packing but wouldn't the packers be liable for adding it than you?
.NET developer) or am I mistaken?
Oh, and I thought nimda attacked IIS also, so developers running that (and since I run apache while I'm developing, I'd immaging that'd be fairly common for a
That's what MS would say. Those slant-eye bastards could never do anything right. We, MS could never make such a mistake. Well unless we bet on the U.S beating Korea! ;-P
Someone should write a book called:
101 reasons to not use Windows
And in other news, an Pakistani foreign national was detained in New York City today for what officials are calling "a suspected case of viral bioterrorism". The man, Rumollea Abdula Jabala, 30, was reported to be "coughing and sneezing", and "blowing his nose" by onlookers, who promptly called officials to report the situation.
Jabala, who came to America on a work Visa, denies official reports that he deliberately caught the flu to infect persons in the USA whom he would come in contact with.
Jabala is currently being held in a city hospital, under armed guard, until officials can verify any terrorist links.
But MSFT did do a check of the "package" before they shipped it off. So they should have caught it.
It's not that hard to say: scan all, including compressed files.
"Piter, too, is dead."
They're worried about the viral nature of the GPL?
Move on. There's nothing to see here.
is code considered funny. although i'm not entirely sure what program has nnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnn nnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnn nnnnnnnnnnHahahahahahah hahahahah hahhahahhaha heeheeeheeehee aaahahahhhhh in it
I wouldn't say that the Trustworthy initiatiave failed, but this will hopefully teach MS the number one lesson in security and viruslessness - trust no one. In the end, my email system is only as virus free as yours. If you are infected by Klez/nimda/... you still harass my bandwidth and my procmail filters. I'm just not dumb enough to run that .exe that h0t_ch1x@hotmail.com just sent me.
Just because MS code and systems are "secure" and "virus-free", as soon as they hand the code off to someone else, the code is only as virus free as their system is.
To read makes our speaking English good. - X. Harris
Are the Koreans legally obliged to donate them *with* the Nimda since it would "go a long way to help an organization get that computer into use with minimal expended resources."
It sure would help the receiver to get the computer into use: use into sending out viruses...
That's a low-rent way on fighting software piracy!
-jc
Open Source IS a bigger threaat. Imagine Microsoft distributing the virus with a well-commented source code!
Your a joke get a brain!
"It's not our fault," claimed Blamer, er, Balmer, "it's the fault of the {temporary worker|sub-contractor|college intern} we hired."
-- @rjamestaylor on Ello
It wasn't Nimba but a JPG image of Nimba. Of course the virus only works after you log on using Passport.
-W.
``Microsoft distributed Nimda-infected copies of Visual Studio''
d igitallifestyles/gizmo/g4_cube/)
So...what's new here? This is just another update to that well-known and widespread virus that turns computers into toaster ovens. http://www.xbill.org/
and have fun! Sometimes it makes me wonder if this is a hint that we should all switch to Macs (http://netscape.digitallivingtoday.com/netscape/
Please correct me if I got my facts wrong.
It kind of makes you wonder exactly how much useless crap gets shipped. This was an older virus, so that's why this is so public; but how many stray files are just ignored? Isn't there some type of accounting procedure that should be run before you ship a package like that?
And it will run on any platform too. :)
/*drunk.. fix later*/
Although I'm sure they're really, really nice.
Actually Glen is dead.
Windows without viruses? Ahhh, you mean linux
Now all we need to do is find a way to slip a GPL-ed file onto a Microsoft CD the same way this virus got there.
They could clearly argue that the file was NOT part of their distribution, and therefore the product does not have to have source released under the GPL. But I'll bet until they finally came to that conclusion, there'd be a TON of Brownian motion in Redmond on the part of execs and lawyers.
So before someone actually does this, the need to let the alternative energy people know, so the heat source can be tapped.
The living have better things to do than to continue hating the dead.
The latest release of Nimda has been infected with the Visual Studio.NET virus.
Just because it is almost impossible to trigger this virus and just because the guy who pulled the trigger is "only" a microsoft contractor is no reason NOT to be upset that MS once again played this game with their customers.
