Malware Found On Brand-New Windows Netbook

← Back to Stories (view on slashdot.org)

Malware Found On Brand-New Windows Netbook

Posted by kdawson on Saturday May 23, 2009 @09:07AM from the be-careful-out-there dept.

An anonymous reader alerts us to an interesting development that Kaspersky Labs stumbled across. They purchased a new M&A Companion Touch netbook in order to test a new anti-virus product targeted at the netbook segment, and discovered three pieces of malware on the factory-sealed netbook. A little sleuthing turned up the likely infection scenario — at the factory, someone was updating Intel drivers using a USB flash drive that was infected with a variant of the AutoRun worm. "Installed along with the worm was a rootkit and a password stealer that harvests log-in credentials for online games such as World of Warcraft. ... To ensure that a new PC is malware-free, [Kaspersky] recommended that before users connect the machine to the Internet, they install security software, update it by retrieving the latest definition file on another computer, and transferring that update to the new system, then running a full antivirus scan."

250 comments

Min score:

Reason:

Sort:

Ha ha. by yourassOA · 2009-05-23 09:12 · Score: 5, Insightful

Doesn't seem like an accident.
1. Re:Ha ha. by Z00L00K · 2009-05-23 09:36 · Score: 1
  
  And why is it that all machines comes pre-installed?
  If they weren't then this problem with malware on preinstalled machines would have been less spread.
  
  --
  If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
2. Re:Ha ha. by Anonymous Coward · 2009-05-23 09:53 · Score: 2, Funny
  
  I'd hate to find windows on a brand-new malware netbook.
3. Re:Ha ha. by spywhere · 2009-05-23 10:01 · Score: 1
  
  Yeah. Also, how come every time I buy batteries, they aren't included?
4. Re:Ha ha. by Runaway1956 · 2009-05-23 10:29 · Score: 4, Informative
  
  Nor is it really news. The wife bought a Compaq some years ago. I cleaned it of malware, then in a few days, she complained of more. Did a "restore" from the restore partition. Malware restored itself along with the Windows OS. Imagine that....... OEM's are PAID to install crapware, and they are only to happy to accept the money.
  
  --
  "Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it." - Charlie Br
5. Re:Ha ha. by The+Grim+Reefer2 · 2009-05-23 11:00 · Score: 2, Funny
  
  Yeah. Also, how come every time I buy batteries, they aren't included?
  Stephen Wright, is that you?
6. Re:Ha ha. by SanityInAnarchy · 2009-05-23 11:26 · Score: 3, Insightful
  
  Yeah, because if they weren't pre-installed, the OS DVD would be so much safer...
  Right...
  If the manufacturer is compromised, you're boned either way.
  
  --
  Don't thank God, thank a doctor!
7. Re:Ha ha. by Anonymous Coward · 2009-05-23 13:29 · Score: 0
  
  This is news? Who gives a damn about MS windows anyway? Bury it already, get on with life.
8. Re:Ha ha. by xOneca · 2009-05-23 22:52 · Score: 0
  
  Computers aren't for lusers. You should know some basic skills before using a computer.
  Operating systems are becoming computers too easy to use, in my opinion...
9. Re:Ha ha. by Chlorine+Trifluoride · 2009-05-24 13:53 · Score: 1
  
  So I assume you posted this from an operating system that you wrote entirely yourself?
10. Re:Ha ha. by Anonymous Coward · 2009-05-24 21:27 · Score: 0
  
  I bought an oem vista dvd for one of my pc and now I use that to format my friends new pcs.
11. Re:Ha ha. by xOneca · 2009-05-25 08:28 · Score: 1
  
  Owned! :D
Pffft by BobReturns · 2009-05-23 09:13 · Score: 3, Insightful

Yes, because any average Joe user is capable of utilising that 'solution'.
1. Re:Pffft by yourassOA · 2009-05-23 09:22 · Score: 1
  
  What if someone buys the Netbook and it is their only computer? It seems kinda weird that a reputable (cough) company would allow employ to walk around with usb drive for updating hardware.
  Isn't windows on it's own partition and not fully installed till the computer is turned on for the first time by the consumer?
2. Re:Pffft by Bigjeff5 · 2009-05-23 10:20 · Score: 5, Informative
  
  First, the autorun worm was absurdly difficult to remove. The larger the organization the more likely it is to stick around.
  Second, have you ever built a corporate or OEM OS image before? Using a usb drive to install drivers is not only likely, it's practical.
  The way modern mass-images work is as follows: you have your technician machine, upon which you build the custom tools to incorporate into the image - this would be scripting software packages, customizing settings, etc. Then you have your build machine - this is a clean machine with a fresh OS install on it. You then customize that machine exactly the way you want it, installing custom packages, add all the drivers for all the machines in your product lineup (be sure to include a script to remove the unneeded drivers post-sysprep!), and reseal it to OEM spec with sysprep (which calls any necessary post-build scripts).
  Now, you test, test, test, and test to be sure it is good, and mass deploy it to all your hard drives that will be going into all your machines. Much of this does not have to be changed when new models are added, and with MS's newer tools a lot can simply be slipped in to the image itself without having to re-seal it. Very convenient. That also may be how this thing got in as well, who knows.
  The breakdown here was on the final step: apparently nobody scanned the test machine for viruses/malware before deploying the image. I'm surprised only a few netbooks were hit, unless the others just haven't noticed yet, heh.
  
  --
  Security is mostly a superstition... Avoiding danger is no safer in the long run than outright exposure. - Helen Keller
3. Re:Pffft by Jurily · 2009-05-23 11:11 · Score: 1
  
  Yes, because any average Joe user is capable of utilising that 'solution'.
  The first thing I did with my laptop was to reinstall Vista with the DVD that came with it. Is there a way to get malware from there or the driver disk?
4. Re:Pffft by Bigjeff5 · 2009-05-23 13:56 · Score: 1
  
  Actually yeah, the new OEM deployment tools that are available to them, plus the paradigm shift in Vista's base install method, allow them to give you a Vista re-install disk that has all of their bloatware and intentional/unintentional malware already on it.
  In most cases, I don't see it happening, as they probably won't make anything off the re-install whether it has the bloat/malware or not. Not yet anyway.
  
  --
  Security is mostly a superstition... Avoiding danger is no safer in the long run than outright exposure. - Helen Keller
5. Re:Pffft by EsbenMoseHansen · 2009-05-23 20:22 · Score: 2, Insightful
  
  The first thing I did with my laptop was to reinstall Vista with the DVD that came with it. Is there a way to get malware from there or the driver disk?
  Replace "Vista" with Ubuntu/Red Hat/SuSE/Debian and you should be fine :P More seriously, why hasn't Microsoft made a package manager+repositories yet? It is absurd that people and companies have to verify that drivers and (basic) applications are clean. The problem is a problem that already has a proven solution: signed packages from a large repository. Signed to guard against tampering after the repository. Large, so that any foul play is discovered quickly. Heck, I'm sure that you could port apt+dpkg or rpm to windows and be down with it :)
  
  --
  Religion is regarded by the common people as true, by the wise as false, and by rulers as useful.
6. Re:Pffft by Anonymous Coward · 2009-05-23 22:29 · Score: 0
  
  (If using NTFS)
  Open the autorun.inf in a text editor (on a machine with an up to date anti-virus or has autorun disabled in the registry or which isn't affected by the autorun.inf (Mac/Linux))
  Empty the contents (or put in the stuff that you WANT to use as autorun) and save.
  Right click the new 0b autorun.inf, choose properties, go to the securities tab, and deny write access to "Everyone" or any users listed there. Apply. (Not quite as stright forward as chmod 555 autorun.inf I suppose?)
7. Re:Pffft by Fred_A · 2009-05-24 00:00 · Score: 1
  
  More seriously, why hasn't Microsoft made a package manager+repositories yet?
  It seems that they kind of have one for their own applications. It shouldn't be that difficult to allow it to register external applications. My guess is that MS doesn't want to make it easy to use non MS apps.
  Of course there would be serious security implications, especially if users persist in clicking through all the popups without reading them...
  Disclaimer : I'm really not familiar at all with Windows inner workings any more. Maybe it would all actually be very complicated.
  
  --
  
  May contain traces of nut.
  Made from the freshest electrons.
8. Re:Pffft by Anonymous Coward · 2009-05-24 02:02 · Score: 0
  
  Yes, because any average Joe user is capable of utilising that 'solution'.
  Of course he is, properly armed with the Kaspersky Internet Security Suite, of course.
9. Re:Pffft by Thinboy00 · 2009-05-24 03:19 · Score: 1
  
  Well, such a beast does exist, but it only runs on Linux (i.e. it's made for Wine). It's called "Wine-doors"
  
  --
  $ make available
10. Re:Pffft by atraintocry · 2009-05-24 18:42 · Score: 1
  
  I have to disagree with you on the non-MS app explanation.
  I think it's more the case that historically Microsoft has tried to make developing for Windows as easy as possible, even when there was a cost to the user (such as software stability or uniformity). They've have to reverse that position somewhat but I doubt they'll reverse it all the way. Windows might be the most open fully-commercial/closed-source OS we'll ever have, because of MS's tradition of OEMs and ISVs first.
  And can you imagine the crap that would go down antitrust-wise if they (a) made it possible to white list your machine to an MS-approved state or (b) took it upon themselves to decide what software was and wasn't safe? I'm not saying that I know for sure that they won't ever do this, and They were trying to go there with Trusted Platform, after all. But my point is that the barriers are mostly cultural.
  The WHQL stuff, where they allow vendors to have drivers signed, has been both good and bad. A lot of hardware vendors will just ship the hardware with some instructions on how to ignore the WHQL "this driver is not tested/signed" warning.
  Which is not to say that there aren't technical obstacles, like the genius idea of shipping most of the OS code as DLLs and having a generic "DLL to EXE" program load them, and shoving services into a single process because processes are expensive. I'm sure there are others.
Right..... by phantomfive · 2009-05-23 09:14 · Score: 5, Insightful

To ensure that a new PC is malware-free, [Kaspersky] recommended that before users connect the machine to the Internet, they install security software, update it by retrieving the latest definition file on another computer, and transferring that update to the new system, then running a full antivirus scan
And people say Linux is user unfriendly? I never use Windows to visit banking/credit card/money websites, and I advise all my friends to do the same.

--
Qxe4
1. Re:Right..... by phantomfive · 2009-05-23 09:25 · Score: 4, Insightful
  
  The only reason it's always that way is due to the fact it would be almost useless for an attacker to target linux ......
  It's not the only reason. The obvious counter-example is IIS vs Apache, where IIS has gotten owned more than Apache, despite Apache's vastly greater marketshare.
  
  Personally I'm looking forward to a world that is 30% OSX, 30% Linux, and 30% Windows. Not only will there be more software available for the OS of my choice, but also it will be harder for malware to spread. Look, in this case if the manufacturers hadn't been using Windows to download the drivers in the factory, the virus wouldn't have spread to the new computer. Monoculture is bad for many reasons.
  
  --
  Qxe4
2. Re:Right..... by iamhigh · 2009-05-23 09:36 · Score: 2, Insightful
  
  It's not the only reason. The obvious counter-example is IIS vs Apache, where IIS has gotten owned more than Apache, despite Apache's vastly greater marketshare.
  Start with IIS 6 and that isn't really true anymore. It is widely accepted by those without a bias that IIS 6 is as good as equivalent Apache releases (when properly configured, of course).
  
  Do you really think having to write software on 3 different systems will result in less malware? Do you think companies will double the development staff to accommodate the differences in systems? I think a 33/33/33 split would make software companies have to support more variances, but probably not do any as well as they do now. And yes, if you get that split, and the split is equally distributed among the different levels of technical ability, you would start to see malware for Linux and OSX; do you really think a Windows user that has just "clicks thru" wouldn't do the same on Linux (or type sudo first or whatever the equivalent is on OSX)?
  
  --
  No comprende? Let me type that a little slower for you...
3. Re:Right..... by thetoadwarrior · 2009-05-23 09:42 · Score: 1
  
  I think attacks on Linux would increase and you're bound to get clowns who run their system as root all the time if given the chance.
  
  However a huge chunk of the world run their servers with linux and open source alternatives. These sites include sites that hold credit card information so they would be obvious targets and their source code is available to all to find holes yet MS' offerings, like IIS, seem to have a higher ratio of problems.
  
  So in the end I don't think Linux would actually reach Window's level of insecurity.
4. Re:Right..... by Bert64 · 2009-05-23 09:51 · Score: 1
  
  Linux is very widely used in the server market, and yet still seems comparably few attacks there... Although there is plenty of malware, it is almost always targeted at servers and is manually installed onto the machine and typically only targets one or two distributions or kernel versions. There is very little malware that is going to affect an average user who's browsing websites or inserting arbitrary media.
  
