Slashdot Mirror
Vista Designed to Make Malware Easy
SlinkySausage writes "Trojan horses masquerading as 'cracks for Vista' are starting to appear on pirate boards. More worrying though, Microsoft has confirmed that Vista's image-based install process is designed to allow third-party software to be slipstreamed into the installation DVD. Great for corporate deployment of Vista with software pre-installed, but also a huge benefit for malware writers, who can distribute Vista images with deeply-rooted malware."
Pirates risk getting malware with their downloaded Vista. Is this a problem?
This article is just dumb. You can make custom Linux images with custom software also. If you download a random Vista ISO and install it, you deserve what you get, just like you would if you download a random Linux ISO.
And if you use an official installation image, that you've properly licensed, you'll know exactly what you are getting.
Now if someone wants to download an third-party image for something they haven't paid for, and gets stung with malware, how on earth is this Microsoft's fault?
Can't say I feel bad for a bank robber when it turns out the teller slipped them a dye packet...
It's sad when choosing an installation directory on your own qualifies you as an "advanced user."
Much as I dislike Microsoft, I don't see why people who are downloading pirate copies can really complain when the pirate copy is full of scumware... if people are willing to break one law to crack the software, why do you think they won't break more to install scumware on your computer?
What, the, fuck?
So you can customise the install disc yourself and slipstream software into it? Surely that's been possible with every single distro of Linux for the last few years or so now? Could put malware into a custom Ubuntu CD, couldn't you? Not a new thing.
More to the point, unless you download your version of Vista from some obscure warez site, it's very unlikely to have malware slipstreamed into it; UNLESS YOU PUT IT IN YOURSELF.
Just because something has the capability to have malware put into it does not make it bad. This is a stupid fuss being made of nothing. I'd say I expect better from Slashdot, but considering the number of Microsoft/Zune/Vista bashing troll articles that are getting posted these days I'd be lying.
By summer it was all gone...now shesmovedon. --
I guess it's a normal Slashdot day when this kind of thing makes news. The half page "article" mentions that
a) there's a trojan that claims to be a free activation utility to Vista
b) you can slipstream malware into pirate Vista images (also possible in XP)
I.e. using pirated software could get you malware, which is news because of...?
What's the point of this article? If I download illegal cracked versions of a commercial Microsoft OS, something bad might happen? And somehow that's Microsoft's fault? If someone did the same thing with a RHEL install ISO, would that be Red Hat's fault?
This smacks of the same FUD that Microsoft tosses around about Linux and other FOSS. Let's stop stooping to their level.
No sig, sorry.
Getting malware when downloading a crack is always a possibility, yes.
However, this entire story smells of FUD - this is one of the oldest arguments software vendors use to scare people away from pirated software - "All pirated software has viruses in it! Don't use it, it'll make your computer blow up! Make sure your copy is legit!" It's a valid argument, and they have every right to defend their products from piracy, but I suspect it is often overstated.
Then take this article's headline - "Vista Designed to Make Malware Easy". We've gone from fact (one Vista crack was found - and caught by people downloading it - with malware in it), to speculation during an interview, to an entire Slashdot headline. Good good. The relevant part from the interview:
Finally, if the above headline is correct, then how is it different from "Linux Designed to Make Malware Easy"? Anyone can bundle a rootkit with a Linux distro and put a torrent of it up somewhere. Heck, it's even easier, since Linux is free and open to start with. The bottom line is, if you're not getting your software from a trusted source, then you have no reason to trust it.
I'm gonna go lie down for a bit until the spinning stops.
ClutterMe.com - easiest site creation on the Net. Just click and type.
The biggest problem I have with the article is the title. Others have made the comment, quite accurately, that no legitimate deployer of Vista will be harmed. At least one comment suggested that the story was an example of FUD spread, supposedly, by Microsoft to keep people from using pirated copies of Windows. I actually think the FUD is more aimed at Microsoft by trying to prolong the image that Windows has as being insecure and easy to infect. Is Vista perfectly safe? Of course not. But too many people play pinata with Microsoft because it's easy, regardless of whether the facts back them up or not.
Bruce Johnson [.NET MVP] http://www.objectsharp.com/blogs/bruce
Easy. Any Vista CD bundled with a new computer, and containing a bunch of proprietary malware crap to allow the company behind the computer to make more monies.
-=This sig has nothing to do with my comment. Move along now=-
Vista isn't designed to make malware easy, it's a problem inherent in the design. When I read the headline I thought "Microsoft wants it easy to distribute malware?" But when I read further, it's just another misleading headline on slashdot.