This is NOT a no blood/no foul scenario!
Why don't they close the open proxies that ever spammer and his dog is abusing, if they are so tech oriented?
Michael Loves Me!
Well, god forbid we should put too much pressure on the company that produces the vast majority of PC OSes. Particularly a company that has recently been bragging about it's new high-security policy.
Are you actually suggesting that there's too much criticism of Microsoft's security practices in the world? A Slashdot 10 times as rabid couldn't begin to bring consumer concern to the levels it should be at.
Billions of dollars in the bank and not one copy of Microsoft Antivirus? :)
So, which AV vendor does M$ use?
MS mastered the CD so they should have checked the contents before they did so. Odds are both parties here are at fault one for introducing it and the other for not finding it.
It's just extremly funny and mostly harmless this time unfortunatly it's not the first time MS shipped a product with a virus.
I did realize it was a joke. I think, though, that before you make a joke at the expense of an entire culture that is proud, ancient and sensitive, you would do well to know that it has at least the smallest kernel of truth (for example, if you had made a joke about the disks getting copied all over the country, it would have been funny). Also, yes, I did the exact same thing by lumping you with the 31337 skr1p7 k1dd33z that live in their mothers' basements, when in fact I know nothing about you, and yes, I did it on purpose, and yes, I wrote my comment right off the cuff because I was irritated, and yes, the word "moron" was calculated to incite anger, so my comment should be properly be modded as flamebait. Still, though, I think the joke was about as fair and as funny as making a joke about how dispassionate Linux users are about their OS of choice.
Today's Sesame Street was brought to you by the number e.
See here for details.
Nope, no sig
When I read this article, the banner ad was for Microsoft Visual Studio .NET.
/.
It's that kind of policy that keeps me reading
~~~
Microsoft's agent that put the virus in is the culprit here, and the risk, as news.com pointed out, is low.
--
Ask the Ya-Hoot Oracle Anything!
Stuff like this is bad for everyone. This was obviosly sabotage (just like most of their bugs) Flaming them just encourages more Gates-haters to do shît like this. I think most M$-haters would actually like M$ products if they didn't come from Microsoft. Most peoples' hatred is based on ignorance and brainwashing - like this artical does (if it comes from M$, it must be bad). I'de love for M$ to do a test, and secretly release some software (Open-spurce of course) without letting anyone know that it was developed by M$.
Clear one point for me: which of the two pieces of software (vs.net and nimda) is the virus here? ;)
--
sig is out enjoying the sun
Tech Oriented has nothing to do with Tech Savvy.
It's just like here in North America. A lot of people have the latest, greatest DVD/VCD/CD-I/MP3 players at home. I'm sure several of 'em are 12:00 flashers, tho.
More than one virus != viruses
Virii, people, virii.
if(!toilet_paper) roll.replace(new roll);
I didn't say they were particularly good at technology, just that they really like it.
Today's Sesame Street was brought to you by the number e.
h0h0h0 this h0h0h0 story h0h0h0 cracks h0h0h0 my h0h0h0 shit h0h0h0 up h0h0h0
He used to work with me... Nice guy, except he had this funny way of saying "out and about"
If you ignore the other uses of a tool, does that make the tool less useful, or you less useful?
If GM includes defective 3rd-party gas tanks and brake-pads in their vehicles, will you absolve them from blame? The sad thing was that this wasn't even a very subtle flaw. Microsoft could easily have found it with a slightly more robust virus checking process.
"Trustworthy computing" means that your 3rd party suppliers are going to have to go through the wringer, too. Otherwise the phrase has no meaning, and there's nothing at all wrong with making this point.
Except when they switch to daylight savings time, then they flash 11:00.
Michael Loves Me!
True. And everyone there has broadband. They are way ahead in that respect.
True. Anyone know how to say 'Shut your f-ing proxy' in Korean? (Or any asian language) I am on the virge of just nulling all of asia at the border routers and be done with the whole lot.
Michael Loves Me!
