FTC Kills Scareware Scam That Duped Over 1M Users

coondoggie writes "The Federal Trade Commission today got a court to at least temporarily halt a massive 'scareware' scheme, which falsely claimed that scans had detected viruses, spyware, and pornography on consumers' computers. According to the FTC, the scheme has tricked more than one million consumers into buying computer security products such as WinFixer, WinAntivirus, DriveCleaner, ErrorSafe, and XP Antivirus. The court also froze the assets of Innovative Marketing, Inc. and ByteHosting Internet Services, LLC to preserve the possibility of providing consumers with monetary redress, the FTC stated."

I hope this helps this problem

[vwpau227]

At the computer store where I work in Waterloo, Ontario, Canada, we see at least 3-4 computers each week with these rogue anti-virus and anti-spyware applications. These programs are a real pain to deal with, both for our customers and for our computer store as well, since the programs are often difficult to remove and take up a lot of time that would otherwise be used to help our customers find solutions that make them more productive.

However, given the fact that new versions of these programs are being developed on a regular basis (for example, as of late we are seeing a new rogue program called Trusted AntiVirus), and the fact that the organizations behind them are often located offshore and in multiple jurisdictions, I wonder how much a dent this judgement will make into the scammers' operations. Hopefully, at least, this will be a start.

Part of the problem, of course, is user education. We have users that receive warning messages that tell them that this program is possibly a virus, and ask them if they would like to run the program anyway. Many users that do not know any better will run the program even though the warning is telling them this may not be a good idea. Helping the user understand what the legitimate warnings are on the system tends to reduce the problem.

Re:I hope this helps this problem

[lalena]

I agree that going after these scareware companies is too difficult, which is why we should go after the advertising networks that help them post their ads instead.
According to the article "The defendants used an elaborate ruse that duped Internet advertising networks and popular Web sites into carrying their advertisements."
Even if you are duped, once you see the scareware ad you should revoke the ad account for that company.
Most sites have a way of clicking that a blog post, wiki article, ... should be reviewed or removed because it is inappropriate, but you never see something like this for an ad.

Re:I hope this helps this problem

[whoever57]

Part of the problem, of course, is user education

Part of the problem is that these users have administrator privileges. I have seen many posts here on /. and elsewhere that claim it is quite possible to run as a non-administrator under Windows. In a corporate environment it should be possible to remove admin privileges (unless those who posted such claims were lying).

Personally, I was amused by this scamware, seeing it scan my PC and find various infected DLLs -- the only problem being that my Linux PC doesn't have any DLLs (except for a few in my WINE installation).

Re:I hope this helps this problem

[lord_sarpedon]

Are you...running malware in WINE for fun?

You _do_ realize that this grants write access to all your priceless documents in ~
The UNIX security model (as with Windows) doesn't give a shit about protecting _users_, just the system. A terribly dated and broken concept.

Re:I hope this helps this problem

[whoever57]

Are you...running malware in WINE for fun?

No. Perhaps you don't understand. The "scan" is totally bogus -- it "ran" in my SeaMonkey browser under Linux and "detected" various infected DLLs. Since I don't have any DLLs on my system, the "scan" is obviously a scam.

Now, I just wanted to qualify the "I don't have any DLLs" by making a throaway remark that there are actually some on my system as part of WINE. This does not mean I ran the malware under WINE.

Re:I hope this helps this problem

the problem is that lots of software (e.g. World of Warcraft and anything that includes Punk Buster) assumes that you have more than normal user privileges. So while you can do it, it makes everyday tasks a pain.

Re:I hope this helps this problem

[Pharmboy]

Well of course you don't see something like that for an ad. The advertisers are PAYING real money. The only reason you see a "click here if this is inappropriate" on any website is so they can cover their own ass and prevent getting sued. It is "good faith" effort to remove stuff that is liable or DMCA. Many of these sites are so 3rd tier, they don't give a damn what bad ads are on their website, as long as they get paid.

Silly me, I still think that part of the cause is that Windows is entirely too easy to pwn.

There is enough blame to go around, but the one thing that is universal is money. The crappy forum/blog/wiki websites want the ad money regardless of content, the scammers want your dollars, MS wants to overcharge and underdeliver, many people are too lazy to learn about their computer and would rather pay the extortion (which doesn't end the problem) than keep their systems up to date, no matter how easy you were to make it.

Re:I hope this helps this problem

[SHaFT7]

same thing at the shop i'm at. most of the virus infections are from this.

Re:I hope this helps this problem

[MaskedSlacker]

Even though users can have their files easily restored in minutes from a backup? And since the malware can't infect at the system level it is then a simple matter for an administrator to nix the offending files?

Re:I hope this helps this problem

Now, I just wanted to qualify the "I don't have any DLLs" by making a throaway remark that there are actually some on my system as part of WINE. This does not mean I ran the malware under WINE.

Never give more information than is necessary, it will confuse some people.

Re:I hope this helps this problem

[xlsior]

You can't lock out the primary user of a home computer from installing programs. No matter how many hoops you have to jump through (excplicitely authorize, enter password, etc.) there are still a ton of people that will jump through all the hoops and still end up with the garbage installed.

After all, keep in mind that there were a million people that were esentially tricked into pulling out their creditcard and paying money to these people. Removing admin rights and having to enter a sudo password before they can install the malware in question still doesn't change the fact that they honestly thought they 'needed' to install the program in question in the first place.

You can only do so much to protect people from themselves, and in cases like there there isn't much you can do other than prosecute / sue the snot out of the companies doing the malicious advertising and unfounded scaremongering.

Re:I hope this helps this problem

[slugstone]

But where the fun in that?

Re:I hope this helps this problem

[FLEB]

McAfee was installed; this software bypassed and disabled McAfee.

Probably a relief. It takes some sophisticated software to get McAfee to stop begging for money. Where could one obtain this miracle malware?

Re:I hope this helps this problem

[Drakin020]

If everyone knew how to properly use a computer, you and I would be out of a job.

Re:I hope this helps this problem

[Capeman]

At the computer store where I work, in Ponce, Puerto Rico, we see computers infected with these rogue applications, I have succefsully easily removed these infections using Malwarebytes' Anti-Malware. Try it.

Re:I hope this helps this problem

[Timothy+Brownawell]

Even though users can have their files easily restored in minutes from a backup?

What backup?

And since the malware can't infect at the system level it is then a simple matter for an administrator to nix the offending files?

Is "administrator" a fancy term for "geeky neighbor kid"?

The only files that matter are the user's files, everything else can be fixed with apt-get and a livecd. If those files are messed up, it does not matter that the stock OS files are still intact. The *nix security model is good for protecting users from eachother, while malware protection requires protecting users from themselves. Probably the only ways to get the latter are some unmaintainable SELinux config or a highly inconvenient browser-in-a-VM and email-in-a-different-VM setup, and even those can't ever be idiotproof.

Re:I hope this helps this problem

You'd be surprised - recent versions of this will still infest a limited user account by writing its startup entries into the user's personal registry hive and keep itself tucked away in temporary folders. Sure, you can log in as Administrator and blow it away pretty easily if you keep on your system updates, but it'll bust through with old local privilege escalation exploits if you don't, and often loads a rootkit that does a pretty passable job of hiding itself even from an offline BartPE disc.

And the seemingly hourly updates keep antivirus vendors pretty much lost with this. I uploaded a few samples I'd cleaned today to VirusTotal's site, and the root infection .dll file was detected by a grand total of THREE out of fourty scanners (and they weren't even the "reputable" ones).

The only solution I've seen is to completely revoke execution privileges on the user's account directory. Now I'll just wait while they update the sites to ask people to save to a USB drive... and I promise you that the year of the Linux desktop hits, they'll start giving out .rpm packages, too.

Captcha: resent

Re:I hope this helps this problem

[MaskedSlacker]

Administrator is a fancy term for the guy who logs in as root and can kill any misbehaving processes launched by the user.

Again, backups. I just lost 6 months of work to a hard drive crash two days ago that will cost me $1200 to recover. Mechanical failures are wonderful things. Now I have backups in my apartment and remote backups setup. Backups are trivially cheap, there is no reason not to use them other than your own stupidity. Yes, I was stupid not to have one two days ago.

Re:I hope this helps this problem

[jellomizer]

I would go one step further by getting the Web Site that hosts the marketing firms who then posts these adds to them. I not saying they couldn't in turn sue their marketing company that they do business with but for all the Malware out there you need to target the easiest to hit for the consumer then you can go further down. So for example Slashdot should be responsible for this "I'm Rich. You're Not." add. (which seems questionable to me). If you I were to be stupid enough to click that link and buy a product to only find it is a scam. Then Slashdot should be responsible as it is putting its reputation for advertising this product.

Re:I hope this helps this problem

[dragonturtle69]

I saw that once too, on Firefox 3.0/Suse 11. A popup appeared from where the SysTray would be, if running XP with the default theme. If it had been on XP, and unwary user would have easily believed it to be a legitimate XP security warning. Another user that I recently converted to Linux saw this on Ubuntu 8.1/Unknown browser, and took it for a good thing that Linux prevented an intrusion. The sad part is that they would have provided sudo if prompted.

Re:I hope this helps this problem

[lord_sarpedon]

Yeah. That's right. Who gives a flying fuck if files get deleted? Because everyone backups nightly to tape and properly labels them before permanent storage. Or not.

You can argue that there's significant overlap between the people with malware and the people that lose stuff to hard drive failure. But when's the last time that a widespread virus _deleted everything_ for the hell of it? It's a business now! The last intentionally destructive one I heard of held documents _for ransom_ instead. The goal is to hide or at least blend in, for as long as possible, to make a profit by some means.

I should have said 'read/write access'. The tricky bit is when information gets _leaked_, you see. Then the attacker has _important_ passwords (think firefox profile) and confidential information. Your bank account is compromised and you just wiped your ass with whatever accountability requirements your organization is held to.

You don't need superuser to send spam, either.

If that's still too much for you, then in short, non-root compromises are a BIG FUCKING DEAL.

Security as it stands is total bullshit because any "unprivileged" executable can easily take you from behind _without you ever knowing_. Privilege escalation is merely a means to do the SAME THING but sneakier, or across more accounts. Remote exploits aim to do the SAME THING. Rub some braincells together and think about this. The current security model protects users from users. You (the user) can and will get fucked over, but things have been designed so that doesn't affect anyone else. This was adequate - at the time.

Apps are not their users. Apps should not run under the user's account. Opening a document is to be done via a privileged (as in "running as the user") daemon which displays a file-open dialog and maps the selected file(s) into the app's sandbox.

Re:I hope this helps this problem

[rdnetto]

I have seen many posts here on /. and elsewhere that claim it is quite possible to run as a non-administrator under Windows.

I believe its called UAC. The only problem is old apps which insist on writing settings to C:\Program Files\... which only administrators have write access to. I usually just change the access rights on that folder - its easier and safer than running the program with admin rights.
Oh, and before anyone starts complaining about how UAC, consider this first: how is it different to sudo in Linux, other than giving the user the option to elevate?

Re:I hope this helps this problem

[IBMOOSE]

Those posters were not lying. I work as an admin where all our users do not have Admin rights. This has saved our behinds on so many occasions because most of our users are so stupid that they will click on anything. Yes, It is a royal pain to administer since Java and flash seems to update every week, but we can work around that as well. We have 4 people total in our department and only 2 of us manage the SUS/SMS updating for over 1300 (less now since the corporate mandated 10% reduction in payroll lol!) PC's and users. Everything else that wont update with SUS/SMS we can script and execute with remote command service that has to authenticate each time with a secret OU administrative account that has a password from hell. We are lucky that we managed to keep this as the status qou since most organizations management hates to have to call us to install some stupid player or software, and it's a battle we fight all the time. But when everybody else was dead in the water with Melissa, and all the other nasty stuff, we had the luxury of knowing that all the infections were quarrantined to the PC itself because it could not have the authority to do anything, and we could go and clean them up as we had time, and still be relatively productive. The worst thing we would experience is that the individual user profile would be cheesed up, which was an easy quick fix until we could get the offending files off the PC. Yes everybody thinks we are the evil pricks that won't let anybody have any fun with their computers. But if something ever got loose, we would be the first they would want to hang for it. So we just put it to them in a way that makes them sound really stupid for wanting to install anything they want on the PC's (Which is REALLY easy) and fortunately we have, for the most part good upper management that at sometime in their past got bit in the ass from something nasty that got loose on their network, and they back us up when we show them that simply keeping the idiot user in the "Users" group saves more money than they could possibly imagine. Knock on wood... Because of this simple policy, we have not had one single infection on our network from these scareware apps. However we have had many a user want us to clean up their home PC. It kind of makes up for the overtime and raises we haven't gotten for the last 5 years!

Re:I hope this helps this problem

[Macrat]

Never give more information than is necessary, it will confuse some people.

Especially front line phone support.

Re:I hope this helps this problem

[Anpheus]

Hey, stop right there. In Windows you can protect user accounts but it doesn't work when you choose to make all the other accounts administrators!

(Yes, that's an OPT-IN, not an OPT-OUT when making new accounts.)