  --
  http://spamdecoy.net - free throwaway anonymous email - avoid spam!
5. Re:Right..... by phantomfive · 2009-05-23 09:53 · Score: 4, Informative
  
  Start with IIS 6 and that isn't really true anymore. It is widely accepted by those without a bias that IIS 6 is as good as equivalent Apache releases (when properly configured, of course).
  
  That's irrelevant to the point I was making though, which is that popularity is not the only thing that matters where security is concerned.
  
  Do you really think having to write software on 3 different systems will result in less malware? Do you think companies will double the development staff to accommodate the differences in systems? I think a 33/33/33 split would make software companies have to support more variances, but probably not do any as well as they do now.
  This is an interesting point, but in the old days, software companies supported Commodore, Apple, IBM, Atari, etc. The reality of the situation is that for most big software companies, the number of programmers they have is only vaguely related to the income they generate from their software. A single programmer can write code that generates millions of dollars if you can get people to pay for it. So most companies are going to do a cost/benefit analysis: is it worth it to port my software to X system? If there are millions of users on that system, the answer is probably yes. Most major software already runs on both Macintosh and Windows, and OSX only has about 10% of the marketshare. I see no reason they wouldn't write for all three systems in many cases (although I admit I would be happy to leave Windows out, since it's relatively a pain to write for).
  
  do you really think a Windows user that has just "clicks thru" wouldn't do the same on Linux (or type sudo first or whatever the equivalent is on OSX)?
  This is a good question, and you are probably right, but the security model in OSX is a lot more clear, so it would be easier to teach users, "If you have to type in your password, something bad might happen!" On OSX application installation is just a matter of drag and drop, normally there is no need to type in your password, so if you do have to, then you really need to think about what you're doing.
  
  --
  Qxe4
6. Re:Right..... by sphealey · 2009-05-23 09:56 · Score: 4, Insightful
  
  > Do you really think having to write software on 3 different
  > systems will result in less malware?
  Do you really thing that monocrop agriculture could destroy an entire civilization? Oh wait...
  And when NASA attempted to build the ultimate fail-safe computer system for the Shuttle do you really think they wasted their money having 1 of the 5 CPUs built, designed, and programmed by an entirely separate organization than the primary contractor and prohibiting the two design groups from communicating with one another? Oh wait...
  sPh
7. Re:Right..... by Anonymous Coward · 2009-05-23 10:04 · Score: 0, Flamebait
  
  I never use Windows to visit banking/credit card/money websites, and I advise all my friends to do the same.
  Then you sir, are a fool. Literally hundreds of millions do this just fine without incident. Someday I hope you learn the difference between a few hyperbolic anecdotes and statistics. Especially in this case where it seems it's the OEM's fault. Linux is just a vulnerable in this regard.
8. Re:Right..... by iamhigh · 2009-05-23 10:08 · Score: 1
  
  Do you really thing that monocrop agriculture could destroy an entire civilization? Oh wait...
  Are we talking about sprinkling fertilizer and water on computers? Oh wait...
  
  And when NASA attempted to build the ultimate fail-safe computer system for the Shuttle do you really think they wasted their money having 1 of the 5 CPUs built, designed, and programmed by an entirely separate organization than the primary contractor and prohibiting the two design groups from communicating with one another? Oh wait...
  Are we talking about a company with the ability to spend billions of dollars and years on a single software release? Probably not...
  
  --
  No comprende? Let me type that a little slower for you...
9. Re:Right..... by MichaelSmith · 2009-05-23 10:10 · Score: 1
  
  The problem is that windows, OSX and *nix all converge as you look closer to the UI. Workstations tend to run the same applications and support the same protocols. Most of them run javascript and flash for example. Maybe in the future a lot of those workstations will be primarily thin clients used to access online services. Then the services get hacked...
  
  --
  http://michaelsmith.id.au
10. Re:Right..... by phantomfive · 2009-05-23 10:16 · Score: 1
  
  Yeah, I know what you mean, like, 5 in 6 play Russian Roulette and survive. Should be safe, right? As for me, I will try to increase the odds of NOT having my bank account cleaned out by mean people, and I don't care if it IS the OEM's fault because they aren't going to fill my bank account back up again. Avoiding Windows is a good way to do that.
  
  Also, since you like statistics so much, let's talk about them: statistically speaking you are much less likely to get malware on a Linux machine. If that ever changes, I will advise my friends to not use Linux as well for banking purposes. I don't get religious when it comes to money.
  
  Also, I question your statistic. Do literally hundreds of millions of people bank online? Are you sure about that? If you have a source, I'd be interested in seeing it. Because most people in this world don't even have a computer.
  
  --
  Qxe4
11. Re:Right..... by hairyfeet · 2009-05-23 10:33 · Score: 5, Funny
  
  Uuuhhhhh....I really hate to burst your reality bubble there, bud, but there is a reason why all the Linux servers aren't getting pwned and the Windows desktops are. It is because they have these things called server admins and they are usually pretty damned smart. They are also really anal retentive when it comes to anything security related. With good reason, after all they are getting paid the big bucks to be. Meet Glenn. Say hi Glenn (I'm busy, go away) not a very social creature, Glenn is a Linux server admin. He spends most of his time on security websites and learning about the latest nasty when he isn't testing a new tweak on the test server to see if he can get an extra .05% performance under load. In his free time he enjoys black hat conferences, which his employer is happy to pay him to attend.
  Now we are going to meet an average Windows desktop user. Meet Velma. say hi Velma (Hi Y'all!) isn't she sweet? Little Velma works at the local insurance agency. they love her there because she can take one look at a customer and without looking up a shred of paperwork say something like this "Hi Bob! How's your oldest girl? You know she's about ready to get her learner's permit so I've already looked up the most affordable coverage for her. Does she have really good grades? She can get an extra discount if she does" and so on. Little Velma is really good at generating sales. She is sweet and friendly and always knows your name and remembers all about your family. Everybody loves little Velma.
  /cue ominous music......But we here in the PC business have a nickname for little Velma, one that she don't know about but is well earned it is....the disaster area! Dum dum dum! That is because little Velma is the trusting kind of sort, and on a computer that equals danger. Let's watch as little Velma interacts with her friendly neighborhood PC repairman, a big but lovable biker looking chap known on the net as hairyfeet.../feet/Now Velma, we have talked about this. you shouldn't mess with email attachments, I don't care who they are from. And if it is a .zip that you have to put a password to open it is a virus and you shouldn't touch it! /Velma/ But my bff Kim sent me this! See there is her name and everything! I'm sure it will be safe! /feet/Velma look, it is an executable and NOT happy puppy pictures! Do NOT run that! /Velma/ Oh, you worry too much. My bff Kim wouldn't send me anything bad. (inputs password, runs .exe, porn popups start flooding the screen while the network gets pounded) ooops. /feet/ .......
  And now you have seen an actual demonstration of why Linux is safe on servers. It is safe on servers because it is administered by guys like Glenn, say goodbye Glenn (I'm busy!) and does NOT have any Velma types mucking it up. Say goodbye Velma (Bye Y'all!). If you were to let Velma and all her friends loose on Linux if they didn't break them immediately they would become spambots in no time. It is because the malware writers have already figured out how to use a sinister concept called social engineering to target Velma and her types VERY effectively. Glenn isn't very social (Bite Me!) and is a naturally cynical creature and therefor social engineering really isn't an effective tool on his type. This is why Linux can enjoy the freedom to operate on some many servers across America without the constant malware like poor Velma gets. Tune in next week when we meet Bob, the Windows network admin, also known as the "where the hell is the damned disk?" guy.
  
  --
  ACs don't waste your time replying, your posts are never seen by me.
12. Re:Right..... by cyber-vandal · 2009-05-23 10:34 · Score: 1
  
  Linux can be run from a CD/DVD where malware has a far far harder time getting the chance to do anything. Windows cannot. So therefore doing your internet banking that way is far far more secure than using any version of Windows, no matter how invulnerable you might pretend that it is.
13. Re:Right..... by Bigjeff5 · 2009-05-23 10:40 · Score: 1
  
  Linux doesn't protect you from falling for phishing attacks, which is how they get most people these days.
  In fact if you are naive enough to think "I use linux, I'm safe!" then you are probably more likely to fall for them.
  Frankly, Linux is very much not a secure system, not in most cases anyway. I'd take XP and Linux as about equivalent on the security front, as a patched/firewalled XP machine with AV software is reasonably secure. Moreso than most Linux builds, the only thing protecting Linux (and to be fair, right now it is a huge protection) is its unpopularity among desktop users. As any good security professional knows, security through obscurity is the weakest form of security there is. Windows doesn't have that to lean on, and look how well it does. It isn't perfect, but 99.9% of all threats are targeted at Windows, and yet it takes user intervention to infect it in 99.8% of cases.
  If Linux were to over-night become immensely popular on the desktop, within weeks it would be the laughing stock of security professionals. All of its holes would be exposed and exploited, stuff that nobody is looking for right now would be blown wide open, and all the Linux preachers would have egg on their faces. Same is probably true with OSX, but they are already in somewhat of the limelight and wouldn't fall nearly as hard.
  None of that should happen if the transition is gradual, though.
  
  --
  Security is mostly a superstition... Avoiding danger is no safer in the long run than outright exposure. - Helen Keller
14. Re:Right..... by dimeglio · 2009-05-23 10:45 · Score: 1
  
  There are plenty of root kits for Linux. Although I haven't seen many since Kernel 2.6
  
  --
  Views expressed do not necessarily reflect those of the author.
15. Re:Right..... by rliden · 2009-05-23 10:53 · Score: 1
  
  Yes, because having Linux preinstalled with malware and having to deal with that would be much more user friendly.
  
  If someone has installed keyloggers and rootkits on you Linux box it will be no easier or more friendly to deal with than any other OS or system.
  
  --
  Don't think of it as a flame, more like an argument that does 3d6 fire damage.
16. Re:Right..... by phantomfive · 2009-05-23 10:54 · Score: 1
  
  I think you've failed to see my point. From a statistical standpoint, you are much less likely to get malware on a linux machine than on a windows machine. How does your post even address that point? Your go through making vague assertions and quoting statistics that are probably made up, finishing with the assertion that Linux is full of holes waiting to be blown wide open. Not only does it fail to address my point, it's a non-sequiter. What, exactly, is the purpose of your post?
  
  --
  Qxe4
17. Re:Right..... by phantomfive · 2009-05-23 11:04 · Score: 1
  
  Exactly, you said it first my friend, Linux is no easier or more friendly to deal with than any other OS, and vice versa.
  
  --
  Qxe4
18. Re:Right..... by JSG · 2009-05-23 11:24 · Score: 5, Interesting
  
  Mr haireyfeet - thank you for reminding me why I have been reading /. for the last GKHL.
  That is a beautifully pitched diatribe with a good measure of sarcasm and humour, mixed in with a few typographical conventions that I don't really understand but could make an educated guess at.
  However, there are an awfull lot of Linux (and *BSD et al) systems that are being put in the hands of Tuxvelma. You see, like it as not we Linux admins are not the only folk who access these things or even (shock, horror) actually own them.
  My wife is not exactly the most technologically sharp person but she insists (after a bit of a demo) on FF for her browser.
  Also, after Vista went a bit wonky on her identical to mine laptop, she asked me to put whatever I was running on it. So (1 year) now (5 months) we (20 days) have another Gentoo user - belting!
  Incidentaly I'm an MCSE as well (crap). Oh and an NCP and an LCP and a complete and utter nerd. I'm also an MD. Nerd or MD - I'm not sure which I prefer most.
19. Re:Right..... by Brian+Gordon · 2009-05-23 11:25 · Score: 1
  
  How does having 3 times as many vulnerabilities make it harder for malware to spread? Your logic is "well if 2/3 of the malware gets shunted off to other OSes then I'm golden" but you'll have 3 times as much malware to be shunted!
20. Re:Right..... by phantomfive · 2009-05-23 11:31 · Score: 4, Informative
  
  You haven't thought this through. It's pretty well accepted that a monoculture is bad for computer security. If you would like to discuss the issue, then I suggest you inform yourself on the research and arguments in the topic, and then you will be much better informed to make an insightful comment. Then we can talk.
  