1) People run insecure machines. 2) People leave computers on. 3) People leve them coennected to the internet.
Break any of these three links in the chain and you'll fix bot netting. (1) is impossible, given V1.00-beta humanity. But surely, (2) and (3) are pretty easy to achieve. For Joe Sixpack, there is no benefit in keeping a PC running 24/7, except that it helps contribute to the power bill and rolling blackouts.
Servers, of course, are a different matter but they are [hopefully] better administrated.
Engineering is the art of compromise.
If you're legit, the chance of running a bad install are zero.
But Windows still allows you to run ANY program you download. And this affects legit users too. Why isn't anybody talking about this.
I think it's about time Microsoft forbids running programs on Windows, or malware will have an edge.
As I remember in XP you could remaster it too. add drivers. Software that had a .msi file. you could as easly download malwared xp off the internet but it didnt happen.
Linux is also pro malware at that pooint ... you can remaster distros.
Well here's the MD5 hash of the x86 version, straight from Connect: 1008f323d5170c8e614e52ccb85c0491
You really don't have anything to worry about, because the EULA forbids making ISO images of the consumer editions of Vista.
:D
Right?
The Christian Right is Neither (Christian nor right). See: Matthew 23, Matthew 25, Ezekiel 16:48-50
That is a load of crap. When I was on cable internet, it was shared in such a way where if lots of people were sending packets, then everyone on that segment would have problems sending too. Even if you are using the internet like a web based tv such as the media companies want, your browser/ip stack needs to send urls to fetch and acks and other crap. Asymmetrical connections just mean you have less usage on your entire segment before you are screwed. Not to mention the fact it encourages old fashoned one way communication similar to tv.
It would be better for the ISPs to charge per MB fees instead, perhaps with some sort of available setting to cut off at a certain point, so users wouldn't have to pay more than they were willing. That way anyone who's computer gets infected has to pay for the bandwidth they use. People will also have cause to sue malware authors for monetary losses due to wasted bandwidth. It would make being a malware author a very costly deal if they get caught.
It would also make them lift absurd bans on "servers" (really meaning two way internet) and similar crap. Then again, cable ISPs would probably set prices to absurd levels--way more than they pay, especially for upstream--just so they can lock you in to viewing their content. Also you wouldn't have to pay very much if you don't use much bandwidth, and you wouldn't have to worry about being arbitrarily cut off just because you use too much bandwidth or use bandwith in ways the ISP doesn't like--at least they wouldn't have a good excuse anymore...
there is the anti-Linux groupthink (no hardware support, no software support, crap GUIs, etc), the anti-GPL groupthink (it'll never stand up in court, it's viral, etc), the anti-IP groupthink, the pro-IP groupthink, etc.
You keep using that word.
'Groupthink', as generally understood, isn't just consensus or dogma (which is basically what you are giving examples of). It isn't just social pressure to conform. Also, it isn't a persistent set of memes.
As I heard it at least in my undergrad years, it is a tendency for a certain specific sort of dynamic to occur in groups: everyone wants to 'support the group', to conform, which causes decisions made by the group to be less wise than each group member would have done by themselves (decisions, because groupthink was originally used to describe the behavior of committees, i.e. groups that decide on actions). This is more or less what is given as the definition on wikipedia.
The (e.g.) "anti-IP groupthink", as you call it, is just a certain idea or set of ideas that is repeated, and (perhaps in part due to social pressures) others are convinced by them, perpetuating the cycle. However (a) I am not sure that individually the people would have arrived at 'wiser' positions, and (b) there is no decision-making process, this isn't a committee. It's just a set of people talking. Perhaps most importantly, there is debate, even on those issues that are 'consensus' on Slashdot, which goes completely against a diagnosis of 'groupthink'. Also, there are several idea clusters, as you mentioned, and the people subscribing to them don't overlap in any simple way - again, a type of complexity that goes against calling it all 'groupthink'.
Seemingly this is the first anti-MS story, that even Slashdot has collectively called as Troll.
This has been possible with every version of windows since 98, and probably even previous versions.
Circumcision is child abuse.
Haven't you ever heard the old saying "Easy as malware"?
That is a great piece of fiction from the Microsoft Employee Manual the OSS response section. I loved that one and the family that get's broken up over Redhat..
