Slashdot Mirror

← Back to Stories (view on slashdot.org)

Asus Ships Eee PCs With Malware

Posted by timothy on from the well-there's-your-first-mistake dept.

An anonymous reader writes "'According to an email sent out by Asus, PC Advisor reports, the Eee Box's 80GB hard drive has the recycled.exe virus files hidden in the drive's D: partition. When the drive is opened, the virus activates and attempts to infect the C: drive and any removable drives connected to the system.'"

28 of 124 comments (clear)

  1. How did they... by SupremoMan · · Score: 5, Funny

    get Vista to run on that thing?

  2. Quite an accomplishment ... by tomhudson · · Score: 2, Funny

    I guess it means they found a way to cram Vista onto it ...

  3. Appropriate for the D drive by Anonymous Coward · · Score: 5, Funny

    D:

  4. Windows is NOT a virus by Anonymous Coward · · Score: 5, Funny

    No, Windows is not a virus. Here's what viruses do:

            * They replicate quickly - okay, Windows does that.

            * Viruses use up valuable system resources, slowing down the system as they do so - okay, Windows does that.

            * Viruses will, from time to time, trash your hard disk - okay, Windows does that too.

            * Viruses are usually carried, unknown to the user, along with valuable programs and systems. Sigh... Windows does that, too.

            * Viruses will occasionally make the user suspect their system is too slow (see 2) and the user will buy new hardware. Yup, that's with Windows, too.

    Until now it seems Windows is a virus but there are fundamental differences:Viruses are well supported by their authors, are running on most systems, their program code is fast, compact and efficient and they tend to become more sophisticated as they mature.

    So Windows is not a virus.

    It's a bug.

    1. Re:Windows is NOT a virus by Antique+Geekmeister · · Score: 3, Interesting

      You've obviously not looked at much virus, worm, or malware software. It's mostly crap, assembled by people who think that inventing their own version of a sorting function or a password checker makes them 3l33t. Some of it is insightful, but mostly it's assembled like kids building go-carts from a junkyard of parts.

  5. Too bad they didn't stick with only Linux by markdavis · · Score: 4, Funny

    ...then maybe this wouldn't have happened?

    Take a great concept- the netbook... a small, light, inexpensive, flash-based, long-battery life, Linux based system. Then ruin it by making it a large, heavier, expensive, hard-drive based, medium battery life, MS-Windows based system.

    Oh well. I guess some people didn't "get it".

  6. Close, but no cigar by SL+Baur · · Score: 3, Insightful

    Quoting TFA:

    According to Symantec, the malware is likely to be the W32/Usbalex worm, which creates an autorun.inf file to trigger recycled.exe from D:

    The real bug is any O/S stupid enough to be designed to automatically execute things on media when loaded. That's a remarkably stupid design.

    1. Re:Close, but no cigar by tsa · · Score: 2, Funny

      Hey, there's an idea!
       
      /runs off to the shop to buy a spray can of paint.

      --

      -- Cheers!

    2. Re:Close, but no cigar by Alex+Belits · · Score: 4, Insightful

      A prompt will only decrease the percent of people that fall victim. IMO, if an inserted media has files flagged to autorun, a prompt should only appear if a user has already installed a program to handle that format. In this sense, a DVD can have a 'play DVD' prompt *IF* the user has approved that behavior and *IF* the program executed is already installed.

      DVD (or anything that "has already installed a program") does not "run", it contains no executable code, only data and minimal scripts that are interpreted (or ignored) by the player.

      The idea to ACTUALLY RUN EXECUTABLE CODE JUST BECAUSE IT APPEARED ON SOME MEDIA is far, far more stupid than any automated playback. When player is automatically started, it might create a security hole because player may be buggy. Running executables is a security hole all in itself. There should be no questions, no dialog boxes, no anything that will even suggest that the user might want to run those things until the user runs the executable or installs it as a handler for something.

      --
      Contrary to the popular belief, there indeed is no God.
    3. Re:Close, but no cigar by __aaqvdr516 · · Score: 2, Funny

      My GRUB prompts me what I'd like to run, is that stupid?

  7. Just sloppy. by fuzzyfuzzyfungus · · Score: 2, Insightful

    This particular viral infestation doesn't look all that harmful; but it is really, really hard to feel good about the overall integrity of the system when things like this are happening. In fact, the fact that the virus is so pitiful makes it even worse; because it suggests that high-density fuckupitude, rather than sophisticated malice, is all it takes to get a serious defect onto loads of production systems.

    Just another reason to always build and verify your own system images, I guess.

  8. Inaccurate Title by TrekkieTechie · · Score: 5, Informative

    "Eee PC" =/= "Eee Box"

    The Eee PC is Asus' line of netbooks. The Eee Box is Asus' line of nettops. While in some ways they are similar, in other important ways they are very different products.

  9. Linux Version by _Sprocket_ · · Score: 4, Funny

    I bet it doesn't come on the Linux version.

    When will we get equal treatment from hardware vendors?

    1. Re:Linux Version by tragedy+in+chaos · · Score: 2, Interesting

      They probably over looked it figuring, what with it being Windows and all, that it wasn't going to work properly anyways.

      --
      Microsoft - The best ad campaign Apple ever had.
    2. Re:Linux Version by fractoid · · Score: 3, Funny

      Shouldn't be hard and will achieve the same thing.

      What's that, watching people download porn or blag stuff to Facebook?

      You should never use one of these for anything serious anyway, you can get root on one of them by scratching its belly and rubbing its ears.

      --
      Rampant carbon sequestration destroyed the Dinosaurs' tropical paradise. I'm here to help repair the damage.
  10. Re:Too bad they didn't stick with only Linux by cbreaker · · Score: 4, Interesting

    Strange. I am using Ubuntu right now using WPA2 and it seems to be working. Or, I could just be imagining this.

