Asus Ships Eee PCs With Malware

← Back to Stories (view on slashdot.org)

Asus Ships Eee PCs With Malware

Posted by timothy on Friday October 10, 2008 @02:31PM from the well-there's-your-first-mistake dept.

An anonymous reader writes "'According to an email sent out by Asus, PC Advisor reports, the Eee Box's 80GB hard drive has the recycled.exe virus files hidden in the drive's D: partition. When the drive is opened, the virus activates and attempts to infect the C: drive and any removable drives connected to the system.'"

17 of 124 comments (clear)

Min score:

Reason:

Sort:

How did they... by SupremoMan · 2008-10-10 14:34 · Score: 5, Funny

get Vista to run on that thing?
Appropriate for the D drive by Anonymous Coward · 2008-10-10 14:42 · Score: 5, Funny

D:
Windows is NOT a virus by Anonymous Coward · 2008-10-10 14:45 · Score: 5, Funny

No, Windows is not a virus. Here's what viruses do:
* They replicate quickly - okay, Windows does that.
* Viruses use up valuable system resources, slowing down the system as they do so - okay, Windows does that.
* Viruses will, from time to time, trash your hard disk - okay, Windows does that too.
* Viruses are usually carried, unknown to the user, along with valuable programs and systems. Sigh... Windows does that, too.
* Viruses will occasionally make the user suspect their system is too slow (see 2) and the user will buy new hardware. Yup, that's with Windows, too.
Until now it seems Windows is a virus but there are fundamental differences:Viruses are well supported by their authors, are running on most systems, their program code is fast, compact and efficient and they tend to become more sophisticated as they mature.
So Windows is not a virus.
It's a bug.
1. Re:Windows is NOT a virus by Antique+Geekmeister · 2008-10-10 19:15 · Score: 3, Interesting
  
  You've obviously not looked at much virus, worm, or malware software. It's mostly crap, assembled by people who think that inventing their own version of a sorting function or a password checker makes them 3l33t. Some of it is insightful, but mostly it's assembled like kids building go-carts from a junkyard of parts.
Too bad they didn't stick with only Linux by markdavis · 2008-10-10 14:47 · Score: 4, Funny

...then maybe this wouldn't have happened?
Take a great concept- the netbook... a small, light, inexpensive, flash-based, long-battery life, Linux based system. Then ruin it by making it a large, heavier, expensive, hard-drive based, medium battery life, MS-Windows based system.
Oh well. I guess some people didn't "get it".
Close, but no cigar by SL+Baur · 2008-10-10 14:48 · Score: 3, Insightful

Quoting TFA:

According to Symantec, the malware is likely to be the W32/Usbalex worm, which creates an autorun.inf file to trigger recycled.exe from D:
The real bug is any O/S stupid enough to be designed to automatically execute things on media when loaded. That's a remarkably stupid design.
1. Re:Close, but no cigar by Alex+Belits · 2008-10-10 19:19 · Score: 4, Insightful
  
  A prompt will only decrease the percent of people that fall victim. IMO, if an inserted media has files flagged to autorun, a prompt should only appear if a user has already installed a program to handle that format. In this sense, a DVD can have a 'play DVD' prompt *IF* the user has approved that behavior and *IF* the program executed is already installed.
  DVD (or anything that "has already installed a program") does not "run", it contains no executable code, only data and minimal scripts that are interpreted (or ignored) by the player.
  The idea to ACTUALLY RUN EXECUTABLE CODE JUST BECAUSE IT APPEARED ON SOME MEDIA is far, far more stupid than any automated playback. When player is automatically started, it might create a security hole because player may be buggy. Running executables is a security hole all in itself. There should be no questions, no dialog boxes, no anything that will even suggest that the user might want to run those things until the user runs the executable or installs it as a handler for something.
  
  --
  Contrary to the popular belief, there indeed is no God.
Inaccurate Title by TrekkieTechie · 2008-10-10 15:09 · Score: 5, Informative

"Eee PC" =/= "Eee Box"

The Eee PC is Asus' line of netbooks. The Eee Box is Asus' line of nettops. While in some ways they are similar, in other important ways they are very different products.
Linux Version by _Sprocket_ · 2008-10-10 15:21 · Score: 4, Funny

I bet it doesn't come on the Linux version.
When will we get equal treatment from hardware vendors?
1. Re:Linux Version by fractoid · 2008-10-10 21:38 · Score: 3, Funny
  
  Shouldn't be hard and will achieve the same thing.
  What's that, watching people download porn or blag stuff to Facebook?
  