  --
  Qxe4
21. Re:Right..... by froon · 2009-05-23 11:41 · Score: 1
  
  Posting to de-mod...
22. Re:Right..... by Anonymous Coward · 2009-05-23 12:04 · Score: 0
  
  Linux security depends on the distro too. If I wanted security I could swear by (as opposed to swear at), I'd use RedHat. However, even RedHat isn't perfect, and people find stuff wrong. Thus the errata mail.
  Where RedHat as a company shines is the fact that if a package with RHEL has a security issue, they get an updated RPM into the repositories in hours, and actively notify their subscribers about the errata almost immediately, as opposed to finding out that some major service has a bug on it days later on Slashdot.
  Of course, the SELinux profiles don't hurt either.
  As pointed out in a previous post, a lot of security has to deal with the person on the computer. A competant Windows administrator who is proactive at hunting down problems will make machines a lot more secure than someone who barely can get Ubuntu Server working and deployed.
23. Re:Right..... by Anonymous Coward · 2009-05-23 12:07 · Score: 0
  
  Where is this 'password' prompt your speaking of..
  In a Attatchment you will still have to chmod u+x in a download you still have to chmod u+x for it to become executable.. For the password it must be a .deb file that wouldn't have a icon like a image cause it don't have a universal executable icon format like windows.
24. Re:Right..... by Skrynesaver · 2009-05-23 12:13 · Score: 1
  
  You are either a troll a fool or an MS marketing droid. While Linux adoption on the desktop may still be limited, in the server room Linux and Solaris are more common than Windows server for many reasons, not least the registry concept. Apache is more secure, no argument available to contradict this. I'm sure others have stated this elsewhere in this thread, but i's one in the morning and I'm back from the pub, yet your drivel is more likely to cause me to puke than the ten pints of Guinness I've enjoyed this evening (Go on Leinster)
  
  --
  "Linux is for noobs"-The new MS fud strategy
25. Re:Right..... by Anonymous Coward · 2009-05-23 12:30 · Score: 0
  
  My wife is not exactly the most technologically sharp person but she insists (after a bit of a demo) on FF for her browser.
  [rock | IE explorer user | clinical retardation | stupidity | IQ==100 | smart person | genius ]
  I wouldn't introduce my haploid swimmers to anything below IQ==100, but that's just me.
26. Re:Right..... by hairyfeet · 2009-05-23 12:42 · Score: 2, Insightful
  
  Don't you worry, Linux user! I'm sure if the day comes that you manage to get Velma(I needed to move the machine, so I just yanked and now there are wires hanging out. Is that bad?) and all her little friends moved over from Windows I'm sure your friends at the Russian Business network will be able to design new and easy to use Linux viruses that Velma and all her friends can use to turn Linux into a virus laden hunk of malware.
  It is inevitable due to the fact of a strange phenomena that goes by the weird name of PEBKAC, or the alternate name of ID10T error. this is why putting an occasional Velma(God I hope she ain't as bad as the real Velma) like your wife on Linux is safe. She is safe because she not only has you there as tech support to do all the nasty CLI stuff that may come up, but also because your friends at the Russian Business Network and their associates in Nigeria and China know that there are about 100,000 Velmas on Windows out there for every possible tuxVelma. After all as of 2006 Windows XP had over 400 million users and guys like me releasing even more on new machines being built every day.
  So be glad you have your wife on Linux. I bet that means you have very few occasions to use this face which guys like me pretty much have permanently attached. BTW the Velma story was completely true. That is why Linux won't be safe from the Velmas of the world. Because it doesn't matter how many times you warn her, if Velma thinks something is from her bff Kim(who is one of those chain letter sending, click on anything you email her types) then she will ignore you and keep right on going. A classic case of The Dancing Bunnies problem, which you see way too often in the Windows world.
  
  --
  ACs don't waste your time replying, your posts are never seen by me.
27. Re:Right..... by KingMotley · 2009-05-23 12:43 · Score: 1
  
  Lol, I got 5 sentances before it became clear this wasn't an objective security paper. When they misapplied Metcalfe's law, I stopped reading. Wow, and this passes as a real security paper is some circles?
28. Re:Right..... by phantomfive · 2009-05-23 12:56 · Score: 1
  
  At least two of the author's have PhDs in Computer Science. One was chair of the IEEE Computer Society Technical Committee on Security and Privacy. One is Bruce Schneier. I'm pretty sure they understand Metcalfe's law. If anyone has misunderstood the law, it is probably you.
  
  --
  Qxe4
29. Re:Right..... by Sowelu · 2009-05-23 13:10 · Score: 1
  
  I once had a Linux workstation that I thought was safely behind a proxy, where nothing could get to it, so I never bothered with much in the way of security. Turns out my network was configured wrong, and it was wide open...sure enough, got totally owned. God forbid I did any banking from that machine! Of course, this was about a decade ago, so I'm sure it's easier to keep updated now...but still.
30. Re:Right..... by KingMotley · 2009-05-23 13:38 · Score: 2, Interesting
  
  Perhaps their credentials would be intimidating, if I didn't have my own. May I remind you this is slashdot, some of us have credentials from real schools, not 3rd rate schools like Penn State. Some of the guys mentioned likely contributed no more than a single quote and didn't write or approve the paper in whole.
  From your paper:
  "For two-way interactive communications â" such as between fax machines or personal email â" the value of the network rises proportionally to N2, the square of the potential number of users (âoeMetcalfeÊs Lawâ). Thus, if the number of people on email doubles in a given year, the number of possible communications rises by a factor of four."
  The first part is correct, that is what Metcalfe's Law states. It's about computing the value of a network given N number of connections. However, the second part which they state is based on the law (by using "Thus"), is incorrect. That is not what the law states, in fact if you read the detailed law in whole, you will see that it says that the number of possible connections rises proportioanlly to N squared, not N squared as they have stated in the paper.
  From wikipedia:
  "Metcalfe's law characterizes many of the network effects of communication technologies and networks such as the Internet, social networking, and the World Wide Web. It is related to the fact that the number of unique connections in a network of a number of nodes (n) can be expressed mathematically as the triangular number n(n â' 1)/2, which is proportional to n2 asymptotically."
  I can continue to rip your paper to shreds if you want, like fact that the title of the paper is about how bad monoculture is to security, yet their suggested "fixes" have absolutely nothing to do with changing that fact at all! And they came to these conclusions that don't support the paper's title after 19 pages of biased Microsoft bashing. So here's your paper summed up:
  Monoculture is bad for security
  bash Microsoft for 19 pages.
  Pull conclusion out of behind by stating they need to publish APIs and become like IEEE/ITF/ISO that has no support from any of the previous 19 pages of bashing.
  Wow, much easier to read, you should just post that instead of linking to that paper from now on. Saves your readers time in deciding that you have no clue what you are talking about.
31. Re:Right..... by phantomfive · 2009-05-23 14:17 · Score: 1
  
  Perhaps their credentials would be intimidating, if I didn't have my own. May I remind you this is slashdot, some of us have credentials from real schools, not 3rd rate schools like Penn State.
  
  Credentials shouldn't be intimidating. They mean nothing if your argument isn't good. Let's look at yours.
  
  The first part is correct, that is what Metcalfe's Law states. It's about computing the value of a network given N number of connections. However, the second part which they state is based on the law (by using "Thus"), is incorrect. That is not what the law states, in fact if you read the detailed law in whole, you will see that it says that the number of possible connections rises proportioanlly to N squared, not N squared as they have stated in the paper.
  This is your concern? That they leave off the world proportionally? Let's look at what they said, exactly: "Thus, if the number of people on email doubles in a given year, the number of possible communications rises by a factor of four." This is in fact, a true statement. A bit of consideration should help you to realize that in this specific case, it is not only proportional to N squared, it is exactly N squared. Furthermore it is a tangental example, it is not even a point central to their thesis. You are splitting hairs that shouldn't even be split.
  
  I can continue to rip your paper to shreds if you want, like fact that the title of the paper is about how bad monoculture is to security, yet their suggested "fixes" have absolutely nothing to do with changing that fact at all!..............Pull conclusion out of behind by stating they need to publish APIs and become like IEEE/ITF/ISO that has no support from any of the previous 19 pages of bashing.
  Some people on Slashdot have intimidating credentials. You have, through your lack of reading comprehension ability, failed to show the worth of yours (whatever they may be). I doubt you read the paper carefully. Your argument is horrible. The idea behind a published API is that it makes it easier to change from one OS to another (Wine developers, for example, would have a much easier time of it). Do you seriously not see how this can help prevent a monoculture?
  
  --
  Qxe4
32. Re:Right..... by Brian+Gordon · 2009-05-23 14:39 · Score: 1
  
  No KingMotley's right. n(n-1)/2 is the number of connections where n is the number of users. Expanded we have (n^2-n)/2. Now n doubles so we have 2n^2-n. So it's actually increasing by a factor of 4-2/(1-n).
  
  Also the idea that a software monoculture is a bad security practice is ludicrous. What's the right way to do it then? Making sure that too many users don't install the same software so nobody can get hit by malware? "Well they can't possibly write malware for them all at least someone's safe".
33. Re:Right..... by KingMotley · 2009-05-23 14:50 · Score: 1
  
  Let's look at what they said, exactly: "Thus, if the number of people on email doubles in a given year, the number of possible communications rises by a factor of four." This is in fact, a true statement. A bit of consideration should help you to realize that in this specific case, it is not only proportional to N squared, it is exactly N squared.
  That in fact is a false statement. Assuming you have 2 people on an email, there is only one possible connection, A to B. If it doubles, there is A to B, A to C, A to D, B to C, and C to D. So by doubling the number of people on an email we have just increased the number of possible communicatiosn by a factor of 5. The statement they made was false. This is not the only false statement they made, just the first easily provable statement. The rest of the paper is just as bad, sorry.
34. Re:Right..... by phantomfive · 2009-05-23 14:51 · Score: 1
  
  Also the idea that a software monoculture is a bad security practice is ludicrous. What's the right way to do it then? Making sure that too many users don't install the same software so nobody can get hit by malware? "Well they can't possibly write malware for them all at least someone's safe".
  The right way to do it is to make sure there are options. If you have no choice but to use Microsoft, then you will be stuck with whatever flaws Microsoft gives you. If you are capable of switching easily from one OS to another, then you can avoid those flaws. Currently that is not possible, but there is no reason it must be that way. I think you could have thought of this.
  
  Also, notice that the statement wasn't about the number of connections, it was about the number of communications, so A to B is counted differently than B to A, which of course would end up being n(n-1), which is close enough to n^2 for the purposes of the paper to justify the rounding error in the name of readability.
  
  --
  Qxe4
35. Re:Right..... by phantomfive · 2009-05-23 14:57 · Score: 1
  
  Is it your habit, Mr. Well Credentialed, to always pick the weakest argument in a paper? That's a logical fallacy, you know; or maybe they didn't teach about logical fallacies at your 'first rate' school. Or maybe you just didn't learn?
  
  --
  Qxe4
36. Re:Right..... by Anonymous Coward · 2009-05-23 15:04 · Score: 0
  
  TLDR
37. Re:Right..... by Brian+Gordon · 2009-05-23 15:06 · Score: 1
  
  Well then it's increasing by a factor of 8-4/(1-n) which is only 4 when n=0. In fact, as n grows the number of "connections" increases by a factor of 8 when n doubles. I think.
38. Re:Right..... by thePowerOfGrayskull · 2009-05-23 15:19 · Score: 1
  
  May I remind you this is slashdot, some of us have credentials from real schools, not 3rd rate schools like Penn State.
  
  Sorry, as soon as I see someone trying to justify themselves in terms of which awesome school they got their piece(s) of paper from, my eyes glaze over. This is probably because on slashdot, some of us worry more about real-world activities and accomplishments than the amount of tuition we had to spend on our degrees ;)
39. Re:Right..... by phantomfive · 2009-05-23 15:23 · Score: 1
  
  Oh dang it:
  
  1 Person: 0 connections
  2 People: 2 connections
  3 People: 6 connections
  4 People: 12 connections
  5 People: 20 connections
  6 People: 35 connections
  7 People: 42 connections
  8 People: 56 connections
  
  I think we can do something of the form 2n/n and figure out by what factor it is doubling, so in this case: (8-4/(1-(2n))/(8-4/(1-n)), which can probably be simplified. I guess a factor of 4 is a misstatement in the paper.
  
  --
  Qxe4
40. Re:Right..... by icannotthinkofaname · 2009-05-23 15:33 · Score: 1
  
  And people say Linux is user unfriendly?
  Yes, but these are the people who don't know how to burn an image, boot from CD, and click "Install".
  Compare Kaspersky's suggestion to how I install Ubuntu:
  1.) Download latest stable Ubuntu ISO
  2.) Burn to CD
  3.) Install OS
  4.) Use wired Internet connection to download and install WLAN driver
  5.) ???
  6.) PROFIT!
  I don't even have Internet access right off the bat unless I'm near a wire, and it's still easier to acquire and install the OS. If we take out the acquisition steps and just consider post-installation first boot, it looks even easier.
  
  --
  Let q be a radix > 1. I am in ur base-q, killing 10 d00ds.
41. Re:Right..... by icannotthinkofaname · 2009-05-23 15:37 · Score: 1
  
  Personally I'm looking forward to a world that is 30% OSX, 30% Linux, and 30% Windows.
  And what, 10% Solaris? 0% Math? 90% != complete list of percentages.
  