Re:I hope this helps this problem

[Merritt.kr]

Funny, you're practically my next door neighbor. Yet I have a slightly different tale. This malware came out (we mostly see XP Antivirus 2008/2009), and at the computer store where I work you could almost hear the glee. Customers were pouring in with infected systems. Sometimes they came back in a day or two for another $100 cleanup because they re-infected themselves. Call me strange, but I wish I worked around the mentality you described - helping my customers learn to protect themselves and do what they need/want, instead of eyeing their wallets greedily.

Re:I hope this helps this problem

[Kleen13]

We have users that receive warning messages that tell them that this program is possibly a virus, and ask them if they would like to run the program anyway. Many users that do not know any better will run the program even though the warning is telling them this may not be a good idea. Helping the user understand what the legitimate warnings are on the system tends to reduce the problem.

I deal with this on a daily basis. Keep in mind (I'm using Antivirus 2008 as an example) the client see a big old "Spyware detected on your computer, click here to download Antinvirus 2008 to remove!!!" You had me at hello. sigh I HATE taking these peoples money. Hell, most pc's don't even run right after disinfection.... you might as well reload. I don't even see the marketing in these exploits. Is it just plain malicious, or is there actually money to be made here?

Re:I hope this helps this problem

[pxlmusic]

of all the users i've talked to who had this on their computers, only one or two actually paid the money.

they weren't very pleased with me when i told them what they had just done.

i'm not the one who spent their money; they were just mad because felt really fucking stupid for being duped.

Re:I hope this helps this problem

[ServerIrv]

Over the Thanksgiving holidays, I was with my family. My brother and I were messing around on addicting games and somehow came across one of these ads. Of course I clicked on the link, followed by opening an executable virus from an email that just arrived in my junk box. My brother was a little alarmed at my cavalier attitude towards security. Then I reminded him that the executable virus works only in windows, which I don't have, and the website that "scanned" my system told me that my linux machine was a broken windows xp install. We had a good laugh and moved on.

Re:I hope this helps this problem

[mpe]

Well of course you don't see something like that for an ad. The advertisers are PAYING real money.

Is money which is the procedes of criminal activity "real money" in the first place... What do you think would happen if this money was from a bank robbery, belived to be from selling illegal drugs or from "Internet gambling"? The last time I looked this kind of fraud is against criminal law in most countries.
These kind of crooks should be living in fear of police raids in the early morning or having to be very careful where they travel if they operate from a "safe country". Not court orders to "behave or else we'll tell you again" or even private individuals complaining to their ISP. Similarly advertising companies should expect that they accept money from criminals there will be police taking a very close interest in them and their accounts.

Re:I hope this helps this problem

[mpe]

After all, keep in mind that there were a million people that were esentially tricked into pulling out their creditcard and paying money to these people.

How long should it take for governments (who now own a fair amount of the banking industry) to tell banks to block such transaction? It must be easier for law enforcement to "follow the money" that when it's someone going door to door wanting payment in cash.

Re:I hope this helps this problem

[mpe]

The "scan" is totally bogus -- it "ran" in my SeaMonkey browser under Linux and "detected" various infected DLLs. Since I don't have any DLLs on my system, the "scan" is obviously a scam.

As would be the case if it offered to "scan your registry". No doubt even on a Windows system such sites could list DLLs or registry keys which don't actually exist on the system in question.
This is like phishing emails where you may not even have an account with the bank in question and even if you do you never told them that email. Or even someone phoning up, claiming to be your Uncle John who needs money in a hurry. Where even if you actually have an uncle called "John" the caller sounds nothing like them.
Technology such as telephones, email, websites, etc Should be acting as a double edged sword. In that whilst it allows such crooks the the ability to target more people than if they had to physically visit people in order to try and con them, as was their only option in the past. It at the same time tends to leave trails back to the criminals. Thus it should be easier for law enforcement to do something about them. If law enforcement were actually interested in doing so that is...

Re:I hope this helps this problem

[Rah'Dick]

I guess you could just

1. uninstall McAffee
2. check for any still-running related services and startup items and kill them
3. delete every related file and directory

I think that's a bit better than getting malware to do that job for you and then having to remove that stuff, too.

Re:I hope this helps this problem

[cheekyboy]

just place some FBI secret docs or under legal age photos on their ad network, that will get em shut down.

Re:I hope this helps this problem

[dakup]

most of the problem is of course ms windows because that OS is just so vulnerable for these schemes. you can't blame the education of users. the product should be solid and they should add a FF-ing install-dvd with the purchase of a computer!

Re:I hope this helps this problem

[Koiu+Lpoi]

If pretty much any piece of Windows malware was to run (theoretical comparison) on *nix, EVERYTHING would be OK. Almost no malware out there actually mucks with the user's files, so a restore here is an increedibly simple procedure, and miles better than the Windows "reformat and probably lose everything" option.

Re:I hope this helps this problem

[laejoh]

You know, normal people just have aquariums.

Re:I hope this helps this problem

[Nursie]

It's a constant annoyance.

UAC is also what's responsible for the Program Files change which, as a developer of commercial software, came as a surprise and an annoyance.

It's not that you can't write to Program Files after the product is installed, it's that windows silently reroutes all interacation withe Program Files via a virtual disk store under the user's "Documents and Settings" area. The user is none the wiser. The application is none the wiser. BUT the moment User2 comes along and runs the app, he doesn't get the config file that User1 has edited, oh no, he gets the original one, the one User1 spent hours creating has been hidden away by windows.

That's what pisses me off about UAC. If "Program Files" was read-only we could detect it and warn the user to store config somewhere else. As it is we have to say either "switch off UAC" or "Install our stuff somewhere else", neither of which I like.

Oh, UAC is also the **** that stops me running things with helpful messages about the actions of some fictional sysadmin. I installed an ext2 file system driver under vista and set it to be loaded at startup. What happens? Every boot I get a helpful little message saying "Windows has prevented this program from running". Great! Really bloody helpful! Then when I delve further in I get various messages about this admin guy (if I ever find that dude he's toast) having set up system policy to prevent it starting.

No, if UAC was *just* asking about privilege escalation, I'd still find it annoying that so many things seem to trigger it, but as it is they made a total hash of it.

Re:I hope this helps this problem

[ciderVisor]

Technology such as telephones, email, websites, etc Should be acting as a double edged sword. In that whilst it allows such crooks the the ability to target more people than if they had to physically visit people in order to try and con them, as was their only option in the past.

I was surprised to learn that the word 'phoney' comes from telephone con artist. Bruce Sterling's 'The Hacker Crackdown' makes for interesting reading. http://www.mit.edu/hacker/hacker.html

Re:I hope this helps this problem

[shoemilk]

Actually, the phone example is a real problem in Japan. Predators call up old people and yell, "It's me! It's me!" The old people will then say who they think it is, "Taro?" The bad guy will reply "Yeah, Taro, I need you to send me a grand quick" The old people will then transfer the money. It's so bad that you can't use an ATM without it being covered in warning signs about it telling the gullible old person to call their grandson back and make sure before sending the cash.

Re:I hope this helps this problem

[tehcyder]

As would be the case if it offered to "scan your registry". No doubt even on a Windows system such sites could list DLLs or registry keys which don't actually exist on the system in question

Scanning software: Our software has found a suspicious "Virus32.DLL" on your system

User: But it wasn't there the last time I did a virus check!

Scanning software: Trust us, it is now.

Re:I hope this helps this problem

[shutdown+-p+now]

How does that even fly on Vista? Do they get an elevation prompt every time they run the game?

It seems not. I've just played CoD4 yesterday, and I vividly recall that it mentioned PunkBuster when installed. But it doesn't require me to elevate when playing it.

Re:I hope this helps this problem

[docgiggles]

I very much agree. It is the responsibility of the user to regulate traffic in and out of their PC. The best we can do is educate those who can. The internet is not without it's dangers, and we cannot remove those. this means it is up to the end user to make sure they know what they are doing before they do anything dangerous

Re:I hope this helps this problem

[fishbowl]

Quite often, when I steer people toward things like Spybot S&D, AVG Free, and Firefox extensions like ABP and NoScript, they reject them. *shrug*. There seems to be an intersection between people who come to me for advice, people who are paranoid about "viruses", and people who don't listen to what I tell them.

Re:I hope this helps this problem

[amliebsch]

That's what pisses me off about UAC. If "Program Files" was read-only we could detect it and warn the user to store config somewhere else. As it is we have to say either "switch off UAC" or "Install our stuff somewhere else", neither of which I like.

Why don't you use C:\ProgramData like you're supposed to?

Re:I hope this helps this problem

[Sigma+7]

PunkBuster requires elevation for multiplayer - otherwise it drops you from the server. The latest versions of Punkbuster may have a background service that's already elevated, but I don't have confirmation on that.

There were complaints about PunkBuster when it first required Admin privilages, mainly concerning use at cyber cafes or places where the user shouldn't have full access to the system.

Re:I hope this helps this problem

[Sigma+7]

UAC is also what's responsible for the Program Files change which, as a developer of commercial software, came as a surprise and an annoyance.

It's not that you can't write to Program Files after the product is installed, it's that windows silently reroutes all interacation withe Program Files via a virtual disk store under the user's "Documents and Settings" area. The user is none the wiser. The application is none the wiser. BUT the moment User2 comes along and runs the app, he doesn't get the config file that User1 has edited, oh no, he gets the original one, the one User1 spent hours creating has been hidden away by windows.

Or you can store the configuration file in the user's Application Data folder.

Given that Windows XP was available for at least 5-years, and that it was transitioning the traditional "full-access desktop" to "limited-access", there was plenty of time to prepare for users no longer having that level of access. In fact, most corporate environments don't give full system access, and some are even further locked down by preventing right-clicking.

If it's imperative that all users have full write access to the main application folder, just modify the security descriptors to allow normal users write access. This is easily done in the install process, which is guarenteed to have admin privilages.

BTW, it's not that hidden. If you go into the program directory, there's a link to the compatability files.

Re:I hope this helps this problem

[DrWatson333]

Wait, you mean you didn't turn off UAC the second after you logged into Vista for the first time?

Re:I hope this helps this problem

[Nursie]

"Or you can store the configuration file in the user's Application Data folder."

Not useful when the user has to edit config files for processes that run as other users or system accounts.

"Given that Windows XP was available for at least 5-years, and that it was transitioning the traditional "full-access desktop" to "limited-access", there was plenty of time to prepare for users no longer having that level of access. In fact, most corporate environments don't give full system access, and some are even further locked down by preventing right-clicking."

It's not corporate desktop software, it's server software. User1 edits the config file (or so they think, actually they are editing a mapped file in a virtual file system made by windows under the covers), User1 then starts the service running as one of the system accounts, service can't see alterations. All of this happens without anyone ever being informed about access problems, it took us ages to figure out what had happened.

"If it's imperative that all users have full write access to the main application folder, just modify the security descriptors to allow normal users write access. This is easily done in the install process, which is guarenteed to have admin privilages."

The install process is not guaranteed admin access, though when it comes to setting up services the admin must do it. However, UAC still does it's silent redirecting thing for admins, AFAICT.

Re:I hope this helps this problem

[Nursie]

At home, when I realised that it's what was causing the problems? Yes.

At work, when it would have to go in our product manual? No.

Re:I hope this helps this problem

[amliebsch]

Again, this is precisely what the ProgramData folder is for.

Re:I hope this helps this problem

[david_thornley]

It told me I had problems with my registry. Could somebody give me a clue: should I look under /usr, /var, or /etc?

Re:I hope this helps this problem

[Barny]

Same, we get about 10 a week here (in Australia), its gottent to the point where we tell customers we won't remove it, backup and reinstall their machines, due to the length of time it takes to remove.

As you say, new versions coming out all the time mean the malware removal tools are on the bad side of an arms race, and due to the nature of the attack vector, reinfection after the cleaning is very likely. Firefox + noscript is the best defence btw.

On the plus side it helps keep me in a job :)

Re:I hope this helps this problem

[pipingguy]

Perhaps now that computers are so relatively cheap, companies can provide TWO machines to each user - one for only outside email, etc. and one for "real" work. Crap, that wouldn't work, I can already see the holes in my idea.

Re:I hope this helps this problem

[Nursie]

Oh I know that now, and there's even an environment variable pointing to it. However, as a UNIX focused software team, we weren't aware that we were "supposed" to do that and for it to change in such a weird and secretive way threw us for a while.

Re:I hope this helps this problem

[meimeiriver]

Part of the problem, of course, is user education. We have users that receive warning messages that tell them that this program is possibly a virus, and ask them if they would like to run the program anyway. Many users that do not know any better will run the program even though the warning is telling them this may not be a good idea. Helping the user understand what the legitimate warnings are on the system tends to reduce the problem.

Now for the real irony: many users, fancying themselves educated, will proudly click "OK" when one of these websites they're visiting tells them: "Our program X has detected a virus on your computer. Would you like X to remove it?" And thus they wind up installing the very virus they sought to avoid.

Re:I hope this helps this problem

[Pharmboy]

Exactly. You are just a user, which are easy to come by. Better to sacrifice a user than to question a dishonest advertiser. Assuming you are a cheesy forum site, of course.

Re:I hope this helps this problem

[MaskedSlacker]

Well somebody got a baton shoved in an unpleasant place. Is the language really necessary? Did I insult your mother that badly?

What everyone does and everyone should are two different things, I know that. That's not an excuse though. I now make 3 separate daily backups after losing 6 months worth of work to a mechanical drive failure. I was stupid not to have backups before. I will not make the same mistake twice.