  You should never use one of these for anything serious anyway, you can get root on one of them by scratching its belly and rubbing its ears.
  
  --
  Rampant carbon sequestration destroyed the Dinosaurs' tropical paradise. I'm here to help repair the damage.
Re:Too bad they didn't stick with only Linux by cbreaker · 2008-10-10 16:04 · Score: 4, Interesting

Strange. I am using Ubuntu right now using WPA2 and it seems to be working. Or, I could just be imagining this.
Which is entirely possible, because I can't understand why someone would be afraid to post a slashdot post without clicking the Anonymous button.

--
- It's not the Macs I hate. It's Digg users. -
Re:Too bad they didn't stick with only Linux by JesseMcDonald · 2008-10-10 16:48 · Score: 4, Informative

That may have been true of the Eee 700 series, but I have an Eee 900 and it had no trouble connecting to my WPA-PSK access point with the default software. It would've been easier with NetworkManager instead of their custom configuration interface, but it worked nonetheless.
What I really don't understand is why, for a project which started out Linux-only, it contains so much hardware with mediocre-to-poor Linux support: the wireless card and the Ethernet adapter both require out-of-kernel drivers; the ACPI interface can't seem to get the battery capacity right; the sound support is flaky at best due to incomplete specs; and yet another driver was required for basic ACPI support (now part of the kernel). I managed to get it all working under a stock distro (Debian) eventually, and I'm quite happy with it -- I like a challenge now and then -- but if you're going to build a Linux laptop, why not pick hardware known to be compatible?

--
"The state is that great fiction by which everyone tries to live at the expense of everyone else." - Bastiat
Re:Too bad they didn't stick with only Linux by quantumphaze · 2008-10-10 19:08 · Score: 3, Informative

The 701 EEE could use WPA-PSK, the wireless encryption common to most consumer grade routers.
What it can't do is WPA-EAP that is commonly found in corporate environments and universities. This is probably what the parent was trying to say. You can see it's SSID, but when trying to connect it only gives a box for you to type the password but nowhere for the username.
The workaround for it was to install the wpa_supplicant package from Debian and hope that it worked.

--
Unicode in Slashdot
Re:Too bad they didn't stick with only Linux by Anonymous Coward · 2008-10-10 21:15 · Score: 4, Insightful

What I really don't understand is why, for a project which started out Linux-only, it contains so much hardware with mediocre-to-poor Linux support
Because the use of Linux was accidental, not the objective. The target was to make it inexpensive.
Re:Please clarify how it is remarkably stupid by Bert64 · 2008-10-11 01:17 · Score: 4, Insightful

A DVD player is a single purpose device, it reads data from the drive and may execute some sandboxed scripting, unless there are security holes in the player program it's unlikely to be an issue, and since dvd players are typically standalone its unlikely to be a problem.
A games console is also a single purpose device, it's purpose is for providing entertainment...
A fully fledged computer is not a single purpose device, whereas some are used like games consoles solely for entertainment, some people actually try to get important work done on them and deal with confidential data using them. If something is a toy then fair enough, but for a critical tool that could hold the keys to your business and finances there is no way it should do something so stupid as to execute unknown binaries as soon as media is inserted.
The sooner people separate their devices, and stop trying to conduct business or deal with their finances on the same machine they use as a general toy the better.

--
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
Re:Please clarify how it is remarkably stupid by Darkness404 · 2008-10-11 03:01 · Score: 3, Insightful

The sooner people separate their devices, and stop trying to conduct business or deal with their finances on the same machine they use as a general toy the better.

No. No. No. Thats exactly what the software/hardware companies want us to do. For example, the TiVo is basically a computer, however, it cannot be modified to run whatever we want it to run unlike a computer. The hardware companies and software companies want us to have one device per purpous, that rather than just having 2 desktops and a laptop they want us to have an iPod for playing music, a TiVo to only record shows, a gaming PC only for playing games, a work PC only to work on, a cell phone only to make calls, a camera only to take pictures, etc.

--
Taxation is legalized theft, no more, no less.
Re:That's why you shut off auto-pwn by RiotingPacifist · 2008-10-11 03:18 · Score: 3, Funny

hack the registry? that sounds hard i think im just going to install gentoo instead.

--
IranAir Flight 655 never forget!