Asus Ships Cracking Software On Recovery DVD

Barence writes "Asus is accidentally shipping software crackers and confidential documents on the recovery DVDs that come with its laptops. The startling discovery was made by a PC Pro reader whose antivirus software was triggered by a key cracker for the WinRAR compression software, which was located on the recovery DVD for his Asus laptop. Along with the key cracker the disc also contained confidential Asus documents including a PowerPoint presentation that details 'major problems' identified by the company, including application compatibility issues. The UK reader is not alone, either — several users in the US and Australia have also found suspicious files on Asus discs."

Someone Is Getting Fired

[maz2331]

Someone is getting fired, and Asus is going to be getting sued.

Re:Someone Is Getting Fired

[petwalrus]

I suspect perhaps they already were getting fired anyhow and decided to leave behind a 'legacy' they could be remembered for.

Re:Someone Is Getting Fired

[Four_One_Nine]

It's truly amazing how difficult it is to fire people in many organizations, so I doubt it is a guarantee that anyone will be fired.

However this is exactly the kind of public exposure of software piracy that the offended companies can use to boost earnings.

Firings=No Lawsuits=Yes

Re:Someone Is Getting Fired

[gEvil+(beta)]

I suspect perhaps they already were getting fired anyhow and decided to leave behind a 'legacy' they could be remembered for.

Good thing they included their résumé in there. : p

Re:Someone Is Getting Fired

[adpsimpson]

Was it not Windows XP, before any service packs, which came with a file in the 'My Videos' which, when opened in a text editor, showed the cracked software version used to create it?

Did anyone ever lose their jobs over that one?

I've had a look on Google but searching for "Windows pirate video" only has one or two results...

Re:Someone Is Getting Fired

[Skrynesaver]

It was in the wav files used in the XP tour introduction thinghy

LISTB INFOICRD 2000-04-06 IENG Deepz0ne ISFT Sound Forge 4.5

Was present in the files, a sign that a pirated version of Sound Forge from Deepz0ne of the Radium warez crew.

Re:Someone Is Getting Fired

[fishbowl]

I remember thinking that should have been kind of a big deal. Then I remember never hearing another word about it before now.

Re:Someone Is Getting Fired

[wud]

I don't think asus will get sued by winrar. This is obviously an accident, and im sure asus has purchased legal copies, or atleast they have now. Now they might get sued by Microsoft for violating the nda.

Re:Someone Is Getting Fired

[Skrynesaver]

True, I wonder why the BSA never got involved ;)

Re:Someone Is Getting Fired

[Miamicanes]

> Was it not Windows XP, before any service packs, which came with a file in the 'My Videos' which, when opened in a text editor,
> showed the cracked software version used to create it?

This was apparently surprising only to people who don't work for companies that actually make it easy for developers to BUY software without having to get approval up the management chain all the way up to god himself. Half the software my co-workers and I use ends up being pirated, because our company makes it damn near impossible to buy anything that's not on the list of officially-sanctioned software (almost all of which is stuff that the "business" users need). I can blow $150 on lunch when I'm traveling without even needing to get my immediate manager to sign off an approve the reimbursement as long as I don't spend more than $250/day on meals/incidentals/entertainment, but getting reimbursed $29.95 for some shareware app I can't live without requires approval by the vice-president (my boss' boss' boss), who requires our department to submit purchase requests in batches no more than once per quarter. Of course, if we're 5 weeks into the current quarter, and I need the damn app TODAY (or at least by next week)... well... time to visit astalavista.box.sk (under vmware, of course) to get the crack and run the app (also under vmware, with write access to nothing besides a usb thumbdrive, of course).

Personally, I think 99% of free software's appeal to people who work for big, oblivious corporations is the fact that it's not just free as in beer or liberty... it's also free of bureaucratic grief.

Getting back to the Microsoft example... name any app produced by Microsoft that does something remotely close to what SoundForge does. Um, none? OK, now picture the hapless employee, who works for the largest software company on earth, dealing with THEIR bureaucracy trying to get permission to buy a program sold by one of their "competitors", even though it's a niche they don't actually compete in. Especially with a looming deadline.

Or, alternatively... picture Microsoft hiring an outside consultant/musician to do the track. To save money, they hired a freelancer who's just getting started and doesn't quite do it as his/her "real" job yet. The individual hasn't gotten to the point yet where he/she's making enough money off of it for buying it to be a no-brainer (It IS usually one of the first 3 apps anyone who becomes halfway serious about music production ends up buying when "the time comes"), and the employees at the Microsoft end responsible for getting it on the disc were themselves under immense deadline pressure. The file played, normal users aren't going to view it in a hex editor looking for anything "funny", so on the disc it went.