The rule is that anything you cannot afford to lose, you back up. A hard drive can literally fail at any moment. So you can scream and swear at me all you want, throw all the temper tantrums you like, but it doesn't change that.

Yes, data ransom is an increasingly popular type of malware. Solution? Frequent backups. Format the problem away and restore. Of course, if data is STOLEN rather than taken hostage this doesn't help with that.

The problem of data theft is the only scenario where your critique is legitimate. It does not apply to data loss, because data loss can come from a number of other scenarios all of which mandate the need for backups. In the case of data theft however, there is no practical way to limit app access to data. If we adopt your system, an app can still phone home the data put in it's sandbox. Data theft does not require you to lose the data, it just requires someone else to get their hands on it.

Now, if you would like to continue this discussion, please do so in a more mature, calm manner.

Your computer is broadcasting an IP address!

[DelitaTheFridge]

Click here to fix it, we promise.

Re:Your computer is broadcasting an IP address!

[corsec67]

Sure, it is 127.1.

Have fun with it.

Re:Your computer is broadcasting an IP address!

Fuck, that's my FTP server! How'd you hack my accnt?

Re:Your computer is broadcasting an IP address!

[iamhassi]

My IP is 192.168.0.1

my login is admin. my password is admin

Please fix my computer broadcasting!

Re:Your computer is broadcasting an IP address!

What's with all the gay porn on there? Are you some kind of homo?

Oh, shit...

Re:Your computer is broadcasting an IP address!

[Kent+Recal]

This was (deservedly) modded funny but this scam really exists! (WARNING link points to the scam site, click at your own risk, you may broadcast your ip address to them...)

Re:Your computer is broadcasting an IP address!

Thanks. I did some port scanning, and in just a few minutes I've managed to pwn 10.0.0.1, 127.0.0.1, 172.16.0.1, 192.168.0.1, and even 192.168.1.1. I'll let you kn

Re:Your computer is broadcasting an IP address!

[FLEB]

The family-portrait photo, of the child riding a dog, on the imaginary software box, that's a clear indication of quality. I could see how someone could be taken in.

Re:Your computer is broadcasting an IP address!

[Vegeta99]

hahahahahaha they're SOOOOOOO wrong it says my IP address is 64.8.85.43 and its really 192.168.1.101!!!! go to hell h4x0rz!

[/n00b]

Re:Your computer is broadcasting an IP address!

[Kleen13]

Wait! That's MY IP address!! My login is admin.... MY password is admi.... nevermind.

Re:Your computer is broadcasting an IP address!

[ttyp00]

"According to the FBI/CSI, 90% of all companies had Internet security breaches."

If they're making malware... Then they're about to see malice Miami-style

Get a rope!

[Nimey]

My university has seen so many students (and even staff!) with variants of this. I'll volunteer for the firing squad.

Re:Get a rope!

[Trepidity]

I'll volunteer for the firing squad.

Finally! We usually have to get someone sentenced on trumped-up charges to get our weekly execution, because nobody ever responds to the call for volunteers.

Re:Get a rope!

[Nimey]

Well played, sir, well played.

The obvious truth

[pm_rat_poison]

Scaring people makes them do irrational stuff that ultimately hurts them. Thank you captain obvious!

Re:The obvious truth

[Anpheus]

Is the FTC going to crack down on politicians now too? This is fantastic!

Old news

[IDKmyBFFJill]

It's called Norton/McAfee anti-virus

Re:Old news

[tomhudson]

It's called Norton/McAfee anti-virus

Really? That's the new name for Vista?

I think there's a bug in their web site - it told me I had 427 viruses on C:, but I can't find C: anywhere. I looked in /home, /usr, /var, /srv, /etc, /root, /lib, /sys, /mnt, /opt, /proc, /other, /sbin, /bin, /boot, /dev, /media ... I can't find any C: ...

Seriously, with 8 gig usb keys going for $30, and the ease of installing linux on one, 500 gig hard drives going for $70, or booting off a dvd if you're REALLY cheap, there's no excuse to surf the web using Windows. It's like having sex with a million strangers - you KNOW no amount of protection is going to be enough - you're gonna catch SOMETHING.

Re:Old news

[techno-vampire]

I find that interesting. My laptop is almost 10 years old, with a PII 233 Mhz chip and maxed out at 96Meg of RAM, but I have Linux running on it. And, I've never had the slightest difficulty connecting it to the Internet or surfing the web. Either you have some very weird hardware or you haven't tried very hard.

Re:Old news

[the_bard17]

That's because the Linux community has collectively decided that *you* don't deserve to run it, so we put in special code to keep you off the 'net. It's better for everybody this way.

;oD :op

Re:Old news

[tomhudson]

Condoms and weekly STD tests...

Condoms aren't going to do squat about herpes simplex cold sores. Also, testing after the fact doesn't prevent STDs. Even prior testing doesn't - there's an incubation period.

It's like the trojan in the article that claims "You have nnn viruses" - once you see that, even if you inow it's a scam, you also know that your computer has been compromised. You can never be 100% sure, short of a wipe and fresh install, that there's not something else "ticking away under the hood" just waiting to release its' payload.

Re:Old news

[Jamie's+Nightmare]

...and if all you want to do is surf the web, sure, Linux or even an old WebTV box is just dandy. Problem is, people are used to doing more with their computer. That's where Linux leaves most people with the feeling of holding a wet fish.

you KNOW no amount of protection is going to be enough - you're gonna catch SOMETHING.

I know your trolling, but it's worth pointing out this is dead wrong. I'm using Windows with no anti-virus/spyware programs and the firewall built into my DSL Router. The one and only time I've personally had a virus was in 1997, when my then idiot girlfriend downloaded and executed an IRC script. The best defence is knowledge. Period. There is no OS in the world that is secure with ignorance behind the keyboard. Sure, Linux offers a huge huge security advantage because of it's obscurity, but that's a double edged sword that points back to my first point. People want more out of their PC, and I can't blame them. You want protection? Start with you. Those who rely on others first are usually the ones to get screwed first.

Re:Old news

[tomhudson]

Nah, it's because "I've tried several distros and trying to use the internet is unusable on any of them." means that he didn't know where to clock get the flash player to get rckrolled.

And they didn't select "install all Windows media codecs from packman.de", so they can't watch streaming video ...

For many people, if they can't get youtube and can't play those wmf files their friends send them via email, it's game over ...

Re:Old news

[tomhudson]

As I point out elsewhere, most people think that their computer is useless if they can't view wmf files, or yutube videos. For the former, there's "install all windows codecs" which uses the dackman.de repository; for the latter, if they want the latest flash player, they have to include the non-oss repositories for their distro.

Then they can get rickrolled to their hearts' content, play those flash games, etc.

Re:Old news

[Jamie's+Nightmare]

I think it's weird you believe age, processor speed, and the amount of RAM are determining factors for the reliability of drivers. Maybe it's time to ask Santa for a new laptop.

Re:Old news

[techno-vampire]

My point was that if Linux could get such an old machine on-line without any messing around (It Just Worked) it should be able to get a more recent machine going without any trouble, unless there's something weird about the hardware. (Quite possible, and that's why I mentioned it.)

Re:Old news

[evilviper]

My point was that if Linux could get such an old machine on-line without any messing around (It Just Worked) it should be able to get a more recent machine going without any trouble,

It works exactly the opposite, actually. The older your machine, the more likely that your hardware has been fully fleshed out, and open source drivers are available and working reliably.

Do you really think that, somehow, the hardware in a laptop deteriorates and gets less reliable with age?

Re:Old news

[Hemogoblin]

Well you may not have problems with your hardware, but that doesn't mean others don't. Since we're giving personal anecdotes, I'll give you mine.

To give you an idea of my computer skills, I've installed Linux on three of my computers over the last 5 years, though I never really used it too much. I'm "fluent" with Windows. I have some experience with C++, so using the shell and so forth doesn't bother me too much. I'm not a developer or anytihng like that though. In other words, I'm pretty much the "best-case" inexperienced user.

That said, every time I tried to install Linux, I ALWAYS have problems. The first time it took me literally two days of frustration before it was in a usuable state. I define usable as "being able to reliably hit the power button, boot with no problems, log in, and surf the internet". It would take too long to go through all the problems I had.

More recently, I just installed Linux on my laptop two days ago, and it took me over four hours to get my wireless internet to work correctly. I figured out how to use ndiswrapper on one of my previous installs, but it didn't solve the problem this time around. Eventually I figured out the problem had to do with the order of drivers being loaded. That's right, to surf the internet I had to learn about crap like modprobe, how to run scripts at startup, etc. All the sysadmins here probably think it's easy, but it's nearly impossible for inexperienced users like me to learn. The worst part was finding a well written bug report on the ubuntu tracker which listed my exact problem, but was closed with the reason "This is a well known problem, just google it"... like I hadn't been doing that for hours.

Anyway, my point is that even though Linux is mostly awesome and everything mostly "just works", there are still some stuff that doesn't. You can blame broadcom or whoever for the problems, but if those few things still exist and are frustrating enough to turn off a dedicated and best-case-inexperienced user, then it still needs more work if you want everyone to use it.

Re:Old news

[techno-vampire]

Considering the (by current standards) small amount of RAM, I need a rather compact distro, and ended up with Puppy. It recognizes my PCMCIA NIC with no trouble, and the PCMCIA USB hub only needed a little tweaking to get working better than it ever had with Windows. That's my point, really, that unless you're using bleeding edge equipment, Linux almost certainly can handle it, especially when it comes to networking.

Re:Old news

[wasted]

...Seriously, with 8 gig usb keys going for $30, and the ease of installing linux on one, 500 gig hard drives going for $70, or booting off a dvd if you're REALLY cheap, there's no excuse to surf the web using Windows. It's like having sex with a million strangers - you KNOW no amount of protection is going to be enough - you're gonna catch SOMETHING.

But think of the fun you'd have, especially compared with using Vista

Wait --- those strangers are all attractive females, right? Otherwise, it would be very similar to using Vista.

Re:Old news

[techno-vampire]

Anyway, my point is that even though Linux is mostly awesome and everything mostly "just works", there are still some stuff that doesn't.

How well I know! I'm a regular on my distro's support forum, and I've seen lots of cases where Linux Just Didn't Work. However, I also know that I never see anything from all the people who install it and never have to ask. That's why I mentioned the possibility of "weird hardware." There will always be NICs, video cards, hard drives or whatever that are either so new or so obscure that it's hard to get them going, and that might have been what happened to the OP.

Re:Old news

[ZXDunny]

I have a Panasonic CF41 laptop - 50mhz 486. Runs Win95 and DOS just lovely, straight out of the box. Not so any distro of linux. I've tried and tried to get a decent linux install on it, but they all barf when trying to read the CD drive. It's not too surprising as it's a proprietary drive, but the standard DOS drivers detect and enable it nicely... The only way to install linux is from DOS (no CD Boot option), and the only way to run it is by setting up a tiny DOS partition to boot from in order to get the CD recognised by linux :( It's quite ironic that Linux needs M$ software to get anywhere on that old machine.

Re:Old news

[tepples]

Seriously, with 8 gig usb keys going for $30, and the ease of installing linux on one, 500 gig hard drives going for $70, or booting off a dvd if you're REALLY cheap, there's no excuse to surf the web using Windows.

I run Ubuntu on my Eee PC. But I run Windows XP on my other PC, and I can think of two excuses not to buy an 8 GB USB memory card or 500 GB external hard drive and switch to Ubuntu as my primary OS:

• My PC has on-board USB 1.1. I bought a PCI card with four USB 2 ports, but it died after about a year. For obvious reasons, I do not want to be limited to 1 MB per second throughput to /usr and /home.
• Two words: Broad Com. I don't want to have to replace loads of components just so that Linux can see all the hardware.

Re:Old news

[techno-vampire]

Have you checked Puppy Linux? You can have it create a special boot floppy that will find Puppy on the CD and start it. Don't know, though, if it can run on a 486, but it's worth a try...

Re:Old news

[innocent_white_lamb]

Have you considered a NFS or HTTP install instead of trying to pull it from a CD?

Re:Old news

[aussie_a]

I've tried more then an ordinary end-user would. On Windows XP I don't have to try at all.

I do want to use Linux. But my time is also valuable, so I'm not going to fart-arse around too much to try to get the damn thing to work when I've got an alternative that Just Works.

By the way, this wasn't the only problem I had. It was the only problem I was unable to surmount.

Re:Old news

[aussie_a]

No, it means my internet is 5 times slower when used under Linux. Nice try though.

Re:Old news

[aussie_a]

If Linux is so easy to work, I'd love to know how someone who managed to install Windows XP perfectly fine, manages to cause a problem which makes the internet 5 times slower.

And if it is so easy to mess up without even knowing you've done it, perhaps Linux isn't ready for the big time yet. Although I'm sure I'll be modded a troll again for even daring to suggest that.

Re:Old news

[compro01]

I think you got wooshed. I believe he was referring to norton/mcaffe as malware.

And we got hit with this type of crap where I worked over the summer. It came as spam emails regarding "airline ticket confirmation" (a bunch of the people who got hit by it WERE going on business trips in the near future, though I think that was just random chance). Limited user accounts, mcaffe corporate, it blew right through them.

