Slashdot Mirror

← Back to Stories (view on slashdot.org)

Visual Studio .Net: Now with more Viruses

Posted by ryuzaki0 on from the trustworthy-computing dept.

News.com breaks the story (and 8000 readers submit) that Microsoft distributed Nimda-infected copies of Visual Studio .Net in Korea. I don't even know what to say here; nothing seems adequate, except to point out that "trustworthy computing" does not seem to have had any effect whatsoever. News.com just updated their story to point out that it probably won't infect the people who installed Visual Studio .Net, but it's still a rather nasty faux pas for a company that's supposed to be cleaning up its act.

3 of 396 comments (clear)

  1. Slamming MS by glh · · Score: 5, Informative

    OK, someone messed up.. but it isn't as bad as it sounds. First off, it wasn't MS that put the virus in, it was some third party thing they used to convert the language to Korean. However, MS should have at least run virus scan on it before they shipped it. Second, the person running VS.NET would actually have to install IE 5.5 over IE 6 (why would anyone do that) and browse a certain help file in order for it to get infected.

    I'm not trying to defend MS. Just pointing out the facts (or at least how they were stated in the article). On one hand it's kind of funny to read through all the quick one-liner jokes about MS (definitely worth a chuckle) but I think MS isn't quite as bad as they're being made out to be.

    By the way, anyone know the company that wrote the nimda infected software?

    1. Re:Slamming MS by _xeno_ · · Score: 5, Informative
      Actually, according to the article at least, Microsoft did scan the files for viruses prior to shipping. However, they apparently have it set up to only scan files that they expect to be there, and therefore missed the added Nimba file. The way I read it, the Nimba file is not really part of the package and can never be accessed in normal usage of the product, and can only be accessed if the user goes looking through the actual help files that come with the system.

      Assuming that by "help files" they mean "VS.Net Documentation" then there are quite a few help files covering everything from JScript, VB, C#, C++, to the Windows Platform API, the C# class library, and more - which means it'd be practically impossible to manage to find the one Nimba file amoungst the croud. However, if they just mean tool help, then that content is a lot more limited, but I somehow doubt that is the case.

      I have to wonder how much about that "scan only files that should be there" is really spin doctoring, and if they didn't really scan the disk and are instead coming up with an excuse for having missed the presence of the file.

      Anyway, the Slashdot writeup is, as usual, way overblown in its anti-Microsoft slant. If they're going to write tirades about McAfee scaremongering, then they probably shouldn't do it themselves.

      (And, by the way, Michael is the author of both articles...)

      --
      You are in a maze of twisty little relative jumps, all alike.
  2. Re:What... the... hell.... by Ooblek · · Score: 5, Informative
    You should have realized it was a joke - however lame it was.

    By the way, this is just another example of a premature attack by OS zealots. Just as the case of the cross-platform virus discussed previously, the Nimda file is installed as part of the help system, but is never loaded by the help system. As the tounge-in-cheek editorial posted by the illustrious Slashdot editors put it, "Only a complete moron would get infected by this virus." So unless someone in Korea is stupid enough to uninstall IE 6.0 (required for .Net to run), install IE 5.5, and then load the Nimda file, it is unlikely that they will get infected. For every MS goof, there is an equal goof in the OS community. (But we all know people that point that out get modded down....)