Slashdot Mirror
Gamespy Installer Spreads Nimda
NSG writes "Yahoo News is running this story about the Nimda virus infecting some Gamespy Arcade 1.09 installers. Approximately 3,100 infected files were served in a seven hour period. What responsibility does Gamespy have to the users who downloaded the infected file?"
Viruses in gamespy software? The computer industry in general has demonstrated that the concept of ethics no longer applies when there is money at stake. Read the average EULA: you have to surrender fundamental rights, such as fair use. Worse than that, the developers generally absolve themselves of any responsibility or liability whatsoever -- they won't even guarantee that the software that you have just bought will do what they claim it does! What we're seeing is the culmination of an unfortunate trend. The creators of a piece of software for as long as they control it have a monopoly -- anyone committed to using their product is pretty much at their mercy. And that means money -- lots of money.
The theory of relativity doesn't work right in Arkansas.
I mean, seriously, who downloads this anyway? I make a habit of not trusting any software that has to scan your entire harddrive in order to 'find' games.
If a game doesn't have an ingame browser, then I stick to direct connect, or single player. I shouldn't have to run external programs to play games online.
Still, I think the bad press alone will be Gamespy's punishment on this one. I've seen this news crop up everywhere in the past day or two, and chances are, anyone who reads any kind of net news knows as well.
Legally anyway. I haven't looked at the EULA for Gamespy (haven't downloaded it, actually), but I'm betting some large odds it'll have some clause in it saying they're not responsible even if it destroys your computer, sets fire to your home, and heralds the End of the World.
Whether this will stand up in court would be interesting to see, though. And the precedent it would set would be very wide ranging.
Not necessarily. Just because a company states that it isn't liable for anything doesn't mean it is. Several rights cannot be forfeited in contracts. If they could, companies could make people indentured servants instead of foreclosing on them. The EULA is designed to make a user think he or she has no rights, not to actually take them all away (although it does take away some rights).
Answer: None
Have you ever read that LONG agreement before you install software? It clearly states this phrase:
NO WARRENTIES EXPRESSED or IMPLIED
idm owns me
OK, so they screwed up. They're not the first, and it would surprise me if they were the last. At least we haven't had any major virus targetting online gamers. Yet. (I'm sure the anti-virus makers have some cooking in their skunkworks-labs, to unleash on us once the artifical panic from the JPEG virus blows over.)
/tmp. Why give them blanket access to everything? Software that manipulates random files could communicate via a system call/trusted library that would combine a file-browser and grant one-shot access outside of the applications "playground" for the specific file-name/directory chosen by the user.
Part of the problem is of course the MS monoculture. Those of us wishing for a wider deployment of Linux (including me) may come to regret that wish, since it will inevitably lead to Linux virii. They will have a harder time of infecting the whole machine, but no doubt some clever cyber-{terrorist,vandal,take-your-pick} will come up with one that does exactly that, sooner or later.
And as sure as flies home in on shit, MS will take that as an opportunity to tout Palladium and denounce Linux.
Anyway, the big question is not really how to avoid having software distributions infected, but rather how to encapsulate software. On UNIX and Windows alike, any software you run, will run with the full privilegies of the user (at best) or root (at worst).
It would seem to me that one interesting future development for Linux (or one of the BSDs, perhaps?) would be to find a non-intrusive way of encapsulating software packages, even at run-time. Let them define what they need access to, and then have an installer grant them rights only to those parts of the system.
Most software really only needs write access to their own directory, plus perhaps
Oh well...
It does not absolve Gamespy of responsibility -- but fortunately the actual impact is now. Nimda only infects servers running IIS as a HTTP server, and I'm sure not many gamers are running IIS on their machines.
There's 10 types of people in this world, those who understand binary and those who don't.
/me waits to get flamed by crt and Walla now
Let them flame, you did the right thing. Quakespy was awesome. Early Gamespy's were good. Hate to flame them but they deserve it.
Then, through some sort of Realplayer-esque type move, it turned to crapware. Around the same time Planet* multiplied to 5 billion useless clones - now it's top flash banner, bottom ani gif, and 2 skyscraper flashes framing a 10x10 area of content. Gamespy Arcade, why? Meanwhile, Radiospy, which was actually cool, is "off the air". Get my GamespyID to download a patch "exclusively hosted" by Fileplanet? Go fuck yourselves.
Gamespy now infects games all over the place, and it really sucks. NWN's ingame server is "powered by Gamespy", and let me tell you, it's a UI nightmare.
I want the old Planetquake back - and before someone gives me the sob story on how hard it is to make it on the net/we got hosed by advertisers/bandwidth is expensive blah blah, Steve's been doing it without selling his soul, and building a kickass gaming community - and when he got in trouble, his users paid off a substantial amount of bills. Keep selling out users Gamespy, I won't miss you.