Re:Old news

[westyvw]

Whats funny is that almost every computer I set up with dual boot, it takes me ages, sometimes months before I get around to setting up the windows side. Its just too annoying and time consuming, whereas the Linux side is already up and running right after install. Or at least is usable while I add packages, prefs and updates. How do people sit through all that rebooting and nagging EULA's, and drivers, and key entering....

Re:Old news

[arkhan_jg]

Out of interest, since you're running no AV/spyware scanners - how do you KNOW you're not and haven't been infected? I've seen all sorts of nasties that install and run silently. Including ones that don't require social engineering to install.

Firewalls protect against direct attacks, but they don't stop iffy attachments such as the latest .wri exploit, or exploits in the browser (and firefox isn't entirely immune either, though it's a lot safer than IE)

Linux offers a huge security advantage because it's better designed. Apache is still more popular than IIS, and has a had tiny, tiny amount of the exploits than IIS has had over the years, though IIS has improved a lot lately.

Even if I accept your premise that all you need is knowledge to protect your systems, which I don't, expecting all users to be expert technicians simply to browse the internet is unrealistic. Some measures to protect themselves, sure - but specialization requires time, and non-IT people rather need to spend that learning other things.

Equally, people may well not have the time to learn how to use linux, which is fair enough. Based on the criteria that many have for linux, windows isn't ready for the desktop either. If linux had 90% market share and everybody used it already, windows would be struggling hard to get any users.

Re:Old news

[dword]

How the heck can this be modded as Troll? Really, people, for most users, computers are simply tools, like VCRs and we expect everything to run out of the box (like it is when you just go to a store and pay and you get a computer which you can use for games and movies and internets - surprise, it's probably running Windows XP/Vista). Some people really don't have the time to tweak their operating system just to watch some movies or use their webcam on Yahoo! Messenger, etc. I have paid for two distros and - no surprise - they didn't work out of the box like Windows did. I just install Windows, put in a CD, click a button, reboot and my computer's ready for use. Until Linux will have the same simplicity for the users, it doesn't have a chance.

This is not trolling, this is fact for people that are too busy doing other things instead of turning into geeks.

Re:Old news

[cheekyboy]

yeah besides wifi, it was easy to install. Bloody broadcom, did that ceo go to jail or anything?

Better yet, why dont distros include the extracted firmware from the windows drivers? Who cares if its barely legit, just do it until Mr Broadcom complains, then tell him, "dude we just want ur shit hardware to work, whats ur problem, are you a communists against all forms of free markets?"

Re:Old news

[Erikderzweite]

>Two words: Broad Com. I don't want to have to replace loads of components just so that Linux can see all the hardware.

Well, I, for one, wouldn't buy unsupported hardware I need another OS for. It requires a bit of research and you can't just grab the cheapest solution, but it sure pays off (I have 6 Linux-only PC-s and notebooks among my family members, guess what all the windows licenses would cost).

And to have a good laugh about such articles -- priceless!

Re:Old news

[Lost+Race]

I'm not the GP here, but I get the same question whenever I make similar comments about running Windows since forever with no antivirus and no infections, so I'll give my usual answer.

I periodically take the hard drives out of my Windows machines, make copies, attach those copies to non-networked machines with temporary installs of some current OS and virus scanner, and scan the copies. (The isolation and extra level of indirection are because I don't trust virus scanning software, be it payware or freeware, not to screw with my files.) So far every scan has always come up clean. This is a far more reliable way to run a scanner than from within the system being scanned -- if the host OS is infected, the malware could easily dupe the scanner into reporting a bogus "clean" result.

Since these scans always come up clean, I see no reason to incur the performance penalties of always running live antivirus software on each system. My other security policies seem to be doing an adequate job of protecting me.

Re:Old news

[TheLink]

Windows isn't really the problem[1].

If these millions of people were running Ubuntu they'd still be infected by malware.

Why? Because these people thought the malware was _good_ software. They would do whatever seems reasonable to them to install it. If it means downloading and executing something, or even entering an admin password, they would do it.

There have been windows viruses that spread via password protected zip files - victims would have to enter the password in the email to unzip the zipfile, then launch it. Many did.

The authorities should just be more active in prosecuting such cases of fraud. Because that's what the scareware scam is - mass fraud. Such scammers cause far more harm than that silly Brit who hacked into US military computers to look for evidence of UFOs.

Once you start jailing scammers the amount of spam we get will be less - because there's a fair bit of scam spam too.

[1] Linux isn't much more secure than Windows XP SP3. Fact is Windows XP SP3 provides better sandboxing than many Linux distros. When you launch some new unsigned program, Windows often prompts you to say that the program is trying to make outbound network connections. Ubuntu, Suse don't do that by default. They have apparmor and SELinux but if the average sysadmin finds them a pain to deal with, they're not suitable for even the more knowledgeable users.

I have made suggestions to Ubuntu and Suse to try to make sandboxing better (better than windows and anything out there that I'm aware of), but I don't see very much progress happening.

Re:Old news

[smoker2]

So instead of raising the intelligence of the users, we must lower the complexity of linux ? How does that help anybody ? Why teach people to drive properly when we can just install auto transmissions and airbags ? You do realise that lack of movie playing on linux is a copyright and patent issue and not a software issue. As are most of the issues regarding hardware. You speak as though you were being charged for your copy of linux, and therefore expect it to work fully in every aspect. It is not a product, it is an environment. You choose which environment to work in, either get movies playing out of the box and get pwned every 5 minutes, or get a secure environment which can also play movies IF you want it to. Besides which, I have had to install codecs on XP before to play divx/xvid and other formats. I also have to install flash etc. So claiming that windows does it all out of the box is disingenuous. Linux distros commonly do far more "out of the box" than windows ever has. I have never installed windows where I didn't have to reboot maybe 5 times because after the os is installed you have to install drivers for all the hardware, in the correct order. Then you can start on installing software, which often needs a reboot for each item.

So yeah, troll indeed.

Re:Old news

[dword]

You speak as though you were being charged for your copy of linux, and therefore expect it to work fully in every aspect.

Yes, I was! I actually chose to pay for a Linux distro.

Re:Old news

[ion.simon.c]

I suppose that you've already seen this?

http://www.mondodesigno.com/linux/cf41.html

Re:Old news

[ion.simon.c]

*sigh*

Your "extract the firmware from the Windows drivers" plan is a really bad idea.

A better idea is to not use wifi hardware that doesn't work with a free driver.

Re:Old news

[ion.simon.c]

*shrug*

Sorry that your distro didn't work with your hardware.
Have you filed a bug on your distro's bugtracker? If not, please do that now.
Did you receive troubleshooting instructions? If so, please follow them now.
Did the instructions resolve the issue? If not, please post this new information in the bug tracker.
Were you asked to file a bug somewhere else? If so, please go do so now. Sometimes your distro maintainers need to make "upstream" software providers aware of bugs. Sometimes your distro maintainers can't easily reproduce the bug and will ask you to notify the upstream provider for them.
Was your bug closed with no acceptable resolution? Sorry about that. Maybe your distro maintainers suck or speak a different language than you do. Or, maybe your hardware mfgr. is making life hard for Linux driver developers. Writing a polite "Please free the specs!" letter to the mfgr. can do no harm.

Re:Old news

[Whiteox]

Agree. I have a Dell 280 somewhere that just doesn't like Linux at all. I did manage to get Arch linux installed for a while - but would only boot 3/5 times. Kernel panic. Ubuntu won't install.
Nothing wrong with it. Memory checks ok, HD is ok - just doesn't like linux. Now it's running an nlite version of XP for testing, but I think I'll sell it as I bought it to run as a linux box.

Re:Old news

[tepples]

Well, I, for one, wouldn't buy unsupported hardware I need another OS for.

My point is that I didn't know that I needed any operating system other than Windows until at least a year after I bought the computer. It came with Windows, and Windows worked for me.

It requires a bit of research and you can't just grab the cheapest solution

How do I research a notebook computer's keyboard, trackpad, and screen before I buy it online? As far as I can tell from asking sales associates, there isn't any Linux laptop bigger than an Eee PC on display in any store in my city.

(I have 6 Linux-only PC-s and notebooks among my family members, guess what all the windows licenses would cost)

I'm guessing not that much. Toys R Us in Fort Wayne is selling Eee PCs with an 800x480 screen, 8 GB SSD, and Windows XP for $299; the Xandros version right next to it, with the same screen and drive, is $269.

Re:Old news

[Erikderzweite]

My point is that I didn't know that I needed any operating system other than Windows until at least a year after I bought the computer. It came with Windows, and Windows worked for me.

I got much luckier with my initial hardware, but as for peripherials -- had to change bluetooth dongle because of lacking headset support.

How do I research a notebook computer's keyboard, trackpad, and screen before I buy it online? As far as I can tell from asking sales associates, there isn't any Linux laptop bigger than an Eee PC on display in any store in my city.

I'd recommend http://tuxmobile.com/ -- it has a long list of notebooks along with about 8000 reports of what hardware is supported to what extend (note to myself: add my own report). Visiting retail shop with a LiveCD is possible too, provided they have the same model on sale. Not an optimal solution, agree, but there is not much alternatives in current monopolistic situation.

I'm guessing not that much. Toys R Us in Fort Wayne is selling Eee PCs with an 800x480 screen, 8 GB SSD, and Windows XP for $299; the Xandros version right next to it, with the same screen and drive, is $269.

That's OEM License which is much cheaper than retail (and comes at almost no cost for netbook vendors). And only 2 notebooks have had some Windows preinstalled. Even if I didn't diched those installations -- I'd still need 4 copies at retail price.

Re:Old news

[ffflala]

I find your perspective of "doing more with their computer" curious.

Personally, I feel that I am able to do more with a Linux distro or a BSD --customize look, layout, response, input, remap keys, automate tasks, etc-- to get it to do perform exactly as I wish. Or at least much closer to exactly as I wish than otherwise.

With Windows, even OSX for that matter, I'm only able to get so far and no further -- and then often only via guesswork like registry hacks.

Re:Old news

[Cro+Magnon]

Setting up Linux on 10 year old hardware is easy. Setting up Linux on 10 month old hardware is less easy. Setting up Linux on the machine you bought at WorstBuy yesterday is hard. IME, Linux seems to work better on old hardware than it does on new stuff.

Re:Old news

[jafiwam]

Because virus creators are shitty programmers. The shit ALWAYS jacks up the system in some way. They can't resist trying to defend themselves from "sort of informed" attempts to get rid of them and do stuff like disable the "Services" section.

Because, even if it's just a trojan dropper, eventually they get around to selling their product (i.e. the list and control of infected computers) to someone who wants to send spam with them.

Think about it, there's no other reason to make a virus except money, they HAVE to do something useful with it, and usually that means a) scam the user or b) send out spam (and in some cases host illegal files). Those things are detectable.

I know it's crazy, but if you don't happen to be looking at bullshit blogs all the time, dog scat porn and free warze and cracks, you CAN go a LONG TIME without getting infected.

I do the same thing, no protection whatsoever on my machine. I back it up so if I got something I would be back up and running easily. The only time I encountered something on my machine was when I let a bunch of friends use it during a social event, and THEY were going to porn sites.

(Usenet porn for the win)

But really, the end game is ALWAYS something useful with the machine the perp can do to get money. THATS why it always shows up.

The days of viruses that make a snotty smiley face on the screen are long over.

Re:Old news

[dextromulous]

An easy way to make FireFox slow on Linux (without knowing how you did it):

Turn on a local firewall and block localhost traffic. FireFox tries to connect to the local X server frequently (port 16001) and since the traffic is dropped, the connection has to time out (takes about a second,) which noticeably makes web browsing slower.

Solution: Don't treat Linux like Windows! A local firewall is generally not needed!

Furthermore, web browsing on Windows is painfully slow for me, since Windows itself seems slower (menus, file operations, the painful command line interface) and on top of that, the antivirus software cripples it further!

Re:Old news

[techno-vampire]

Oh, I don't know. We recently transferred my sister's dual boot system to a brand new HP computer. The only thing Ubuntu needed to do was download the drivers for the new video card. Win2K barfed because it didn't have drivers for the new hard disk, and wouldn't even ask us for the new ones.

Re:Old news

[stm2]

Can you use a >2Gb SD card in eeePC with linux?

Re:Old news

[MikeS2k]

Indeed.

I recently purchased a "realtek" NIC that turned out to be a pirated NIC.
that's right - pirated hardware! it had the realtek logo on it, it was listed as Linux compatible, but when I went into the Linux driver directory, it contained a text document saying "use NDISWRAPPER".

I ended up googling the chip's serial number and learned it was an unlicenced knock-off from somewhere in China.
First time I've ever seen anything like it.

Re:Old news

[TCM]

Try NetBSD. Seriously.

Re:Old news

[tepples]

Can you use a >2Gb SD card in eeePC with linux?

I have an Eee PC 900, on which I installed Ubuntu Hardy using step 1 and step 2. It can see my 8 GB FAT32-formatted SDHC card in a USB SDHC writer and in the internal SD slot.

Re:Old news

[tomhudson]

The trojan can't be detected by antivirus software because it isn't installed right away. Instead, a randomly-named file is dropped on your drive, then run. The AV software can't find the rile, since it doesn't know what to look for. I removed it from my daughters' laptop by looking for files with modified dates ~ the day it started, +/- 1 week. You have to check the whole machine, not just the Windows directory tree. Also, do a search through the registry manually looking for any run= that looks suspicious (for example, an adjacent key has a blank value).

