Slashdot Mirror
Creative Zens Ship with Worms
An anonymous reader writes "Engadget reports about 3700 Creative Zen "Neeons" shipped with a virus. The virus in question was the W32.Wullik.B@mm worm. Creative released a statement today to help consumers pinpoint the possibly effected devices."
Ouch - that's going to be a black eye. Although it isn't the first case of software shipping with malware, IIRC there was some kid's game on CD that included a Bonus Virus inside.
Now a comment and a question for the peanut gallery - it's always been a pet peeve of mine that software companies aren't held to any real sort of accountability for shipping product that is clearly flawed. They hide behind the "shrink wrap" license, and (at least IMHO) get away with murder. Imagine if GM or Ford or Daimler-Chrysler put such a waiver of liability on a sticker on the doors of their new cars. The courts would tear them a new one so fast it'd be like lightning.
The question - what sort of liability does Creative have in this case, and what's fair recompense for shipping a clearly flawed product where said flaw has the possibility of harming the user's computer, data integrity and / or privacy?
How much is enough? Should Creative be given a hard enough pranging to get the attention of other software manufacturers?
Personally, I say "Yes". GM spends a hell of a lot of time and energy making sure their brakes work, I'd like to see software companies (and you all know exactly who I've got my sights on here) make sure they ship product that isn't horribly broken right out of the box.
but shouldn't it be affected?
the possibly effected devices means the devices that possibly came into existence because of the worm.
iPod and Mac zealots are now going to proclaim that "iPods don't get viruses!" ?
When you run Windows, you must run anti-virus ~all~ the time!
Agile Artisans
Speaking as someone who translates from Japanese to English for a living, the quality of the so-called "translation" spat out by Babelfish make me feel a lot better about my long-term job security...
In case anyone is fooled into thinking the
Creative press release was horrible Engrish,
that was a bablefish link.
It is unfortunate we don't have an english
version yet, if that is the market effected by
this.
because you are desparately trying to start a flamewar?
IBM is running its new 90-nm microelectronics fab (in Fishkill, NY) entirely on Linux. So if it's feasible for a plant of that complexity, it should be feasible for a small assembly plant such as Zen Creative's.
--
Mad science! Robots! Underwear! Cute girls! Full comic online! http://www.girlgeniusonline.com/
Scrawny man in PE kit, about to lift a small weight: "Will this affect me?"
Muscular man, lifting two larger weight with each hand: "Look at the effect it had on me!"
From a poster in the Remedial Studies unit at my secondary school.
Je fume. Tu fumes. Nous fûmes!
These people don't even know how to grammer check their press release...
It was verified that it is the possibility the extermination possible worm type virus of the risk which is called to the player itself of Creative Zen of the digital audio player who it was produced was shipped from shipment preparation and late July this each time in our company Neeon "W32.Wullik.B@mm" having mixed low.
OK. The actual problem is probably not serious as far as I can tell, since running the virus software is not automatic on installation (which I bet is done by a super user or admin). But really, this is not professional and someone ought to get the sack. And the person who wrote the press release ought to be retrained as a petrol station attendant.
"As a writer / novelist you might want to spellcheck your sig.
Come to think of it, how does this worm manifest itself on a player device?
I doubt it executes on the player itself. Can it infect the PCs that you connect the player to for syncing?One line blog. I hear that they're called Twitters now.
Is this virus on the software/driver CD or the actual device itself?
If it's on the device, how is it running on the zen, since I'd imagine the zen doesn't run windows, and how does it get from the zen to the operating system? (Wouldn't a zen be just like a bulk transfer device or something, and require the user to download and run the virus from it?)
It'll be interesting to see how both the consumer and the company react to this situation and to see how public this could get. If damage is actually done here from the defect, who would be liable? Oh the joys of transitioning into the digital age...
With the defectiveness of our company, we apologize the fact that very much annoyance was applied the customer and to the related everyone deeply.
:D
So its true what they say about the "Creative" process, its often linked to mental impairment
The author of W32.Wullik.B@mm is suing Creative Zen for copyright infringement under the DMCA.
Maybe Avon can fix it with the help of Orac.
This might be a bit of a troll but: One more reason to get an IPOD!
They're so creative! First they invented shipping with styrofoam peanuts and now worms?! What'll they think of next?...
I don't know too much about worms, but I'd assume that something like this would have to happen deliberately - ie someone deliberately put an infected executable into the drive image? Or are worms smart enough to infect things inside disk images (or whatever they might be using - how do industrial processes get stuff onto hard disks???)
Game dev and music blog
..for a product vying a piece of personal hdd-based players dominated by iPod, this is bad news.
