Slashdot Mirror
Creative Zens Ship with Worms
An anonymous reader writes "Engadget reports about 3700 Creative Zen "Neeons" shipped with a virus. The virus in question was the W32.Wullik.B@mm worm. Creative released a statement today to help consumers pinpoint the possibly effected devices."
Ouch - that's going to be a black eye. Although it isn't the first case of software shipping with malware, IIRC there was some kid's game on CD that included a Bonus Virus inside.
Now a comment and a question for the peanut gallery - it's always been a pet peeve of mine that software companies aren't held to any real sort of accountability for shipping product that is clearly flawed. They hide behind the "shrink wrap" license, and (at least IMHO) get away with murder. Imagine if GM or Ford or Daimler-Chrysler put such a waiver of liability on a sticker on the doors of their new cars. The courts would tear them a new one so fast it'd be like lightning.
The question - what sort of liability does Creative have in this case, and what's fair recompense for shipping a clearly flawed product where said flaw has the possibility of harming the user's computer, data integrity and / or privacy?
How much is enough? Should Creative be given a hard enough pranging to get the attention of other software manufacturers?
Personally, I say "Yes". GM spends a hell of a lot of time and energy making sure their brakes work, I'd like to see software companies (and you all know exactly who I've got my sights on here) make sure they ship product that isn't horribly broken right out of the box.
but shouldn't it be affected?
the possibly effected devices means the devices that possibly came into existence because of the worm.
iPod and Mac zealots are now going to proclaim that "iPods don't get viruses!" ?
When you run Windows, you must run anti-virus ~all~ the time!
Agile Artisans
because you are desparately trying to start a flamewar?
IBM is running its new 90-nm microelectronics fab (in Fishkill, NY) entirely on Linux. So if it's feasible for a plant of that complexity, it should be feasible for a small assembly plant such as Zen Creative's.
--
Mad science! Robots! Underwear! Cute girls! Full comic online! http://www.girlgeniusonline.com/
Scrawny man in PE kit, about to lift a small weight: "Will this affect me?"
Muscular man, lifting two larger weight with each hand: "Look at the effect it had on me!"
From a poster in the Remedial Studies unit at my secondary school.
Je fume. Tu fumes. Nous fûmes!
These people don't even know how to grammer check their press release...
It was verified that it is the possibility the extermination possible worm type virus of the risk which is called to the player itself of Creative Zen of the digital audio player who it was produced was shipped from shipment preparation and late July this each time in our company Neeon "W32.Wullik.B@mm" having mixed low.
OK. The actual problem is probably not serious as far as I can tell, since running the virus software is not automatic on installation (which I bet is done by a super user or admin). But really, this is not professional and someone ought to get the sack. And the person who wrote the press release ought to be retrained as a petrol station attendant.
"As a writer / novelist you might want to spellcheck your sig.
Come to think of it, how does this worm manifest itself on a player device?
I doubt it executes on the player itself. Can it infect the PCs that you connect the player to for syncing?One line blog. I hear that they're called Twitters now.
Is this virus on the software/driver CD or the actual device itself?
If it's on the device, how is it running on the zen, since I'd imagine the zen doesn't run windows, and how does it get from the zen to the operating system? (Wouldn't a zen be just like a bulk transfer device or something, and require the user to download and run the virus from it?)
It'll be interesting to see how both the consumer and the company react to this situation and to see how public this could get. If damage is actually done here from the defect, who would be liable? Oh the joys of transitioning into the digital age...
The author of W32.Wullik.B@mm is suing Creative Zen for copyright infringement under the DMCA.
Maybe Avon can fix it with the help of Orac.
..for a product vying a piece of personal hdd-based players dominated by iPod, this is bad news.
Creative may try to position itself as the player with replaceable battery (hence longer life), has few more quirks (such as allowing you to move files across computers, rather than going the iTunes way), however, iPod still remains the benchmark in usability and style (the USP of iPod).
Till they manage to one-up the market leader with innovative design or something special, such glitches will always render it as also-ran
http://efil.blogspot.com/
For those who, like me, prefer reading intelligible Japanese over machine translation, here.
Once upon a time I remembered that %2f was slash and %3f was question mark, etc.
I can't imagine how something like this got into the production image unless there were a lot with their thumbs up their anal orficies that day...
Ruby Neural Evolution of Augmenting Topologies
``This is exactly why having windows machines in a production process is a bad idea.''
Although Windows has a deserved reputation for being susceptible to viruses and break-ins, this problem is not unique to Windows. Any software written in unsafe languages (like C and C++) is bound to contain exploitable vulnerabilities. Any system that allows the user to run software that they bring to it is susceptible to trojans.