    Which is entirely possible, because I can't understand why someone would be afraid to post a slashdot post without clicking the Anonymous button.

    --
    - It's not the Macs I hate. It's Digg users. -
  11. Re:Too bad they didn't stick with only Linux by ryanov · · Score: 2, Informative

    The Eee ships without a wireless stack that can do WPA, or at least did. I worked on one for someone, and that was their issue. This may have changed by now, but it sure was a stupid move at the time.

  12. Re:Too bad they didn't stick with only Linux by JesseMcDonald · · Score: 4, Informative

    That may have been true of the Eee 700 series, but I have an Eee 900 and it had no trouble connecting to my WPA-PSK access point with the default software. It would've been easier with NetworkManager instead of their custom configuration interface, but it worked nonetheless.

    What I really don't understand is why, for a project which started out Linux-only, it contains so much hardware with mediocre-to-poor Linux support: the wireless card and the Ethernet adapter both require out-of-kernel drivers; the ACPI interface can't seem to get the battery capacity right; the sound support is flaky at best due to incomplete specs; and yet another driver was required for basic ACPI support (now part of the kernel). I managed to get it all working under a stock distro (Debian) eventually, and I'm quite happy with it -- I like a challenge now and then -- but if you're going to build a Linux laptop, why not pick hardware known to be compatible?

    --
    "The state is that great fiction by which everyone tries to live at the expense of everyone else." - Bastiat
  13. Re:Too bad they didn't stick with only Linux by quantumphaze · · Score: 3, Informative

    The 701 EEE could use WPA-PSK, the wireless encryption common to most consumer grade routers.

    What it can't do is WPA-EAP that is commonly found in corporate environments and universities. This is probably what the parent was trying to say. You can see it's SSID, but when trying to connect it only gives a box for you to type the password but nowhere for the username.

    The workaround for it was to install the wpa_supplicant package from Debian and hope that it worked.

    --
    Unicode in Slashdot
  14. Re:when in doubt... by tsa · · Score: 2

    Why is it that many people suddenly don't seem to learn punctuation and capitalization in school anymore? Your post might be very interesting or insightful but sorry, my eyes hurt just looking at it.

    --

    -- Cheers!

  15. Wow. Just... wow. by hackshack · · Score: 2, Funny

    I don't know if it's because I'm running on no sleep, or that images of patch panels are swimming in front of my eyes due to a late-night rack-a-thon, but that was one fine rant.

    --
    Wrists killing you? Not in 2 weeks. Learn Dvorak.
  16. Re:Too bad they didn't stick with only Linux by Nutria · · Score: 2, Interesting

    When MSI ran into serious trouble with Linux returns,

    The problem is, MSI doesn't say 4x what.

    Thus, it's a meaningless statistic, and every time you read an article that mentions "Linux returns 4x greater than Windows" you wasted time learning nothing.

    --
    "I don't know, therefore Aliens" Wafflebox1
  17. Re:Too bad they didn't stick with only Linux by Anonymous Coward · · Score: 4, Insightful

    What I really don't understand is why, for a project which started out Linux-only, it contains so much hardware with mediocre-to-poor Linux support

    Because the use of Linux was accidental, not the objective. The target was to make it inexpensive.

  18. Re:That's why you shut off auto-pwn by Pentium100 · · Score: 2, Informative

    Even if you disable autoplay with group policy, the autorun.inf file will be read during startup, if you leave a CD in the drive or the autorun.inf file is on a hard drive...

    You have to hack the registry...

  19. Please clarify how it is remarkably stupid by tepples · · Score: 2, Insightful

    You do not want to run anything new landing on a system by default or even prompt to have it run.

    It's a remarkably stupid design.

    So should a DVD player or home theater PC not start the DVD or prompt the user to start the DVD? Should a video game console or gaming PC not start the game or prompt the user to start the game? Please clarify.

    1. Re:Please clarify how it is remarkably stupid by Bert64 · · Score: 4, Insightful

      A DVD player is a single purpose device, it reads data from the drive and may execute some sandboxed scripting, unless there are security holes in the player program it's unlikely to be an issue, and since dvd players are typically standalone its unlikely to be a problem.

      A games console is also a single purpose device, it's purpose is for providing entertainment...

      A fully fledged computer is not a single purpose device, whereas some are used like games consoles solely for entertainment, some people actually try to get important work done on them and deal with confidential data using them. If something is a toy then fair enough, but for a critical tool that could hold the keys to your business and finances there is no way it should do something so stupid as to execute unknown binaries as soon as media is inserted.

      The sooner people separate their devices, and stop trying to conduct business or deal with their finances on the same machine they use as a general toy the better.

      --
      http://spamdecoy.net - free throwaway anonymous email - avoid spam!
    2. Re:Please clarify how it is remarkably stupid by Darkness404 · · Score: 3, Insightful

      The sooner people separate their devices, and stop trying to conduct business or deal with their finances on the same machine they use as a general toy the better.

      No. No. No. Thats exactly what the software/hardware companies want us to do. For example, the TiVo is basically a computer, however, it cannot be modified to run whatever we want it to run unlike a computer. The hardware companies and software companies want us to have one device per purpous, that rather than just having 2 desktops and a laptop they want us to have an iPod for playing music, a TiVo to only record shows, a gaming PC only for playing games, a work PC only to work on, a cell phone only to make calls, a camera only to take pictures, etc.

      --
      Taxation is legalized theft, no more, no less.
  20. Re:That's why you shut off auto-pwn by RiotingPacifist · · Score: 3, Funny

    hack the registry? that sounds hard i think im just going to install gentoo instead.

    --
    IranAir Flight 655 never forget!