Re:Someone Is Getting Fired

[umrguy76]

I can blow $150 on lunch when I'm traveling without even needing to get my immediate manager to sign off an approve the reimbursement as long as I don't spend more than $250/day on meals/incidentals/entertainment, but getting reimbursed $29.95 for some shareware app I can't live without requires approval by the vice-president (my boss' boss' boss), who requires our department to submit purchase requests in batches no more than once per quarter.

Does that $150 lunch reside on your company's network?

Re:Someone Is Getting Fired

[FictionPimp]

We are only allowed to make purchases once a year. I simply make my request, they go on a capital list, we have a department meet and discuss why, then it is sent up for approval and i get my software.

I just make sure to plan for the year. It's not too hard. I know what my job is and I keep a good eye on what tools are out there to make it better/easier. Sure I can't have the latest Adobe product the day it launches, but I can get it the next capital cycle.

Re:Someone Is Getting Fired

[MadMidnightBomber]

Personally, I think 99% of free software's appeal to people who work for big, oblivious corporations is the fact that it's not just free as in beer or liberty... it's also free of bureaucratic grief.

Plus licensing. Ever played with flexlm, or tried to figure out how many Microsoft CALs you need? No need with GNU - saves a ton of time and potential liability.

Re:Someone Is Getting Fired

[grassy_knoll]

Personally, I think 99% of free software's appeal to people who work for big, oblivious corporations is the fact that it's not just free as in beer or liberty... it's also free of bureaucratic grief.

Indeed.

Finding cracked software on your machine around here is a fireable offense. Open source is seen as a viable alternative.

Re:Someone Is Getting Fired

[dontmakemethink]

Vista?!! My eyes!! Everywhere I look everything is framed in translucent frames with a weak-ass Northern Lights rendition! And I have a date tonight! WHAT AM I GONNA WEAR??!!!!

Re:Someone Is Getting Fired

[phantomcircuit]

Does that $150 lunch reside on your company's network?

No but that nice Cracked program does now.

Re:Someone Is Getting Fired

[WNight]

Why do people like you crawl out of the woodwork, just to inform actual useful people, that you don't have an issue with X?

You certainly would have an issue with that policy, if you did anything complex enough to require you to do something you didn't plan last year. All you're doing is making yourself look like someone who doesn't actually do anything, or who always does exactly the same thing.

Why are you proud of being a do-nothing?

Re:Someone Is Getting Fired

[JD-1027]

Then you have Microsoft employees where finding open source apps on your computer is a chairable offense.

Software Crackers?

[TheNecromancer]

Do they come with cheese?

Cue lawsuit....

[CdBee]

Asus, however accidentally / carelessly, have just made themselves the obvious target of a lawsuit for distribution of tools for copyright infringement...

Re:Cue lawsuit....

[MadJo]

Did Microsoft get sued for its use of a cracked version of Sound Forge?
No?
Then why will ASUS be sued?

Re:Cue lawsuit....

[alx5000]

Well... for distribution, actually.

Just as the GP pointed out.

All of this could have been avoided

[Verteiron]

If only they'd used 7zip instead! Oh, you fools!

Re:All of this could have been avoided

[Machtyn]

7zip supports rar, arj, zip, 7z, cab, iso, etc. etc., and it is a free program, unlike winRAR or WinZip. And it works very nicely.

Re:All of this could have been avoided

[Cytotoxic]

7zip supports rar, arj, zip, 7z, cab, iso, etc. etc., and it is a free program, unlike winRAR or WinZip. And it works very nicely.

This is only partially true. 7zip supports 7z, ZIP, GZIP, BZIP2 and TAR fully. The other formats are "unzip" only. So no-go if you need to compress with RAR (the original thread). Too bad because RAR is amazing on database backups. I often get 90% + compression on multigig SQL server backups - much higher than zip or built in compression in backup utilities.

Re:All of this could have been avoided

[CSMatt]

I should think so, because according to your timestamp you posted in the afternoon.

One of the files is someone's resume

To that person: If your goal was to get your resume noticed, MISSION ACCOMPLISHED!

Cracking WinRAR is lame

[Spatial]

WinRAR is free to use, last time I checked it only asked you to buy it through a brief, unintrusive nag window. Cracking it is really damn lame.

Re:Cracking WinRAR is lame

I think the tool is actually for extracting the passwords for any protected archives created with the WinRAR application...

Re:Cracking WinRAR is lame

[spyrochaete]

7zip is not superior. It's incredibly slow. I've tried 7zip many times over the past couple of years, hoping it to finally be a superior product to the needlessly expensive WinRAR ($35!), but it never happens.

Uncompressing a file in WinRAR consistently takes up to or over 10x as long to uncompress in 7zip. Try it yourself. WinRAR is even faster with .7z archives.

