Slashdot Mirror

← Back to Stories (view on slashdot.org)

How Asus Recovery Disks Ended Up Carrying Software Cracks

Posted by timothy on from the nice-thing-about-free-software-is-no-cracks dept.

Anthony_Cargile writes "We all now know about Asus shipping illegal software cracks and confidential documents/source code on their recovery DVD (and in the system root), but this article tells exactly how it happened. It's even more careless than you think, and most likely an accident."

4 of 241 comments (clear)

  1. Re:This doesn't explain everything by RGRistroph · · Score: 4, Interesting

    I had forgotten that it was a windows restore CD, I was thinking in terms of a driver CD or something.

    However, there exist tools that are designed to do exactly that sort of thing. I run something that checksums every file on a server and compares it to a known good value, as part of an intrusion detection system. If I were shipping a windows computer otu of manufacturing, I would take file lists from as-shipped as well as after restoration, and I would compair them against other windows installations, and make sure I knew a reason why every single different file was different.

    It's not that hard. Once you write a script to go through and get the file list out of all the .cab files, and subtract that from what's on the disk, what's left is not that much. Just the pre-installed cruftware and whatnot . . . maybe they had so much of that, these files got lost in the noise.

    So, what had to happen was this:

    1) Employee got the "official vista install" USB fob, probably used it, and then he or someone else used it as a hand file transfer mechanism, adding more files to it

    2) This non-pristine USB fob was used again to install the "master" harddrive that would be used to make recovery DVDs shipped with the product

    3) No one carefully checked the files on that recovery, OR the USB fob infection had also gotten to the vista's that he compaired against

    Still seems sloppy to me. If you know you are going to be dealing with a behemoth like Vista, one of the things you do is write scripts or develope tools to deal with it.

    One thought I had, is that this would be a way to make a virus replicate. What if instead of random crap, it put some kernel driver in windows that checked to see if you were writing an "unattend.xml" file and dumped itself on that drive if so ? Some minimal attempts at hiding might take you a long way, given that there appears to be little quality control. How to get it into the OEM so it will be re-distributed ? Oh, just add it to a cracked copy of WinRAR and post it on a warez site, that apparently works.

  2. Lately their quality has been going downhill... by cyberjock1980 · · Score: 5, Interesting

    This is disappointing. A few months back ASUS got into a flamewar with GIGABYTE. GIGABYTE came out and told Tom's Hardware that ASUS used inferior parts, changed their % gains versus their competitor without changing the product whatsoever, and that ASUS's EPU feature is software instead of hardware(meaning it is inferior to GIGABYTE). GIGABYTE did come back and appologize for claiming ASUS used inferior parts(it was found that it was a different vendor's board that contained inferior parts). ASUS threatened to sue any website that talked dirty about ASUS when this all came to light. Check out http://www.tomshardware.com/news/asus-gigabyte-motherboard,5348.html to read about the GIGABYTE versus ASUS drama. Then check http://www.tomshardware.com/news/asus-gigabyte-motherboard,5480.html for ASUS suing GIGABYTE for the bad publicity.

    I have been an ASUS user for many years, building many computers with ASUS parts. While GIGABYTE did include some false claims, they did have valid complaints for their other arguements. I was one of the people that was stuck with a motherboard that cost me $250 that didn't do quite what it was supposed to do, and as a result my linux based computer cannot use their power management function(because it is software based). GIGABYTE's is hardware, and is enabled in BIOS and doesn't care which OS you use. This one hit home for me. My computer is on 24x7, and I wanted my computer to be green. Unfortunately that dream will not be a reality with ASUS hardware.

    This again paints a bad picture of the quality work ASUS has been doing lately. I am sure that my next motherboard won't be ASUS. They have lost points with me, and I am going to check out one of the other top tier motherboard companies.

    I have never purchased a motherboard from GIGABYTE, but I'm already looking for motherboards for Nahelem when it comes out next month, and I'm not even looking at what ASUS is offering. Bite me once, shame on you. Bite me twice, shame on me!

    Reasons for leaving ASUS:

    1. Changing your product efficiency % gains after shipping the product for months, AND not changing anything on the product! As if they wouldn't get caught? Competitors are always shopping their other competitors!

    2. They fail to mention that EPU REQUIRES Windows to run. I don't care what ASUS says. If it requires software(Windows based at that!), then it's software based. Even if its hardware functions are enabled by using the software.

    3. Suing anyone who talks about their bad publicity from GIGABYTE. WTF? Seriously, WTF? That's RIAA type behavior, and I will not tolerate that type of child in my house.

  3. I'm curious about that anti DR-DOS document by electrogeist · · Score: 4, Interesting
    OEM issued Microsoft document, which mainly says "do not distribute DR-DOS with any computers".

    Is this something recent? Someone have one of these restore CDs to post the text? With the history of bad blood this could be a story in itself

  4. Re:This doesn't explain everything by Anonymous Coward · · Score: 5, Interesting

    I used to produce computer magazine coverdiscs, and have also written several computer books with CD/DVDs attached. Millions of my authored CDs/DVDs have been produced, maybe more.

    I am FREAKING PARANOID that anything untoward might get onto the disks that shouldn't be there. Once sent to the duplicator, there's no turning back. I personally have spent hours checking each and every file on discs that I've made, even going so far to check file dates to ensure files haven't been tampered with accidentally (maybe I've discovered a new bug that causes files to be mixed with, say, porn). I check them on different operating systems, and either delete hidden system files (.thumbs etc), or open them in a hex/text editor to see what they contain.

    Also, and this is a golden rule, if you're producing a CD/DVD for distribution, you MUST USE A CLEAN COMPUTER. Luckily virtual machines make this a lot easier because you can keep the OS and the virtual file system clean -- nothing gets onto the virtual file system unless it's downloaded (provided you turn off file network sharing of course).