How Asus Recovery Disks Ended Up Carrying Software Cracks

Anthony_Cargile writes "We all now know about Asus shipping illegal software cracks and confidential documents/source code on their recovery DVD (and in the system root), but this article tells exactly how it happened. It's even more careless than you think, and most likely an accident."

This doesn't explain everything

[RGRistroph]

I can how an internal ASUS USB flash disk with an unattend.xml file on it, might get used to move documents around, and then also get used to install windows.

That might explain how certain documents got put on a lot of harddrives inside ASUS.

It doesn't explain how that directly ended up being part of what they made an ISO out of, and how no one apparently did quality control and checked every single file on a CD before it was replicated and sent out to the world.

Re:This doesn't explain everything

[Free+the+Cowards]

First rule of internal company dynamics: they are not nearly as well staffed, as organized, as thorough, or as competent as you think they are. They are in all probability just as quick and careless as you would be doing the same thing.

Re:This doesn't explain everything

[IceCreamGuy]

When was the last time that anyone checked every file on a CD when it's say, a windows restore? Yeah. Nice job dipshit. Think before you talk. What human actually knows every file that's supposed to be on there?

diff -r, dipshit.

If doing this kind of quality control doesn't seem trivial and normal to you, then congrats; you don't work in the IT field.

Re:This doesn't explain everything

[MerlynEmrys67]

Uh - I do. You mean when you are building a large distribution you don't create a manifest that lists all of the files that are supposed to be on the disk - and then have a script automatically check that everything is on the CD that is supposed to be on it... nothing more - nothing less.

Sloppy work at the best - a simple engineering problem to solve, takes 2 minutes to run after the ISO is cut. My QA lead would laugh hysterically at me if I tried to pull a stunt link this on her. Easy to verify final ship products

Re:This doesn't explain everything

[PopeRatzo]

First rule of internal company dynamics: they are not nearly as well staffed, as organized, as thorough, or as competent as you think they are.

At least not any more.

As long as a company's stock price gets rewarded by Wall Street for laying off employees, we're going to see stressed corporations.

Remember that really slow guy in QA who took forever to write his reports, and was getting a little gray, and was making more than a lot of us because he'd been with the company forever? He was the guy who would catch these stupid mistakes.

But he was laid off when we got "lean and mean".

Crack vs. Foss

[O('_')O_Bush]

FTA:
"c:\Windows\ConfigSetRoot\ contained a software crack for the WinRar program...

So apparently an Asus employee happened to have a personal flash drive, and stored his resume (presumeably, conspiracy theorists may disagree) as well as a few harmless keygens and serials on it.."

It amazes me that this employee chose illegal means of getting an archiving program instead of using a FOSS solution such as 7-zip ( http://www.7-zip.org/).

I know some companies have protocols for handling FOSS software, but this should have never have happened if the employee had just turned to his company's legal department for obtaining software licenses.

Could have been me

[InlawBiker]

I am completely unsurprised. When I heard about it I thought, "Oh, some jackball inadvertently copied his personal files via some install script. That's pretty funny."

I personally have the exact same stuff on my thumb drive - my resume and some cracking tools. As we all know, nobody tests their own work. That's why testers have jobs.

So he screwed up - at least he has a good story to tell!

Re:Could have been me

[ogl_codemonkey]

As we all know, nobody tests their own work.

Speak for yourself.

I don't know anyone that tests their work as thoroughly as the next person to find a mistake in it.

I always get keygens for software I buy

[Matt+Perry]

I always get keygens and cracks for software I buy as a safety measure, and test them in a virtual machine to make sure they work. With all the phone home activation that software does these days I don't want to have to call a vendor and beg for access to to software I've already paid for when Windows takes a nose dive. What if the vendor doesn't support that version any more and doesn't want to give me a new activation key? What if the vendor is bought or goes out of business? If I reach that point I can at least use the keygen or crack to protect my investment.

I can't fault anyone for having keygens for their apps.

Re:There is a simpler, safer solution.

[powerspike]

It's not that easy anymore, programs like windows, anti virus software just to name a few, require you to either phone a number to active the software, or connect to the internet, if you don't do that, it won't run until you do. Now add in they usally only let you install the software X number of times per key/product, your going to be screwed in ten years if you need to activate software from today. Safely storing your serial/product keys these days for long term use is pretty useless.

Re:TFA

[Nazlfrag]

Great, then the mac or linux files would have been copied from the usb stick to the windows install directory. Reduces the chances of cracks appearing, but does nothing for the documents.

Re:TFA

[DrSkwid]

That sounds like the dumbest choice. The only negative effect an Asus client could have is if the USB flash drive contained malware of some description.
Condemning the whole company because of one employees ignorance of MS's stupid xml magic really is cutting your nose to spite your face.
Asus products have always been good to me.