Slashdot Mirror
Invisible Malware Install 65MB Large
Paperghost writes "Words fail me with this one - don't have the .NET framework on your PC to utilise the adware maker's technology? No problem, they'll download it for you without you knowing. The problem is that it's a sixty-five megabyte install." From the article: "...the size of the .NET framework to download can vary drastically depending on what extras you have - don't forget the service packs, SP1 is an extra 10 or so MB in size. But I'm actually understating the amount of space used when installed, as .NET can total up to 100MB."
I wonder if it comes with 24-hour tech support?
It's bad enough installing spyware, but now they have to go and install Microsoft software!?!?!?!
You slimy bastards!
I hope they're using bittorrent...
... that it's not Microsoft-sponsored? They have done just about everything else to push .NET down our throats...
bash: rtfm: command not found
And the makers will of course claim that they are providing a valuable public service by keeping peoples pc's updated! Bvah!
nhnFreespirit
Sounds like somebody needs a better browser.
Your hair look like poop, Bob! - Wanker.
Any word on which browsers are vulnerable? Is this the sort of thing to be, once again, filed under "Switch to FireFox"? The author leaves a lot of unanswered questions.
Or is this the child of something that must be user-run first?
I hope the land around you yields, a crop like all the other fields, and then your waiting might make sense...
They could have at least installed the open source version of .Net, aka Mono. What were they thinking!
"With enough memory and hard drive space, anything in life is possible!"
I'm still waiting for the worm that will monitor someone's usage habits so it can stealthily download and install Linux.
I bet some people started working on it, but got into a religious argument over what distro to use and gave up.
I could also see a worm that would harvest someone's credit card number and use it to order a Mac Mini.
Help I'm a rock.
It's like apt-get for Windows, except you don't even have to ask for the software. Further proof Linux isn't ready for the desktop, I guess.
This reminds me of a couple years ago when many piece of software came bundled with spyware called NewDotNet that claimed to be "needed for next generation internet applications" - just around the same time MS started pushing .NET
I remember uninstalling it from a bunch of machines because people asked, "Do I need this?" Yes....
It would be cool if it didn't suck.
I remember the good old days when we would statically compile in our 100 Mb of needed libraries when propagating some malware. Technology just bites you in the ass sometimes.
It installs WINE.
word.
I guess it'll download Mono. Hurray, malware is finally getting portable. Now if they finish Mono we can have malware on Linux too! ;-)
What happens when Longhorn-specific malware packages decide to upgrade those Win95/98 boxes still out there...
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
Now I know how to install it without clicking "I agree". So we'll be seeing some benchmark results on .NET real soon now, right?
This is true for pretty much all spyware because of the lack of an always-on connection. Plus, you tend to notice things going wrong on a slow connection.
It would be cool if it didn't suck.
For those of us that occasionally program in C# with .NET this is a bigger pain that you know. The two most descriptive keywords of the programming environment really are meaningless nothing-words in the Web's (normally) best search engine.
Get off my lawn.
YOu know, a lot of people complain about the size of the .NET framework, but 65-100MB isn't really a lot of space considering what it does. The upfront size is off-putting, but the savings you get for it more than make up for it.
.NET programs are? .NET is the Win32 API done right (not least because of Anders Heijsberg).
Ever notice how small most
Back in the day, we had to distribute Paradox runtimes with our applications, and it was a whopping 2MB file. But that also meant Paradox applications were absolutely tiny, which made it easy to deploy updates and stuff. This can translate to a lot of savings for enterprises running on Paradox.
I'm glad the adware developers have started to use managed code. Wouldn't want their software to be able to do anything "unsafe" on my system. Thanks, guys!
Consider the .NET framework for a second. Suppose you wrote something innocent like a screen saver, written in C# based on the .NET framework. How would you as an ISV "ship your software"? You can't. Not unless you sign up to ship Microsoft's software as well. You see, the .NET Framework isn't widely deployed. It is present on a small fraction of machines in the world. Microsoft built the software, tested it, released it to manufacturing. They "shipped it", but it will take years for it to be deployed widely enough for you, the ISV to be able to take advantage of it. If you want to use .NET, you need to ship Microsoft's software for them.
Who said Microsoft does not know how to ship software anymore?! Let the trojan authors take care of that!
-------
Warning: Slashdot may contain traces of nuts.
Search for dotnet instead. It works.
I am a leaf on the wind. Watch how I soar.
- It's an optional install from the XP SP1 and SP2 CDs
- It isn't included with any version of XP Home.
- It isn't listed as a critical update on Windows Update
Taking those major flaws of your arguement into account, and how Microsoft have behaved in the past with products, how you'd consider that they're 'forcingIt's a 65MB install, but only a 24MB download. From TFA:
.NET framework to download is around 23MB, though this is still a lot of bandwidth to use up without asking. In addition, the size of the .NET framework to download can vary drastically depending on what extras you have - don't forget the service packs, SP1 is an extra 10 or so MB in size.
.NET, it takes up 65MB.
the actual size of the
So once it's done its thing and installed
Guy asked me for a quarter for a cup of coffee. So I bit him.
