Slashdot Mirror
Asus Ships Eee PCs With Malware
An anonymous reader writes "'According to an email sent out by Asus, PC Advisor reports, the Eee Box's 80GB hard drive has the recycled.exe virus files hidden in the drive's D: partition. When the drive is opened, the virus activates and attempts to infect the C: drive and any removable drives connected to the system.'"
get Vista to run on that thing?
I guess it means they found a way to cram Vista onto it ...
FFFail.
D:
No, Windows is not a virus. Here's what viruses do:
* They replicate quickly - okay, Windows does that.
* Viruses use up valuable system resources, slowing down the system as they do so - okay, Windows does that.
* Viruses will, from time to time, trash your hard disk - okay, Windows does that too.
* Viruses are usually carried, unknown to the user, along with valuable programs and systems. Sigh... Windows does that, too.
* Viruses will occasionally make the user suspect their system is too slow (see 2) and the user will buy new hardware. Yup, that's with Windows, too.
Until now it seems Windows is a virus but there are fundamental differences:Viruses are well supported by their authors, are running on most systems, their program code is fast, compact and efficient and they tend to become more sophisticated as they mature.
So Windows is not a virus.
It's a bug.
WORM_BRONTOK.Q?
...then maybe this wouldn't have happened?
Take a great concept- the netbook... a small, light, inexpensive, flash-based, long-battery life, Linux based system. Then ruin it by making it a large, heavier, expensive, hard-drive based, medium battery life, MS-Windows based system.
Oh well. I guess some people didn't "get it".
Quoting TFA:
According to Symantec, the malware is likely to be the W32/Usbalex worm, which creates an autorun.inf file to trigger recycled.exe from D:
The real bug is any O/S stupid enough to be designed to automatically execute things on media when loaded. That's a remarkably stupid design.
This particular viral infestation doesn't look all that harmful; but it is really, really hard to feel good about the overall integrity of the system when things like this are happening. In fact, the fact that the virus is so pitiful makes it even worse; because it suggests that high-density fuckupitude, rather than sophisticated malice, is all it takes to get a serious defect onto loads of production systems.
Just another reason to always build and verify your own system images, I guess.
I was only interested in a couple things with the eee:
- It runs Linux well.
- It's really small.
- It's pretty cheap.
That's about it. Any business of this thing running Windows in the first place is a mystery to me. We bought a number of these for students here and they love them to death (yes, even with Linux).
"...Well, there's egg and bacon; egg sausage and bacon; egg and spam; egg bacon and spam; egg bacon sausage and spam..."
Oh thank god I have the 20GB version. Also Linux.
reformat
problem being the reinstaller disk (if you pay the extra 15$ to include one the Norton-Ghost-or-like-Software they use to recover your files using drive D:\[despite hard drive sources recommend reformatting at least once a year, and I don't mean the corporations making harddrives using 1000-byte kilobytes (SI notation) when it should be 1024-byte kilobytes (SI notation but not SI meaning in the base 10 sense) or shall I say kibibytes (binary unit convention)] would probably restore D:\ (although my Dell didn't do it). I really hate it how they have the nerve to include bloatware on the system, also provide me with no reinstaller disk (I certainly PAID for the OS and there's no No-OS option [but I have to use Windows as the Dell-modified-drivers only work on Windows, and ATI won't provide laptops with one because notebook manufacturer's modify them]), and also provided me, instead of a reinstaller disk, with a Norton Ghost that I have 30 days to use and then I have to uninstall it or pay for it (luckily I don't have to reformat, it CAN merge with C:\). When are people going to realize the only data backup you can rely on is a *separate drive*? My system has never been penetrated and I can disconnect from the internet and run in safe mode and system recovery, but it doesn't matter if my hard drive simply stops running and refuses to reformat or boot or run externally and causes you to lose 6-months of data because it's a MECHANICAL DEVICE (most of the physical problems in electronics result in mechanical failure, such as the reason electronic acclerators (in your car) aren't appreciated - mechanical to electric and then electric to mechanical has some nasty data entropy and retention issues--worse yet, what would happen when we digitize braking systems? How many times has physical failure caused a digital error [think Xbox scratch disk issues even with the slightest tilt or angle due to the cheap manufacturing process not to mention the cheap lasers]) and as long as it's not evidence in a murder trial, won't be sent to the NSA ("we" can see formatted-over data and it doesn't require the hard drive to be running).
