Slashdot Mirror
The Internationalization of Malware
Ant brings us a write-up from a former malware analyst about the difficulties in fighting malware as it expands beyond English-language targets and into societies with different standards for privacy and security. Quoting:
"One of the most fascinating facets of the increasing internationalization of malware is the cultural assumptions around such software. What is considered malware in the US may be commonly accepted in China or Japan, and this is largely due to the society that it exists in. Anti-cheating rootkits are very common in games released in these countries. What is considered to be invasive in the North American or European world is acceptable there. These anti-cheating rootkits would hook into the kernel space in a very invasive way, and have the behavioral characteristics of malware such as hooking into the keyboard driver. This made it very difficult from a purely technical standpoint to distinguish them."
Oh lord, what's next, people being executed for blogging?
I was going to post a reply but slashdot can't handle unicode :(
The country lives and dies on activeX. Trying to do anything other than read basic text on most korean websites requires the installation of several activeX controls, which means IE only for a lot of sites. And if you want to create an account on one as a foreigner and don't have your foreign registration with immigration you can just give them copies of your passport..
Malware is supposed to do Bad Things to your computer/information. If it's hooking into the kernel, it may not necessarily be malware, per se. It may just be doing business in the entirely wrong place.
I hear in some countries they kill women who commit adultery. In some countries families depend on the kids finding work in factories. It's all relative. You have to look at cultural background before you judge someone for child labor or killing a woman, right? Can't call a rootkit a rootkit if it's acceptable somewhere else. It's all relatively fucked up.
Or is it lack of awareness. Add south Korea to that list because is currently seems acceptable to have about 10 useless browser bars attempting to take over and uninstall the competitors bar in internet explorer.
Awareness didn't come overnight in North American or European either.
If a piece of software makes it clear, before you purchase it, that it will install monitoring software on your machine and/or it would phone home then that's one thing. You have the option of not buying it.
If this situation only becomes apparent after the package has been installed, then (IMHO) that's not an acceptance practice.
politicians are like babies' nappies: they should both be changed regularly and for the same reasons
While most people probably don't consider them malware, a lot of people find internet ads intrusive and obnoxious and we install popup blockers to get away from some of them. But the advertisers wouldn't pay for them if someone wasn't reading them and clicking on them.
More to the point, there is a huge difference in what people care about regarding their computers. Many of my friends think I "put up" with a lot because I use Linux and install things relatively methodically, always keeping control of my system. I think they "put up" with a lot, because they have no idea what is running on their computers and what the machines might be doing with their information.
It concerns me that the anti-privacy people have time on their side, because after a few more years, they will just point out how so many people haven't been enjoying much privacy anyway, so what's the big deal?
oh right. ballmer isn't purple.
I was extremely pissed off with the whole sony rootkit debacle, which was covert. I was even more pissed off when they bought one of my favourite music production programs Acid Pro and I checked it for the tell-tale signs of the rootkit (the processes that are started with $SYS$ are hidden from the process list) and found it present in that too. If anyone uses this product then the last rootkit free version is Acid Pro 4. Just a heads up.
Best defense against malware is safe browsing habits and knowing more about the internet and what it has to offer. As well as keeping up with system updates, and anything else you have on your computer. Make sure you have a good enough firewall, so in the event that you do get infected it will not spread. Also when you receive an email from someone you know and it contains an attachment call them up and ask them if they sent you an email and see if its safe to open up. Just my 2cents about computer security.
I just finished installing the QQ 2008 Beta version, and kept having to make exceptions for about half of the .exes. Avast! aborted the download twice. My anti-virus software also seems hellbent on gutting PPStream and PPlive. True, the update files do behave exactly like Trojans- but they are good Trojans!
I like TFA suggestions for teaching security software to recognize the difference between legit software and trojans, but asking malware analysts to become fluent in non-Roman languages that don't have mathematics as their base might be a tall order. Math inclined folks don't always have time to learn Chinese/Japanese/Korean. Having studied Chinese for almost two years (living in the environment for about 8 months), I can read newspapers, but technical documentation would be a whole different issue.