  --
  Let q be a radix > 1. I am in ur base-q, killing 10 d00ds.
42. Re:Right..... by cskrat · 2009-05-23 15:42 · Score: 1
  
  Check out Bart PE. Windows XP can turned into a live CD in much the same way that linux distros can.
  But nobody in their right mind does that just to check their bank account. Anybody who knows what a live CD is off the top of their heads should be able to run a clean system with adequate protection. Assuming you have a clean system, the major threats that you'd have to worry about with online banking are pretty well confined to phishing attacks. A live CD isn't going to do you any favors on that front since (unless you loaded custom bookmarks into the on disc browser) you're going to have to type the bank's URL from memory or trust Google to give you the right address.
  All the other threats that are easy to get worked up over are actually quite easy to mitigate. Man in the middle attacks, such as some random hacker wannabe sitting at the corner table at Starbucks sniffing wifi packets, is probably not going to break the Diffie-Hellman SSL handshake between you and your bank given that no cryptology experts have found an way to break it yet. A key logger will raise red flags with any modern antivirus/antimalware program provided that the key logger in question was not written for and deployed solely to your system.
  The only reason I can think of for using a live CD for banking is if I'm using a system that isn't mine. Personally, though, I'd rather just call the number on the back of my bank card and use the telephone banker rather than explain to whoever owns the system I'm borrowing why I just booted their system off of a CD that (as far as they know) may contain any number of malicious programs and viruses.
  
  --
  My God! It's full of eval()'s.
43. Re:Right..... by phantomfive · 2009-05-23 15:45 · Score: 1
  
  Of course. I had to leave something for the BeOS users! I don't want to limit my options ahead of time by trying to guess what future OSes may be in existence!
  
  --
  Qxe4
44. Re:Right..... by icannotthinkofaname · 2009-05-23 15:51 · Score: 1
  
  ...
  Oh...that actually makes sense. I am so sorry for being so short-sighted.
  
  --
  Let q be a radix > 1. I am in ur base-q, killing 10 d00ds.
45. Re:Right..... by Anonymous Coward · 2009-05-23 15:55 · Score: 0
  
  Sudo pwnmycompplz
46. Re:Right..... by phantomfive · 2009-05-23 15:56 · Score: 1
  
  lol no, I was actually kind of disappointed no one had asked me that yet.
  
  --
  Qxe4
47. Re:Right..... by Tuidjy · 2009-05-23 16:10 · Score: 1
  
  Assuming you have 2 people on an email, there is only one possible connection, A to B. If it doubles, there is A to B, A to C, A to D, B to C, and C to D.
  Any reason that B and D aren't talking to each other? The amount of bad math in this thread is amazing!
  
  --
  No good deed goes unpunished...
48. Re:Right..... by icannotthinkofaname · 2009-05-23 16:11 · Score: 1
  
  Hey, thanks. I feel a little better now. :)
  *Always look on the bright side of life* (whistles) :D
  
  --
  Let q be a radix > 1. I am in ur base-q, killing 10 d00ds.
49. Re:Right..... by Anonymous Coward · 2009-05-23 16:14 · Score: 0
  
  NOC:STFU
  (no one cares)
50. Re:Right..... by Khyber · 2009-05-23 16:28 · Score: 1
  
  "Not only will there be more software available for the OS of my choice, but also it will be harder for malware to spread."
  Are you serious? With the cross-platform shit like Java/JavaScript/Flash, do you honestly think it's going to be HARDER for malware to spread? Hell no! They're going to target vulnerabilities and exploits using that to try owning even more systems.
  
  --
  Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
51. Re:Right..... by phantomfive · 2009-05-23 16:34 · Score: 1
  
  Woah, dude, did you even read the thread? See what Bruce Schneier has to say and then come back. Also, having a java exploit is marginally less useful if you can't own the machine, and it's hard to own the machine if you don't know the OS. It's one more layer of security.
  
  --
  Qxe4
52. Re:Right..... by KingMotley · 2009-05-23 16:34 · Score: 1
  
  Yes, B and D are married, so by definition they don't ever talk to each other. And good catch, lol. I should have done the math rather than trying to keep it simple and naming all the permutations.
53. Re:Right..... by KingMotley · 2009-05-23 16:39 · Score: 1
  
  True, it was in response to great grand parent who was trying to invalidate posts on slashdot because of the credentials he listed, which is much less than many here have. I didn't go any further than I needed to invalidate his "proof".
54. Re:Right..... by Tenebrousedge · 2009-05-23 16:40 · Score: 1
  
  You have a vastly inflated idea of how much money NASA actually has. The space shuttle development cost ~18B, and if you want you can look up how much the shuttle OS cost, but it's not going to be close to the six billion dollars that Microsoft spent to develop Vista.
  Microsoft is vastly bigger than NASA. Apple has twice as many employees. You were saying...?
  
  --
  Those who advocate genocide deserve every protection afforded by law, and none afforded by common human decency.
55. Re:Right..... by weicco · 2009-05-23 18:11 · Score: 1
  
  This is a good question, and you are probably right, but the security model in OSX is a lot more clear, so it would be easier to teach users, "If you have to type in your password, something bad might happen!"
  And this is different from UAC excatly how? Every time my wife (who basically use only web browser) downloads some weird looking nice_smileys_for_MSN_mssngr_now_with_virus.msi from internet and tries to install it UAC prompts her for administrator password and saves the day. I haven't told her the password of course.
  
  --
  You don't know what you don't know.
56. Re:Right..... by X0563511 · 2009-05-23 18:21 · Score: 1
  
  4.) Use wired Internet connection to download and install WLAN driver
  Which wouldn't be an issue if vendors and/or the FCC would stop being jackasses.
  Just what are we supposed to do about that?
  
  --
  For large sets, this will be our guide even unto death, for the LORD will work for each type of data it is applied to...
57. Re:Right..... by icannotthinkofaname · 2009-05-23 18:33 · Score: 1
  
  Deal with it for now, get more support, make more noise, illegally reverse-engineer and decompile the target software...your choice, really.
  
  --
  Let q be a radix > 1. I am in ur base-q, killing 10 d00ds.
58. Re:Right..... by Anonymous Coward · 2009-05-23 19:51 · Score: 0
  
  So all we have to do is ban users from knowing their own password? Genius!
59. Re:Right..... by TheP4st · 2009-05-23 20:43 · Score: 4, Funny
  
  You insensitive clod, I am a 40 year old virgin and moved out of the basement a year ago!
  
  --
  "I have downloaded hundreds and hundreds of records, why would I care if somebody downloads ours?" Robin Pecknold
60. Re:Right..... by thatkid_2002 · 2009-05-23 20:59 · Score: 1
  
  True dat.
  From my experience as a Linux solutions based consultant I visit a lot of Microsoft based networks and the problems with both the servers and the desktops can almost always be attributed to lazy admins.
  To be fair on [most of] the users, if you (the IT guy) tried to work their jobs for a day you would probably fail miserably - if they haven't been trained how are they to really know? They don't read Slashdot and don't know what Conficker is.
  This is why you can't depend on the majority of Windows admins because at the end of the day, they don't respect the importance of the IT infrastructure, the users of the network, the organization or the customers.
61. Re:Right..... by EsbenMoseHansen · 2009-05-23 21:31 · Score: 1
  
  No KingMotley's right. n(n-1)/2 is the number of connections where n is the number of users. Expanded we have (n^2-n)/2. Now n doubles so we have 2n^2-n. So it's actually increasing by a factor of 4-2/(1-n).
  That depends on what you mean by a connection. For email, a connection is one way, and might possibly be to the computer itself. That leaves exactly N^2 possible connections. The law you refer to seems to disallow connection to yourself and a connection are considered to be the same as the inverse connection. That leaves the result you have above. In any case, if you have a law that say g(N)=K*f(N), that is, g(N) (connections here) relates proportionally with f(N) (N^2 here, approx. for big N's), the g(2N)=K*f(2N) or concretely g(2N)=K*4N^2.. or a 4-fold increase. So if you read the original, this might simply be what they mean... that an 2-fold increase in nodes lead to a 4-fold number of connections. For a big number of nodes, of course, so that you assume N(N-1) app.=N^2.
  Mathematician out ;)
  PS: Monocultures are trivially more suceptible to having *all* nodes infected, but less to have any node infected. I'm sure I don't have to draw you a picture, here :D
  
  --
  Religion is regarded by the common people as true, by the wise as false, and by rulers as useful.
62. Re:Right..... by EsbenMoseHansen · 2009-05-23 21:36 · Score: 1
  
  Assuming you have 2 people on an email, there is only one possible connection, A to B. If it doubles, there is A to B, A to C, A to D, B to C, and C to D.
  Any reason that B and D aren't talking to each other? The amount of bad math in this thread is amazing!
  Of course. Given 4 people, and given that 8.3% of all pairs of people hate each other, of course there would be a pair that do not talk to each other. Given a suitable renaming, this trivially leads to the grandparents conclusion.
  
  --
  Religion is regarded by the common people as true, by the wise as false, and by rulers as useful.
63. Re:Right..... by EsbenMoseHansen · 2009-05-23 21:37 · Score: 1
  
  Eh, 16.7% of all pairs, of course. Slip of the keyboard.
  
  --
  Religion is regarded by the common people as true, by the wise as false, and by rulers as useful.
64. Re:Right..... by hairyfeet · 2009-05-24 02:34 · Score: 1
  
  It isn't just the training. If it were with the constant news of the latest nasty even hitting the MSM they would be at least a little cautious. The problem is you have WAY too many like Velma. You see, for Velma life outside the PC is all flowers and candy. Everybody thinks she is cute, and always have a smile for her and a "great to see you" and life is just happy puppies and sunshine.
  You will just never convince a trusting sort like Velma that life inside the PC is full of nasties who would want to hurt her or give her a bad day. Especially if something is from her BFF Kim, who is one of the "click on anything you send her, has more viruses than a Bangkok whore scratching her crotch" types, because she KNOWS Kim. Kim is her friend. Kim wouldn't do anything bad to her, and if something bad comes from Kim it MUST be a trick, because "Kim just wouldn't do that!".
  It is a classic case of the Dancing Bunnies, which is a disease very common in Windows and sadly there is NO known cure. You can put up 400 UAC dialog boxes, you can make them run as restricted users, and jump through a dozen hoops. If it is Velma and she thinks it is from Kim, or if it is the "hot pron" guy and he thinks it is a new sex vid, or the teen is convinced that it is the new Britney Spears song they WILL bypass all your security barricades and bone the machine. There is nothing you can do but clean up the mess.
  Linux will NOT solve the dancing bunnies problem because the users WANT the bunnies. The RBN and the scammers in China and Nigeria simply haven't targeted Linux because they know the Velmas are running Windows. Put the Velmas on Linux and their "BFF Kim" would be sending them "happy puppies.sh" with step by step instructions on how to run it that they WILL follow. So Linux users, be glad that you don't have the Velmas of this world. Drop down on your knees and thank Linus and RMS that the Velmas think your OS is "weird" and won't use it. Because I don't care how good your security is, let Velma and all her little trusting friends on it, let the RBN and their friends in China and Nigeria figure out that Velma is now on Linux, and your days of being malware free will officially be history. Because you will never teach Velma and her friends not to click on that. All you can do is giver her the face and break out your repair tools.
  
  --
  ACs don't waste your time replying, your posts are never seen by me.
65. Re:Right..... by rhendershot · 2009-05-24 03:10 · Score: 1
  
  The law you refer to seems to disallow connection to yourself
  
  Probably a connection to yourself is not seen to add value in the networking sense. /nitpicker out ;)
66. Re:Right..... by Anonymous Coward · 2009-05-24 05:26 · Score: 0
  
  You did go far enough to come across as an elitist asshole, though.
67. Re:Right..... by quacking+duck · 2009-05-24 05:29 · Score: 1
  
  This is a good question, and you are probably right, but the security model in OSX is a lot more clear, so it would be easier to teach users, "If you have to type in your password, something bad might happen!"
  And this is different from UAC excatly how? Every time my wife (who basically use only web browser) downloads some weird looking nice_smileys_for_MSN_mssngr_now_with_virus.msi from internet and tries to install it UAC prompts her for administrator password and saves the day. I haven't told her the password of course.
  For one, OS X prompts you only if it needs admin rights to do something, rather than prompting every time Vista thinks the user is doing something dangerous within their permission space.
  The supposed advantage to this aspect of UAC is that the user becomes more aware of potentially hazardous actions they themselves do. The downside is that they'll almost always ignore the warning text and click Continue.
  OSX does have (non-admin) prompts for opening downloaded apps for the first time, but this still falls within the GP's claim that "the security model in OSX is a lot more clear."
68. Re:Right..... by rantingkitten · 2009-05-24 05:41 · Score: 1
  
  The "market share" excuse is tired and lame. My Linux servers get attacked all day, every day, and so do everyone else's. They're on twenty four hours a day, facing the world, with insanely fast connections. Sounds like a pretty tempting target for some idiot trying to set up a spam box or something. Yet somehow these millions of Linux servers just don't seem to have the same problems as Windows does.
  
