Slashdot Mirror

← Back to Stories (view on slashdot.org)

Creative Zens Ship with Worms

Posted by ScuttleMonkey on from the egg-on-your-face dept.

An anonymous reader writes "Engadget reports about 3700 Creative Zen "Neeons" shipped with a virus. The virus in question was the W32.Wullik.B@mm worm. Creative released a statement today to help consumers pinpoint the possibly effected devices."

6 of 354 comments (clear)

  1. Product Liability by Monte · · Score: 5, Interesting

    Ouch - that's going to be a black eye. Although it isn't the first case of software shipping with malware, IIRC there was some kid's game on CD that included a Bonus Virus inside.

    Now a comment and a question for the peanut gallery - it's always been a pet peeve of mine that software companies aren't held to any real sort of accountability for shipping product that is clearly flawed. They hide behind the "shrink wrap" license, and (at least IMHO) get away with murder. Imagine if GM or Ford or Daimler-Chrysler put such a waiver of liability on a sticker on the doors of their new cars. The courts would tear them a new one so fast it'd be like lightning.

    The question - what sort of liability does Creative have in this case, and what's fair recompense for shipping a clearly flawed product where said flaw has the possibility of harming the user's computer, data integrity and / or privacy?

    How much is enough? Should Creative be given a hard enough pranging to get the attention of other software manufacturers?

    Personally, I say "Yes". GM spends a hell of a lot of time and energy making sure their brakes work, I'd like to see software companies (and you all know exactly who I've got my sights on here) make sure they ship product that isn't horribly broken right out of the box.

    1. Re:Product Liability by TheViewFromTheGround · · Score: 3, Interesting

      Though very rarely, strange shit like this happens. I had a friend brought home his clothes from the laundromat compressed together in big bags. The clothes (particularly the metal pieces) were hot enough from the drying that they set fire to the bags, which should have burned out but set fire to some paper, which resulted in his apartment slowly catching fire. The resultant fire and (mainly) smoke damage, his lack of insurance, and his slum-lord renter meant his family almost wound up homeless. Shit happens, but weird shit happens, too.

      --
      Online citizen journalism from the inner city: The View From The Ground
  2. That's why Win32 in a factory is a bad idea by SysKoll · · Score: 4, Interesting
    This is exactly why having windows machines in a production process is a bad idea. You never know when a worm, virus, trojan or other beast is going to interfere with your fabrication, the files or the hard disk imaging.

    IBM is running its new 90-nm microelectronics fab (in Fishkill, NY) entirely on Linux. So if it's feasible for a plant of that complexity, it should be feasible for a small assembly plant such as Zen Creative's.

    --

    --
    Mad science! Robots! Underwear! Cute girls! Full comic online! http://www.girlgeniusonline.com/

  3. I guess Zen doesn't run Linux by AndroidCat · · Score: 5, Interesting

    Come to think of it, how does this worm manifest itself on a player device?

    "W32.Wullik.B@mm is a mass-mailing worm that attempts to send itself to all the contacts in the Outlook address book. The worm makes numerous copies of itself in random locations, and moves to a new location when Windows Explorer browses to the folder from which it runs. It can spread to floppy disks and shared network drives under some conditions.
    I doubt it executes on the player itself. Can it infect the PCs that you connect the player to for syncing?
    --
    One line blog. I hear that they're called Twitters now.
  4. oopsies by theheff · · Score: 3, Interesting

    It'll be interesting to see how both the consumer and the company react to this situation and to see how public this could get. If damage is actually done here from the defect, who would be liable? Oh the joys of transitioning into the digital age...

  5. Not just Windows by RAMMS+EIN · · Score: 4, Interesting

    ``This is exactly why having windows machines in a production process is a bad idea.''

    Although Windows has a deserved reputation for being susceptible to viruses and break-ins, this problem is not unique to Windows. Any software written in unsafe languages (like C and C++) is bound to contain exploitable vulnerabilities. Any system that allows the user to run software that they bring to it is susceptible to trojans.

    AFAIK, no current operating system is both usable and provides adequate protection mechanisms against viruses. A fine-grained permission system might help, though. Allow the MP3 player's software access to your music directory, but nothing else. Allow the word processor access to your documents directory, but nothing else.

    I wrote a utility called chrootexec that allows you to run a program in a chroot jail (it cannot access files outside that directory). It's basically the same as the chroot command, except that you don't need to be root to use it (but it does have to be installed suid root to work).

    However, some programs (file managers come to mind) need access to many directories to be useful. These will still be exploitable.

    --
    Please correct me if I got my facts wrong.