Creative may try to position itself as the player with replaceable battery (hence longer life), has few more quirks (such as allowing you to move files across computers, rather than going the iTunes way), however, iPod still remains the benchmark in usability and style (the USP of iPod).
Till they manage to one-up the market leader with innovative design or something special, such glitches will always render it as also-ran
http://efil.blogspot.com/
I had the meaning that some worms live in the Apples but it seems that they are just hanging on Windows.
Some are considering this an advantage, since they have better visibility and are much easy to be catched.
Other people are trying to get rid of tehm by dropping Apples and Penguins on thoose infested Windows.
The Windows are becomming broken, eventually installed again and the story starts over and over...
Pretty boring...
For those who, like me, prefer reading intelligible Japanese over machine translation, here.
Once upon a time I remembered that %2f was slash and %3f was question mark, etc.
I can't imagine how something like this got into the production image unless there were a lot with their thumbs up their anal orficies that day...
Ruby Neural Evolution of Augmenting Topologies
So I doubt they'll see a need to publish it in Engrish.
Unless one of their stuff notices this and figures damage control is necessary.
it's already started over there, same dumb-ass comments that show up on /.
Its amazing what companies do for money. btw, another one of this type of story: i once installed an antivirus from a cd i got with some magazine, conclussion: The antivirus scanner had a virus included. Result: pc didn't want to boot anymore...
``This is exactly why having windows machines in a production process is a bad idea.''
Although Windows has a deserved reputation for being susceptible to viruses and break-ins, this problem is not unique to Windows. Any software written in unsafe languages (like C and C++) is bound to contain exploitable vulnerabilities. Any system that allows the user to run software that they bring to it is susceptible to trojans.
AFAIK, no current operating system is both usable and provides adequate protection mechanisms against viruses. A fine-grained permission system might help, though. Allow the MP3 player's software access to your music directory, but nothing else. Allow the word processor access to your documents directory, but nothing else.
I wrote a utility called chrootexec that allows you to run a program in a chroot jail (it cannot access files outside that directory). It's basically the same as the chroot command, except that you don't need to be root to use it (but it does have to be installed suid root to work).
However, some programs (file managers come to mind) need access to many directories to be useful. These will still be exploitable.
Please correct me if I got my facts wrong.
When was the last time you saw an Open Source OS that would be compromised within 4 minutes of being on the net?
Yes OSS has it's bugs and even its showstoppers but even still does not even come close to the issues seen in certain other propriatary OSs.
Why does this sound like some Mac/iPod anonymous fanatic kicking dust?
stuff --> staff /.
this --> this thread on
What? Effected doesn't mean any of those! Look here:
Affect/effect
When was the last time you saw an Open Source OS that would be compromised within 4 minutes of being on the net? Yes OSS has it's bugs and even its showstoppers but even still does not even come close to the issues seen in certain other propriatary OSs.
Hey there fanboy, you missed the point entirely. Whether it's four minutes or four days, the entire point of the grandparent poster was that he thought that software companies should be held accountable when they ship flawed product. My question asked how that would be reflected when there isn't a straight forward "entity" that has culpability, which many OSS products/projects are perfect examples. You completely ignored that and turned in some useless "well ours sucks, but theirs sucks more" lame ass comment.
While I totally agree with the concept I don't think your argument holds up.
If brakes fail on a car a person dies, while if a OS has a hole privacy is breached, and data is corrupted. This is not quite the same level of damage(although I'm sure there are cases which go both ways.. I'm speaking in general here)
The problem is if a new Honda Civic was to wait in storage for 2 years it would still be allowed on the road, and would be in better condition than the greater population of the cars out there. While if you wait 2 years for an os things change so rapidly that the os needs to be patched right out of the box.
Beyond that there are a lot of people (or very few very good people) who aim to destroy software and find vulnerabilities. While correct me if I'm wrong but unless murder is your goal not to many people target cars so they become a hazard to the owner.
With that said. I do believe that something like shipping a product with a virus which brings us back to TFA, is something that really needs to be followed up on. Creative got caught with their pants down here and I am curious to see what the final result will be.
Losers whine about their best, Winners go home to fuck the prom queen
After all, they've saved countless users entire minutes by cutting out the middle man and having an already-installed virus. This could potentially teach the unsuspecting public about the harm and danger of viruses with an in-your-face attitude.
Microsoft should definately start doing this.
Why isn't there a recall?
What the hell is a Neeon? A common complaint on "front page quality" articles is the lack of basic information. News for Nerds implies some sort of journalism, strive for some sort of journalistic standards.
iPod Killer.