That particular machine will be running linux in the new year.

Re:Old news

[tomhudson]

No, it means my internet is 5 times slower when used under Linux. Nice try though.

Then there's something not right, and it should be easy enough to track down. "BAck in the days", Windows network throughput was only ~10% of linux on the same hardware. Obviously, that got fixed by the end of the last century, but there's no reason for linux to be that slow. What I've found is that, with distros that incorporated beagle and were stupid enough to start it by default on bootup, the machine was SO slow that it was useless. Most people blamed linux - it would pretty much kill machines from 5 years ago even with a couple of gigs of ram.

Re:Old news

[tomhudson]

If these millions of people were running Ubuntu they'd still be infected by malware.

Why? Because these people thought the malware was _good_ software. They would do whatever seems reasonable to them to install it. If it means downloading and executing something, or even entering an admin password, they would do it.

Wrong - the trojan that installs this crap (and I'm referring specifically to the malware that is mentioned in TFA) is a drive-by, Windows-flaw-only download, not something that they installed because they, or one of their friends, thought it was "good software."

Also, there's no registry in linux to hide all sorts of stupidity in. The registry was the worst idea ever. It sucked in Windows 3x, quickly became a place for software vendors to hide stuff in to try to prevent piracy, and from there, it was just a small step for malware developers to do the same.

Re:Old news

[TheLink]

From the reports of other slashdotters the "scanning" stuff just pretends to scan - it even claims to find windows dlls on Linux machines :), then it says in effect "You have a problem, download and run this software to fix it".

On further investigation it seems like these scumbags try multiple means to get their software installed - human vulnerabilities (as above), and various browser vulnerabilities (IE, Firefox). I've also seen claims that some versions of the trojan exploit vulnerabilities in older versions of Sun's Java to do a "drive by" install.

As it is, my main point still stands - if the millions of people were running ubuntu, they'd still be infected, it's not really a problem with windows. Say they use firefox. If it's a vulnerable version of Firefox (there've been many critical firefox vulnerabilities and there will be many more[1]), the scumbags will exploit it. Otherwise, they'll get a message asking them to "download and install a firefox update" :).

Either way, they'll be infected. I don't really see a big difference, windows or not.

Currently windows is just the best target platform. If you want to DDoS someone, or send tons of spam the more machines you have the better. The linux home user market share is pitiful and there's no point DDoSing from 50 infected Linux machines behind a single corporate line.

Once Mac OSX reaches the 20-30% share mark, I think you'd see more malware authors targeting that platform. I believe there are already some signs of interest :).

OSX has stuff like perl preinstalled, which might make things a bit easier. TIMTOWTDDDoS :). The malware could google for new instructions and run "eval" on it :). Perl "windows style malware" could easily be written to run on OSX, Linux, *BSD. So Linux users may be hit as a "side effect" of targeting OSX. Most antivirus/antimalware software are still quite reliant on pattern recognition (despite what they claim ;) ), so it'll be interesting to see how they cope with stuff like perl (or even more "interesting" languages).

As for the registry - most "Windows class" users will have as much difficulty with /var/spool/cron/, /etc, initrd, linuxrc and more, as they would with the windows registry. My mom will have just as much difficulty removing malware entries in the registry as she would removing it from /etc and other places.

There's just so much you can expect the average person to do, you can design your tech accordingly but they will still be exploited from time to time. The internet just allows mass remote exploits.

The authorities should maintain a top 10 list. Work from the top, follow the money trail and take action on those within their juridiction. Many of these people are actually in the US despite their servers being elsewhere, even if they are not, their money might be there and thus seizable.

On Windows and Linux, I normally use a nonroot/admin user, but even in that account, I run firefox using yet another different user account (I used to work in IT security :) ). So if I get infected it's a lot easier to fix, and the malware cannot access my documents in my main user account. I tried to set this config up in XP for some relatives, but they couldn't cope with it. They also didn't like my suggested password formats and picked easy to guess passwords instead and share it freely (doh).

[1] http://www.mozilla.org/security/known-vulnerabilities/firefox30.html
http://www.mozilla.org/security/known-vulnerabilities/firefox20.html

Re:Old news

[silent_artichoke]

Maybe the latter implies the former? :)

Re:Old news

[ukyoCE]

Correction. A windows install is more like:

Buy computer with Vista.
Put in Windows XP CD, reboot.
Install XP, Reboot twice more.
Go to windows update, get updates to windows update. Reboot. (it doesnt prompt you, but you'll fubar windows update if you dont and have to hack the registered dlls)
Install Service pack 3. Reboot.
Install updates to service pack 3. Reboot.
etc.

Windows is a bad example. If you want to talk about an OS that's easy to run out and full-featured out of the box, try a Mac. Windows isn't there yet, and likely will never be. (using your definition anyway).

Re:Old news

[ukyoCE]

Just wanted to point out the best defense is not knowledge, it's your router acting as a firewall. Without that (or enabling DMZ) you'd be screwed. ;)

Re:Old news

[tomhudson]

As it is, my main point still stands - if the millions of people were running ubuntu, they'd still be infected, it's not really a problem with windows.

Your main point fails - millions of people DO run linux, and macs hold 10% of the market - and neither get this sort of shit happening to them.

As for the registry - most "Windows class" users will have as much difficulty with /var/spool/cron/, /etc, initrd, linuxrc and more, as they would with the windows registry. My mom will have just as much difficulty removing malware entries in the registry as she would removing it from /etc and other places.

Bad comparison. The registry is a single location where all sorts of undocumented cruft sits, with weird variable names parameters. /etc, /var,and its' kin are plain text files, and the first few lines are usually instructions as to "#THIS FILE IS foo.conf" , and most of these files are fully commented right in the file.

Re:Old news

[TheLink]

I said "_the_ millions" which means the infected millions. I would have left out the "the", if I meant something different. I put it there for a reason.

If I were talking about uninfected+infected users a different phrase would be more appropriate.

A user who is prone to infection is different from a user who isn't. A user prone to infection is just as likely to be infected whether they ran Windows or Ubuntu.

The number of infected windows computers may even rival the number of Desktop Linux computers worldwide :) [1].

Macs have 10% market share and they ARE getting the same shit, just not so often _yet_:

http://www.wired.com/politics/security/news/2007/11/mac_trojan
http://voices.washingtonpost.com/securityfix/2008/06/new_trojan_leverages_unpatched.html

If they hit 20-30% share, things will start to heat up for OSX, since with a 3:1 or 2:1 ratio - not targeting OSX becomes a significant missed "opportunity" - your botnets would not grow as fast if you just targeted Windows.

Lastly, you said the registry was bad because stuff could be hidden there.

But to most "windows class" users there would be little difference between "hiding stuff" in the registry or /etc. Most of them won't even know that either exist in the first place!

Whereas you'd have just as much luck hiding stuff in the registry from the experts as you would in /etc or wherever.

So I don't see this "hiding" thing as a problem.

If you suspect your system is compromised, the safe thing to do is reinstall and update from a trusted source, then restore data and documents from backups.

[1] http://www.microsoft.com/downloads/details.aspx?FamilyId=47DDCFA9-645D-4495-9EDA-92CDE33E99A9&displaylang=en
http://www.microsoft.com/downloads/details.aspx?FamilyID=e0f27260-58da-40db-8785-689cf6a05c73&displaylang=en

A lot of windows machines don't run windows update and so don't run that tool. Some of them because they have an invalid license.

Re:Old news

[tomhudson]

A "Mac Attack" is news. With Windows, it't not only not news, it's expected. And no, your stats are off - there are WAY mor infected Windows boxes than there are Ubuntu users. Not something to be proud of.

After all, if you have the lions' share of the market, and the revenue that goes with it, you should have the resources to make a more, not less, secure system. It didn't happen, which, if you're familiar with the early history of Windows (pre-3.x), you'd know why it was doomed to fail, security-wise, from the start. Wrong people, wrong mindset, wrong goals.

If they hit 20-30% share, things will start to heat up for OSX, since with a 3:1 or 2:1 ratio - not targeting OSX becomes a significant missed "opportunity" - your botnets would not grow as fast if you just targeted Windows.

Whereas you'd have just as much luck hiding stuff in the registry from the experts as you would in /etc or wherever.

Really? Then explain how you can find a trojans' keys if they're randomly generated for each machine? The only way is to look at the creation/modification date, which is what you have to do to remove AntiVirus2009. Ditto with all files modified around that date - including system files. Have fun restoring afterwards if anything critical was hit, whereas with etc (or any app tht got trashed), you can just grab a copy from a working machine, or hit the repositories - for *any* application.

There's a reason why people are switching ... linux is really user-friendly at this point. That is such a transparent case of wishful thinking ... Apache certainly has more than 20% market share - they have more than Microsoft, btw, - but look at the stats of who is the one that gets exploited.

Re:Old news

[TheLink]

AFAIK just putting random keys into the registry don't cause your software to automatically be run or loaded on boot.

You have to put those random keys in certain places and those places aren't random for each machine.

"Apache certainly has more than 20% market share - they have more than Microsoft, btw, - but look at the stats of who is the one that gets exploited."

PHP stuff? Just guessing coz I'm too lazy to look it up.

I haven't seen that many IIS6 or IIS7 exploits. Whereas PHP and PHP webapps appear to be exploited every now and then.

Nowadays it appears to be neither Apache nor IIS that people prefer to attack - they attack the stuff running on it.

Similarly they prefer not to attack Windows XP directly, they exploit the users or apps running on it.

Re:Old news

[tomhudson]

The point is that putting keys in random places, as AntiVirus2009 does, means that antivirus software can't determine if it's malware or not, especially since the program that it runs is ALSO randomly named on each machine, usually replacing a valid but non-critical OS file.

The registry was a bad idea.

Re:Old news

[TheLink]

That's terrible "antivirus" software. It's extremely stupid for it to just rely on names and locations.

So if I called it "DoublePlusGood Software" and put some keys in HKLM\RandomCrap\ the antivirus software would think it's OK when scanning? That's hilarious! Funniest thing I've heard this evening, honestly! :)

What next, a metal detector that only detects metal as long as it's labeled correctly and placed in the right location? :).

That's what I call a problem with the "antivirus" software, not the registry.

I'd personally regard that sort of crappy antivirus software as fake too. It would be nice of you if you could let me know what antivirus software that is so that I can blacklist it and its creators.

Real antivirus software would actually check the binaries the entries referred to, instead of just relying on what they are called.

Re:Old news

[tomhudson]

When trojan software labels itself as nvidia.cpl or atidrv.sys, or msofficectl, have fun scanning for it searching for "AntiVirus2009". You won't find it. Even searching for the raw string on your hard drive won't find it if the name is encyphered. Stop being such a shameless MS fanboi. The registry was a mistake - even Microsoft now admits it.

Re:Old news

[TheLink]

> When trojan software labels itself as nvidia.cpl or atidrv.sys, or msofficectl, have fun scanning for it searching for "AntiVirus2009"

So landmine detectors can only detect mines if they are labelled "Land mine" and placed in the right places?

Do you really have any idea of what you are talking about?

The registry was a mistake, but not for the reason you said.

If you don't want to learn stuff and prefer calling me names, that's fine with me. Your loss not mine.

I'll one up that.

[RulerOf]

My university has seen so many students (and even staff!) with variants of this.

One of my users managed to get it on a fully patched XP machine that I somehow forgot to install Symantec on (yeah, stupid), with basic User privileges.

Of course, I've seen it a million other times too, but those people were all running with admin privileges.

Re:I'll one up that.

[gad_zuki!]

Really? If it lived soley in user space then it would be trivial to remove and couldnt do all the tricks that it does, namely installing services, registering dlls, and over-writing system files.

  One of my users tried to install it and it failed. Something tells me your limited user config isnt standard. There's no shortage of shops that give write access to the c: drive and large parts of the registry because theyre too lazy to find the specific file or key they really need.

Re:I'll one up that.

[RulerOf]

That shop was a small shop, and the users need a little more slack with their machines since I only talk to them about once a week. I don't have backdoors like the task scheduler locked up, so if you *really* wanted it, you could have admin on these boxes, and a couple apps (I hate quickbooks) require it, so there's a few RunAs scripts and so on that could port you into adminship.

Nonetheless, I was still impressed.

Re:I'll one up that.

[Bill,+Shooter+of+Bul]

Thats nothing. My parents could get it installed on a fully patched system *with symantec* installed on it with basic User privleges.

They are that good. I don't know how, I'm not there when it happened, but I know what their system was before I left, and after they said they were having problems emailing. And this is why I don't trust Symantec. F Secure seems to be the only parent proof anti virus I've found. Your millage may vary depending on the gullibility of your users.

Re:I'll one up that.

[batzo]

>1. never put windows on C: it will confuse the badly written hardcoded C: crap ware.
>
>2. make C: the temp/media drive. ...it also confuses all sorts of other badly written software. (some of which may actually be useful)
iPods do not sync if they are drive C:

Re:I'll one up that.

[Whiteox]

Two clients have XP on Drive F. That's my fault as they are both ghosted drives and XP got confused when I made the ghost the master.
One client has an ipod and came up with the exact same issue - it decided it was drive C.
But it is possible to reassign the ipod if you look hard enough.