  I'm not saying it doesn't happen, but when you consider how many Linux servers are out there, and how many Windows servers, and which one gets broken more, the "market share" excuse sounds hollow. The attackers are going after the low-hanging fruit, which is Windows.
  
  --
  mirrorshades radio -- darkwave, industrial, futurepop, ebm.
69. Re:Right..... by Khyber · 2009-05-24 06:03 · Score: 1
  
  That's useless as far as security goes.
  Here's real security - I run MenuetOS - you're not TOUCHING my machine unless you know A. My exact hardware configuration and B. my incredibly poor assembly coding habits so you can exploit whatever code I write to work with the OS.
  In other words, you really couldn't touch me unless you knew me.
  
  --
  Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
70. Re:Right..... by speedtux · 2009-05-24 12:30 · Score: 1
  
  It is widely accepted by those without a bias
  It iw widely accepted by those without a bias that you a full of sh*t.
  Do you really think having to write software on 3 different systems will result in less malware?
  No, but having a smaller Microsoft market share and a larger Linux and OS X market share will. A 0/50/50 split would be even better.
71. Re:Right..... by Anonymous Coward · 2009-05-24 17:12 · Score: 0
  
  " It is because they have these things called server admins and they are usually pretty damned smart. "
  Um, sadly, no. Many servers have bad admins, or no admins. Many admins, even the ones who care about security, have other "Real" (boss' words) work to do.
  The reason linux servers get compromised less is lack of monoculture and better default security policies.
72. Re:Right..... by weicco · 2009-05-24 18:08 · Score: 1
  
  OS X prompts you only if it needs admin rights to do something
  It is no different in Vista. UAC prompts you when you are trying to do administrative things, just as you described OS X is doing.
  
  The downside is that they'll almost always ignore the warning text and click Continue.
  And excatly how does my wife click Continue when she doesn't know the administrator's password? You are not making sense here.
  
  OSX does have (non-admin) prompts for opening downloaded apps for the first time
  And this is excatly same as downloading file from the internet (with IE) and opening it for the first time (or subsequent times if you didn't select "do not prompt me again"). This has been so from the XP SP2 days if I recall.
  
  --
  You don't know what you don't know.
73. Re:Right..... by badkarmadayaccount · 2009-05-26 02:29 · Score: 1
  
  PC LOAD LETTER
  This is fun.
  
  --
  I know tobacco is bad for you, so I smoke weed with crack.
74. Re:Right..... by thePowerOfGrayskull · 2009-05-26 09:17 · Score: 1
  
  True, & fair enough.
Who watches the... by yerktoader · 2009-05-23 09:14 · Score: 5, Insightful

But trusting another computer depends on knowing it's clean of malware. I'd think it a better bet for Kaspersky to offer bootable thumb drives with a slim OS and their software, allowing users to scan any machine with a known good device.
1. Re:Who watches the... by Anonymous Coward · 2009-05-23 09:32 · Score: 0
  
  Until it is discovered that there is a worm on the Kaspersky thumb drive that is infecting machines... and then that gets blamed on someone updating bios files at the factory and accidentally infecting the machines used to load the thumb drives... and then...
2. Re:Who watches the... by ms1234 · 2009-05-23 10:31 · Score: 1
  
  Thats why Windows never even got a chance to start on my netbook, installed Fedora right away. Now I have a useless sticker at the bottom that says I'm a proud Windows license owner...
3. Re:Who watches the... by assassinator42 · 2009-05-23 13:10 · Score: 1
  
  Are there any anti-virus products that still do this? Norton used to offer a bootable CD to run a scan for Windows9x, but it couldn't use the latest definitions and it has since been discontinued.
  How is ClamAV at doing offline scans of a Windows box?
4. Re:Who watches the... by yerktoader · 2009-05-23 13:15 · Score: 1
  
  No idea. I wouldn't be surprised that some of the AV companies offer a solution, even if it's one you have to burn yourself. I recall that later versions of Symantec were bootable out of the box, though it's functionality was limited.
5. Re:Who watches the... by cskrat · 2009-05-23 16:17 · Score: 1
  
  Avast has a bootable offline scanning CD product called "Avast! BART CD".
  Be warned, the price is a little steep if you're just looking to use it on one system. The licenses that they offer (administrator at $150 and serviceman at $300) are more intended to license people or business entities rather than systems. That is an administrator license allows you to use the software on any machine in the possession of the license holder (be it a person or business entity) so long as only one instance of the program per owned license is running concurrently. A serviceman license removes constraints regarding the ownership of the machines using the software while keeping the concurrency constraint intact.
  
  --
  My God! It's full of eval()'s.
6. Re:Who watches the... by spongman · 2009-05-23 19:55 · Score: 1
  
  Wow, you're amazing! I can't believe nobody's thought of that until now.
  Oh wait...
  http://www.megaleecher.net/Bootable_Kaspersky_Rescue_Disk
7. Re:Who watches the... by olivier69 · 2009-05-23 21:14 · Score: 1
  
  You can already try this, and it's read-only (not malware-prone as a flash drive) once burnt.
  ftp://downloads2.kaspersky-labs.com/devbuilds/RescueDisk/
8. Re:Who watches the... by Firehawke · 2009-05-23 23:07 · Score: 1
  
  Well, I know that if you build one of several PE configs using WinBuilder, it'll give you the option of installing ClamAV on there. I have a bootable USB stick running PE 2.0 with a full explorer interface and a whole set of tools for rebuilding, repairing, and cleaning Windows installs.
9. Re:Who watches the... by tb3 · 2009-05-24 03:22 · Score: 1
  
  A little citric acid-based solvent will clean that right up for you, and it won't hurt the case.
  
  --
  www.lucernesys.comHorizon: Calendar-based personal finance
Heh. by MsGeek · 2009-05-23 09:15 · Score: 1, Informative

Wrong netbook OS. Try one of these next time: http://www.target.com/ASUS-8-9-Netbook-Computer-Linux/dp/B001E1PVU8/qid=1243113200/ref=br_1_7/190-1275134-0351843?ie=UTF8&node=1243621011&frombrowse=1&rh=&page=1 Thankyoudrivethrough!

--
Knowledge is power. Knowledge shared is power multiplied.
1. Re:Heh. by Paaskonijn · 2009-05-23 09:33 · Score: 0, Troll
  
  And what exactly would Kaspersky do with Linux...?
  Next time, at least try to RTFS please.
Or... by Kythe · 2009-05-23 09:15 · Score: 5, Informative

You could always reformat the darned thing from scratch using a known-good version of whatever OS you're going to be using.
Honestly, ever since Vista became the de-facto OS shipped with new computers, I've been doing that, anyway.

--

Kythe
1. Re:Or... by yerktoader · 2009-05-23 09:17 · Score: 5, Insightful
  
  You know, I always thought it would be a good idea to ship PC's without the OS loaded. If the end user had to set up the OS it would force them to learn the basics...But that's why I'm an ex-tech support asshole I guess.
2. Re:Or... by Anarchduke · 2009-05-23 09:38 · Score: 2, Funny
  
  I like that idea. Of course, I like it because I could charge those people to install their operating system for them at 60 bucks an hour.
  
  --
  who prays for Satan? Who in 18 centuries has had the humanity to pray for the 1 sinner that needed it most? ~Mark Twain
3. Re:Or... by mikael · 2009-05-23 09:52 · Score: 1
  
  Better still, keep the original hard disk drive, and buy a new one for your OS and data files. If you want to sell it to trade up or send it in for repair, you can restore the old disk drive without any problems about warranty or data loss.
  
  --
  Vintage computer adverts: http://www.vintageadbrowser.com/computers-and-software-ads
4. Re:Or... by Val314 · 2009-05-23 19:05 · Score: 1
  
  You know, I always thought it would be a good idea to ship PC's without the OS loaded. If the end user had to set up the OS it would force them to learn the basics...But that's why I'm an ex-tech support asshole I guess.
  you mean just like cars are sold without the software installed?
  I'm just now installing the software on my new camera to "learn the basics"
  dont think so: Installing a OS is not learning the basics.
  how to use it properly is learn the basics
5. Re:Or... by Anonymous Coward · 2009-05-23 20:46 · Score: 1, Interesting
  
  how to use it properly is learn the basics
  They're not doing that either. Installing an OS really isn't difficult - even XP (which is so archaic, it demands a floppy disk if you want to install to an unsupported hard-raid) will install if you click through it - very few steps are personalised (licence key, timezone, keyboard map, user/s). I've done at least 2 dozen XP installs, and I'm certain that the install defaults encompass the majority of users (single partition/single disk, US keymap, etc) You're fine as long as you have all your driver discs (hell, even just your NIC's driver means you can use windows Add New Hardware wizard or google). Of course, installing any reasonably modern/friendly Linux OS makes that look like rocket science (eg, Ubuntu comes on a livecd and only asks 5 questions during install, and comes with as many drivers as possible) - which is probably why grandparent suggested it.
  
  you mean just like cars are sold without the software installed?
  Well, cars need licences, don't they? Which isn't such a bad idea (in theory) - computers are reaching the point where they can endanger lives (personal and corporate bankruptcy from malware, Meagan Meiers, wowcrack, etc). Of course, in practice, no single set of questions could possibly indicate sufficient competency for all users - Mac or BeOS or Linux or BSD users couldn't be tested the same set of questions that Microsoft users are (hell, there isn't even parity between Microsoft's OSs, nor between different Linux distros). Not to mention all the different sets of software (eg, webmail competency vs ISP-provided mail server competency vs self-managed mail server competency).
6. Re:Or... by Zantetsuken · 2009-05-28 01:20 · Score: 1
  
  You know, I heard Vista SP2 shoots the total install and update time to about 2.5 hours...
Press Release: Stunt number 43242 by JK_Huysmans · 2009-05-23 09:16 · Score: 4, Insightful

Oh, how I love Kaspersky's constant press releases.

"OMG Virus! Buy our product!"

All they seem capable of for marketing is different stunts related to finding viruses in weird places. Come on. Seriously.
1. Re:Press Release: Stunt number 43242 by TinBromide · 2009-05-23 09:19 · Score: 1
  
  I'd be more alarmed if they gave equal press to sky-diving accidents or deep sea diving developments.
  
  --
  Is it sad that I am more likely to recognize you and your posts by your sig than your name or UID?
2. Re:Press Release: Stunt number 43242 by JK_Huysmans · 2009-05-23 09:22 · Score: 1
  
  Right.
  
  "OMG, we found a virus at the bottom of the sea! Buy Kaspersky!"
3. Re:Press Release: Stunt number 43242 by Ilgaz · 2009-05-23 09:32 · Score: 3, Insightful
  
  As I don't use Windows, AV company security blogs tells me a lot about the security scene after I filter the PR.
  Also Kaspersky never says ''buy our product'', they don't need such stupid stunts. A person who buys one of those cheapo TW netbooks won't likely afford their product either. They say ''a security product'' without mentioning any brand while they have right to advertise their own.
  Once upon a time, computer vendors (including Taiwanese) were decent enough to run a god damn antivirus (standard was 3 of them) before shipping the computer. I guess they are targeting old timers reminding them it is not the case anymore.
4. Re:Press Release: Stunt number 43242 by TinBromide · 2009-05-23 09:38 · Score: 1
  
  That would be alarming. Quite So. Unless they found a hard drive dropped by someone hoping to dispose of the data.
  
  --
  Is it sad that I am more likely to recognize you and your posts by your sig than your name or UID?
5. Re:Press Release: Stunt number 43242 by Anonymous Coward · 2009-05-23 10:51 · Score: 0
  
  A press release is only works if news sources choose to publish it...
But not with a thumb drive! by TinBromide · 2009-05-23 09:17 · Score: 2, Insightful

they install security software, update it by retrieving the latest definition file on another computer, and transferring that update to the new system, then running a full antivirus scan.
Just be sure to scan the thumb drive so you're not infecting it!

--
Is it sad that I am more likely to recognize you and your posts by your sig than your name or UID?
1. Re:But not with a thumb drive! by Technician · 2009-05-23 11:46 · Score: 1
  
  Instead of a thumb drive, I carry a SD card and usb reader combo. The SD card has a write enable switch. Works 100% of the time on foreign untrusted systems.
  
  --
  The truth shall set you free!
2. Re:But not with a thumb drive! by X0563511 · 2009-05-23 18:24 · Score: 1
  
  Wrong!
  That's not a hardware switch. An infection already has it's tendrils through the host OS, there is no reason why it can't ignore the read-only flags.
  
