Slashdot Mirror

← Back to Stories (view on slashdot.org)

Vista Designed to Make Malware Easy

Posted by CmdrTaco on from the it-wasn't-that-hard-in-xp-either dept.

SlinkySausage writes "Trojan horses masquerading as 'cracks for Vista' are starting to appear on pirate boards. More worrying though, Microsoft has confirmed that Vista's image-based install process is designed to allow third-party software to be slipstreamed into the installation DVD. Great for corporate deployment of Vista with software pre-installed, but also a huge benefit for malware writers, who can distribute Vista images with deeply-rooted malware."

7 of 311 comments (clear)

  1. Re:So? by sponga · · Score: 2, Informative

    Lets be real here and actually thinking that the pirates are usually the ones who know most about technology.
    Most likely the pirates will be the ones who find out that they are infected and will try to fix it; compared to installing it on Mom's laptop and never bothering to fix it.

    I think this is being blown out of proportion and a little exaggerated.

  2. Re:This is idiotic by lowe0 · · Score: 5, Informative

    Say what? Any official source for Vista ISOs (MSDN and the like) include MD5 sums.

    Now, if you're downloading the software illicitly, you deserve a compromised copy.

  3. Re:How did this end up on the main page? by synthe · · Score: 5, Informative

    The SHA-1 hash is available on any official downloads (Vista, Office 2007, etc) from Microsoft. That includes TechNet, MSDN, and Connect (Beta testers) download links. For reference, b71e04564ca22e4d9928e59298eff87cf62b382b is the SHA-1 hash from the TechNet Plus download of Vista x86 (one DVD includes all versions except Enterprise).

  4. Re:Vista _IS_ malware by Amiziras · · Score: 1, Informative

    The MD5 hash tells you nothing, if someone is going to go the the trouble of slipstreaming malware into an iso they will certainly be capable of creating a hash of the ISO including the malware. Unless you were able to check the hash against an original/unhacked ISO the MD5 or other hash will only tell you that the download is not corrupt. I just lost my /. virginity!

  5. XP and Linux also have it by Przemo-c · · Score: 2, Informative

    As I remember in XP you could remaster it too. add drivers. Software that had a .msi file. you could as easly download malwared xp off the internet but it didnt happen. Linux is also pro malware at that pooint ... you can remaster distros.

  6. Re:Solution? by AndrewNeo · · Score: 2, Informative

    Well here's the MD5 hash of the x86 version, straight from Connect: 1008f323d5170c8e614e52ccb85c0491

  7. Re:This is idiotic by LordEd · · Score: 2, Informative

    Microsoft provides it here (without support) http://support.microsoft.com/kb/841290