also clears out any bloatware on the system, and the warranties don't usually cover software issues (even if it is their fault because they provide the drivers, and the driver is at fault, which is why I never bothered to contact dell about frequent freezes usually accompanied by the last audio file to be played to be repeated but no bluescreen or restart, and at least some of the crashes are overheats [touching the relative location of the graphic card is clearly too hot and accompanied by scent even with fan and thermal sensors posed to cut power], which indicates a non-functioning thermal cut-off switch.)
"Eee PC" =/= "Eee Box"
The Eee PC is Asus' line of netbooks. The Eee Box is Asus' line of nettops. While in some ways they are similar, in other important ways they are very different products.
I bet it doesn't come on the Linux version.
When will we get equal treatment from hardware vendors?
Strange. I am using Ubuntu right now using WPA2 and it seems to be working. Or, I could just be imagining this.
Which is entirely possible, because I can't understand why someone would be afraid to post a slashdot post without clicking the Anonymous button.
- It's not the Macs I hate. It's Digg users. -
The Eee ships without a wireless stack that can do WPA, or at least did. I worked on one for someone, and that was their issue. This may have changed by now, but it sure was a stupid move at the time.
I agree with ryanov, the poster might have been commenting about problems with WPA2 on the EEE pre-installed version of Linux, rather than Linux, in general. Or, he might just be a troll.
But cbreaker is also right- loading Mandriva (or certain other distros) on the EEE will certainly solve the WPA2 problem with the stock, limited Linux.
Every time I've tried Ubuntu, it couldn't speak WPA1 (but WPA2 was fine) without shitting all over itself, nor could it work with APs that weren't broadcasting their SSID...
And a bright, shiny prize in every box.
Good to the last byte!
But mind the spoilage date.
That may have been true of the Eee 700 series, but I have an Eee 900 and it had no trouble connecting to my WPA-PSK access point with the default software. It would've been easier with NetworkManager instead of their custom configuration interface, but it worked nonetheless.
What I really don't understand is why, for a project which started out Linux-only, it contains so much hardware with mediocre-to-poor Linux support: the wireless card and the Ethernet adapter both require out-of-kernel drivers; the ACPI interface can't seem to get the battery capacity right; the sound support is flaky at best due to incomplete specs; and yet another driver was required for basic ACPI support (now part of the kernel). I managed to get it all working under a stock distro (Debian) eventually, and I'm quite happy with it -- I like a challenge now and then -- but if you're going to build a Linux laptop, why not pick hardware known to be compatible?
"The state is that great fiction by which everyone tries to live at the expense of everyone else." - Bastiat
The Eee ships without a wireless stack that can do WPA, or at least did. I worked on one for someone, and that was their issue. This may have changed by now, but it sure was a stupid move at the time.
I have a 701 and it connects to my WPA secured access point just fine, and always has (using the default Xandros installation). The setup was an extremely trivial point and click exercise. The hardest bit was correctly entering the passphrase, as it puts it into a password type field (hashed out as you type). That's not a bad security feature, but it doesn't help usability. I ended up copying and pasting it.
If it ever couldn't do that it was *very* early in the piece. I bought one of the first ones in Australia. I believe it had been available in other places a little while before getting here.
I don't know what the problem was for the person you helped, but it wasn't that the OS was incapable of running WPA on that hardware.
Ever stop to think
Asus ships Windows because they are in this business to make money.
We have been around this track before.
Confirmed orders for the Linux only XO laptop stalled at around 700,000 units. Summary of laptop orders
When MSI ran into serious trouble with Linux returns, the geek was there with 660 excuses. Netbook Return Rates Much Higher For Linux Than Windows
The Eee ships without a wireless stack that can do WPA
Bullshit. I have a first-gen 4G, and it connected to my WPA-protected wireless net with no problem.
