Slashdot Mirror
Vista Designed to Make Malware Easy
SlinkySausage writes "Trojan horses masquerading as 'cracks for Vista' are starting to appear on pirate boards. More worrying though, Microsoft has confirmed that Vista's image-based install process is designed to allow third-party software to be slipstreamed into the installation DVD. Great for corporate deployment of Vista with software pre-installed, but also a huge benefit for malware writers, who can distribute Vista images with deeply-rooted malware."
Your exactly right.
This remindes me of the last time someone found out a way to crash firefox and jumped up and down saying ZOMG!! teh hax!!11. And my computer science friends who couldn't recognize a shell if it bashed them in the face will be prancing around saying Use IE, it's the most secure (even though there's a million ways to crash IE remotely). And what really gets me is that the editors at slashdot are dumb enough to post this nonsense.
Slipstreaming is essentially remastering Vista (and XP-s) ISOs to include the latest patches/service packs, i.e. in case of XP, this allows you to have a windows install that won't get you rooted in 5 minutes after you go online (with SP2). You can also include drivers or basically anything you have installed. In other words, you can install win XP, firefox, ffmpeg codecs, a viruscanner, openoffice, etc., and then you can make a custom ISO that would install windows XP and all that software in one go! This is good if you maintain a number of PCs in a comp. lab.
This feature makes life of sysadmins a lot easier, and I'm glad MS didn't take this away - I wouldn't be surprised if the control freaks did. To turn this into a "Vista designed to make malware easy headline" is simply trolling, and article should be tagged troll accordingly. Especially since almost all operating systems have this ability (to remaster the ISOs to include updates/security fixes and 3rd party programs. Basically this is what linux distributions are about).
Easy. Any Vista CD bundled with a new computer, and containing a bunch of proprietary malware crap to allow the company behind the computer to make more monies.
-=This sig has nothing to do with my comment. Move along now=-
Actually, I think it's more a matter of greed. This particular method is known as Yellow_journalism and it's hardly limited to MS bashing or even the tech sector.
It would be just as much a problem with any other piece of software, Microsoft Windows or not, pirated or not.
I agree. The risk is there with Vista, Photoshop, anything.
Nemetroid's view seemed to be that the pirates deserve everything they get - and you won't get much argument from me on that point - but that view doesn't take into account the consequences for the rest of us. It's unlikely that today's "malware" is going to screw around with only the machine it's installed on. Perhaps my original comment was too specific.
*ISPs need to be more proactive at disconnecting people who can't keep their computer clean.*
d =kb*****
I agree in principal - but disagree in practice, - I have had a number of calls and even been disconnected by various ISP's due to behaviour that they assumed was viral - simply because their methods of detection were too simplistic - perfect for most people but a pain for many others - the solution in my case was to go for an ISP that was rather more expensive than the norm...
Oh and the reasons for the calls and disconnections -
Your computer has a virus because it is sending and receiving email directly - via ports 25 + 993, - apparently (according to their documentation) I either had a virus or my mail client was incorrectly configured - I should change the SMTP server to smtp.foo.com and my "pop3" server (never mind that 993 is clearly related to IMAP) to pop.foo.smtp. - My return calls to the ISP required escalation to their 3rd level before they understood that I didn't want to use their mail servers.... (I was even told that their servers were incompatible with my servers, and that there was no such thing as an IMAP server...."its POP3 for Post Office Server...")). So real reason for the disconnect was me using a mail client with my own servers - this was before I used a local mail server - more on that later....
Same ISP; I used port 23456 for testing an app I was writing (still am writing - its intended to manage a number of Debian machines apt configs and updates etc creating groups of them etc...) - I was told that I had been detected as a Hacker by technical support. I changed ports - and then left that ISP about am month later.
New ISP was taken over by another ISP after about 8 months of my contract with them. At about this time I had started to use my own mail server and about 2 weeks after that all mail associated ports (for some reason except 587) would return errors - ( Here is a copy of the message received whenever you try to connect to port 25 manually - the same for others...)
server-001:/home/*********# telnet smtp.foo.com 25
Trying 216.234.246.150...
Connected to smtp.foo.com.
Escape character is '^]'.
554 Please check your SMTP server is set to smtp.********.com. Further help is available at http://help.*******.com/sessionBegin.do?solutionI
Connection closed by foreign host.
(*'s to protect the innocent - which they are sort of..)
Again major discussions with tech support - first off with them claiming that no ports were blocked or redirected (I recorded that call and played it back to every level of support I got passed to...) Anyway I was finally told that yes they only allowed mail through their servers (but why was I not using either their mail servers or a web mail service? - they even offered to help me set up a hotmail address....). This was apparently due to the sending of spam and due to issues with virus infections so I guess its a fair point. So rather than putting up much of a fight (as in contract terms and TOS etc.. I offered to leave if they terminated the contract without penalty (which they did and let me keep the router that I had never used, a set of cordless dect phones (Which was nice) and a 4 month old sony k800i. Not bad - and no grumbles.
I now have a business account with a major provider - and all is well.
I guess what I am saying is that its all well and good detecting things which could be malicious - but you will miss a lot (there is only so much you can do) and you will block a lot of legitimate users - or identify them incorrectly as viral.
Last point it turns out that the ISP that forces you to use their mail servers will relay any mail from within its network regardless of pretty much anything (including the lack of from addresses or the inclusion of hundreds of recipients) so the blocking of mail there is really part of their solution (presumably they monitor what goes through their mail servers too...) which may have an impact on privacy as well as on the flexibility of service.
Anyway. As I said - I agree with you but I am not sure how the ISP's are supposed to do it. Clearly mandatory virus scans are out of the question.
That is a load of crap. When I was on cable internet, it was shared in such a way where if lots of people were sending packets, then everyone on that segment would have problems sending too. Even if you are using the internet like a web based tv such as the media companies want, your browser/ip stack needs to send urls to fetch and acks and other crap. Asymmetrical connections just mean you have less usage on your entire segment before you are screwed. Not to mention the fact it encourages old fashoned one way communication similar to tv.
It would be better for the ISPs to charge per MB fees instead, perhaps with some sort of available setting to cut off at a certain point, so users wouldn't have to pay more than they were willing. That way anyone who's computer gets infected has to pay for the bandwidth they use. People will also have cause to sue malware authors for monetary losses due to wasted bandwidth. It would make being a malware author a very costly deal if they get caught.
It would also make them lift absurd bans on "servers" (really meaning two way internet) and similar crap. Then again, cable ISPs would probably set prices to absurd levels--way more than they pay, especially for upstream--just so they can lock you in to viewing their content. Also you wouldn't have to pay very much if you don't use much bandwidth, and you wouldn't have to worry about being arbitrarily cut off just because you use too much bandwidth or use bandwith in ways the ISP doesn't like--at least they wouldn't have a good excuse anymore...
Circumcision is child abuse.
"ISPs need to be more proactive at disconnecting people who can't keep their computer clean."
I lived in college dorms for two years, ending last year. For both of those years, students were not allowed to connect to the campus network until they had verified that they had installed XP SP2 (if they were running Windows) and run virus checks. Many people discovered they had viruses and were forced to reinstall Windows; many people had to find a CD with SP2 on it because they could not go online to download it; overall, people became aware of the insecurity of Windows because the campus made people clean their systems before connecting. A number of students bought Apple laptops because of this new awareness. It shows how a little security knowledge can go a long way, I guess.