In reality, Grandma will find it just as easy as Microsoft OS. Email will work, that virus she tries to click on will not run and every website she goes to cant install spyware. Grandma is not going to rush out and buy UT2007 to get some deathmatch smackdown with her homies. She will simply use the computer as it is. Photos are easy to view and open from relatives and friends. This magical Open Office reads all the documents she get's sent even from wierd uncle al that uses that Wordperfect software.
Reality, Grandma get's ubuntu, and a little bit of training as to where the apps she needs are and looks like and Grandma will need no extra help from now on.. Just like giving her a MAC.
That is the reality of what will happen, but I like you really love telling the stories there in the MSFT employee handbook. Hey, check out the section on debunking Programming in anything but Visual Studio! It's a HOOT!
Do not look at laser with remaining good eye.
No, you are incorrect. I am not pro-MS, I am not anti-linux, I am just a pragmatist. I was, in fact, speaking from personal experience, although with generic friend-of-a-friend OAPs as opposed to ones I am related to.
Yes, she will probably find it just as easy as a Microsoft OS - but it will be different. It will be different to her, and different to anyone else she might ask for help, and that's the problem.
In the past I have been quite eager to suggest to people to install Knoppix (and later Ubuntu) when I got called in because their hard drives failed or when Windows ME/XP got so clogged with malware that they couldn't do simple tasks such as open the filer. However, it became a nightmare to support them - by the time I was at university I'd be getting called several times a week with one problem or another. But I couldn't send them to someone else - there wasn't anybody else who had linux experience.
You say that she would need no extra help from now on. Have you ever actually met an old person? They're not like us. They're slow. They're senile. They're virtually dead. It's a miracle they can remember how to turn the machine on in the first place. Even if you write them out detailed bullet-point instructions with screenshots (which I've tried) they still manage to get it wrong. This happens with Windows, it happens with Linux. Sure, I've come across a few who have taken to computers and haven't needed any help past the first few days, but in my experience the majority will always need someone to hold their hand. Hell, that bit's not just limited to OAPs, most people I meet over 50 seem to have that same problem.
In your rush to flame me as an MS fanboy, you seem to have completely missed the key point in my original post - sure, little Johnny might be able to train her up in how to use it, but she will always have problems and questions. She will always want to learn how to do something new with her expensive toy, she will always want to fiddle with things, and she will always get confused. She will always need help. And by installing an OS that most people don't have experience of, he'd just be tying himself into supporting her until she dies.
I love Linux, I run my business on top of it, I tell my friends to use it. Software compatability is a minor issue, re-training is a minor issue. But when it comes to installing it for someone else, the deal-breaker is that there is no wide-spread support readily available for them yet, so I'm stuck helping them until they die, or until I reinstall Windows and can palm them off onto someone else.
The problem is you're making a generalisation. This is the crux of a number of arguments I have read on slashdot. Someone has some personal experience, which they then proclaim as anecdotal evidence that the same experience applies universally.
There are innumerable counter examples that people could come up with that support exactly the opposite conclusion you have drawn.
The point is, not all old people go out and buy autoroute or use encarta. Some of them only use a web browser and word processor, and will only ever use a web browser and word processor. Those old people would stand to benefit a great deal from having Linux on their PC, as they would be able to carry on doing everything they want, with the added bonus of being totally immune to malware. The same would go for getting them a Mac, which has the only downside of costing a hell of a lot of money vs. $0 for a linux install.
Not that this counter example somehow denies the existence of scenarios such as your experience, but it does counter your conclusion that Linux is useless to all old people.
(1.21 gigawatts) / (88 miles per hour) = 30 757 874 newtons
Not really.
A few ppl whom have been in the early computer age are indeed now in their fifties. But thats a very small minority, the majority is indeed very computer-illiterate.
Sure I "could" convince my dad to try OSX or Linux (in some form) but both my real mom (who's about the same age) and my stepmother (who's older than him) definitly can't. My stopmom hates computers period. My mom (whom I bought a desknote for 2 years ago) still doesn't understand the basics of file managment, she doesn't know the basic terminology and she doesn't seem to get it, no matter how many times I explain to her what e.g. a Webbrowser or a directory is. Even when I say "click on the big blue round E on the desktop" (indeed micro$oft Internet Exploder) she suddenly responds "whats the desktop?".
I dunno why I'm immidiatly into it when there's a new computer-thing and why they can't seem to grasp it (ever).
To just say: It 'is' their problem. Well that might be true. But (especially friends and family) they do keep knocking on 'MY' door. So in that case I can understand that ppl just choose the largest dominator.