  --
  For large sets, this will be our guide even unto death, for the LORD will work for each type of data it is applied to...
3. Re:But not with a thumb drive! by TheThiefMaster · 2009-05-23 22:38 · Score: 1
  
  I broke a 16GB SD card recently (fairly expensive mistake, and lost a game save I'd rather not have) and found a few things out:
  1: That switch isn't connected inside the card, instead the _drive_ detects the position of it. Same idea as the old floppy disk write protects, but without the excuse that the disk isn't electronic and doesn't write itself.
  2: The chips inside fill the card almost completely. Two large (presumably flash) chips take up the full width of the card and most of the length (up to just before the cut corner). The rest is taken up by a controller chip and a few tiny resistors and caps.
  3: The circuit board inside is flexible. The damage turned out to be that the card was bent, which peeled the "board" away from the chips' contacts. The contacts are 0.5mm (or 0.02") apart. I don't have a soldering iron fine enough to repair that...
They really hand-install drivers? by Anonymous Coward · 2009-05-23 09:17 · Score: 5, Interesting

I kind of figured that computer manufacturers had hard drive arrays to clone a pre-made installation. Pull each drive off the rack, put it in the computer, and make sure it boots, then box it.
They're really installing drivers by having some schmuck walk around with a USB stick?
1. Re:They really hand-install drivers? by Anonymous Coward · 2009-05-23 09:48 · Score: 0
  
  Perhaps they were updating the drive image?
  Would make sense, take old drive image, update software, pull drive and build new image for machines.
2. Re:They really hand-install drivers? by msobkow · 2009-05-23 09:52 · Score: 2, Insightful
  
  You're right about using drive images. However, when I was responsible for rolling out lease-return machines, we were re-imaging the systems from install CDs, rather than using "hard drive arrays." It's far easier to pop an auto-installing CD into the tray than it is to remove the hard drive, install it in an array, re-image it, then re-install it back into the PC.
  It's not a very painful process -- about all you had to do was click "Ok" after the imaging CD booted and asked you if you were sure you wanted to re-image the machine.
  Then again, IBM has always had some pretty slick install/imaging utilities for their machines.
  
  --
  I do not fail; I succeed at finding out what does not work.
3. Re:They really hand-install drivers? by John+Hasler · 2009-05-23 11:31 · Score: 1
  
  > They're really installing drivers by having some schmuck walk around with a USB stick?
  I suspect that a driver update came out after the machines had been imaged but before they shipped and somebody decided the update was critical. Or perhaps a new image incorporating the new driver was going to take a few days to get through engineering and QC and manufacturing couldn't wait (they never can) and so they came up with the USB stick trick (poorly thought out, as is usual for manufacturing's ad hoc solutions).
  
  --
  Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
4. Re:They really hand-install drivers? by DNS-and-BIND · 2009-05-23 13:00 · Score: 1
  
  I wouldn't be surprised. In China, labor is far cheaper than any automation. In addition, this is the sort of crap-ass quality problems that Chinese products typically have.
  
  --
  Shutting down free speech with violence isn't fighting fascism. It IS fascism!
5. Re:They really hand-install drivers? by wintermute000 · 2009-05-24 00:12 · Score: 1
  
  You've obviously never seen any corporate build monkeys at work then. Or any crappy VB/.net enterprise 'custom' software that powers our mighty capitalist economy.
  Its utterly plausible to me for the exact same scenario to happen in any large organisation, all it takes is one desktop tech to use a key that has been exposed at some point e.g. in a hurry, can't find the work keys, so pulls his personal one out of his pocket, the one that has seem zillions of warez pass through it
6. Re:They really hand-install drivers? by DNS-and-BIND · 2009-05-25 15:44 · Score: 1
  
  Big difference between mature industries like manufacturing and industries still in the "bridge collapse" phase, i.e. software.
  
  --
  Shutting down free speech with violence isn't fighting fascism. It IS fascism!
Moot issue? by Anonymous Coward · 2009-05-23 09:18 · Score: 0

Isn't WoW's installation & update footprint larger then a netbook's storage capacity any ways?
1. Re:Moot issue? by Anonymous Coward · 2009-05-23 10:01 · Score: 1, Insightful
  
  Not necessarily. WOW itself takes up less than 12 GB on my system. I can easily get a USB jumpdrive larger than that, or even a HDD.
  Beyond that, people do visit Blizzard's website to access their account, for various reasons.
Convenience! by clang_jangle · 2009-05-23 09:20 · Score: 5, Funny

I'm so glad to see this innovative feature finally being boldly embraced by an OEM. Until now, it's been sheer drudgery, waiting the twelve minutes or so it takes to get a new Windows install infected just felt like forEVar!

--
Caveat Utilitor
Netbooks.... by boppacesagain08 · 2009-05-23 09:28 · Score: 1

The thinnest, lightest, most-mobile way to have your identity stolen yet! Unless of course iPod shuffles start coming with rootkits to steal the title...
Remind me again by techno-vampire · 2009-05-23 09:29 · Score: 1

Would somebody out there please explain why AutoRun was ever considered a Good Idea? I know that before I got rid of Windows and went Linux only, one of the first things I'd do on a new computer was disable it.

--
Good, inexpensive web hosting
1. Re:Remind me again by Anonymous Coward · 2009-05-23 09:36 · Score: 0
  
  On a back up USB drive to run a script to back up the host automatically. Many more reasons.
2. Re:Remind me again by techno-vampire · 2009-05-23 09:44 · Score: 2, Informative
  
  AutoRun should bring up a prompt, asking if you want to run the software, and remind you that you shouldn't let it run unless you were expecting it and know what it's for. That way, if you have a thumb drive that's not supposed to have anything on it but some driver updates, and the AutoRun prompt shows up, you know something's wrong. It wouldn't be fool-proof, because there are always going to be people who click OK without understanding what's going on, but it probably would have stopped this from happening.
  
  --
  Good, inexpensive web hosting
3. Re:Remind me again by koiransuklaa · 2009-05-23 10:05 · Score: 2, Insightful
  
  On a back up USB drive to run a script to back up the host automatically.
  Why on earth would that be a function of the usb drive and not the something running on the machine -- unless your intention is to 'backup' your friends machines or something -- in other words why wouldn't you implement that as a script on the machine that runs when a specific usb devices are connected to the machine?
  Your idea just sounds like you're seeing nails because of the hammer in your hand...
  
  Many more reasons.
  Lets hear them, please.
4. Re:Remind me again by dgatwood · 2009-05-23 10:26 · Score: 4, Insightful
  
  No, AutoRun should not exist. You can't create a warning that scares people into clicking "no". If you try that, the first thing the customers do is call your support line asking why their copy of [Insert expensive software package here] contains a virus when it is really just set to automatically run their installer. Then, the only valid use of AutoRun becomes a black mark for software vendors and they stop using it, making it a completely useless technology.
  The only possible way to make AutoRun be usable without being a gaping security hole is to require that all AutoRun software be signed using a signing key distributed by the OS vendor. Unfortunately, that could be a slippery slope to requiring all apps be signed (at significant cost), which would be a giant step backwards for small software vendors, open source, etc. Such a security measure would also have to have been done from the very beginning to avoid the problem of existing apps causing panic attacks in end users.
  The only solution is to kill AutoRun completely. It should not exist. It has no good reason for existing. The only thing it really does is by its nature a security hole. Just shut it off already.
  
  --
  Check out my sci-fi/humor trilogy at PatriotsBooks.
5. Re:Remind me again by Anonymous Coward · 2009-05-23 10:47 · Score: 0
  
  please explain why AutoRun was ever considered a Good Idea?
  
  The same people who dreamed up auto run invented Windows registry. So I assume yours was a rhetorical question.
6. Re:Remind me again by hairyfeet · 2009-05-23 11:04 · Score: 3, Informative
  
  And as a PC repairman I can say that autorun isn't even in the top 5 of ways an average Windows machine that crosses my desk gets boned. Hell I wouldn't even put it in the top ten. Maybe somewhere in the top twenty. The number 1 2 and 3 are 1-Hot_Lesbos.mpg.exe 2-Lame_pop_song.mp3.exe 3-here are those pics I promised! ( unsolicited email attachment from friend with password protected zip file).
  Honestly the guy that put "do not show file extensions for known file types" as the default should have gotten a really good firing. That and the fact that on 95-XP if you choose to uncheck the "do not show file extensions" checkbox and hit rename explorer automatically will pick the ENTIRE file, including the extension. Which means if you let them see the extension you end up with a bunch of files renamed with no file extension that the user then has no clue what5 to do with or how to open. That was just some really stupid UI design.
  Oh and for the PC repair guys out there that are having to wipe and reinstall Windows a lot, or like me build a lot of new XP machines, I would recommend Almeza Multiset to make you life a whole lot easier. I have a lot of programs like Oxygen Office and Klite Mega Codec Pack that I give my customers so when they get the box they can just flip the switch and go. With Almeza I only have to install and configure a program once and Almeza will make a nice unattended install CD with whatever programs I choose set the way I want them, be it FF3 with ABP, OO.o, whatever. All I do is pick "install all" and go have a smoke and when I return she is ready to go. I am not connected with the company in any way, it is just the best $39.99 I've spent when it comes to having to work on Windows.
  
  --
  ACs don't waste your time replying, your posts are never seen by me.
7. Re:Remind me again by Anonymous Coward · 2009-05-23 11:10 · Score: 0
  
  Malware which uses "autorun" (often, anyway) doesn't do so with actual "auto run" features, but with bugs in Windows which cause USB thumb-drives to be seen by windows as "USB devices" requiring drivers, while at the same time being regular USB thumb-drives. Windows says "ooo! A device! I want drivers for it. Where shall I find them? Oh, I know! The removable media!"
  And of course, guess what you're going to click if you're using a USB thumb-drive to install drivers and a window pops up which says "Hi, I found an unknown device, would you like to install the driver I found on this USB thumb-drive?"
8. Re:Remind me again by cdrguru · 2009-05-23 11:26 · Score: 1
  
  When showing extensions, Vista behaves correctly for renaming.
  Extensions were suppressed for Win95 to make it more Mac-like and user friendly. Extensions were associated with 8.3 file names and any connection there had to be eliminated.
  The whole extension vs. magic number vs. file application registration issue still hasn't been resolved properly. The Mac has trouble with foreign files and don't even think about version/vendor changes for a common file format. Windows gets lost if the extension is altered or lost. Linux alternately uses extensions or not, depending on how the developer felt about it but doesn't have the application registration in the files that the Mac does.
9. Re:Remind me again by cdrguru · 2009-05-23 11:29 · Score: 3, Informative
  
  Autorun came from "put in the CD, the game starts." This was introduced before there was the possibility of recordable CD-R discs so it was utterly safe, until malware folks start producing CD-ROMs by the 1,000s.
  Extending it to USB devices is problematic. Anything that can be written to by a user can then be used to corrupt other machines, assuming that some users have blackness in their hearts. That pretty much means that for CDs it isn't safe anymore either.
10. Re:Remind me again by GF678 · 2009-05-23 12:01 · Score: 3, Informative
  
  The only solution is to kill AutoRun completely. It should not exist. It has no good reason for existing. The only thing it really does is by its nature a security hole. Just shut it off already.
  They have, in Windows 7.
  Despite what a lot of the morons in Slashdot think, Microsoft does listen to people's complaints.
11. Re:Remind me again by Anonymous Coward · 2009-05-23 12:42 · Score: 2, Informative
  
  Self inserts Fallout3 disk into Win7 PC. Autorun brings up dialog box. Nope still there.
12. Re:Remind me again by ConceptJunkie · 2009-05-23 13:56 · Score: 2, Insightful
  
  Despite what a lot of the morons in Slashdot think, Microsoft does listen to people's complaints.
  Yeah, AutoRun and not showing the file extensions by the default are two of the most stupid ideas Microsoft ever had, and they have a _lot_ of stupid ideas. Maybe they did listen to complaints, but it took them 15 years to do something about it. Both those features started with Windows 95.
  Personally, I'd prefer to do business with a company that doesn't take 15 years to fix its mistakes.
  
  --
  You are in a maze of twisty little passages, all alike.
13. Re:Remind me again by PRMan · 2009-05-23 15:36 · Score: 1
  
  And in XP SP3. It's kind of annoying because I like running my PortableApps menu automatically when I insert my USB drive.
  