Great

[ArchieBunker]

Too bad they didn't do this 6 fucking months ago when idiots started opening fake UPS/USPS/FEDEX emails to print their .exe "invoice" inside a zip file.

Hey you!

[RulerOf]

You've got a virus!

Pay me or I won't tell you what it is!

The sad thing is that people fall for it.

I've actually had the following conversation:

"What antivirus program was that?"
"Oh let me see here... [Horrible Trendy Name]"
"When did you install it?"
"I don't know."

I told him to call his credit card issuer.

Though, as if that's not enough, my neighbor recently couldn't understand how a dialog that, after analyzing basically indicated his computer was "too secure" wasn't a bad thing.

I have them beat

[LurkingOnSlashdot]

Sure these might just be "scamware"... but I beat them at their own game by installing all 5 of the mentioned programs. The combined power is sure to be effective even if one alone is not!

Re:I have them beat

[nonades]

You gonna have them fight to the death or something? Obviously that'll show which one is the best.

Re:I have them beat

[initialE]

That's actually the guiding principle behind Microsoft Forefront

It's easy to stop ...

[tomhudson]

Turn off the $$$ - the credit card companies know that payments to certain entities are for scam crap just from the number of complaints, but they still do nothing because, let's face it, a million sales @ $30 a pop == $30,000,000. 3.5% of that is over a million bucks. It's not in their immediate financial interest to turn off the tap.

Re:It's easy to stop ...

[tomhudson]

Paypal and iTunes - now that's a marriage made in hell.

I can't wait until the day when everyone can accept email payments.

Re:It's easy to stop ...

[Kent+Recal]

Not gonna happen.
Why would a bank provide flatrate b2b/c2b money transfers when they can take a rake from each transaction?

Re:It's easy to stop ...

[omeomi]

It's not in their immediate financial interest to turn off the tap.

Nor is it their responsibility to make sure their customers spend their money wisely. And they can't just indiscriminately stop processing payments made to certain companies...they'd get sued.

Re:It's easy to stop ...

[aliquis]

Why don't they contact their banks instead? Not unlikely that they have messed up themself though.

Re:It's easy to stop ...

[FLEB]

So, it's like Paypal meets Western Union. Fraudulicious!

Re:It's easy to stop ...

[scientus]

what realy needs to happen (but wont because finially your grandmother has gotten sue to password) is a move towards real authentication

Peoples cryptographics keys do not need to have any information but if people just used the damn things then there would be no phishing, no more hackers hacking into some crap site, or the site going off the internet and saying what the hell, and your passwords being used to take everything you have.

big sites like reportable ebay DO NOT ENCRYPT YOUR PASSWORDS cause they then cn look for sockpupets.

Seriously, if the user types their password into the actual page then something is wrong, unlike 10 years ago anyone can easily send a typed password thorugh ajax, anything you ever type into any text box on a internet site is public. Something like passwords shouldnt be in there as there and done ad-hoc. And this is part of most of what this game plays on.

Re:It's easy to stop ...

[hairyfeet]

And just think, since these "antivirus" apps are nearly always Trojans that turn the "customer" into a Spambot it is like hiring this guy to fix your PC!

Re:It's easy to stop ...

[flerchin]

You seem to have some intelligent points to make. However, I can't decipher them. I'm not trying to be a pedant, but can you take a second and try to rework your post to make it more clear? In particular, can you elaborate on your point about ebay not encrypting passwords?

Re:It's easy to stop ...

[cheekyboy]

1. they are profiting from a crime, and border line aiding and abetting.

2. As if a scammer will sue the CC companies, just get the visa corp to buy their products, install it, wreck havoc on their internal network, then counter sue for 10000x for damage to important US infrastructure.

Re:It's easy to stop ...

[Nathan+Baum]

I'd guess he's saying that eBay don't encrypt passwords so that they can identify people who have the same passwords, because those people are probably actually the same person. Of course, that's complete nonsense, so maybe that's not what he means.

Re:It's easy to stop ...

[Thorwak]

Especially since they could STILL do that if the passwords were stored as, say, md5 hashes.

Re:It's easy to stop ...

[myxiplx]

Yeah, just like they did when they stopped taking payments to AllofMP3.com.

oh, wait...

Re:It's easy to stop ...

[omeomi]

1. they are profiting from a crime, and border line aiding and abetting.

Not until a court of law says it's a crime. Until then, they're a legitimate business.

Re:It's easy to stop ...

[geminidomino]

1. they are profiting from a crime, and border line aiding and abetting.

Not until a court of law says it's a crime. Until then, they're a legal business.

Fixed.

Re:It's easy to stop ...

[DaFallus]

And they can't just indiscriminately stop processing payments made to certain companies...they'd get sued.

This has already happened to me before. A hold was placed on my card because I bought some software online and my credit card company found this to be suspicious for some reason. They never called to inform me of this or to verify if the purchase was legitimate. I had to find out my card didn't work by being embarrassed in front of a store full of people.

Re:It's easy to stop ...

[Gypsy2012]

Credit Card Companies are already paranoid enough about new businesses. When you are a Legit business trying to sell a Legit product and you do large business the Credit Card companies shut you off if your business goes in spurts and such. It is bad to have the Credit Card Companies have several false positives because you've tried to turn them into an investigative police force rather then a funds collector.

Re:It's easy to stop ...

[omeomi]

Actually, yeah. That happened to me at a pizza hut once. I think I was using a card I hadn't used in a long time, though.

Re:It's easy to stop ...

[FredFredrickson]

Not as easily if they're dynamically salted md5 hashes.


But more importantly, why on earth would you compare passwords? I'm sure a bunch of people have the password "sallyismygirlfriend" and not just me. Wait.. hang on. UNDO UNDO!!

Re:It's easy to stop ...

[jimbo1708]

It is in their best interest to just stop the money because customers won't pay their credit card bill for bad software. For example, my CitiCard does not work for bodoglive and I called citicard about it. They told me they don't allow payments to them because customers stiff them when they are done gambling and just say bodoglive fraudulently changed their card. The credit card companies should be stopping payments to these companies or at least putting a hold on the card and contacting the customer for confirmation.

Re:It's easy to stop ...

[sortadan]

this could be stopped in the same way online gambling sites got shut down in the us. they made it a criminal act for credit card companies to conduct business with companies that are involved with gambling. i don't think there was a single violation by the credit card companies, as soon as they had any type of financial and criminal culpability they shut it down.

you just have to give the people who have the power to end something that's wrong, incentive to do so (rather than allowing them to be the type of capitalist pigs that get flamed to no end here on /.). at least with gambling it was partially the fault of the person who was knowingly participating, as with this it's a full blown scam.

Re:It's easy to stop ...

[RockDoctor]

2. As if a scammer will sue the CC companies, just get the visa corp to buy their products, install it, wreck havoc on their internal network, then counter sue for 10000x for damage to important US infrastructure.

I thought the standard punishment for that was bag over the head, a short flight out to sea, a long drop, and a few weeks swimming back home. Or was that some other country matching A*a ? Mind you, for these terr'sts, that might not be such a bad thing.

Re:It's easy to stop ...

[ukyoCE]

That's interesting, hadn't heard of those. Since all the people with the problem seemed to have made itunes purchases recently, I'd be willing to bet this is from the same Flash keylogging that's rampant in eg. WOW forums. Just as easy to take an iTunes user+pass as a Warcraft user+pass. Also noticing that everyone seemed to have charges in the same range (200-500$).

While I know it's cool to hate and all, this is almost guaranteed to be a case of people getting their accounts logged There's not a lot Apple can do about that.

I have WinXp Viruses on my Mac!

[JimMcc]

According to these guys, my Mac is infected with Windows XP viruses. Ok, now I'm not that gullible, but the sad part is that there are plenty of people that are and believe whatever they read. Of course these are the same people that send birthday cards to little whats-his-name who wants to be in the Guinness's Book of World Records.
 
At one level I'm sympathetic, but at another I think that people need to learn to be more than a little skeptical on the internet. So instead of getting money returned to the people that purchased this junk, how about using it to fund advertising programs that politely ask "How can you be so stupid?" (Obviously not saying it like that.) Education is the only thing that will change this in the long run. Otherwise they'll just fall for whatever the next trick is that comes along.

Re:I have WinXp Viruses on my Mac!

[m1ss1ontomars2k4]

Knowing some of my fellow Mac users, I wouldn't be surprised at all if at least some of them fell for it. :-/

Re:I have WinXp Viruses on my Mac!

[ljw1004]

In Australia several years ago there was a major government advertising campaign with the slogan "If you drink and drive, you're a bloody idiot."

Your proposal "You can you be so stupid?" sounds okay bit a bit too mild...

Re:I have WinXp Viruses on my Mac!

[aussie_a]

Guess Mac isn't as secure as everyone thought.

Re:I have WinXp Viruses on my Mac!

[Moridin42]

Yeah.. but JimMcc is probably speaking about America. The country where everything must be politically correct or else. One of the schools a few hours away made the news recently because the old Rudolph the Red Nosed Reindeer stop motion movie uses the word "christmas" and is thus unsuitable for viewing in the classroom.

So.. while harsh honesty about the ignorance of computer users may be educational, it won't be tolerated. Not here, anyway.

Re:I have WinXp Viruses on my Mac!

[Nefarious+Wheel]

In Australia several years ago there was a major government advertising campaign with the slogan "If you drink and drive, you're a bloody idiot."

This was accompanied by "Don't fool yourself, speed kills". Once I saw a car where someone had taken a razor to the two bumper stickers and displayed "Don't fool yourself, you're a bloody idiot". I had to pull over for a few minutes.

Re:I have WinXp Viruses on my Mac!

[ServerIrv]

There is a program I've seen advertised on the tv about making your computer fast, well finally fast. That's about all the hints I'll make at the actual name of the program. Anyway, the "users/actors" gush over how fast their PCs (ubiquitous for windows machines) now work after running this simple app, even though they are clearly shown alternatively using a Mac and a Dell machine. I've been the only one of my friends to notice this error.

Re:I have WinXp Viruses on my Mac!

[cheekyboy]

So america was taken over by the commies but the populace never knew it.

Re:I have WinXp Viruses on my Mac!

[Kalriath]

Australia stole that off us. New Zealand's had that campaign for over a decade. Along with "If you don't drink and drive, you're a bloody legend".

Re:I have WinXp Viruses on my Mac!

[DigitalSorceress]

I've seen em too and have been hovering between whether they are "complete waste of time" or "malware pushin' scum"

Either way, I really worry about all the folks who fall for that ad.

yeah, you can tweak their MTU and play with cache settings and maybe even juggle a couple of the tcp/ip parameters in the registry, but most of the types of "this computer used to be so fast, now it's slow" problems turn out to be due to getting bogged down with competing malware/spyware.

Oh well. I'm seriously thinking of pushing my mom to get a MAC next time she needs a computer so I can stop worrying quite so much.

Better late than never

[erroneus]

The FTC is supposed stop and punish fraudsters. This is their job. I can't understand why it has taken this long.

Re:Better late than never

[Narcocide]

The answer to why is probably simpler than you think - they don't "get" this internet thing either.

Re:Better late than never

[RulerOf]

Nah, one of the FTC figureheads fell for it I'd wager.

Re:Better late than never

[Mashiki]

My guess is it took awhile to actually find someone traceable here in North America to go after. There's been some heavy dissection of this on DSLR over the last few months, by and far most of this is redirected to a money dump in russia.

Re:Better late than never

[DerekLyons]

It's much likely that they do get this 'internet' thing - but that building a case and following due process takes time.

Re:Better late than never

[Just+Some+Guy]

I can't understand why it has taken this long.

Probably for the same reason that the FDA allows people to advertise homeopathic crap like HeadOn as a cure for headaches, then stick a 3-point type dislaimer stating "this product is not intended to treat anything" at the end. The stakes are sufficiently small that they move on to ignoring something bigger.

Re:A fool and his money...

[Keramos]

I believe this is called Windows Live OneCare, right?

Helllooo.... FCC ... um, Stopsign.com ?

[Lost+Penguin]

If I go to stopsign.com it will detect all sorts of Windows nastyware on my Linux box.
They have ads on Direct TV.....

Hoard your clicks

[Nefarious+Wheel]

...The only reason you see a "click here if this is inappropriate" on any website is so they can cover their own ass and prevent getting sued...

Actually, there's another reason. If you click on anything at all, they can record your address in their web journals and tick a box labeled "This person is a potential mark". It's one of the reasons why I close these bogus displays by going around and closing them from the operating system. I do not trust any button or other clickable control presented to me from any window that I didn't specifically ask to see. Even the little X in the top right corner, they can emulate those controls with controls of their own, and can record the fact that you've paid them a bit of attention. And for such people, the less attention you pay them the better.

Re:Hoard your clicks

Imagine how much of your life you would get back if you just didn't care?

Re:Hoard your clicks

[Nefarious+Wheel]

I'm more concerned about the amount of life I'd lose if I didn't.

Re:Hoard your clicks

[Ihmhi]

I know a good bit about computers, but I had never heard about anything like this. Would this actually be possible - emulating the entire thing? I'm sure the X boxes and whatnot would be easy, but what about the right-click context menus?

Furthermore, why isn't Adblock stopping these things in the first place?