So, Microsoft only scans the files they expect to be part of the install but they ship all the files anyway. While there is no way from the outside to prove or disprove this statement, I think it's odd they aren't consistent in which files they choose to scan and which they choose to ship. A decent process would use a consistent way to manage it.
At a minimum, I find this an example of the sloppy techniques I see all over the industry. Of course, sloppiness is one of the reasons that all these viruses keep finding new ways to infect software so I think it's a pretty big slap in the face for MS's Trustworthy Computing program.
Be grateful. It's soothing to know that now there's some code in .Net that actually works the way it's supposed to.
That was a joke? I didn't get it. Please explain.
"Both parties" -- regardless the name on the business card, the product is labled "Microsoft" (or, in Korean, "Microsoft-shima"). When an agent of a company screws up, the company screws up.
-- @rjamestaylor on Ello
perhaps he should be the verizon really sucks guy.
PHP is the solution of choice for relaying mysql errors to web users.
It's similar to paying to have a surgery performed, doc does a lousy job (visual studio .lib tax),
shcvisual studio,
charges a ton of money, you have to come back
and redo it in two years (upgrades you didn't ask for), it may leave you dead
any day (didn't pay the
but the icing on the cake is, you also
got a virus for free.
Excellent (in the voice of Monty Burns) Smithers. Excellent!
Per Microsoft http://www.microsoft.com/technet/treeview/default. asp?url=/technet/security/topics/NimdaIE6.asp
If you wanna get rich, you know that payback is a bitch
Comment removed based on user account deletion
"Why don't they close the open proxies that ever spammer and his dog is abusing, if they are so tech oriented?"
Speaking as a Korean, it's just because SPAM tastes so good! (I always keep a can handy in my cupboard for special occasions.) So, we like to share it with others around the world.
Am I kidding about electronic SPAM? Yes. About being Korean? No. About SPAM the "meat".. hmm.. sort of. :)
FIRST TIME REACHING 2nd ROUND IN WORLD CUP HISTORY!! GO KOREA!!
show good commented GPL code moron!
The windows kernel is documented and commented way better and more accurate than the linux kernel.
Run $40 Billion a year software companies with monopolies on the desktop operating environment, have an self-acknowledge history of screwing up security, and a vested interest in ensuring that people begin to think of their products as secure and reliable?
For their own good they should look at every line of code that goes out under their label.
All of this Slashdot rah rah Linux rulz Microsoft sux stuff reminds me of the (C64|Apple II) rulz, (C64|Apple II) sux arguments that 12 year olds used to have back in the day. Are you guys the same people, older but not any more grown up?
There are plenty of pro-Microsoft moderators around here these days, smartass, no need to cry about that.
-------
"Every artist is a cannibal, every poet is a thief."
Couple things to note:
MS has a very good system of preventing viruses (used to be documented in a knowledge base article until someone realized that article said they used UNIX systems because they were impervious to Windows viruses).
What probably happened is that a system was infected before the help files were compiled, and then once they were compiled (rendering the virus intert) the AV software did not pick it up. Once the masters are checksummed, then no one will notice because the subsequent copies have not been tampered with.
Again, the virus is inert. But this is a HUGE publicity blow to Microsoft, so it is a BIG deal.
LedgerSMB: Open source Accounting/ERP
I'm seeing 40-80 probes daily (heh.. intermixed with 40-80 MS SQL port 1433 probes daily), on my firewall at home on a goddam dialup, fer krissakes...
How the hell can *any* company, or *any* subcontractor not be aware of this ongoing problem?
How the hell can any company with any pretensions to "Trustworthy Computing" have let this happen?
Make no mistake (Micro$oft apologists notwithstanding): there is absolutely no excuse for this unparalleled screw-up.
Do these people really think they are so all-powerful as to be immune to this sort of thing, or do they think they are so all-powerful that they just don't need to care?
t_t_b
I'm on PJ's "enemies" list! Are you?
Some of my web pages have pacific keywords, so I've bounced more than my fair share of these to the FTC and other spam and abuse websites.