Creative is taking it WAY too far.
v4sw6PU$hw6ln6pr4F$ck 4/6$ma3+6u7LNS$w2m4l7U$i2e4+7en6a2X h
Thet mist meen thi ientearnit es e New Zealind envintion, es thay ell seffor frem ientarchengible vowil syndrum.
Well this doesn't suprise me as, by the desing of the Zen, Creative have already shown that they don't have a clue.
For fricks sake the Zen is Windows only and requires propietary drivers to talk to it (yes I know there's a Linux project that does this but Creative themselves don't supoprt anything other than Windows) Guess what Creative, THERE ARE OTHER OPERATING SYSTEMS ON THE PLANET.
Come on how hard can it be to make a device that supports direct access to its filesystem in the manner of a USB pen drive coupled with the ability of the device to play any media files found within its file system ? Maybe the designers could also be really clever (tm) and hold your playlists etc. in a small database held within the filesystem ? (wowee they could even use XML text files)
So why the hell is it that these wretched portable hard disk players all seem to feature yet another propietary file system ? Sorry that's just awful, awful, shitty design. Once again manufacturers choose to reinvent the wheel poorly instead of reusing existing, proven technologies to good effect.
Sheesh. Creative Zens suck enough already but now they come with bundled viruses.
Creative are clueless. Utterly clueless.
Sky subscribers are morons. They pay to be advertised at !
Serious, it adds to the experience, it lets the user know the device inside out, it sharpens the learning curve. Our users love this feature! Our sales will increase, we will beat the not so flexible multimedia devices out there with this feature.
Signed: Zen marketing representative
My wife's sketchblog Blob[p]: Gastrono-me
The slashdot article and the engadget blurb both keep using worm and virus interchangeably. Which is it?
Finally, Creative products ship with software that actually works!
-- Game Developers: Stop porting badly-textured games from crappy console systems!
How about older versions of RedHat and Slackware which by default started every daemon that existed including apache. bind, wu-ftpd (a steaming pile of shit in terms of security), samba, the rpc portmapper and several others without any restrictions on what interfaces they bind to. At least any recently modern Slackware distro is good about not enabling server software by default. I would hope fairly recent (within the last few years) versions of other distros do the same thing.
Come on, Creative, where was marketing on this?
"Yeah, our players have virii, but they're removable...like our batteries!"
"Sure you'll get your computer hopelessly infected with a virus, but as you're reinstalling Windows, you'll be able to listen to FM radio!"
"Don't worry, our Stik-On MP3 player stickers are totally virus-proof."
Remember HP Printers shipping with Alexia?
Oh wait, HP delibrately put that in there.
If someone is passing you on the right, you are an asshole for driving in the wrong lane.
Don't make so much fuss, everyone will want one too.
You may not have had Dell 1650s installed a while back, but there was a recall in 2003 because a voltage regulator on the MB overheated and could catch fire: http://news.zdnet.com/2100-9584_22-5145372.html?ta g=zdfd.newsfeed
...and yes I am a Mac and iPod zealot.
RESISTANCE IS FUTILE
The game you mention was most likely Viewtiful Joe 2 demo disc, which, when inserted into your PS2, wiped your memory cards by accident.
I don't remember any game that deliberately shipped with a bonus virus unless it was obtained illegally.
Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
It's all software driven albeit embedded software.
'Nuf said
(I recall MS releasing a virus, and I don't mean the obvious.)
http://hardware.slashdot.org/hardware/05/08/30/129 232.shtml?tid=180&tid=3
(Thank you. Thank you. Thank you.)
./ story postings for grammar, we might really be on to something. :)
Now if only we could get one of the students in your remedial studies unit to edit
As Lou Gerstner once said, "There are things that go on in the IT field that would earn you jail time anywhere else."
>.
Regards;
Creative's fault?
...) which is installed everywhere but still the computerworld is treatened by simple things that could have been avoided by one person, the one sitting behind the computer -> the (l)user, who thinks his PC is having nothing important so why care if anyone "uses" the bandwidth or PC as storage device ... (also called hypocricy)
Why isn't such production plant using a non-networked or unix PC that makes an image of the directory/filesystem after an automatic virus-check with latest signatures -> sending the image over a TX only connection or by DVD?
(l)user errors
On the other side, the home user should have a virus scanner installed; which are available for free; which would also intercept such corporate f*ck*ps immediately (g*ess my * key does not work very well); and which would stop this infected Internet madness a lot faster by updating the virus signatures automatically.