Re:Hoard your clicks

[pxlmusic]

because, as the previous poster mentioned, coupling it with NoScript (along with a good AdBlock list) can ensure that you see little to none of that crap.

i've been doing it quite a while and it has saved me from so much potential bullshit on my computer.

i get a few calls a week (cable hsi support) from people with these scareware programs on their machines. usually, i recommend they get a professional to clean their computer or will even go so far as to recommend a full system wipe.

it may take an hour or so to reload Windows, the drivers, system tweaks, etc. and only a few minutes for them to go right back to the same sites that got them there in the first place.

not only that, but getting your average user to use Firefox, let alone NoScript...forget about it.

Re:Hoard your clicks

[Whiteox]

Furthermore, why isn't Adblock stopping these things in the first place?

Because they are not ads.
That's the dumb thing about the whole 'protect your pc' scam which IMHO is bigger than most people think.

In the late 90's The big 3 US antiviral companies only scanned for viruses and left the door open for other US companies to provide software firewalls like Zone Alarm.
The European antivirals however went a step further by not distinguishing virus from worms or trojans and started to include spyware in their scan databases.
As time went on, pretty much everyone is offering 2 or 3 tiered scanning systems that incorporate firewalls, phishing, popups, malware, spyware, rogueware, trojans, worms and viruses.
In 2008/9 there are a few more 'threats' like rootkits and the very latest are 'botscans' like http://mtc.sri.com/
Trend Micro have their own too.... http://www.trendsecure.com/portal/en-US/tools/security_tools/rubotted ... It's the flavor of the month!

Now MS is getting its act together and are doing what they should have in the first place, is to block holes and to provide a level of free security scans for their products.

The question that interests me the most is what is pressuring MS to do this?
Are they growing a conscience? Or do they realise that their precious OS is the main cause of most of the internet abuse in the world?

In other news, Symantec/Norton have rewrote their internet suite (due to complaints I bet) and are offering 3 months for free (maybe Australia only?)! http://www.asecondchance.com.au/ I didn't know if I should laugh or feel sympathetic.

The abuse that internet aware MS systems are exposed to is massive and a lot of people from both sides are making lots of money. Money to be made 'protecting the pc' and money to be made by attacking it and money to be made by 'cleaning it'.
I deal with this sort of stuff every day and there is not one single product - professional or free, that can identify, delete and repair all the threats out there.

And yes, while the ball is rolling and money is to be made, then the game goes on.

Re:Hoard your clicks

[Firethorn]

They have your address if the ad only loaded.

I guess reporting the ads depends on the site - I'm far more likely to report a bad ad for dan's data than some random site I only found a few minutes ago.

Of course, I hardly see ads anyways, and ads featuring images of XP/Vista default schemes show up like a bad apple.

While responding to an email marks your address as valid, I'd dispute that repording a bad ad marks you as a mark - After all, you didn't fall for the one, indeed, you're mad enough to report it.

Re:Hoard your clicks

[pipingguy]

A few weeks ago a work colleague was trying to download a patch/hotfix from Autodesk with a newly-installed computer. Every time he clicked the 'download' link, there was a popup claiming that this file was no longer free, and "please enter credit card data" to get the file.

Autodesk hotfixes don't work that way, and he couldn't figure out what was wrong.

Accidentally noticing his predicament, I advised him that that machine had spyware -DO NOT TOUCH MORE- and grabbed the file from a secure computer. Question is, how many people get scammed by this despicable appropriation of others' computers and how many think this is "normal" or refuse to admit they've been "taken"?

2 solutions

[eniacfoa]

its a bit late after a million fools have purchased the software... the only 2 things that will fix this issue is all the people before born before 1975 die OR you make people get a computer license. I did tech support for a few years and imho majority of people who were born before 1975 are too stupid. yes i say stupid because they also ask you how to spell COMMAND (is that one M or two M's) or they say "whats internet explorer?" when you ask them to open it...everytime they switch on their pc it tells them what OS they have...it flashes up WINDOWS XP or whatever...but they have no clue what OS they are running...tech support makes you want to kill yourself so you never have to speak to a fool again....

Re:2 solutions

[Retief-CDT]

Sorry youngster, My anecdotal evidence is anyone born after 1980, is only barely bright enough to feed themselves. No Math skills, no idea of History and no idea of Critical thinking. Your post tends to provide necessary proof of the latter. Pretty stupid statement about assigning skill to age. I know many of us oldsters that have probably used computers while you still were playing with your "Action figure", dolls. Now I will agree, the majority of people, regardless of age, is below average. So rather than assign a chronological qualification to that of being "Stupid". Lets just say that stupid transcends any boundaries.

Re:2 solutions

[Fnord666]

Now I will agree, the majority of people, regardless of age, is below average.

Here he demonstrates those math skills he was talking about.

Re:2 solutions

[Retief-CDT]

Its called sarcastic humor. A reference to Lake Woebegone.

Re:2 solutions

Now I will agree, the majority of people, regardless of age, is below average.

Here he demonstrates those math skills he was talking about.

Actually, if he had said "median" you would be correct in your scathing intimation; however, he did in fact say "average", or "arithmetic mean".

This is defined by dictionary.com as "the mean obtained by adding several quantities together and dividing the sum by the number of quantities: the arithmetic mean of 1, 5, 2, and 8 is 4. "

Consider the following: In a group of 100 people, 20% (that's 20 people, btw) has a relatively high level of intelligence..for simplicity's sake we'll give them the mathematical value of 120...we can easily say that they are the minority. For the other 80% let's apply an intelligence value of 100.

The mathematical formula would look like this:

((20 x 120) + (80 x 100)) / 100 = 104

So: The average intelligence is 104. How many people in my problem are below the intelligence level of 104?

If you need to read it over again, I'll wait here for a moment....

Ok...since 80% of the people in this case are below the average, can we all agree that the statement "most people are below average intelligence" can be accurate?

Furthermore, you can see that it's not that hard to have "above average intelligence" if there is a large number of people with a relatively similar level of intelligence.

This is why we don't use "average" for serious calculations if a population possibly having disparate or distinct groups is involved. Investigate "standard deviation" for a more applicable valuation system.

Many humans believe they have above average intelligence. Some might, but unfortunately it doesn't mean what they believe it does.

Oh...you may have mistook an IQ of 100 as average. It's not.

Re:2 solutions

[eniacfoa]

well, i wasnt being entirely serious....I thought that was obvious.. and i dont think its that silly...even if the person I am guiding doesnt know anything about computers, the younger person is 'generally' able to follow instructions over the phone a lot easier...Im 30 years old by the way...not that young... the younger person also remembers that theyve seen "windows xp" flash up on the screen 1000 times... when you ask the younger person what brand of router they have? they go look and tell you in 2 seconds. the older person will often say - -"IM NOT A TECH!" in a very angry voice...I have NEVER had a younger person say that to me... again I wasnt being entirely serious, but there is some truth to the rant...

Re:2 solutions

[eniacfoa]

PS - I completely agree the average intelligence of "joe the plumber" is waaaayyy below par...... "There are three kinds of intelligence: one kind understands things for itself, the other appreciates what others can understand, the third understands neither for itself nor through others. This first kind is excellent, the second good, and the third kind useless." - Niccolo Machiavelli

Re:2 solutions

[eniacfoa]

ha one last thing...my 1st computer was a vic-20, ive sinced owned an apple IIc, c64, c128, amiga 500, amiga 1200, amiga 3000 and of course many x86 boxes... so your generalization of you were using computers while I was playing with action figure dolls is as wrong as mine... except i was just ranting coz tech support does really make you want to kill yourself and the dipshit on the other end of the line...

Re:2 solutions

[Kirth+Gersen]

Fnord666:

Now I will agree, the majority of people, regardless of age, is below average.

Here he demonstrates those math skills he was talking about.

Perhaps you're joking, but in case you aren't: consider a population where 90% of people have an IQ of 90 and 10% have an IQ of 190.

Of course, IQ tests are normalized on the assumption of a symmetrical bellcurve distribution, but that's not a *math* issue.

Re:2 solutions

[IorDMUX]

But... if you're talking about a normally distributed [Gaussian] statistic such as IQ and you have a sufficiently large, randomly selected sample (or if you are looking at the population as a whole), then the median is, for all intents and purposes, equal to mean/average.

Therefore, I stand behind GP's 'scathing intimation'.

Alternate title: FTC Identifies Over 1M Morons

[Spatial]

In an unrelated story, the FTC has invested in some extremely large ovens in an effort to reduce the nation's dependence on foreign energy sources. They claim the new fuel is actually self-perpetuating and that "There is an unlimited supply here at home."

Re:(Re: FTC Kills Scareware Scam)

[networkBoy]

mmmm troll fishing...

I'll never run OSX 'cause I'm a cheap bastard who won't buy a Mac and doesn't pirate software. (which happens to be why I have only one Windows PC...)

Re:A fool and his money...

[ExploHD]

No, it's security center. If you have XP, look for it under the control panel.

Thankful for Winantivirus

[Trenchbroom]

I was a safe Windows user. Unfortunately the wife was not, and because of a few mistaken mouse clicks on her part Winantivirus was installed on my computer. It's tenacious grip on my XP install forced me to look for an alternative. Linux was installed over XP, and for three years now I've had the pleasure of laughing at articles just like this one. Thanks Winantivirus!

Re:Thankful for Winantivirus

[justinlee37]

It's tenacious grip on my XP install forced me to look for an alternative.

I don't see why you needed an alternative. Just backup your essential files, format your harddrive, re-install Windows, and bam! You're done.

Re:Thankful for Winantivirus

[Frosty+Piss]

I don't see why you needed an alternative. Just backup your essential files, format your harddrive, re-install Windows, and bam! You're done.

And spend a few hours reinstalling all the other applications you had installed?

Re:Thankful for Winantivirus

[justinlee37]

Yeah, that's true. But sometimes there's only one way to kill malware. It helps if you keep all of your driver/basic application install utilities in a separate folder in your "essential files" group (which should be on a different drive than the operating system). Also, luckily I only have to do it once in a blue moon because, unlike the OP, I don't have any computer-illiterates mucking about with my stuff. Might change if I get married.

Re:Thankful for Winantivirus

[pxlmusic]

or you could reload, install the drivers/apps; update, and then Ghost the drive to an external HDD.

Re:Thankful for Winantivirus

[Erikderzweite]

Why bother each end every time if you can solve the problem once and for all. Provided no other problems i.e. incompatible hardware arise, but you can actually test it at no cost.

I do have illiterate users in my family -- my parents and my aunt, all in their 60s. They got Linux after I got tired of re-doing same things over and over again. After a short tutorial on "where is the Internet here" they have close to no problems with it. They didn't setup it themselves, but then again, they've needed me to setup Windows for them.

Re:Thankful for Winantivirus

[justinlee37]

Because "each and every time" is only an average of maybe once a year, probably more like once every two years. Figuring out how to make Crysis run in Linux sounds like more of a hassle, to me, than reinstalling windows once in a blue moon. I'm also pretty skeptical of the idea that Linux is "virus-immune," it seems to me that you could fuck up a Linux install just as easily as a Windows install by running a malware-infested executable.

Re:Thankful for Winantivirus

[Erikderzweite]

Well, looks like 1 Million people have just found a reason to do it once more.
As for Crysis -- if latest PC games have the high priority for you -- you better stuck with Windows although I know some people that dual-boot to network-disabled XP if they want to play some fancy title. I, for one, got tired of keeping up with ever growing system requirements and don't play games on PC anymore except for a casual BfW match.

As for Linux viruses -- I am yet to find any in the wild. Besides, you need to make a file executable in order to lauch it. So brithneynude.jpg.exe is not such a valid option for virus makers. Plus you have much better user/admin separation. As a user you could only screw your home folder, not the whole system.
Of course, if you somehow manage to find such virus, download it, make it executable and run it with administrator privileges -- you're fucked up anyway. But you don't really need a virus for that -- rm /* -rm as root will suffice.

Re:Thankful for Winantivirus

[justinlee37]

Yeah, if it weren't for PC games I'd have no business owning a PC that features a quad-core 2.4ghz AMD Phenom, 8gb of 1066 mhz DDR2 RAM, and a 1gb Radeon 3870x2 PCI-E 2.0 GPU.

How many years did this take?

[terraformer]

At this rate they will nail the Extenze scam by 2015 and Head On by 2020. If they can't shut these things down fast enough, the amount of money they make is still vastly larger than any fine, so the fine and shutdown is just a cost of doing business. They need to be more proactive.

Is there a clickjacking connection?

[tbg58]

One of my client sites was clickjacked, and another had an attempted clickjacking. The connection is that the one that succeeded redirected users to a Russian site with scareware/malvertisement (AntiVirus Defense 2009). Same modus operandi - their scareware scanned my C: drive and found infected exe and dll files galore, a fact most curious on an Ubuntu Linux desktop.

The other attempted clickjacking was to a Chinese site, but I can't help but wonder if there's something more serious going on here. Some of these scareware sellers are paying to have script kiddies put iframe clickjacks on every index.* file in a web host they can compromise, which is more than just a civil matter.

Do they stop with just charging $39.95 from the victim's credit card, or keep on charging until they hit the limit or get an alert? And does the victim's machine get free from the scareware, or is it recruited into a botnet to send out more malvertisements?

Inquiring minds want to know.

Sign me up!

