Gamespy Installer Spreads Nimda

NSG writes "Yahoo News is running this story about the Nimda virus infecting some Gamespy Arcade 1.09 installers. Approximately 3,100 infected files were served in a seven hour period. What responsibility does Gamespy have to the users who downloaded the infected file?"

Hahah

[blackula]

Don't use Gamespy, use The All Seeing Eye for all your online gaming needs. It is 100x better. Trust me.

Re:Hahah

[shepd]

>Better hope that one of those 3000 odd downloads wasn't someone grabbing it to stick on their magazines coverdisk...

Speaking of magazines and viruses, I think you'll find it interesting that the first virus ever widely spread on Macs happened to be a veiled advertisement for a computer magazine itself, proving the truth is, in fact, stranger than fiction.

Liability? Read their TOS.

[User+956]

They're legally immune. From the GameSpy Website:

To the fullest extent permitted by applicable laws, GameSpy and its employees, agents, suppliers, and contractors shall in no event be liable for any claims, charges, demands, damages, liabilities, losses, and expenses of whatever nature and howsoever arising, including without limitation any compensatory, incidental, direct, indirect, special, punitive, or consequential damages, loss of use, loss of data, loss caused by a computer or electronic virus, loss of income or profit, loss of or damage to property, claims of third parties, or other losses of any kind or character, even if GameSpy has been advised of the possibility of such damages or losses, arising out of or in connection with the use of this Web Site, software, or any Web Site with which it is linked. You assume total responsibility for establishing such procedures for data back up and virus checking as you consider necessary.

alternatives

[Barbarian]

Although many people believe they HAVE to use Gamespy Arcade to play their favorite game online, and some games bundle it on the CD and suggest you install it, most games also include their own in-game browsers and there are also alternatives available which don't try to force you into a chat room when ever you want to look for a game or shove banners in your face, although some (pingtool) are dead.

Re:Who downloads it anyway?

[yomahz]

If a game doesn't have an ingame browser, then I stick to direct connect, or single player. I shouldn't have to run external programs to play games online.


Most in game browsers are really half assed and lame as hell.


I make a habit of not trusting any software that has to scan your entire harddrive in order to 'find' games.


Well, if you don't have the source to a program, you don't have any idea what it's doing anyways. At least it's telling you. You can always cancel it you know...

One thing I do have to say is that gamespy "Arcade" is really lame compared to Gamespy "3D"... Arcade just seems like a spam filled piece of crap..

Re:This is an industry problem, not just gamespy.

[some2]

Even a clause that says they are not liable does not exclude them from liability.

Here's an article on software liability clauses and theories on lawsuits regarding software liability. The key to success in a lawsuit is as follows:

Negligence: The company has a duty to take reasonable measures to make the product safe (no personal injuries or property damage), or no more unsafe than a reasonable customer would expect (skis are unsafe, but skiers understand the risk and want to buy skis anyway.) Under the right circumstances, a company can non-negligently leave a product in a dangerous condition.

The users of the software would assume that this software would be free from viruses. This company, by both not securing its networked systems from known viruses, and by not verifying that it's software was not virus-infected prior to release, acted negligently.

Now the question is -- would the reward of attempting lengthy litigation over a relatively small loss be worthwhile? Unfortunately, it's not all too often as such. To my knowledge, as of yet, data loss due to negligence (not resulting in death, destruction of people or property, etc) has not provided for large damages. I'm sure as judges and congress members become more technically savvy, we will see more resonable laws and judgements relating to software liability. Until then, good luck.

Re:Impact is probably relatively minimal

[Alizarin+Erythrosin]

Actually, it also tries to copy itself to any active network shares and opens your "Guest" account on Windows (should it have one) to administration level access, with no password, as well as random emails to people you know (or may not even know)

For more information

Re:Now I've seen it all

[hackerjoe]

Why cant you call virtuals from a constructor?

in C++ you can, but it's a bad idea because if someone overrides that function things may not work as expected:

#include <iostream>
struct A {A() {foo();} virtual void foo() {std::cout << "in A::foo" << std::endl;}};
struct B: public A {virtual void foo() {std::cout << "in B::foo" << std::endl;}};

executing the constructor B() produces the output "in A::foo", despite the fact that B overrides A's foo. this happens for the perfectly logical reason that since B hasn't been constructed yet, you can't call any of its methods, but it can be quite confusing. a parallel argument applies to destructors.

Re:They screwed up - so what?

[vittal]

have a look at systrace, which is an attempt at providing a means of reviewing/restricting an application's access to system resources.
http://www.citi.umich.edu/u/provos/systrace/

v