Slashdot Mirror

← Back to Stories (view on slashdot.org)

Creative Zens Ship with Worms

Posted by ScuttleMonkey on from the egg-on-your-face dept.

An anonymous reader writes "Engadget reports about 3700 Creative Zen "Neeons" shipped with a virus. The virus in question was the W32.Wullik.B@mm worm. Creative released a statement today to help consumers pinpoint the possibly effected devices."

19 of 354 comments (clear)

  1. Product Liability by Monte · · Score: 5, Interesting

    Ouch - that's going to be a black eye. Although it isn't the first case of software shipping with malware, IIRC there was some kid's game on CD that included a Bonus Virus inside.

    Now a comment and a question for the peanut gallery - it's always been a pet peeve of mine that software companies aren't held to any real sort of accountability for shipping product that is clearly flawed. They hide behind the "shrink wrap" license, and (at least IMHO) get away with murder. Imagine if GM or Ford or Daimler-Chrysler put such a waiver of liability on a sticker on the doors of their new cars. The courts would tear them a new one so fast it'd be like lightning.

    The question - what sort of liability does Creative have in this case, and what's fair recompense for shipping a clearly flawed product where said flaw has the possibility of harming the user's computer, data integrity and / or privacy?

    How much is enough? Should Creative be given a hard enough pranging to get the attention of other software manufacturers?

    Personally, I say "Yes". GM spends a hell of a lot of time and energy making sure their brakes work, I'd like to see software companies (and you all know exactly who I've got my sights on here) make sure they ship product that isn't horribly broken right out of the box.

    1. Re:Product Liability by LordSnooty · · Score: 5, Insightful

      It's a fair point, but I suppose a key difference is that if the car makers released a defective product, people could die because of it. Having to re-install Windows is a pain, sure, but no-one dies.

      Cue posts about hospitals running Windows... ok, in certain circs there is a valid agrument. I don't think you can stretch it to cover the average Joe. A refund might be nice, though.

    2. Re:Product Liability by FictionPimp · · Score: 4, Insightful

      no your looking at it all wrong. When a car is broke, people die. But when a computer is down people lose money. Which one is worse in the corp eye again?

    3. Re:Product Liability by hotdiggitydawg · · Score: 5, Funny

      Or add "Do Not Resuscitate" to your patient record. Or replace all instances of "appendectomy" with "gender reassignment surgery". Or... hang on, my tinfoil hat is slipping...

  2. I swear I'm not a grammar geek by coshx · · Score: 5, Informative

    but shouldn't it be affected?
    the possibly effected devices means the devices that possibly came into existence because of the worm.

    1. Re:I swear I'm not a grammar geek by Fred_A · · Score: 4, Funny

      Haven't you noticed yet that on the Intarweb you can use any vowel in place of any other ?

      --

      May contain traces of nut.
      Made from the freshest electrons.
  3. Why do I somehow think that.. by postgrep · · Score: 5, Funny

    iPod and Mac zealots are now going to proclaim that "iPods don't get viruses!" ?

    1. Re:Why do I somehow think that.. by Henriok · · Score: 5, Informative

      "Do mac users run virus scanners often?"

      There are quite a lot of Mac users that have anti virus installed. Mostly because they fall for the virus hysteria in the Windows centric press, and thinks that it applies to them too, but also because they don't want to risk sending a virus infected document or mail to a Windows user by mistake. Even if the virus didn't infect the Mac itself.

      "How do they know if they have viruses that aren't commonly known yet?"

      There are exactly zero known viruses for Mac OS X right this minute. If one would emerge it will be commonly known in the Mac community quite fast. It is a closely knit community after all.

      "I keep virus scanner running on my linux machines just in case, and it disinfects few files every now and then."

      Prudent, but it's mostly for the benefit of your Windows friends.

      --

      - Henrik

      - when the Shadows descend -
  4. Not the first, won't be the last by jarich · · Score: 5, Funny
    Microsoft did this a few years back if memory serves.

    When you run Windows, you must run anti-virus ~all~ the time!

    --
    Agile Artisans
    1. Re:Not the first, won't be the last by jarich · · Score: 5, Informative
      Flamebait?

      When I see the "quality" of /. comments, especially compared to just a year or ago, I realize it's populated with the younger generation, but things like this confirm it.

      It's not flamebait, you just don't remember it happening. I wasn't referring to Windows itself.