Sigh.
Friends don't let friends use Holey OS's.
-
--- Will in Seattle - What are you doing to fight the War?
Fuck you and your retarded, fucked up ancient culture.!!
You obviously didn't read the article, you moron. They did run anti-virus software, just in brain dead fasion. According the article MS scans every file for viruses before they're shipped. Unfortunately, they only scan the files that are part of the product. The worm attached itself to a file it had created, so that file was never scanned. A stupid mistake, yes, but you really ought to learn the whole truth, before you go around bashing people.
Something about how Open Source software could have a virus on it?
if we assume that this guy/gal/armadillo/whatever that wrote Nimda would be forced to make financial reparations for the havoc it wreaked, would that amount be greater or less than what he/she/it could collect from Microsoft for suing for theft of intellectual property? It might make financial sense for the author to come forward now...
I think instead of buying lottery tickets, I'm gonna start writing viruses and hoping that MS accidentally ships one...
Denver Isuzu Suzuki
Like maybe someone who thinks that an MCSE is the epitome of fine computing?
Awww, nevermind, MCSE has nothing more to do with computing than RTFM does...
your != you're
Most of the time that MS uses a third-party company, that company screws up. My question is, who exactly is in charge of seeking out and contracting with those companies? Fire him big time.
BillG: "Microsoft Visual Studio .NET: Now with Securi-hancers!"
Windows user: "Finally, a product for me! I believe every word that man just said, because it's exactly what I wanted to hear."
Linux user: "Man, you've been brainwashed."
News.com: "Microsoft developer tool distributed with viral payload."
BillG: "He's making a mockery of the product! You're making a mockery of the product!"
(Linux user): Noooo!! Can you not comprehend that your ignorance will cause me to explode now? Arrgghhh!!!
BillG: "I AM THE KING!"
There is no way it can be stated that it's no big deal when this kind of thing happens. Period. The bottom line here is quality. If this kind of thing gets through, what else can get through? What kind of quality controls are really in place?
Whatever controls ARE in place, apparently they aren't effective or aren't being followed...
Computer Science is Applied Philosophy
your write, thanks four pointing out that
Fried SPAM or grilled BBQ'd SPAM is pretty good, actually.
Michael Loves Me!
...M$ includes a really efficient piece of code with their compilers.
You know what they say, bad publicity is still publicity...and all us Linux Zealots are just fueling the fire.
What's even better than SPAM is the high-quality "Run-cheon mit'" (Luncheon meat). The bad romanization doesn't do the name justice, but that stuff was beyond interesting. That's why I always stayed away from imitation American foods in Korea. I much preferred good Korean stuff to bad American stuff -- except Duen Jang Chi Gae (again, sorry for the bad romanization). I never could get a taste for that stuff.
Today's Sesame Street was brought to you by the number e.
'Walah' is spelled 'Voila' :)
If programs would be read like poetry, most programmers would be Vogons.
Well, considering that Windows itself is a virus, I am not surprised........ This is just one more thumbtack in the MS user's cell padding......
Rien n'est plus beau que le creux du 0.
Yup. I work for Allstate (hence the anonymous post), and some of you may recall the flap a few years back over people in California getting screwed. It actually wasn't anyone from Allstate, it was some contractors the company hired. However, our customers came after us. As they should have.
We then proceeded to sue the contractors for screwing us.
Same situation applies. Microsoft is responisible for shipping the product with a virus, but most likely will be able to collect damages from the contractor they hired.
Hate to double-post, but, the blurb currently includes the following text:
Looks like News.com is really to blame here. Since they're sort of a "third party" supplier, should we really hold Slashdot accountable for that website's mistake?It's not not the potential affect of the virus. It's the fact that it's even there.
"Only a complete moron would get infected by this virus."
Yes sir, we know there's a bomb in your car, but don't worry: it's not wired to the engine so it can't hurt you.
The fact that Microsoft could allow its flagship development tool to ship with such a notorious virus is absolutely incomprehensible and humiliating. If I were Balmer I'd be skinning alive those involved with a dull spoon.