Google now recognizes "C#" as a search term, and you ususally can get hits with "ASP.NET" or some class name.
Hey, if the spyware can get WINE working, more power to it.
I sure as hell can't.
'If you're flammable and have legs, you are never blocking a fire exit.'
This is like a fat dude with a bucher's kife sneaking up on a sheep from the front. And hoping the sheep won't notice.
BT Internet recently doubled the downstream rate on most of their broadband accounts, and after looking at the spyware penetration on some friends' Windows machines, 65MB malware seems completely plausible.
Prosperity is only an instrument to be used, not a deity to be worshipped. Calvin Coolidge
Well, to be honest I'm not sure I would. I actually downloaded the .NET SDK the other day, and although it did make my web browsing a little (not unusably) slower, it only took about 3 minutes. Also, a lot of people this is targeting probably are used to having a bunch of malware on their computers, so the disk activity from the installer or the slowdown of their internet connection might seem normal to them. If the viru^H^H^H^Hmalware authors really wanted to be covert about it, they could just have it wait for the mouse and keyboard to be idle for a few minutes, and start then, and if activity resumed, just throttle the download.
The long and short of it is probably yes. The Windows Installer runs in the system context and not the user context when the client is a part of an AD domain.
Running the Windows Installer in the system context is the only way that the directory can manage software on the client.
Kudos to MS for another brilliant design!
You appear to be using Linux. Please wait while we download and install Windows XP.
Progress 1% (2/690MB downloaded)
PocketGamer.org - For the gamer on the go!
Security is one of the core goals of .NET.
.NET as their preferred language of choice.
.NET, my malicious software is sure to be undeniably secure! Thanks Microsoft!"
That's why 9 out of 10 Malware authors now choose
A testamonial:
"I finally switched after being pwned by other Malware authors. All my other hack buddies laughed at me!" said 1337HaxX0r, author of AllYURComp.exe, "But now that I'm using
Karma: The only way to win is not to play.
The .NET download is just part of Windows now; sooner or later, you will need it, whether you want it or not. 65M is not all that large compared to other runtimes and libraries (C/C++ is much larger).
.NET.
The real problem here is that somehow these machines installed malware. The problem could be that they are running IE, it could be that the malware is exploiting a bug, etc.
There is a simple solution: run Linux instead. That will protect you from both malware and
I have a 28K modem, you insensitive clod.
Just make sure you read every line of the agreement for whatever application installs the spyware. If they're being cautious, they probably have a line similar to "We might install the .NET framework on your behalf, and therefore you must read and agree with all of the Microsoft .NET framework terms of service outlined at [url]", right next to the statement about how they're going to install spyware on your PC.
This isn't to say that any of it would necessarily hold up if tested in court, and it doesn't mean that Microsoft wouldn't have "issues" with the spyware distributor for bypassing the display of their license to the user installing the software. But if you're the sort of person who cares about clicking 'I agree' at all, then you should probably consider this, too.
There are other ways to find stuff on the net. This is a perfect example of where a directory, such as DMOZ or Yahoo, is going to get you better results than a search engine.
my sig's at the bottom of the page.
sure left some questions unanswered.
.NET), or does it run as a normal process and use the VM for displaying data?
:)). But I'm concerned since my family runs windows, and I'll be the one to clean it. I'm sure I'm not the only /.'er who feels this way.
1.
In what way does the malware use the VM? Can it collect data from within the VM (thus making it a security hole in
2.
Is this possible to happen behind a firewall, of say, SP2? I've heard of malware that slips through it, though I haven't encountered it (I run slack 10
Cheers
My take was that he works in an office with a quantity of computers Q where Q is large and that the bandwidth reports showed a huge spike in traffic. 65Mb * Q = gigabytes of data, easily possible if you have 30-50 machines inhouse and they all picked up the malware.
If the g'vt kept the data on you that google does you'd better believe you'd be calling it "doing evil"
... .NET bot-net
No kidding, one time I was doing some painting with some latex paint, right? And I was painting an oak table (oak is a wood with a hard core), so I wanted to make absolutely sure that the paint would bond to it. So I hopped on to google and type in "hard core latex bondage". I think it must be a bug with the parsing engine or something.
...of this malware will be much smaller as it doesn't have to download the whole .NET package and the Servicepack ontop of it.
Infact some models have shown its even in a species interest to play host to a disease causing entity that is more lethal to a competitor or predator. E.g. mice that carry diseases fatal to predetors.
In rare cases tolerance gives way ot full symbiosis where each helps the other. Perhaps a bacteria that helps deal with some more dread disease or an enteric digestive aid. Something that fixes nitrogen in your roots.
So anyhow maybe the course of virsuses are indeed ones that tune up your system, protect you from other viruses and make sure your computer is working optimally. Perhaps they will get out of your way when you are actually using it and just steal cylces and bandwidth when you wont miss it.
In that case 24 hour tech support is indeed on the way.
Some drink at the fountain of knowledge. Others just gargle.
FYI: 100 MB is not "HUGE". It's less then 1/2000th of the last HD I bought. What are you, living in 1999?