      Here are a few examples:

      http://www.idg.co.nz/cw.nsf/0/CC256D400014E76CCC25 6A3A00806895?OpenDocument&Type=Column&More=Virus/ Microsoft makes the virus news section too, with confirmation that it shipped some hotfixes infected with the rather nasty (but old and well-detected by antivirus software) FunLove virus

      http://news.com.com/2100-1001-935994.html/ Microsoft accidentally sent the virulent Nimda worm to South Korean developers when it distributed Korean-language versions of Visual Studio .Net

      It doesn't MS is evil, it means they are human. Any company that ships tons of software will ~eventually~ make a mistake.

      Today it's Creative's turn.

      --
      Agile Artisans
  5. Probably... by Knome_fan · · Score: 4, Funny

    because you are desparately trying to start a flamewar?

  6. That's why Win32 in a factory is a bad idea by SysKoll · · Score: 4, Interesting
    This is exactly why having windows machines in a production process is a bad idea. You never know when a worm, virus, trojan or other beast is going to interfere with your fabrication, the files or the hard disk imaging.

    IBM is running its new 90-nm microelectronics fab (in Fishkill, NY) entirely on Linux. So if it's feasible for a plant of that complexity, it should be feasible for a small assembly plant such as Zen Creative's.

    --

    --
    Mad science! Robots! Underwear! Cute girls! Full comic online! http://www.girlgeniusonline.com/

  7. homophones by ajs318 · · Score: 5, Funny

    Scrawny man in PE kit, about to lift a small weight: "Will this affect me?"

    Muscular man, lifting two larger weight with each hand: "Look at the effect it had on me!"

    From a poster in the Remedial Studies unit at my secondary school.

    --
    Je fume. Tu fumes. Nous fûmes!
  8. I guess Zen doesn't run Linux by AndroidCat · · Score: 5, Interesting

    Come to think of it, how does this worm manifest itself on a player device?

    "W32.Wullik.B@mm is a mass-mailing worm that attempts to send itself to all the contacts in the Outlook address book. The worm makes numerous copies of itself in random locations, and moves to a new location when Windows Explorer browses to the folder from which it runs. It can spread to floppy disks and shared network drives under some conditions.
    I doubt it executes on the player itself. Can it infect the PCs that you connect the player to for syncing?
    --
    One line blog. I hear that they're called Twitters now.
  9. Just wondering.... by someone300 · · Score: 4, Insightful

    Is this virus on the software/driver CD or the actual device itself?

    If it's on the device, how is it running on the zen, since I'd imagine the zen doesn't run windows, and how does it get from the zen to the operating system? (Wouldn't a zen be just like a bulk transfer device or something, and require the user to download and run the virus from it?)

  10. In related news... by Anonymous Coward · · Score: 5, Funny

    The author of W32.Wullik.B@mm is suing Creative Zen for copyright infringement under the DMCA.

  11. Not just Windows by RAMMS+EIN · · Score: 4, Interesting

    ``This is exactly why having windows machines in a production process is a bad idea.''

    Although Windows has a deserved reputation for being susceptible to viruses and break-ins, this problem is not unique to Windows. Any software written in unsafe languages (like C and C++) is bound to contain exploitable vulnerabilities. Any system that allows the user to run software that they bring to it is susceptible to trojans.

    AFAIK, no current operating system is both usable and provides adequate protection mechanisms against viruses. A fine-grained permission system might help, though. Allow the MP3 player's software access to your music directory, but nothing else. Allow the word processor access to your documents directory, but nothing else.

    I wrote a utility called chrootexec that allows you to run a program in a chroot jail (it cannot access files outside that directory). It's basically the same as the chroot command, except that you don't need to be root to use it (but it does have to be installed suid root to work).

    However, some programs (file managers come to mind) need access to many directories to be useful. These will still be exploitable.

    --
    Please correct me if I got my facts wrong.
  12. Re:Yay for machine translation... by MadCow42 · · Score: 5, Funny

    >> the quality of the so-called "translation" spat out by Babelfish make me feel a lot better about my long-term job security...


    It don't make me feel so goods about you job security. q:]

    --
    I used to have a sig, but I set it free and it never came back.
  13. Poorly edited news post by theraccoon · · Score: 5, Informative
    The author of the post and the editor who posted it both failed to mention that this only affects models shipped in Japan. The link to the creative page is a babelfish translated website! Plus, the engadget page says that in order to become infected, you'll need to "go running conspicuous applications found on your device".

    Why does this sound like some Mac/iPod anonymous fanatic kicking dust?