I tested both products with WinXP x86, Vista Ultimate x86, and Vista Ultimate x64, all on the same 7200RPM SATA2 HDD.

Re:Cracking WinRAR is lame

citation

Re:Cracking WinRAR is lame

[0100010001010011]

IZarc is also free (beer not speech). I use it on all the systems I have. I love it.

Re:Cracking WinRAR is lame

[necro2607]

Nice, I want a copy of that. Sounds like Asus is including some pretty useful utilities along with their new machines! Now there's a software bundle that for once might actually be of some use to me! ;)

Re:Cracking WinRAR is lame

[Naughty+Bob]

{{Original research}} !!

What about the very first hit on Google, eh?

The truth is everywhere!

Well that's what you get

[elrous0]

Putting the CEO's dim-witted nephew Steve in charge of disc duplication seemed like such a good idea. I mean, how could anyone screw something THAT simple up, right?

It will be interesting to see

[mandark1967]

How the cracking software got onto the restore DVD as well as why it was even present at Asus in the first place.

I can't imagine why a company like Asus would even "need" to crack software keys when they can, most likely, get it at a discount. I mean, it's not like Asus is a barely-scraping-by company that is unable to afford even simple tools.

Re:It will be interesting to see

Both Taiwan and mainland China, let alone Hong Kong, pirated software is easy to obtain. I'd place my bets on either of...

1. The disc master's computer had this information
2. The disc replication (usually china/taiwan) factory had this software, and someone didn't erase their image drive.

I'd put more money on 1 due to the power point file about the company. This would suggest that it was done carelessly or intentionally and a whole lot of QC didn't happen before the disc got put in the box.

Re:It will be interesting to see

Asus is a Taiwanese company. You would be surprised how common pirated software is in Taiwan. If you buy a laptop, you would expect it to come with pirated software... I was surprised when a friend of mine bought an Apple's powerbook (through a third party vendor) and it came with pirated copies vmware, photoshop, etc.

Re:It will be interesting to see

[rtechie]

I can't imagine why a company like Asus would even "need" to crack software keys when they can, most likely, get it at a discount.

Because keeping track of product keys is a hassle and having to fill out a PO for a $30 shareware app is a PITA.

Cracking tool? What about the docs?

[DaveV1.0]

A directory containing a large number of confidential Microsoft documents for PC manufacturers, including associated keys and program files

I would think that this would be of much more interest than some cracking tool one can download. Even the Asus source code should be of more interest as it could be used to improve FLOSS support.

Re:WinRAR

[setagllib]

Who needs WinRAR when you have 7-Zip?

Goes to show how PERVASIVE piracy is

If you can't keep it off your distribution CDs, you just have WAAAAAAY too much of it around.

Re:Goes to show how PERVASIVE piracy is

[timbck2]

This got moderated as +1 Funny, but should be +5 Insightful.

The Butterfly Effect

[Dystopian+Rebel]

A guy burns a master CD while smoking a joint in Taiwan... Somewhere in Redmond, a large office chair is hurtled through a pane of glass.

Re:Rule #1: If you learn something, don't tell any

[Lostlander]

Because if it's on a recovery CD which is duplicated a thousand times then it's worthless to the company you want to blackmail as they're screwed anyway so why pay for your extortion.

Re:WinRAR

[morgan_greywolf]

Which, for the benefit of those who have never used 7-Zip, fully supports unpacking RAR archives out of the box without having to have unrar or WinRAR at all.

Now if you want to make RAR files, then you'll need rar or WinRAR. But also you should note that 7-Zip's native 7z format gets rather better compression than RAR. ;)

Re:WinRAR

[hairyfeet]

My guess would be to get rid of the nag screen? That said,I thought all the PC makers loved to put trialware on the machines to help lower their cost. Someone at Asus needs to have their resume up to date,and I hope Asus has plenty of cash on hand,because this will probably get ugly real fast. Talk about a slam dunk lawsuit.

Does anyone know if the crack is carrying a trojan? The fact that it is setting off virus scanners tells me that it might,which means if it was used on the original Asus install image there is a lot of infected machines out there. Of course simply having a folder called cracks on the CD is bad enough,but if it is also trojaned it could be REALLY costly for Asus. But as always this is my 02c,YMMV

They put other stuff on there too

Imagine my surprise when an immediate restart after driver installation off of an asus cd booted my computer into a broken version of freedos. An explanation written 4 years ago of what happened to me is here: http://www.freedos.org/freedos/news/technote/211.html
 

Re:WinRAR

[ozmanjusri]

The fact that it is setting off virus scanners tells me that it might,which means if it was used on the original Asus install image there is a lot of infected machines out there.