I worked on one for someone, and that was their issue.
Maybe you're just incompetent. You're definitely wrong.
The 701 EEE could use WPA-PSK, the wireless encryption common to most consumer grade routers.
What it can't do is WPA-EAP that is commonly found in corporate environments and universities. This is probably what the parent was trying to say. You can see it's SSID, but when trying to connect it only gives a box for you to type the password but nowhere for the username.
The workaround for it was to install the wpa_supplicant package from Debian and hope that it worked.
Unicode in Slashdot
That's why you shut off autopwn, I mean autorun with a global group policy throughout your whole active directory. Consumers should turn it off globally with a local group policy. Microsoft should be shot for leaving this feature on by default.
Confirmed orders for the Linux only XO laptop stalled at around 700,000 units.
XO is neither designed as a consumer laptop, nor is available for purchase by individual users.
Contrary to the popular belief, there indeed is no God.
I don't know if it's because I'm running on no sleep, or that images of patch panels are swimming in front of my eyes due to a late-night rack-a-thon, but that was one fine rant.
Wrists killing you? Not in 2 weeks. Learn Dvorak.
I tried out the latest Ubuntu beta as recently as today with WPA2 and a hidden SSID. Worked with an Intel 3945abg in a laptop. My problem with random hardware is always sound in Linux, not networking :/
When MSI ran into serious trouble with Linux returns,
The problem is, MSI doesn't say 4x what.
Thus, it's a meaningless statistic, and every time you read an article that mentions "Linux returns 4x greater than Windows" you wasted time learning nothing.
"I don't know, therefore Aliens" Wafflebox1
Because the use of Linux was accidental, not the objective. The target was to make it inexpensive.
That's the reason I keep onto my Thinkpad R50e. The only piece of hardware that actually requires proprietary drivers is the modem, which I don't use anyway (all the other hardware uses Intel chips, which have open-source drivers).
No ascii art.
Not true. The implementation of the stack is poor, but does work. I fell over this one, and a little googling showed that the reason for the problem was spaces and non-alphanumeric characters in the WPA[2] password[s]. Take those out and you're good to go.
There should be no questions, no dialog boxes, no anything that will even suggest that the user might want to run those things until the user runs the executable or installs it as a handler for something.
Say a user inserts a game disc into a set-top PC. Without autorun, how does the user start the game on the disc? And how do I explain this to Joe Sixpack who hooked his PC up to his HDTV through a VGA cable and just wants to play a game that the Big 3 console makers don't want?
You do not want to run anything new landing on a system by default or even prompt to have it run.
It's a remarkably stupid design.
So should a DVD player or home theater PC not start the DVD or prompt the user to start the DVD? Should a video game console or gaming PC not start the game or prompt the user to start the game? Please clarify.
Last time I tried it with wireless was with 7.10, though, with an Atheros card, not sure the exact model.
if you're going to build a Linux laptop, why not pick hardware known to be compatible?
Because for ASUS putting together a set of linux drivers that will make the hardware work is a minor cost. When you are buying in the quantities ASUS is hardware manufacturers *WILL* cooperate.
Afaict thier primary aim was to make a PC that was both small and cheap. I dunno why they shipped with linux first (they provided instructions and drivers for setting up windows from the start) but my suspiscion is they did it primerally to get better terms out of microsoft (which they have succeeded in doing)
note: i'm known as plugwash most places but i screwd up registering that here somehow in the past and now can't register
And no, I don't have it!
Though on a more serious note, I must admit the headline did concern me. The Xandros linux which ships with the EEE is very easy to use, albeit setup a little insecurely. I like the fact that I don't have to login, but it makes me wonder if they did a good security analysis. If they did, and decided to do automatic login for usability, I don't have a problem with that; but I can't help but wonder if for the sake of expedience they discarded all of the other security as well.
The society for a thought-free internet welcomes you.
It's probably a "YMMV" type thing. Both notebooks I've been running Ubuntu on have Intel WNICs. And, there's sometimes big differences between Intel cards. Maybe I've gotten lucky.