AFAIK, no current operating system is both usable and provides adequate protection mechanisms against viruses. A fine-grained permission system might help, though. Allow the MP3 player's software access to your music directory, but nothing else. Allow the word processor access to your documents directory, but nothing else.
I wrote a utility called chrootexec that allows you to run a program in a chroot jail (it cannot access files outside that directory). It's basically the same as the chroot command, except that you don't need to be root to use it (but it does have to be installed suid root to work).
However, some programs (file managers come to mind) need access to many directories to be useful. These will still be exploitable.
Please correct me if I got my facts wrong.
>> the quality of the so-called "translation" spat out by Babelfish make me feel a lot better about my long-term job security...
It don't make me feel so goods about you job security. q:]
I used to have a sig, but I set it free and it never came back.
Why does this sound like some Mac/iPod anonymous fanatic kicking dust?
While I totally agree with the concept I don't think your argument holds up.
If brakes fail on a car a person dies, while if a OS has a hole privacy is breached, and data is corrupted. This is not quite the same level of damage(although I'm sure there are cases which go both ways.. I'm speaking in general here)
The problem is if a new Honda Civic was to wait in storage for 2 years it would still be allowed on the road, and would be in better condition than the greater population of the cars out there. While if you wait 2 years for an os things change so rapidly that the os needs to be patched right out of the box.
Beyond that there are a lot of people (or very few very good people) who aim to destroy software and find vulnerabilities. While correct me if I'm wrong but unless murder is your goal not to many people target cars so they become a hazard to the owner.
With that said. I do believe that something like shipping a product with a virus which brings us back to TFA, is something that really needs to be followed up on. Creative got caught with their pants down here and I am curious to see what the final result will be.
Losers whine about their best, Winners go home to fuck the prom queen
After all, they've saved countless users entire minutes by cutting out the middle man and having an already-installed virus. This could potentially teach the unsuspecting public about the harm and danger of viruses with an in-your-face attitude.
Microsoft should definately start doing this.
Well this doesn't suprise me as, by the desing of the Zen, Creative have already shown that they don't have a clue.
For fricks sake the Zen is Windows only and requires propietary drivers to talk to it (yes I know there's a Linux project that does this but Creative themselves don't supoprt anything other than Windows) Guess what Creative, THERE ARE OTHER OPERATING SYSTEMS ON THE PLANET.
Come on how hard can it be to make a device that supports direct access to its filesystem in the manner of a USB pen drive coupled with the ability of the device to play any media files found within its file system ? Maybe the designers could also be really clever (tm) and hold your playlists etc. in a small database held within the filesystem ? (wowee they could even use XML text files)
So why the hell is it that these wretched portable hard disk players all seem to feature yet another propietary file system ? Sorry that's just awful, awful, shitty design. Once again manufacturers choose to reinvent the wheel poorly instead of reusing existing, proven technologies to good effect.
Sheesh. Creative Zens suck enough already but now they come with bundled viruses.
Creative are clueless. Utterly clueless.
Sky subscribers are morons. They pay to be advertised at !
Finally, Creative products ship with software that actually works!
-- Game Developers: Stop porting badly-textured games from crappy console systems!
Come on, Creative, where was marketing on this?
"Yeah, our players have virii, but they're removable...like our batteries!"
"Sure you'll get your computer hopelessly infected with a virus, but as you're reinstalling Windows, you'll be able to listen to FM radio!"
"Don't worry, our Stik-On MP3 player stickers are totally virus-proof."
You may not have had Dell 1650s installed a while back, but there was a recall in 2003 because a voltage regulator on the MB overheated and could catch fire: http://news.zdnet.com/2100-9584_22-5145372.html?ta g=zdfd.newsfeed
I once worked for a software developer in the Dallas, TX area who had a mainframe development side, and a PC development side. I worked on the mainframe side of the house, and thus didn't have to concern myself with the PC stuff, which was relatively new at the time. One of the PC developers shipped a software update to one of our customers, a big law firm, who also had a large Novell PC network in their offices. The PC software was infected with a virus, because the PC programmer was habitually visiting BBS's to download pr0n and games while at work. This was in the days before even dialup Internet was widespread available. Well, the virus spread all over the law firm's network, and they simply hired an outside network security contractor to come in and clean everything up. They handed a $30,000 bill to my employer for the contractor's fees, plus another bill for $100,000 in lost work due to unavailability of their network. My employer at first refused to pay either, but after consulting with their own attorneys (at an additional expense of probably a couple $K) paid both bills since they were told there was about a 75% chance that they'd lose and the court would award triple damages. The programmer who'd fault this was, was fired... not for the virus, but because they (allegedly) caught him sleeping at his desk in the middle of the afternoon.