It's on a Windows DVD.

Asus is just saving its users some time. No point delaying the inevitable.

Re:WinRAR

[cawpin]

But also you should note that 7-Zip's native 7z format gets rather better compression than RAR. ;)

Not in my experience. Also, 7zip's software is horrid compared to WinRAR. Also, there is a fully functional version of WinRAR available for free. They released it in a 1 day giveaway sometime last year I believe.

It happens, when QC isn't very high. Example:

[blind+biker]

Several years ago I worked in a very large and respectable company that shall remain unnamed (but whose name rhymes with, say, "Nokia"...) and we just shipped our turnkey system with our software AND with the source code. And the company wasn't (and still isn't, AFAIK, but don't work for them since a long time) an open-source company :o) It was a screwup by the consultant guys in India.

I'm surprised this doesn't happen more often, knowing the level of QC that happens in India and China.

oh, right, I forgot that it does indeed happen. Even nowadays (de javu).

Re:It happens, when QC isn't very high. Example:

[BUL2294]

I'm surprised this doesn't happen more often, knowing the level of QC that happens in India and China.

"The quality checking will be happening as optional."

Re:WinRAR

[Benanov]

7zip has a good UI *if* you mainly use the shell integration features (enabled by default.)

7zip is also FSF-Free minus unrar.dll, whereas WinRAR has very restrictive licensing terms.

Not just a hard disk

[Lonewolf666]

If you read TFA, you will find that this is more than a case of a hard disk someone forgot to erase before selling an old computer.

This time, the wayward data are on a recovery DVD that comes with new ASUS computers, and presumably hundreds or thousands have been shipped. Which makes the following two differences:
1) Trying to keep this secret is probably futile, there are too many copies floating around.
2) Distributing stuff by accident in this way is an epic, newsworthy blunder. Much worse than forgetting to erase a single harddisk.
 

Re:WinRAR

[lysergic.acid]

i'm not completely sure, but i believe that anti-virus makers often classify keygens and cracks as viruses. it's a way of posturing to scare the public away from using these programs despite their innocuous nature.

problem is, there are some warez downloads that genuinely do contain trojans/viruses, so if your AV program is set off by a download it's difficult to know if it's a legitimate threat or simply the AV makers trying to manipulate the public.

i imagine a lot of security analysis tools (which can be used for both white hat and black hat purposes) probably set off AV programs as well.

i can see how AV software detecting warez programs might be a useful feature to businesses who want to protect themselves from lawsuits, but it should at least make a distinction between viruses/trojans/malware and warez/hacking programs which aren't harmful to the user's computer. it's not really the place of AV makers to tell users that they can't use a keygen, crack, or security tool. that's not why most people run AV programs.

This demonstrates the importance of formal English

[hey!]

Especially in international, multi-cultural enterprises.

When the executives said they wanted "Cracking software" on the CD, they meant it in the same way that Wallace does when he compliments Gromit on breakfast: "Cracking toast, Gromit!"

Asus had to compete with MSI

Because, you know, after MSI threw in those free moviez, ASUS had to up the ante a little :)

Re:WinRAR

[Mr_Silver]

Who needs WinRAR when you have 7-Zip?

And for those of us who want an alternative to 7-zip with a user-interface that doesn't make you want to gouge your eyes out with spoons, then there is IZArc.

(free in beer, not speech - but I don't really care)

And localized to boot!

[zooblethorpe]

And apparently they were kind enough to include both English and Chinese versions of it, too!

Cheers,

all company should follow suit

[grumpyman]

....details 'major problems' identified by the company, including application compatibility issues...

Sounds like a release notes ^_^

Re:WinRAR

[Mister+Whirly]

"Does anyone know if the crack is carrying a trojan?"

No. It claims it can't "feel anything" unless it goes in bareback.

Frame?

[phorm]

Sounds like a good way to frame somebody too though...

Because they're BSA members, of course.

[Xenographic]

I know you're joking, but for anyone who doesn't get the joke, Microsoft is a BSA member.

They only terrorize small businesses.

Re:WinRAR

[hairyfeet]

Sorry to burst your bubble,but I have actually watched keygens and cracks infect a machine. It is usually either a downloader or one of the W series viruses. From what I've seen working PC repair it isn't the cracking bunches that are infecting the machines,it is the sites that the folks get them from that are wrapping them in trojans and downloaders. But I can verify that it was the actual keygen/cracks,as I used a spare box we used for testing files and filemon and diskmon from system internals. Sure enough as the crack was activated while it did crack the program it also began writing tons of little files into system32. Those files when scanned were one of the W32 trojans. That is why I tell my users to just buy the stupid programs,as it is a lot cheaper than having to pay me to debone their box. But as always this is my 02c,YMMV