Do not spread "09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0" over the internet, thank you.
Now any random fool that forgets to patch or upgrade or whatnot, and manages to pick up Nimbda, can claim they installed .NET and it's all M$'s fault, not their own stupidity.
Microsoft: We screw up so you don't have to.
They...um...made sure that it was a quality worm that went out the door.
Well, have there been any security holes discovered in Nimda? Sounds to me like Microsoft is living up to their promises.
That just cracked me up. I go to slashdot see a .net ad running across the top.. and behold this article was nested in in there.
I just loved seeing this ad splashed acrossHut-Da-Moll
For every MS goof, there is an equal goof in the OS community
I dont pay members of the open source community $500 for a copy of their work. I do pay microsoft. I expect that $500 to buy me what is advertised.
This implies that women wouldn't deal with the problem responsibly.
Next time, please pick a metaphor without sexist connotations. You can get your point across without deriding those who aren't men.
I know exactly how this happened...my (x) co-worker gave the virus to the vendor that made those CD's. It also went out to Dell, as well as other domestic suppliers.
If you have any more details, please send them to secrets@uncoveror.com Sounds like a big story!
The Uncoveror: It's the real news.
.. ?
Clippy jokes never get old! HAHAHAHAHA! Ow, my prostate.
It is the secret Microsoft revenge for the Koreans taking first place in their grouping in the World Cup. How dare they make the US look like a second rate soccer team, LAUNCH THE VIRUS!
This sig has been temporarily disconnected or is no longer in service
Now with improved networking support! :)
Ballmer: Damn! Some of those south asian countries have 94% piracy levels!
Bill Borg: (Sarcastically) We may as well ship the virusses right on the installation media.
Bill and Steve look at each other, light dawning
Ballmer: Hey... YEAH!
Bill Borg: Get southeast asia distribution on the phone!
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
Any company can make such a mistake but not many of them braggs about there "superior" products and has an illegally obtanied monopoly.
HTTP/1.1 400
Duh? The first time after youve installed the antivirus program you scan every and all files on the machine. Anything being copied or opened will be scanned for viruses so a virus shouldnt be able to lie unfound unless a. the virus is new b. the person installing didnt scan after install. Most AV programs scan the whole disk periodically by default also.
HTTP/1.1 400
Not only has MS done this before, they've done it several times before.
I'm just amazed that it doesn't happen more often.
the no
That'll show those lousy Koreans to pirate MSFT software!
How much you want to bet M$ offers to release "guaranteed" virus-free software in the future provided that Korea cracks down on software piracy?
You see? You see? Your stupid minds! Stupid! Stupid!
Holy crap! Not only is that displaying right, but I can cut and paste it!
If corporations are people, aren't stockholders guilty of slavery?
microsoftholes.slashdot.org
Microsoft is paying *extra* attention to security now!
I use Macs to up my productivity, so up yours Microsoft!
- $ grep NNNNNNNNN httpd-access.log | wc
First record: 05/May/2002:21:57:58.88 1056 41562
I've been fortunate in that none have been on the same B or C class subnet. Naturally, I've notified the two infected ISPs on the same A class subnet before either attacked twice.
Still, how is it that this thing has resurfaced? Don't these things ever die? Is Microsoft secretly including it in other packages?
If they only had used Java, all the koreans could change are simple properties files. :-)
Somebody is getting fired!!!
I haven't seen the code of the Windows kernel. However, do you need really good comments (or even any) to figure out how a few lines of the virus code work? By the way, there are commercial programs with GPL'ed code like Metadot or MySQL. And they appear to heve pretty well commented code. This might become the case for Microsoft as well.
No wonder Nimda slipped through. They're spending all their time manually converting to HTML.
However, in Microsoft's defense, it should be noted that most other developers only convert the help files they expect to find.
"Inflammable means flammable? What a strange country!" -Dr. Nick, The Simpsons
Can you believe I lost a point for this?
lost a point lost a point lost a point
la la la
As my father lik@(munch munch)...