But the advertisers wouldn't pay for them if someone wasn't reading them and clicking on them.
Not necessarily. If they didn't do a cost/benefit analysis, they may think it's a good idea.
For example: Yellow Page ads. A lot of businesses get them and get a little business from them. But some business owners actually compared the business they got with the cost of those ads and found that they're not worth it - contrary to what the Yellow Page salespeople will tell you. But many other businesses don't do that. There are also other reasons that I won't get into.
That is -- eliminate the malware, and WARN users that what the aforementioned companies were doing is not proper behavior.
Circumcision is child abuse.
What is considered malware in the US may be commonly accepted in China or Japan [...] These anti-cheating rootkits would hook into the kernel space in a very invasive way, and have the behavioral characteristics of malware such as hooking into the keyboard driver
Indeed. And if you look back in history, you will find documented examples in medieval Japan of samurais making alliances with kernel-space rootkit developers to repel Mongol invasions. But it actually goes back to the roots of Zen Buddhism which de-emphasized the attachment to privacy and instead favoured experimental realisation, including with various sorts of early meditation-space thought-loggers.
You just got troll'd!
Many people I know don't care for their computer's privacy because they say they don't have any important information in them. But then I ask them if the same applies for their homes and private properties and whether they would let the police or anybody in without a warrant... of course they say no.
I think is up to us to make this kind of people realize that computer privacy is something that really matters and prevent this kind of stuff from happening.
This made it very difficult from a purely technical standpoint to distinguish them."
Sounds like a difference between what they do and how they do it.
I prefer to limit both, rather than one or the other. If all you limit is what they do, you wind up with invasive root kits in games. If you limit how they do it, then you end up with malware that simply finds another way to do more evil.
Just one or the other is pointless.
I work for the Department of Redundancy Department.
I'm currently living and Japan and would like to note that for all of the notoriously computer-ignorant people in America, Japan's computer ignorancy problem is ten-fold. Computers simply aren't used as a part of every day life in Japan as they are in America, and there aren't even basic use classes is most schools through college. IE6 is still the big web browser, and the most important factor in buying a computer (which is terribly overpriced because of Japan's tendency to use only Japan-made products for everything) is how cute it is.
"Look how weird this people think, thats obviously malware!"
Thats a big laught, but then sometimes, some people, could consider i.e. Windows itself malware, and could be so deep in our culture that should be ok if we dont stop thinking on that.
In the 70s and 80s it was common for games to bypass the operating system and talk directly to the hardware, for copy protection, to prevent cheating, for performance, for all kinds of reasons. Many of them booted directly and completely ignored the OS. Over the years these games were the first to break when new software and hardware came out, and badly behaved games got a bad reputation. Other countries haven't been through the experience of having badly behaved software rot because it couldn't be updated for new systems... yet.
It's a learning experience. They will learn.
News at 9.
http://stoploudness.org/
...a computer in Japan is just another appliance.
They buy it as they would buy a second TV set for the kitchen, or a vacuum cleaner or table-top cooling fan, etc.
Nobody in his/her right mind care of the stats of a vacuum cleaner, except complete nerds.
Computers are slowly drifting toward that situation.
GSM phone have already reached that point almost worldwide - the only thing most people care is if there's "Apple iPhone" written on it. /. about remote cellphone's mic tapping, remote GPS polling, etc... to show that there slightly more than "what's written on the case" about a phone.
And there are often enough articles on
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
Never mind that it's been easily bypassed by actual botting programs it was supposed to stop.
See Lineage II for example.
Twitter supports and protects racists - by smearing their critics with the "Hate Speech" label.
It does what I want: No malware. It does not: Malware.
Simple as that. It doesn't depend on technology. A plain vanilla keylogging trojan that phones home is, technically, in no way different than any other web application. Aside of doing what I don't want to happen.
The only essential difference between benign programs and malware is that malware exhibits a behaviour that I, as the owner of the machine and the one who should be calling the shots, do not want to happen.
