Slashdot Mirror
Invisible Malware Install 65MB Large
Paperghost writes "Words fail me with this one - don't have the .NET framework on your PC to utilise the adware maker's technology? No problem, they'll download it for you without you knowing. The problem is that it's a sixty-five megabyte install." From the article: "...the size of the .NET framework to download can vary drastically depending on what extras you have - don't forget the service packs, SP1 is an extra 10 or so MB in size. But I'm actually understating the amount of space used when installed, as .NET can total up to 100MB."
Sounds like somebody needs a better browser.
Your hair look like poop, Bob! - Wanker.
How is it possible to download it *without knowing*?
Any word on which browsers are vulnerable? Is this the sort of thing to be, once again, filed under "Switch to FireFox"? The author leaves a lot of unanswered questions.
Or is this the child of something that must be user-run first?
I hope the land around you yields, a crop like all the other fields, and then your waiting might make sense...
What happens when Longhorn-specific malware packages decide to upgrade those Win95/98 boxes still out there...
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
For those of us that occasionally program in C# with .NET this is a bigger pain that you know. The two most descriptive keywords of the programming environment really are meaningless nothing-words in the Web's (normally) best search engine.
Get off my lawn.
YOu know, a lot of people complain about the size of the .NET framework, but 65-100MB isn't really a lot of space considering what it does. The upfront size is off-putting, but the savings you get for it more than make up for it.
.NET programs are? .NET is the Win32 API done right (not least because of Anders Heijsberg).
Ever notice how small most
Back in the day, we had to distribute Paradox runtimes with our applications, and it was a whopping 2MB file. But that also meant Paradox applications were absolutely tiny, which made it easy to deploy updates and stuff. This can translate to a lot of savings for enterprises running on Paradox.
Keeping in mind that the article is trying to do two things:
.net framework is huge
.net framework is ~23MB, and the service pack is ~10MB. There aren't any "optional extras" to the .net framework as such however they could be talking about components that AREN'T part of the .net framework. You get the framework in several flavours and the standard install is the largest. I'm willing to bet that the total size is how much harddisk space is actually consumed after install - and not the volume downloaded. I'm sure you could say that the Java Runtime is 100MB - it doesn't mean you download 100MB however.
1. Point out that spyware is getting worse
2. Show that the
The latter point is simply trying to get people (especially anti-Microsoft people) fired up over nothing. The
Call me cynical (been on slashdot for many a year now) but parts of this article seem designed to enduce high emotion with a slashdot type crowd.
- JD
My blog [.net, rants, general IT]
My take was that he works in an office with a quantity of computers Q where Q is large and that the bandwidth reports showed a huge spike in traffic. 65Mb * Q = gigabytes of data, easily possible if you have 30-50 machines inhouse and they all picked up the malware.
If the g'vt kept the data on you that google does you'd better believe you'd be calling it "doing evil"
Although, one has to wonder. Your argument certainly holds true for worms and viruses, but trojans are a different sort of beast. They are, in a sense, socilally engineered rather than technologically engineered. Most even tell you (in fine print) exactly what they're going to install and how, but people don't bother reading it.
Now, for most GNU/Linux distros, there is a centralized packaging system which, by virtue of being centralized, cannot be added to by someone without root access. Therefore, a newbie GNU/Linux user (assuming he hasn't been convinced by Lindows or some other stupid company to run as root all the time) will know at least that in order to install software he wants, he must be root.
So when he downloads Bonzi Buddy for GNU/Linux, do you think he'll think it odd if he needs to su before he can install the conveniently packaged rpm or deb? Hardly. He'll just click through the EULA without reading it, just as he does with Windows, provide his root password, and bume, he's owned.
As a result, unless he's using GNU/Linux in a corporate environment where he doesn't have the root password (and in many companies -- for example mine -- that use Windows, it's standard for people not to have Admin rights to their own computers either) he's going to be vulnerable to the same sorts of social attacks as he would on Windows.
Furthermore, he will be vulnerable on pretty much any platform with as simple a security model as GNU/Linux, OS X, and even Windows (ie, admin/user two-tier security levels). Because he'll just be coerced by the pretty purple ape and/or animated cursor to provide his root password. Voila!
The truth is, there are two reasons there's not much malware for non-Windows systems. One is because of market share, and the other is because the users of minority operating systems tend to be a little more technically savvy than the soccer moms and nascar dads that make up the Windows world. This is even true for Mac users, simply because you are more aware of your computer when most of the world's software isn't compatible with it.
I mean, the thing to recognize here is that security isn't just having secure programs, but also having a security minded admin. My impression of most GNU/Linux users today is that they aren't all that security minded, but because most people aren't leveling attacks at them, it doesn't much matter. If on top of that you had a whole legion of computer illiterate folks clicking on the pretty GNU/Linux widgets, well... let's just say it doesn't bode well.
For me, I'll never have any of this crap because I'm committed to software freedom, and no malware author is going to provide the source code of his program under a license I'm comfortable with.
When Windows users say, "There aren't as many viruses/worms/exploits for GNU/Linux/BSD/MacOS X because there are more Windows machines," flame the shit out of them, because they're ignorant as all get out about the architectural differences between these systems.
But when we're talking about trojans, I'm afraid GNU/Linux, on its own, will not save you.
Infact some models have shown its even in a species interest to play host to a disease causing entity that is more lethal to a competitor or predator. E.g. mice that carry diseases fatal to predetors.
In rare cases tolerance gives way ot full symbiosis where each helps the other. Perhaps a bacteria that helps deal with some more dread disease or an enteric digestive aid. Something that fixes nitrogen in your roots.
So anyhow maybe the course of virsuses are indeed ones that tune up your system, protect you from other viruses and make sure your computer is working optimally. Perhaps they will get out of your way when you are actually using it and just steal cylces and bandwidth when you wont miss it.
In that case 24 hour tech support is indeed on the way.
Some drink at the fountain of knowledge. Others just gargle.
Tell that to the poor shlubs who try to use their dialup connections whilst they're unknowingly downloading this in the background.
p
In Korea, long hair is for old people!