I've spent most of my computing life (20 years since I was 12) working on CP/M, macos, and linux. 2 years ago I became a Window developer.
I've found that I need administrative access to do a lot of the things that I need to as a developer. I do these things many times a day. On linux I would just sudo when I needed it. I think you can run commands as a different user on windows too, I did try it once but kept hitting problems. There's no 'man' command! DOS documentation sucks. I haven't found the equivalent of a sticky bit that I can use for my build scripts that need admin access. A lot of Windows apps are built from visual studio which doesn't have a GUI to switch to admin access for parts of the build. The philosophy is just not there - yes we should push for it. When I was developing for macos in a much bigger company the windows team used to be more sorted in this respect - but then there was a big IT department to support them - developers can't afford to spend too much of their time on system admin. Some developer's are into it and some aren't. The lead programmer on my current team is so not into it (but he is a brilliant programmer) - to make things easy for him he has domain admin - everyone knows his password! No I won't say where I work! We don't have an IT department. I think big companies that can afford IT staff do tend to be better over stuff like this.
I don't think many people would start an X session as root in linux. A lot of people will only switch to root as needed. Some are better than others about being fussy about what they do as root. (I bet a lot of people compile their kernels as root) On Windows on the other hand it is very common to login to the graphical environment as admin. A lot of the admin tools have GUI. I think both Windows and linux could be made better by making it very awkward (impossible out of the box) to start an X session / login to Windows as an admin user. I have seen new linux users start X sessions as root....normally to get things set up (often being used to Windows)....but then sometimes things don't work for them as normal users and they just give up and always login as root!
I suppose I might be guilty of the same laziness when it comes to being a new Windows user - but I'm not being paid to admin my machine....In fact I use a linux box to mail and surf so as to lower risks a bit - we were asked to find ways of avoiding Outlook - so I found an old PII and blatted gentoo on it. There is a big difference between Windows and Linux though...a lot of install stuff is done on the command line on linux. Most big distro's make it clear you're being an idiot for running X as root. I haven't seen a linux distro that doesn't make you, or strongly advise you to create a normal user account as well as a root account. Having groups as well as users makes things a lot more flexible. Unix has always been a multi-user environment. Windows just hasn't been designed that way. You've got to laugh.
This isn't .net's fault or Microsoft sadly.
It is plain the fact Adware writers have upgraded to VB .Net to write their software.
It is definetly the first case of it downloading 3rd party requirements to run the malware. (3rd party = microsoft)
For those of us that occasionally program in C# with .NET this is a bigger pain that you know. The two most descriptive keywords of the programming environment really are meaningless nothing-words in the Web's (normally) best search engine.
Hmmm... have you tried searching Google for C# lately? ".net" and "net" do indeed return the same results, but the results for "C#" and "C" are very, very different.
Google search for C#
Google search for C
The Online Slang Dictionary
Look at what the ACs pointed out... An admin still needs to start the process... however in AD with a Computer install, software is installed in the system context because no admin in logged in. And considering that an admin assigns the software to be installed i do not think that is security issue in the design.
.Net resides, and therefore a normal user will be not be able install .Net unless they increase their previledges...
Any normal user account in windows cannot write into the Windows folder where
I'm guessing that you didn't read the article or are unfamiliar with .NET. The .NET Framework is a 23 meg download, not 65. The article states that the TOTAL download of the framework + malware + spyware was 65 megs.
.Net Framework, however.
Your point does remain that the JRE is smaller than the
---I'm assuming you mean you want documentation for developers - i.e. APIs, library documentation, etc. Have you never used MSDN? In my opinion, this is the one thing MS does well. My main complaint when working with non-MS stuff is that documentation is often scarce, out-dated, or non-existent. But if I want to do anything in Windows, I know that not only will each API call be fully documented, there's often sample code showing you how to do things with it as well.
/U /AUTOTEST are my favorites on speed-formats. There's soo many ill-documented or non-documented programs and swicthes that dont do as they say.
Ill give you that. MSDN rocks if you need general API's or ABI's. Instead, we good documentation for DOS commands and techniques to manipulate files through the command line.
For example, I'd like to run a shell script (using bash for Windows and Linux), autodetect OS, and then execute a routine script. With Linux, I can, on user login, eject the CDROM, play a movie, reformat a hard drive and repartition it, have it blink red lights.. all sorts of things.. ok, maybe you need a driver for the red light thing.
On Windows, you cant eject a drive easily through commandprompt, reformat the drive (using the newer tools, no commandline access at all), or other interesting things.
Or even better yet, whats all the possible switches for Win98 FORMAT ? Yeah, it leaves out on the range of 5-6 different switches.
Why exactly did MS port SFU to Windows? Cause Windows doesnt provide command (or easy to remote) line tools to common jobs.
So MS now has COM and NET covered. I wonder when Microsoft ORG is due?
One line blog. I hear that they're called Twitters now.
I thought windows was supposed to be LOWER TCO?
smash.
I run: Windows, OS X, Linux, FreeBSD. Just because you have a hammer, doesn't mean everything is a nail.