[whizzleteats]

You mean there's anti-virus software that will find pornography on my computer? Will it show it to me as well? :D

Particularly nasty

[RockMFR]

The most interesting part of this operation was that they apparently impersonated legitimate businesses, created advertisements for these businesses, and then had them placed on high-profile websites. The buyers of these ads typically had no idea anything was wrong because the ad code was both obfuscated and would only redirect the user to the bad website a small percentage of the time.

Is it the same Sam Jain

[the_other_one]

I wonder if the Sam Jain referenced in the article is the same Sam Jain behind efront. There was plenty of good reading on fuckedcompany.com way back then when the ICQ logs were released on the net.

UNIX has sandboxes. They're called separate users.

[tepples]

Are you...running malware in WINE for fun?

You _do_ realize that this grants write access to all your priceless documents in ~

Which is why people who test malware in WINE make a separate user for this.

An infected backup

[tepples]

Even though users can have their files easily restored in minutes from a backup?

And what keeps the files from getting infected before the backup?

INCOMING CAR ANALOGY IN 3... 2...

[spazdor]

Do you really think that, somehow, the hardware in a laptop deteriorates and gets less reliable with age?

Not to be condescending or anything, but... yeah. You may notice the same thing happens with cars.

Re:INCOMING CAR ANALOGY IN 3... 2...

[evilviper]

Bad analogy, demonstrating ignorance of the subject.

Laptops are not exposed to the elements, massive mechanical stresses, and only the HDD and fans face any mechanical wear and tear (and very, very little at that).

HOOOORAY!

[stupidflanders]

I have cleaned this off of 50+ computers at work. Stupid users. It's about damn time someone shut this company down.

Re:HOOOORAY!

[yuna49]

There's also the option of running a transparent web proxy that blocks access to malicious sites and dangerous filetypes. I install a transparent Squid proxy on Linux firewall routers for clients and make sure there are ACL entries to block things like .exe files. Blocking specific sites is also a no-brainer.

These days most offices scan emails for malware but apparently never think about blocking web access to the same types of infections. It's no wonder most of the scam emails I see include embedded URLs rather than attached files.

Does that mean...

[unkaggregate]

When I'm googling around for programmer documentation I no longer have to fear Google showing one thing but the website auto-redirecting to Antivirus 2009 and it's infernal fake nagging "scan" page?
Thank God.

Having hit three in a row thought it would be nice to vent my frustration by mirroring it and defacing the mirror.

They can't do that!

[bensafrickingenius]

How am I supposed to put food on my table if people don't have the opportunity to destroy their systems with a single click anymore? My computer repair business is doomed. Doomed, I say!

Re:They can't do that!

[jonaskoelker]

How am I supposed to put food on my table

You're doing it wrong! You're supposed to put it on your family ;)

Claimed my Linux box had viruses in the registry

[Rick17JJ]

On several occasions have run across aggressive annoying advertisements which popped-up claiming to have detected viruses and spyware on my computer. On each occasion, I was using Linux and browsing the Internet with Firefox. I normally do not get pop-ups when using Firefox, but some scareware advertisers do still know how to make pop-ups appear.

Earlier this year, I had just installed a brand new copy of Kubuntu Linux on a brand new hard disk in my computer. It did not (and still does not) have Windows or any Microsoft products installed on it. I had also installed a firewall and had it behind a router which also had a firewall with all ports closed to the outside world. I had even installed all the latest security updates.

If I remember correctly, this is roughly what happened next. A day or two later, as I was browsing the Internet with Firefox, an ad popped up saying that they had detected several types of viruses and spyware running on my computer. It then asked if I want to have my hard disk scanned for viruses. I closed the advertisement without giving permission. Then another pop-up, with a progress bar, appeared, which claimed that it as scanning drive C: for viruses. I thought, that was odd, since Linux computers do not have a drive C. Before long, a pop-up appeared which said that Microsoft had detected references to viruses and spyware in my registry. That also seemed odd, since Linux does not even have a registry. Furthermore, I thought, what was a Microsoft pop-up doing on my Linux computer. Besides, at least last that I have heard, there still have not yet been any Linux viruses successfully circulating in the wild.

Finally, they asked me to click on a link and purchase their product, so that my computer could be disinfected. At no point in the process of supposedly scanning my hard disk without permission, did they seem to notice or comment on the fact that I was using Linux.

It's ridiculous.

I'm amazed that it's taken this long for something to be done about this. I'm also amazed at the magical protective perception field around them. They're not just scams, they're viruses. If they were written by some 14 year old in their parents basement, heavily armed goons would sweep in and drag them off to jail to face felony charges for unauthorized access to a computer, distributing a virus, etc. The protection racket they're running using their viruses is icing on the cake.

The fact is, these are viruses and they're not just spread by people voluntarily downloading programs they believe to be anti-virus software due to scary pop-ups. These things use exploits in windows and web browsers to infect peoples system whether or not they choose to install them, then they generate messages that can truthfully claim that the computer is infected with a virus. Having endured hell working in tech support I've seen plenty of infections by this crap.

So, on the one hand, it's good that someone is finally doing something. On the other hand, where the hell are the criminal charges? Why is it the FTC doing something and not the FBI? Because the criminal scum behind this throw on the trappings of a business they become sacrosanct and get civil actions where the rest of us mere mortals would be put away for life. What the freaking hell!

MS is also partly to blame

[tuxgeek]

I recall years ago when I used the MS Windows product that I would occasionally get a pop up message from a random web site telling me that scans showed I have all sorts of nasty crap on my machine. It's the windows messenger at fault here. I had to go to grc.com to find the procedure to "Kill the Messenger".

Evidently M$ still enables this useless feature by default and unwary users are still being duped by it. Microsoft should also be held responsible for damages caused by their products, or at the very least they really should inform their customers how to protect themselves when using their products.

Re:MS is also partly to blame

[pxlmusic]

that Messenger service was turned off by default in SP2

Re:Argument for the lockout chip business model?

[xlsior]

What about the hoop of "developer must be a company with office space, not an individual" and the hoop of "in order to get your app signed, you have to pay the platform owner four figures to test it thoroughly"?

Enforcing that would absolutely massacre the PC platform, since you also prohibit the hundreds of thousands of people who program useful utilities, tools, applications and games for fun and spread them for free. Just because someone writes a game in his bedroom at night and releases it for free doesn't make it malicious software. The whole point of having a general purpose PC is that you can basically install 'everything' you want/need/like.

If the world at large was truly waiting for closed, secure, trusted, authorized-payware-only platform, we've have locked down 'office appliances' everywhere a long time ago. The fact that you don't see any seems to indicate that there is no viable market for them. (Although in some small ways things to seem to inch this way: For example, under 64-bit Vista you can only install signed drivers, but I for one certainly hope that we a re a VERY long way of from enforcing the same restructions on actuall applications)

Anyway, just because some people try to scam others into loading malicious software doesn't means that everyone should have to suffer the 'fix' -- it just means that the scammers need to be dealt with, just like they would if they were standing on a streetcorner trying to scam others.
Analogy time: Hey, if you go outside, someone could harm you! Lets force everyone to stay in their own house at all times unless they are a properly registered and payed their "I can afford 4 figures"-tax. Equally ridiculous.

Re:sloppy developers

[Al+Dimond]

Ha, well in that case it's even easier. Surely it wouldn't be hard to find a bunch of players willing to cancel WoW subscriptions until a blatant programming error is fixed!

I'm not all that familiar with any of this software specifically since I'm not a gamer, but earlier today I thought the same thing you did about Punk Buster: it could be a daemon running as root, a setuid binary (I'm sure Windows has an equivalent but I don't know what it's called), or a kernel module without requiring other programs to run as admin. So I looked it up and it sounds from their Wikipedia page like they've already done it.

Re:Argument for the lockout chip business model?

[Miseph]

"The operating systems in video game consoles, digital video recorders, and some mobile phones do exactly this. And when these gain web browsers, they begin to blur the line between "appliance" and "computer"."

And people will jump through ridiculous hoops to break that so they can run what they want on the things they own.

"What about the hoop of "developer must be a company with office space, not an individual" and the hoop of "in order to get your app signed, you have to pay the platform owner four figures to test it thoroughly"?"

So... no more FOSS outside of a very small number of major projects lucky enough to be backed by some major company? Farewell to software being a business where anyone can get involved and produce legitimate work, hello to corporate extortion and competitive lockout.

These aren't the solutions, they're the problem!

Blaming the User

[Detritus]

If this is the same scam that I've seen lately, have a little sympathy for the end user. The ad generates a nasty dialog box that can only be killed by forcing the browser to quit. The alternative is to "agree" to let them scan your PC. I'm paranoid enough about browser security bugs that there is no way in Hell that I would agree to that. The fact that their ad can create such a dialog box seems like a browser bug to me. Have you stopped beating your wife [Y/N]?

Re:Blaming the User

[Koiu+Lpoi]

Have you stopped beating your wife [Y/N]?

Mu.

Re:Claimed my Linux box had viruses in the registr

[mpe]

If I remember correctly, this is roughly what happened next. A day or two later, as I was browsing the Internet with Firefox, an ad popped up saying that they had detected several types of viruses and spyware running on my computer. It then asked if I want to have my hard disk scanned for viruses. I closed the advertisement without giving permission. Then another pop-up, with a progress bar, appeared, which claimed that it as scanning drive C: for viruses. I thought, that was odd, since Linux computers do not have a drive C. Before long, a pop-up appeared which said that Microsoft had detected references to viruses and spyware in my registry. That also seemed odd, since Linux does not even have a registry. Furthermore, I thought, what was a Microsoft pop-up doing on my Linux computer. Besides, at least last that I have heard, there still have not yet been any Linux viruses successfully circulating in the wild.
Finally, they asked me to click on a link and purchase their product, so that my computer could be disinfected. At no point in the process of supposedly scanning my hard disk without permission, did they seem to notice or comment on the fact that I was using Linux.

It wouldn't be that hard for these crooks to have this only happen if you your browser had a Windows user agent string. That they can't even be bothered to do this means that they arn't scared of being caught. That their lies are so obvious should be exactly the sort of evidence that prosecutors should be looking for... Regular con artists tend to be far more subtle with their lying.

Re:Claimed my Linux box had viruses in the registr

[AnalPerfume]

If the pre-recorded video looks like it's an active application running it will fool the uneducated; it's designed to. Your PC wasn't scanned as you know, it played a video making you think it was being scanned. The last thing they want is to go to the hassle of making it really scan and find nothing, therefor no way to scare you into buying their shit. They play the numbers and go for the easy mass target, they style their videos on Windows.

It's like playing a video demo of a game and handing a young kid the controller; tell him he's controlling what he sees and it'll keep him occupied for a while, until he clicks that he ain't.

But it doesn't run on Linux

[kimvette]

I've been concerned about spyware and viruses on my linux system so I tried to downloaded Spyware Guard 2009 and tried to run it on my Linux system. The darn thing wouldn't run! I tweaked and fiddled with wine for a while then installed Crossover Office, all to no avail. I sent them bug report after bug report about this incompatibility but they never respond. Darn it, I feel left out! ;)

Finally!

[roland_mai]

They should have done this earlier.

it's about time.

[yodleboy]

farkin trolls, i hope the go to jail for fraud.
my wife got one of these on her laptop the other day. endless popup windows disguised to look like windows system messages or anti-virus software. she knows we use avast and thought the windows looked 'different' so she asked me to take a look. Kill firefox and problem solved.

I guess my point is, it didn't take a whole lot of knowledge for her to identify a scam. Know what is SUPPOSED to be running on your system and what those things look like. If you see anything different, get suspicious.

It's funny how the people I know that spread the most FUD about viruses/phishing/scams (panicky emails about the latest e-boogey man) are also the ones that get hit most often. You'd think they'd be the most paranoid and stay safe.

this time education is not the problem

[svallarian]

This particular piece of malware no good bit of user education can prevent. One variant comes in through an adobe acrobat exploit that's launched through an iframe. No user interaction required.

malware-bytes

[dan487]

The Malware-bytes program deals with this program perfectly. First time I had this issue, it took me 3 or 4 hours to clear it, not with this program, it takes all of 20 minutes to do a quick scan, remove, and be done with it.

Re:What a load of tripe

[Timothy+Brownawell]

Now, in BOTH cases, you lose your data. But in one case you lose anyone else's data AND the OS, and in the other one, only your data.

This only matters on a shared system, where the different users actually use different accounts and set nontrivial passwords. Any envioronment with users clueful enough to do this, or administrators clueful enough to enforce this, will also have users clueful enough to avoid trojans or administrators clueful enough to secure their systems and make regular backups.

Plus I think the default umask is world-readable, so any one user running a spyware will in fact compromise everyone's data. Malware these days isn't so intent on causing corruption, because that isn't profitable.

But the one where you lose ALL security is the better one????

WTF are you talking about? The only "better" security model I mentioned is per-application access limitations, which I do not believe any mainstream system offers in a usable manner, and which will still be circumvented by a sufficiently motivated (chance of free porn or cute puppies) idiot.

Re:sloppy developers

[Al+Dimond]

That it can be worked around by the user doesn't change the fact that it's a programming error. The programmers made an assumption that the user running the program would have write access to the directory containing the binary. That hasn't been a safe assumption on Windows for years.

In fact, the workaround you suggest is hardly complete; where is a non-admin user going to move the binary? Somewhere within his home directory. Other non-admins likely won't even have read access.