  --
  Peter predicted that you would "deliberately forget" creation 2000 years ago...
14. Re:Remind me again by GF678 · 2009-05-23 16:38 · Score: 3, Informative
  
  You're getting confused with Autoplay, they're not actually the same thing
  Autoplay is what brings up the dialog box based on the contents of the media
  Autorun is the method by which the autorun.inf file on the media is executed automatically.
  You could normally disable autoplay easily, but autorun.inf files would still run. That doesn't happen anymore.
15. Re:Remind me again by dotgain · 2009-05-23 17:12 · Score: 1
  
  You really think that removing Autorun (after all these YEARS!) was an instance of Microsoft responding to customer complaints, rather than their own devs coming to the sad realisation that it was after all, a completely braindead, meritless and dangerous feature. How very cute. Microsoft removed Autorun for their own good. This isn't a case of Microsoft listening, it's a case of their users listening to people telling them "Don't bother installing Antivirus, just keep your reinstall CDs handy. As long as your computer will willing execute any random thing placed near it, the battle is already lost", and Microsoft begrudgingly accepting such a statement to be unfortunately true.
16. Re:Remind me again by icannotthinkofaname · 2009-05-23 17:57 · Score: 1
  
  Despite what a lot of the morons in Slashdot think, Microsoft does listen to people's complaints.
  *starts complaining incessantly*
  Then open-source the OS, break backwards compatibility, and give me a package manager and multiple desktop workspaces already! >:O
  
  --
  Let q be a radix > 1. I am in ur base-q, killing 10 d00ds.
17. Re:Remind me again by rhendershot · 2009-05-24 04:16 · Score: 1
  
  Really good points and I'd mod you up if I could.
  Bastardizing DOS to take their OS offerings to the next level (eg. compete with Apple Mac and IBM OS/2) was probably the *worst* choice in computer history.
  I'd phrase this a little more strongly than you; Windows (including Vista) goes brain-dead without extensions. I find linux from recent distro releases to handle it pretty well. Most of the time my experience is that files move across my home LAN and are properly identified regardless of their source and naming. While anecdotal, "Most of the time" is better than on Windows. I can't say about OSX (but did not enjoy the experience of file handling and maintenance on OSX8 and 9. ;)
  I think the future is in files identifying their mime type and presume that mime types gain stronger standardization.
18. Re:Remind me again by speedtux · 2009-05-24 15:38 · Score: 1
  
  Despite what a lot of the morons in Slashdot think, Microsoft does listen to people's complaints.
  And it only took... 20 years. And they don't listen to "people", they listen to bad press.
Just be sure.... by gjyoung · 2009-05-23 09:35 · Score: 0

"install security software, update it by retrieving the latest definition file on another computer, and transferring that update to the new system, then running a full antivirus scan.""
And be sure not to use an infected thumb drive m'kay?
3? by Anonymous Coward · 2009-05-23 09:38 · Score: 5, Funny

Autorun worm, Windows...thats only 2...where is the third malware item?
1. Re:3? by gringofrijolero · 2009-05-23 10:31 · Score: 1
  
  In the chip..
  
  --
  Todos mis movimientos están friamente calculados
2. Re:3? by n0tquitesane · 2009-05-23 22:11 · Score: 1
  
  BonziBuddy
Nothing new... by Anonymous Coward · 2009-05-23 09:40 · Score: 0

"Malware on a Windows machine" is a tautology and a Slashdot headline.
Slashdot, it has become what IT is.
Obligatory... by npoczynek · 2009-05-23 09:41 · Score: 3, Informative

Wouldn't have happened if they had ordered that netbook with Linux pre-installed!
1. Re:Obligatory... by AceofSpades19 · 2009-05-23 12:43 · Score: 2, Informative
  
  I don't know of any linux distro that has auto-run, so its pretty unlikely that that would happen
2. Re:Obligatory... by noidentity · 2009-05-23 13:53 · Score: 1
  
  Wouldn't have happened if they had ordered that netbook with Linux pre-installed!
  Yeah, but the user might accidently follow the instructions in the file "malware", which ask that he execute "rm -rf *".
3. Re:Obligatory... by n0tquitesane · 2009-05-23 22:16 · Score: 1
  
  Autorun, hell. Have you tried running a virus under linux? I gave up after two days, damm things will not run.
Redundant headline? by noidentity · 2009-05-23 09:45 · Score: 2, Funny

Malware Found On Brand-New Windows Netbook
You repeat yourself.
1. Re:Redundant headline? by Anonymous Coward · 2009-05-23 09:50 · Score: 0, Troll
  
  HURRRRRRRRRRRRRRRRRR what a funny and original joke!!
2. Re:Redundant headline? by icannotthinkofaname · 2009-05-23 19:18 · Score: 0, Troll
  
  Clearly, it was. After all, it got a +5 score, with the "Funny" adjective attached. To the moderators, it must have been as funny as you describe.
  
  --
  Let q be a radix > 1. I am in ur base-q, killing 10 d00ds.
Why Laptops with windows at all? by Anonymous Coward · 2009-05-23 09:46 · Score: 0

If I buy a laptops I use them for work and learning, so they naturally run linux.
why would I want to buy a laptop for gaming and put windows on it?
makes no sense.
probably engineers with their cad programms but there are alternatives coming out on linux too, software is slowly migrating so linux version are most commonly availble, or a very good alternative
manual driver installs? by Timberfox · 2009-05-23 09:48 · Score: 1, Insightful

i would figure that a company who produces that many computers would be imaging each hardrive from some master or something, not hap hazzardly using a random virus filled thumb drive.
False sense of security by Len · 2009-05-23 09:50 · Score: 4, Insightful

Devices with any OS can come with malware. Even iPods and picture frames have been shipped with malware pre-installed. There's nothing magic about Linux, other than its ability to suppress the geek skepticism reflex.
1. Re:False sense of security by Anonymous Coward · 2009-05-23 10:05 · Score: 0
  
  Devices with any OS can come with malware. Even iPods [sophos.com] and picture frames [securityfocus.com] have been shipped with malware pre-installed. There's nothing magic about Linux, other than its ability to suppress the geek skepticism reflex.
  Reference please?
2. Re:False sense of security by Laser_iCE · 2009-05-23 10:26 · Score: 0
  
  Huh? He's given two. Or do you mean a reference to the suppression of the geek skepticism reflex?
3. Re:False sense of security by Sir_Lewk · 2009-05-23 10:28 · Score: 0, Troll
  
  Those iPods and picture frames shipped with Windows malware on them. Who really gives a crap if your linux netbook comes with windows malware on it? It's not like you are going to be mounting your netbook on a windows computer and having it autorun some nasty shit.
  Hell, even if the linux netbook came with linux malware preinstalled I don't think I'd be mad, just impressed.... ;)
  
  --
  "linux is just DOS with a UNIX like syntax" -- Galactic Dominator (944134)
4. Re:False sense of security by colinrichardday · 2009-05-23 10:34 · Score: 1
  
  But what of OSes without devices, such as a typical Linux DVD?
5. Re:False sense of security by Len · 2009-05-23 10:59 · Score: 1
  
  If the malware is installed at the point of manufacture, it can easily be tailored for whatever device it's installed on. It's trivial to write malware for Linux when it can be installed to run as root at boot time! Even I can do that, and I'm a Windows programmer. :-)
6. Re:False sense of security by Lord+Bitman · 2009-05-23 11:01 · Score: 1
  
  it's targeted at windows because of market share. If you're being told "run this executable", and you do it, it doesn't matter if it hides its results in C:\WINDOWS\system.dll or in /home/acoward/.bashrc
  
  --
  -- 'The' Lord and Master Bitman On High, Master Of All
7. Re:False sense of security by rliden · 2009-05-23 11:04 · Score: 0, Troll
  
  You have to be shitting me right? These posts are exactly why I wish this was the year of the linux desktop. If linux had a majority of the desktop market don't think for one moment that it wouldn't see targeted attacks. The source of the malware is banking on the widest user base. They don't give one shit what OS you're running. If the user base numbers were reversed it would be linux malware on those devices not windows.
  
  --
  Don't think of it as a flame, more like an argument that does 3d6 fire damage.
8. Re:False sense of security by Sir_Lewk · 2009-05-23 11:09 · Score: 1
  
  I'm very sceptical that these infections are intentional. Don't attribute to malice that which can be adequately explained by stupidity.
  
  --
  "linux is just DOS with a UNIX like syntax" -- Galactic Dominator (944134)
9. Re:False sense of security by Sir_Lewk · 2009-05-23 11:13 · Score: 4, Insightful
  
  The main difference is the vast difference in security practices between the two platforms. The only reason malware on ipods and photo frames is dangerous is because windows by default thinks that it's clever to auto-execute code off of external devices.
  
  --
  "linux is just DOS with a UNIX like syntax" -- Galactic Dominator (944134)
10. Re:False sense of security by Anonymous Coward · 2009-05-23 11:15 · Score: 0
  
  But what of OSes without devices, such as a typical Linux DVD?
  Ow... I think I just sprained something...
11. Re:False sense of security by LaskoVortex · 2009-05-23 11:21 · Score: 1, Insightful
  
  Huh? He's given two. Or do you mean a reference to the suppression of the geek skepticism reflex?
  You are pretending to be dumb. But, in case you aren't: Yes. The parent post grouped Linux in with picture frames in terms of vulnerability but didn't give a reference specific to Linux. That's like saying that your favorite operating system sucks and giving examples of two *other* shitty operating systems as evidence. Actually, that's not like what he did. That is what he did.
  
  --
  Just callin' it like I see it.
12. Re:False sense of security by colinrichardday · 2009-05-23 11:31 · Score: 1
  
  Sorry. I presume that you will install the DVD onto a computer. But you can reformat/erase the hard drive during installation, so as long as the DVD had no malware, you should be OK.
13. Re:False sense of security by LaskoVortex · 2009-05-23 11:37 · Score: 1
  
  They don't give one shit what OS you're running. If the user base numbers were reversed it would be linux malware on those devices not windows.
  You are wrong. Of course you can't prove you are right and I can't prove that you are wrong, but trust me when I tell you that you are wrong. Here's why:
  From my experience, windows loves everything to be run as root (or admin, or whatever it's called). I can't mount a samba drive without being root. I can't install an sftp program without being root. But on OS X, you can do both at the level of an unprivileged user. Now, what are you going to do as Joe stupid user? You are going to make yourself root (or admin, or whatever it's called) so that you can actually get some work done.
  This is why both Linux and OS X are more secure. Both have a mechanism for on-the-fly administrative authentication and they only require root level permissions for actions that fundamentally *need* root level permissions (startup scripts, for example). If you are in the gui for OS X and Linux, you are given prompts for your password. If you like, you can take it to the command line and use sudo. Windows doesn't have sudo. It has log-out-and-log-in-as-admin instead.
  Now, I haven't used vista, so maybe it's changed from XP. But I'm guessing that MS is too busy putting the shiny into Aero (or whatever eye candy is the latest-greatest) to actually focus on the interplay of usability and security. And I'm betting that it will be a cold day in hell before manufacturers don't just log in as admin and tweak their distributions, thus exposing the distribution to unintended infection. The fact that admin is the *default* account on windows and doesn't ask for authentication (as of XP) exacerbates the issue.
  In short: MS does not focus on security and they especially do not think about the fact that usability and security are intricately related. And that's why I haven't used windows in over 10 years.
  
  --
  Just callin' it like I see it.
14. Re:False sense of security by Anonymous Coward · 2009-05-23 12:18 · Score: 0
  
  That executable would still not be able to do any real damage on UNIX-like systems, where it would not have any administrative privileges. Windows isn't susceptible to malware solely because of popularity--it's because its security model is inherently flawed. In fact, if a Linux executable were found on some external storage device, you wouldn't even be able to run it without some geek know-how. That's because UNIX requires the execute bit to be set for the file on the filesystem level in order to know that something is an executable, and this bit doesn't exist on the non-UNIX FAT filesystem used in more storage devices.
  To summarize, you and your grandparents are both wrong and wholly misinformed.
15. Re:False sense of security by Anonymous Coward · 2009-05-23 12:33 · Score: 0
  
  The manager who approved the concept of autorun devices for purposes other than booting, needs to spend a little time in an ass-rape state pen, giving blow-jobs for cash. Just so he can learn exactly how that feels.
  Of course if he/she actually likes that stuff, fed super-max where there's not chance of that happing would be a good alternative.
16. Re:False sense of security by jonaskoelker · 2009-05-23 15:41 · Score: 1
  
  Even iPods [...] have been shipped with malware pre-installed.
  As the iPod marketing campaign leader*, I have to take offense.
  The iPod doesn't ship with "mal"ware. It ships with a friendly software agent which makes sure the musicians and artists get paid what they deserve. You love art, don't you? You don't want the artists to starve, do you?
  You call it malware. we call it Delivering Revenue to Musicians, or "DRM" for short.
  (* statistics and benchmarks were in short supply, so I lied a little instead.)
17. Re:False sense of security by icannotthinkofaname · 2009-05-23 17:39 · Score: 3, Insightful
  
  And then it would be "News for nerds," instead of, "Microsoft bashing session for nerds."
  