We are so fast in media techniques like media-visual (Flash,
Certain OS manufacturers
It's ackward, me as PC user is still wondering, I've seen os X and I've been using Windows for years - it's like the beauty and the beast... (-- the manufacturer, Microswoft(tm))
and it only gets uglier...
--- I am known for the ones who want to find me on the net. Is that a privacy risk or a privilege? One might wonder..
If you read the statement provided by Creative, you'll see that the serial numbers of the affected units are listed, and that Creative apologizes deeply for the problem. (yeah, it's babelfish translated, but you get the point)
This is an ASIA-ONLY problem.
Please get your facts straight before wanking all over the place about this. It happens, and since the virus is on the player in a place where it is extremely unlikely to be executed by a customer, this is not a big deal at all, and I'm sure it's a big wake-up call for Creative's Asian QA department, if they had anything to do with it.
Affect as a noun: He speaks with an affect.
Effect as a verb: We plan to effect a change in policy.
Both are correct. Note that the second sentence could be also written with "affect," but this would have a totally different meaning. In the "effect" case, it means we are going to cause the change to occur. In the "affect" case the change is presumably going to happen whether we have anything to do with it or not, but we plan to influence it.
Most exciting phrase in science: not "Eureka!" but "Hmm... That's funny..." -Asimov (abridged for \. limits)
Learn to spell, before you complain about someone elses spelling.
I once saw a BSOD on one of my banks cash machines. I don't know about you but I definitely consider my bank account a Life Critical application!!!
Quantum Physics a.k.a. sub-molecular statistics
Not always:
I'm not sure how to effect a change in people to get them to understand the effect of using 'affect' or 'effect' incorrectly.
Check out plash, the principle of least authority shell, for a nice version of the chrooting you describe: http://www.cs.jhu.edu/~seaborn/plash/plash.html
GM spends a hell of a lot of time and energy making sure their brakes work
. recall.reut/index.html
Good analogy... great timing...DETROIT (Reuters) - General Motors Corp. is recalling 804,000 full-size pickup trucks and sport utility vehicles because of potential brake problems, federal safety regulators said Tuesday.
http://www.cnn.com/2005/AUTOS/08/30/bc.autos.gm
You are all a bunch of idots.
Haven't you noticed yet that on the Intarweb you can use any vowel in place of any other ?
No. I have double-copyrighted "iFfect", "oFfect", "uFfect" and just for good measure, sometimes "yFfect".
The rest of you can now continue to confuse effect with affect.
Your pal Steve
IANAL, but I've seen actors play them on TV
Is vastly superior to Linux's system. It has a lot more fine-grained system of doling out privileges.
And Linux doesn't force you to use their permissions system. You can log in as root and run your daemons as root all day long if you'd like.
Neither of these statements means that Windows is more secure Linux. But I think that your statement that Linux is inherently more secure due to design principles is a pretty long stretch.
http://lkml.org/lkml/2005/8/20/95
Not from this at least.
The content these devices was likely duplicated bit-for-bit from a master image. That master image had a virus, and was likely made on a machine running Windows.
But it could easily be that the factory uses Linux, and that the machine which duplicated the image onto these affected devices runs Linux.
http://lkml.org/lkml/2005/8/20/95
a marketing decision - simply call the Neeons "Creative Zen Glow Worms." Hopefully, they can package a lot of different worms before they ship.
This sig donated to Pater. Long live
I think the honour for being the first company to ship a free virus with their flagship product belongs to Lotus, who shipped Lotus123 on infected floppies.
Oh well, what the hell...
I have a real problem with the return policy on some software. Some years ago, I bought some software at CompUSA, got it home, and it just flat out did not work, didn't do what I wanted it to, and flat out sucked.
I took it back to the store and tried to return it, but because I had installed it, they didn't want to take it back. After calling my credit card company and finding out what to do, they started to play ball. I didn't want to return it for a refund, I just wanted a different product that worked.
The manager finally decided to install the software on a computer in the store and show me that it worked. He did, and the software showed him how bad it really was. After close to two hours I finally got to leave the store with another piece of software. That policy is rediculous, but it very well may have changed since then.
You don't make the poor richer by making the rich poorer. - Winston Churchill
I once worked for a software developer in the Dallas, TX area who had a mainframe development side, and a PC development side. I worked on the mainframe side of the house, and thus didn't have to concern myself with the PC stuff, which was relatively new at the time. One of the PC developers shipped a software update to one of our customers, a big law firm, who also had a large Novell PC network in their offices. The PC software was infected with a virus, because the PC programmer was habitually visiting BBS's to download pr0n and games while at work. This was in the days before even dialup Internet was widespread available. Well, the virus spread all over the law firm's network, and they simply hired an outside network security contractor to come in and clean everything up. They handed a $30,000 bill to my employer for the contractor's fees, plus another bill for $100,000 in lost work due to unavailability of their network. My employer at first refused to pay either, but after consulting with their own attorneys (at an additional expense of probably a couple $K) paid both bills since they were told there was about a 75% chance that they'd lose and the court would award triple damages. The programmer who'd fault this was, was fired... not for the virus, but because they (allegedly) caught him sleeping at his desk in the middle of the afternoon.
