Slashdot Mirror
Invisible Malware Install 65MB Large
Paperghost writes "Words fail me with this one - don't have the .NET framework on your PC to utilise the adware maker's technology? No problem, they'll download it for you without you knowing. The problem is that it's a sixty-five megabyte install." From the article: "...the size of the .NET framework to download can vary drastically depending on what extras you have - don't forget the service packs, SP1 is an extra 10 or so MB in size. But I'm actually understating the amount of space used when installed, as .NET can total up to 100MB."
Consider the .NET framework for a second. Suppose you wrote something innocent like a screen saver, written in C# based on the .NET framework. How would you as an ISV "ship your software"? You can't. Not unless you sign up to ship Microsoft's software as well. You see, the .NET Framework isn't widely deployed. It is present on a small fraction of machines in the world. Microsoft built the software, tested it, released it to manufacturing. They "shipped it", but it will take years for it to be deployed widely enough for you, the ISV to be able to take advantage of it. If you want to use .NET, you need to ship Microsoft's software for them.
Who said Microsoft does not know how to ship software anymore?! Let the trojan authors take care of that!
-------
Warning: Slashdot may contain traces of nuts.
Search for dotnet instead. It works.
I am a leaf on the wind. Watch how I soar.
- It's an optional install from the XP SP1 and SP2 CDs
- It isn't included with any version of XP Home.
- It isn't listed as a critical update on Windows Update
Taking those major flaws of your arguement into account, and how Microsoft have behaved in the past with products, how you'd consider that they're 'forcingIt's a 65MB install, but only a 24MB download. From TFA:
.NET framework to download is around 23MB, though this is still a lot of bandwidth to use up without asking. In addition, the size of the .NET framework to download can vary drastically depending on what extras you have - don't forget the service packs, SP1 is an extra 10 or so MB in size.
.NET, it takes up 65MB.
the actual size of the
So once it's done its thing and installed
Guy asked me for a quarter for a cup of coffee. So I bit him.
The .NET download is just part of Windows now; sooner or later, you will need it, whether you want it or not. 65M is not all that large compared to other runtimes and libraries (C/C++ is much larger).
.NET.
The real problem here is that somehow these machines installed malware. The problem could be that they are running IE, it could be that the malware is exploiting a bug, etc.
There is a simple solution: run Linux instead. That will protect you from both malware and
I would not say that the .Net framework is huge in comparison to, say, Java. The Java 1.4.2 runtime (no SDK) core is 15 MB. The core .NET 1.1 runtime my company distribute with our software (the clients know they are getting it) is 19 MB.
Great ideas often receive violent opposition from mediocre minds. - Albert Einstein
I've spent most of my computing life (20 years since I was 12) working on CP/M, macos, and linux. 2 years ago I became a Window developer.
I've found that I need administrative access to do a lot of the things that I need to as a developer. I do these things many times a day. On linux I would just sudo when I needed it. I think you can run commands as a different user on windows too, I did try it once but kept hitting problems. There's no 'man' command! DOS documentation sucks. I haven't found the equivalent of a sticky bit that I can use for my build scripts that need admin access. A lot of Windows apps are built from visual studio which doesn't have a GUI to switch to admin access for parts of the build. The philosophy is just not there - yes we should push for it. When I was developing for macos in a much bigger company the windows team used to be more sorted in this respect - but then there was a big IT department to support them - developers can't afford to spend too much of their time on system admin. Some developer's are into it and some aren't. The lead programmer on my current team is so not into it (but he is a brilliant programmer) - to make things easy for him he has domain admin - everyone knows his password! No I won't say where I work! We don't have an IT department. I think big companies that can afford IT staff do tend to be better over stuff like this.
I don't think many people would start an X session as root in linux. A lot of people will only switch to root as needed. Some are better than others about being fussy about what they do as root. (I bet a lot of people compile their kernels as root) On Windows on the other hand it is very common to login to the graphical environment as admin. A lot of the admin tools have GUI. I think both Windows and linux could be made better by making it very awkward (impossible out of the box) to start an X session / login to Windows as an admin user. I have seen new linux users start X sessions as root....normally to get things set up (often being used to Windows)....but then sometimes things don't work for them as normal users and they just give up and always login as root!
I suppose I might be guilty of the same laziness when it comes to being a new Windows user - but I'm not being paid to admin my machine....In fact I use a linux box to mail and surf so as to lower risks a bit - we were asked to find ways of avoiding Outlook - so I found an old PII and blatted gentoo on it. There is a big difference between Windows and Linux though...a lot of install stuff is done on the command line on linux. Most big distro's make it clear you're being an idiot for running X as root. I haven't seen a linux distro that doesn't make you, or strongly advise you to create a normal user account as well as a root account. Having groups as well as users makes things a lot more flexible. Unix has always been a multi-user environment. Windows just hasn't been designed that way. You've got to laugh.
Look at what the ACs pointed out... An admin still needs to start the process... however in AD with a Computer install, software is installed in the system context because no admin in logged in. And considering that an admin assigns the software to be installed i do not think that is security issue in the design.
.Net resides, and therefore a normal user will be not be able install .Net unless they increase their previledges...
Any normal user account in windows cannot write into the Windows folder where
I'm guessing that you didn't read the article or are unfamiliar with .NET. The .NET Framework is a 23 meg download, not 65. The article states that the TOTAL download of the framework + malware + spyware was 65 megs.
.Net Framework, however.
Your point does remain that the JRE is smaller than the
Your point is accurate, but I'm afraid your first example is less so: bubonic plague is not a virus, it is (believed to be) a bacteriological infection of Yersinia pestis.