The support is there in the OS, and I've found that Ununtu is better at dealing with LAN/WLAN switching and VPN connections than Vista (more flexibility for sure) and the problems usually come from driver issues (or kludgy work-arounds to make them work under Linux.)
- It's not the Macs I hate. It's Digg users. -
when you insert a ubuntu install dvd....
But seriously, asus should have configured their system to never do it, or at least bundle with avg.
Liberty freedom are no1, not dicks in suits.
Show the last character as is, not hidden, but then change it visually to a * after hitting the next char.
So it would appear as.
A
*P
**P
***L
****E
This solves the 'am I typing it correct' vs dont show the password on screen.
Ofcourse have a check box to not show this at all, give the users choice.
Liberty freedom are no1, not dicks in suits.
Perhaps that's what he meant, but I'm going to go out on a limb here and suggest that he was just trolling and couldn't figure out what the hell he was doing.
WPA-EAP isn't quite as common as you make it out to be though; most of the time you'll find multiple SSID's for various networks (or an automatic mac-based authentication scheme.) It sucks because Wireless encryption/auth is still a moving target and it can be difficult to find a middle-ground between supporting the most devices and having the best security.
- It's not the Macs I hate. It's Digg users. -
That's because their braindead choice of Xandros as the OS. The goof-proof interface is surely excellent for the typical windows addicted n00b, but the rest of the distro sucks.
I would have picked up Ubuntu or -better- would have donated some big money to the Debian folks and asked them to develop a similar user interface.
Umm, current Gaming Consoles aren't _necessarily_ single purpose devices anymore. Case in point, the PS3 can be adapted (and not with much difficulty) to serve many of the functions that a PC handles for a lot of folks. Other consoles are certainly "toying" with the concept, if not actually putting it into practice. It still focuses primarily on entertainment, sure, but I'm fairly confident that your next-gen console can make a pretty decent print server in a pinch (Although WHY anyone might use it that way is another puzzle). I'm also fairly sure some of you out there might find even better uses for the hardware. Just my 2 cents.
Hey jackass, that does happen to be what I meant, as my university uses enterprise authentication. But, really, thanks for everything you've added to this conversation. What do I owe you?
Incidentally, in your basement, WPA-EAP is not as common as parent makes it out to be, but in universities, enterprise offices, etc. it is common enough to have generated quite a bit of traffic to the network manager mailing lists whenever a certain combination involving WPA-EAP stopped working.
Hello Mr. Hyper-Sensitive Man!
I was actually referring to the original poster that posted AC - the one that said "I'll tell you what I didn't get: an operating system that can speak WPA2 without shitting all over itself."
I have actually run about a dozen WiFi network installation projects (businesses/schools with over 50 AP's) in the last year.
I've also consulted various businesses around the state as part of my job, and not a single one was using EAP because of device compatibility.
It's a good tech, and hopefully in a couple years we'll see more stabilization in the WiFi market and better support for Enterprise wired and wireless line-live encryption and authentication. Microsoft made some big improvements with Vista and Server 2008 with 802.1x support out of the box.
So, aren't you glad you made an ass of yourself and insulted the wrong person? Go fuck yourself you little bitch.
- It's not the Macs I hate. It's Digg users. -
Something tells me 12 places is not enough for a representative survey.
Yea just ignore the whole part about you flying off the deep end because you thought I was making a negative comment about you. Good move.
I mean, you could have just let it be, and retained maybe a LITTLE bit of dignity, but nope, that's not how you roll, little man.
I've been PM for at least a dozen fairly large wireless installations, and I've been all over the Northeast to hundreds of different businesses - big and small - and only five used EAP because of the current device compatibility issues. It's a problem, and hopefully within the next year or two we'll see better compatibility.
But until then, you can continue to masturbate to the sound of your own words.
- It's not the Macs I hate. It's Digg users. -
"Parent" would be me, not the other guy.
Kinda funny how everyone on Slashdot has worked for hundreds of different big businesses whenever they need to prove a point with very little evidence, isn't it?