So a "cheating rootkit" isn't a trojan. It does what the user wants it to do, it disguises from anti-cheat programs, and to do that it has to do the same trojans do to hide from anti-virus programs. Basically, any sensible AV tool is a trojan by that definition. It has to do the same to avoid being kicked offline by a trojan that gets past its initial scan. A lot of today's (real) malware actually does that. They search for AV processes and try to stop them, they try to keep the AV update routine from connecting to the internet and so on. An AV tool that doesn't dig itself into the system won't be able to defeat more creative malware.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
They are a bunch of militaristic and racist bigots.
Right, unlike everyone else.
We Americans are far better than those chinks, we should'v f**k'n killed 'em all the last time we were there!
</sarc>
Indeed. QQ is a prominent example of what I was discussing in my posting. What was especially irksome about this was that there were actually variants of QQ that were in and of themselves trojans or malware using QQ as a vehicle. Also, earlier versions of QQ were much more intrusive. So I had to use many tricks in the book to figure out if it was authentic or not. One thing that helped was when QQ began to sign their binaries, though I still viewed them with great suspicion
Wes Brown
At a guess, you couldn't get away with a warning on a clinical trial consent form that says "may cause neutropenia". You have to explain what neutropenia is and how it can affect the patient, otherwise you're getting uninformed consent. The ethical standard is "informed consent".
What fraction of software users understand the implications of "monitoring software"? One of my colleagues had a client who wanted to install a piece of software I won't name which enrolls users in surveys of online behavior. My colleague had to explain the implications of the software installing a new trusted root certificate into the browser. His client decided not to install the software, but had required USD(mumble) worth of a professional's time to be able to make that decision.
The standard you suggest, "make the user aware" and "make it clear", is the right one but it's not easy to accomplish.
>It concerns me that the anti-privacy people have time on their side, because after a few more years, they will just point out how so many people haven't been enjoying much privacy anyway, so what's the big deal?
My understanding of legal theory in the US
- I am not a lawyer
- I have never been to law school
- Don't make decisions based on what I say
- If you really need to know a point of law ask a lawyer
- What do you call someone who gets legal advice on Slashdot? "Inmate".
is that in gray situations of commercial law judges can include in their reasoning the "ordinary course of business". There may be a genuine legal risk if we allow privacy invasions to go unchallenged.
it doesn't take stance
only "human" do
u see virus is a virus
but i see virus as a backup
Wow... not even remotely. But with that attitude I can't see why I don't rush back to north america..
So true. One can only hope that international relations and interest changes this strange software mono culture. Is IE6 still the dominant browser or can they at least safely upgrade to IE7 these days?
Even the government oblige people to use IE : it seems that they have made the standard cryptography protocol to be dependent of Active X (they don't use SSL but SEED, their own protocol). What kind of government is this ? Do they really consider themselves a democracy ? Here, in France, we protect freedom on the Internet. Oh wait...
"Freedom can only be the whole of freedom; a piece of freedom is not freedom." Max Stirner
With Japanese, technical stuff in a field you're familiar with tends to be easier than newspapers, in my experienc. Japanese does have katakana, and Chinese doesn't have anything comparable, so when they convert technical words to Chinese, it's not nearly as straightforward. But you still have the advantage of context, that you probably won't have for most of the newspaper. So I suggest, if you've just automatically assumed and not bothered trying, give it a try.
Computer memory is just fancy paper, CPUs just fancy pens with fancy erasers; the 'net is just a fancy backyard fence.
I consider a lot of the stuff that anti-virus software does to be over the line into malware, and I consider game software that installs a rootkit to scan for cheats to be malware.
Does anyone else out there have any suggestions on how to make a networked/multi-player game truly cheat/hack proof?
In your sarcasm, I'm detecting an assumption that GP is American, too.
How ironic. I guess it takes a narrow mind to know a narrow mind.
Are all you American like that? Or now you demonstrate your complete ignorance of the international scope of the internet by giving me some bullshit about how this is a predominantly American website?