Back in 1996 or 1997 I bought a book on C++ (for windows) and the CD that accompanied the book had a virus accidently recorded on it. As soon as the CD was installed in the drive then Norton would pop out a message about the virus.
Sort of embarrassing for the author of the book, I imagine.
Never did get a replacement CD. I guess it is sort of like finding a roach in a salad... makes one not want a replacement salad.
And in the end, the love you take is equal to the love you make
I'm almost positive that my copy of Command and Conquer: Renegade came with a virus on it. I forget which one, but it was a memory hog and it was a pain in the butt to remove, especially since the Symantec article was woefully inaccurate. The game would always run slowly after playing for 20-30 minutes and I thought it had a memory leak, until I googled the process using all my RAM. Perhaps I genuinely messed up and something crawled off the school network to infect me while I was screwing around with permissions for a friend, but after clearing it off, I got reinfected twice more, and I had no more problems after I beat the game.
Re: Problem with Creative Zen Neeon Digital Audio Player
:)
Notice to Customers and Advice on Dealing With The Problem
Creative has confirmed that there is a possibility that W32.Wullik.B@mm, a low-risk destructive worm virus, has infected the Creative Zen Neeon digital music players which were shipped from manufacture from the latter part of July onwards, some of which are still being prepared for shipping [?].
The issue concerns a specific factory line which was producing new units, and the Creative Zen Neeons which may have been infected by the worm (which were shipped from manufacture from the latter part of July and some of which are still awaiting shipment) number less than 1% of those shipped - of the roughly 3,700 units from this line that were shipped to Japan, less than 5% are affected.
It has already been confirmed that this issue affects no other Creative products.
The company offers its sincerest apologies for any inconvenience this will cause to its customers.
According to an internal company investigation, the cause has been identified as being in one of the various offline systems which form part of the final packing stage of the manufacturing process. The company can confirm that the problem has been rectified - it will have no effect on new units being manufactured at the factory in question.
Furthermore, in order to minimise the effect on customers and the market [for these devices], the company has currently halted shipping of all Zen Neeon units, and is working with its partners to arrange the return of units which may be affected.
Customers who have purchased Creative Zen Neeons with a corresponding line number and who have concerns about the safety of using their unit are requested to consult this special support page for more information.
Any mistakes/corrections, would be glad to hear!
iqu
Actually, less than 5%.
:P
Don't rely on Babelfish for decent translation - see here for the full thing!
iqu
Instead of...
...try...
:)
According to an internal company investigation, the cause has been identified as being in one of the various offline systems which form part of the final packing stage of the manufacturing process. The company can confirm that the problem has been rectified - it will have no effect on new units being manufactured at the factory in question.
According to an internal company investigation, the cause has been identified as being in one of the various offline systems which form part of the final packing stage of the manufacturing process.
As of this press release, the affected system has been withdrawn and the problem rectified. The company can confirm that it will have no effect on new units being manufactured at the factory in question.
Sorry about that.
iqu
Revenge of the RIAA!
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
> Speaking as someone who translates from Japanese to English for a living, the quality of the so-called "translation" spat out by Babelfish make me feel a lot better about my long-term job security...
You know what you doing?
If you mod me down, I shall become more powerful than you could possibly imagine.
If you mod me down, I shall become more powerful than you could possibly imagine.
Unless there's some really radical pronunciation changes between US and Canadian english, I think you'll find that affect is pronounced "AH-fect" and effect pronounced "EEEE-fect". Not really the same at all. Kinda like your and you're don't sound the same; your ends on an R sound, while you're is the sound of you + re (you + rrh, an extra h over your).
My ears can distinguish these; it makes it very interesting to hear how some people who are proficient actors still don't know the difference between you're and your.
--
Internet Explorer (n): Another bug -- that is, a feature that can't be turned off -- in Windows.
1. Put it in the microwave for 5 minutes.
2. Use a hot pad to carefully remove your now dewormed player.
Donate background CPU time to fight cancer.
What'll they think of next?...
Definitely tequila, to take advantage of existing worms
What is the sound of one hand slapping a forehead?
"Made up/misattributed quote that makes me look smart. I am on