  --
  Let q be a radix > 1. I am in ur base-q, killing 10 d00ds.
18. Re:False sense of security by spongman · 2009-05-23 19:57 · Score: 1
  
  the infections are intentional - the viruses didn't write themselves...
19. Re:False sense of security by Philip_the_physicist · 2009-05-23 20:06 · Score: 1
  
  If it were the year of Linux on the Desktop, then we would see people using proper file systems on more storage devices, and so items would have the execute bit set. Also, some distros simply offer a prompt to choose whether to execute or display a file from a FAT device. Also remember that a desktop file is just a shell script with an arbitrary name and icon, and so social engineering wouldn't be too hard with all the ordinary lusers using Linux as well.
20. Re:False sense of security by rliden · 2009-05-24 02:56 · Score: 1
  
  Those are pre-installed factory set devices. If you can't have some level of trust between your device and the factory then you're screwed anyway regardless of the OS. If you install a hardrive with a root kit preinstalled in it you're screwed. No one is going to say, oh shit well the hard drive shouldn't have auto discovered.
  It's not just Windows users that want things to just work when they're plugged in. If I have a photo frame or iPod and I plug it in I want it to work. There is going to be code executed on those devices so they function. It's not an end users fault nor the OSs fault if someone has gone in an pre-configured the system so that malware is fully functional.
  My point is, and I do think it still stands, troll mod or not, that when malware is installed at the factory it doesn't matter what OS you run. The majority market share OS, at this point, happens to be Windows, but if it was OSX or linux or anything else, those users would be screwed as well; and that people resting on the pillar of SUDO for security are in for a rude awakening.
  
  --
  Don't think of it as a flame, more like an argument that does 3d6 fire damage.
21. Re:False sense of security by rhendershot · 2009-05-24 05:05 · Score: 1
  
  Like Underwriter's Laboratory, a certification to the buyer that their product is infection free could provide the buyer some recourse and some confidence. This is one of those areas that few like to admit are resonant with Federal power but I think this is critical in the consumer computer market. There's a bit of purchasing stasis due, currently, to consumer confidence.
  Finding a pre-infection on new Windows gear is not helpful.
  Even for the low-margin picture frame, I'd assert there should be a guarantee through an accrediting body like the UL.
  The magic of linux is that you don't get it from one-source like Microsoft. Even Fedora has viable competitors. If you chose you could use a hardened version. Or you could even build from source only on a hardened machine. While what you say is true it is not helpful; The *vendor* of those *devices* propagated the infection. (Hi Velma! ;)
  And your assertion that any device can transport infections is true but does not go far enough. It perfectly highlights the need for an infrastructure integration proving ground just like the UL. Nothing about the OS is relevant because it's the vendors' processes that are compromised.
22. Re:False sense of security by Sir_Lewk · 2009-05-24 08:44 · Score: 1
  
  No shit Sherlock. But $100 says that virus was a virus that was already in the wild and, through distribution mechanisms built into it, out of chance managed to infect those systems. The likelyhood of that happening with linux systems is extremely small in absense of certain OS "features" such as autorun.
  
  --
  "linux is just DOS with a UNIX like syntax" -- Galactic Dominator (944134)
23. Re:False sense of security by Anonymous Coward · 2009-05-25 00:20 · Score: 0
  
  Why the Hell was this modded "Troll"? It was quite informative! Do Windows defenders really have so much difficulty accepting some basic facts?
redundant story? by commodoresloat · 2009-05-23 09:59 · Score: 1

Why is this news? Don't we expect windows to be found on any brand new windows netbook?
1. Re:redundant story? by Anonymous Coward · 2009-05-24 07:46 · Score: 0
  
  You're a fucking idiot.
Uh, what the... ? by c · 2009-05-23 10:06 · Score: 2, Interesting

"transferring that update to the new system, then running a full antivirus scan."
I guess I've been out of the Microsoft ecosystem for a long, long time... is it now common practice to run AV scans in a probably compromised environment? Or are malware authors so lazy these days that they can't even bother to write code which breaks any installed AV software?
c.

--
Log in or piss off.
Everything's relative by Rick+Zeman · 2009-05-23 10:12 · Score: 1

Hmm, this manages to put my bloated Safari 4 install into a much better perspective. :-)
I didn't get any malware by Provocateur · 2009-05-23 10:17 · Score: 4, Funny

so I am returning mine. Why do THEY get all the good stuff?? You mean I have to go ONLINE and download this 'malware' myself?? And they get 3 out of the box!
DON'T even THINK about making me pay for shipping the return!!

--
WARNING: Smartphones have side effects--most of them undocumented.
Chicken or the egg? by Anonymous Coward · 2009-05-23 10:20 · Score: 0

So then. To set up a new pc, the anti-virus and definitions need to be downloaded on an existing and already secured PC.
Which presumably in turn was set up from an already secure pc, and so on and so forth...dilemma!
Odds are the first ever PC to be connected to the net had its antivirus handcoded and primed before it was connected, allowing its "secure" wonderfullness to be passed down from generation to generation..
No... by indy_Muad'Dib · 2009-05-23 10:25 · Score: 1

the best thing to do is a wipe with DBAN then virgin install with a non OEM crapware filled copy of windows. or throw your favorite copy of *nix on there.
Buy our shit, seriously! by billcopc · 2009-05-23 10:29 · Score: 4, Insightful

Kaspersky releases "news" article about their virus scanner saving the day, while casting doubt on all PC vendors. Solution: Buy our shit!
I don't care whether it's malware, weapons of mass destruction, or kiddie porn. It's all baseless fear-mongering to push corporate or political influence, in the end it's all just money.
What they of course fail to highlight is the fact that the solution is neither effective nor guaranteed to work. Kaspersky's scanner, like any scanner, cannot catch all malware, just like Bush couldn't (wouldn't?) catch OBL. Perhaps worse is the high rate of false positives, such as when your virus scanner mistakenly recognizes a Linux ISO as a boot sector virus, or your republican mistakenly recognizes a Linux hacker as an islamic terrorist. Bullshit all around!

--
-Billco, Fnarg.com
1. Re:Buy our shit, seriously! by artor3 · 2009-05-23 11:17 · Score: 1
  
  Is there a corollary to Godwin's Law for comparing people to Bush? 'Cause finding malware on a Windows computer is a hell of a lot more likely than finding WMDs in Iraq.
2. Re:Buy our shit, seriously! by X0563511 · 2009-05-23 18:31 · Score: 1
  
  Tt risk of being boo'ed at, I think Godwin's Law directly transfers to Bush references :P
  
  --
  For large sets, this will be our guide even unto death, for the LORD will work for each type of data it is applied to...
To ensure that a new PC is malware-free... by John+Hasler · 2009-05-23 10:31 · Score: 1

...wipe it and install a new OS. There are several available. They are quite inexpensive. In fact, they are Free.

--
Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
1. Re:To ensure that a new PC is malware-free... by Culture20 · 2009-05-23 12:53 · Score: 1
  
  Or at least take out the drive and scan it as an external drive in a known-good computer. Kaspersky's recommendation of using a scanner on the local OS is silly.
2. Re:To ensure that a new PC is malware-free... by shentino · 2009-05-23 18:49 · Score: 1
  
  What should be happening is that customers who get malware infested laptops should get a refund, AND that the OEM asshats who produced them should get dinged for damages.
  I would consider this a classic opportunity to apply product liability, and I would consider preinstalled malware as a defect.
WoW on a netbook? by LunarEffect · 2009-05-23 10:40 · Score: 1

Would you actually be able to run WoW on this netbook? I mean, 1.6ghz and 1gb ram is pushing it a bit, no?
1. Re:WoW on a netbook? by Tigersmind · 2009-05-23 10:52 · Score: 1
  
  There is a video on youtube of someone doing it. It ran, laggy but you could grind in the world a bit or just check on things if needed in game.
2. Re:WoW on a netbook? by Shados · 2009-05-23 15:29 · Score: 1
  
  It will, if poorly, though that depends on your definition of a netbook. It probably runs ok on a Sony P Series, but do you consider that a netbook? Thats a bit borderline.
3. Re:WoW on a netbook? by spongman · 2009-05-23 20:05 · Score: 1
  
  no, but by the time you'd found that out your account would have been stolen. so you wouldn't be doing it again anyway...
4. Re:WoW on a netbook? by toddestan · 2009-05-24 05:12 · Score: 1
  
  The requirements for WOW aren't really all that demanding anymore by 2009 standards. I remember running it on an Athlon XP 1700+ with 512MB of ram. Probably the biggest problem with trying to run it on a netbook would be the lack of a decent graphics chipset, though that would be offset somewhat by the fact that most netbooks have low resolution screens.
Virus really such a threat? by DaveGod · 2009-05-23 10:47 · Score: 1

How prevalent are viruses really? I've never had one in 16 years of Windows, at least 10 of which the PC's regularly been connected to the internet. Not even at the office, where we have about 80 machines with each one restoring data from a client at least once a week.
I've only once seen a friend/family have an infection (more on that later), though admittedly some of them wouldn't know unless it was crippling. On the other hand there was a couple of years into XP where malware, mostly the odd toolbar, was not uncommon, but I hardly see that anymore unless you count google and yahoo.
I play games, use forums, download stuff, don't take any particular precautions bar free firewall and anti-virus software. I do keep windows up to date and I don't pirate anything though, and I only used an email client (Thunderbird) for about a year, when I had a good junk filter (the only time my AV has had a positive it was in that junk folder).
I do recall I was once temporarily renting a room and I cleared out the landlady's laptop which was utterly infested (though, it turned out it was her boyfriends, he was working overseas). I'll chalk that one down to the user though since a short time later she found MSN, it logged into her boyfriend's account automatically and she was bombarded with his numerous girl and boyfriends asking if he could sneak off to the usual place at say 9 for a quickie? I told her it could be fake, generated by the viruses, but she had pretended to be him, they were clearly real people in the local area who knew him personally. We had several conversations about that but she was still too embarrassed to say what she found in the browser history. She was really something and that little episode nearly worked out very well for me, but, well it was all too likely that he had done to her what he had done to the laptop so I wasn't going to plug in my equipment.
1. Re:Virus really such a threat? by Anonymous Coward · 2009-05-23 11:03 · Score: 0
  
  Ewww. Mod parent
2. Re:Virus really such a threat? by Gary+Perkins · 2009-05-23 11:16 · Score: 1
  
  How prevalent are viruses really? I've never had one in 16 years of Windows, at least 10 of which the PC's regularly been connected to the internet. Not even at the office, where we have about 80 machines with each one restoring data from a client at least once a week.
  I've rarely had a worm or virus myself, but years ago my wife and I only had one computer directly connected to the internet. It was her computer, and we were starting out, so didn't have a router yet, and I was working 50+ hours and busy getting ready for the newborn, and didn't pay much attention to the computer for the first month. Lo and behold, she comes to me one day complaining about popups and usability issues. The thing was completely infested. Must have had ten instances of viruses and worms. Come to find out she was downloading free games and utilities, and didn't know which tools to trust like we do. She had never applied a patch to Windows. It probably took me about a half a day to clean it up. As long as you don't download anything stupid, and stay behind a firewall on a patched system, you probably never will encounter any serious threats.
3. Re:Virus really such a threat? by Anonymous Coward · 2009-05-23 12:26 · Score: 1, Informative
  
  In my experience, the majority of viruses are PEBKAC related, and usually caused by the dancing bunnies problem, which no OS maker can really fix unless the PC is locked down like a console.
  I have seen malware come on USB flash drives, but if a system is running a decent antivirus program, it usually will get caught before it has a chance to execute. However, running gpedit.msc and disabling autorun and autoplay completely is the best matter of course.
  IMHO, there are four main sources of malware:
  1: Machine is exposed on the Internet and hit by an active remote root attack.
  2: Dancingbunnies.wmv .exe (with a good amount of spaces between the .wmv and the .exe.)
  3: A hole in the Web browser or a plugin. This is why I highly recommend Firefox/Adblock/NoScript.
  4: autorun.inf tomfoolery on either a CD or removable media.
  #1 can be cleared up by a hardware firewall, or even the OS's firewall with no exceptions if on a laptop on public wireless. #3 can be mitigated by running the Web browser as a user in a VM. #4 can be disabled with registry entries and a profile entry (assuming a version of Windows where profiles work -- Vista Home and XP home, one will have to hit the Registry directly). Which leaves #2, and this is basically dealt with by user education.
4. Re:Virus really such a threat? by jimicus · 2009-05-23 21:33 · Score: 1
  
  Viruses in the original almost invisible file-infector sense of the word are, IMO, virtually extinct.
  The word has become an umbrella term referring to almost any sort of malware you can think of - trojans, worms, rootkits, the works. And most of those today spread through one of a couple of mechanisms:
  1. Fake banner ads on sites. "Your PC is slow, click here to speed it up!", "You are our 1,000,000th visitor, click here to claim your prize".
  2. Emailed attachments (though these are becoming less common as more ISPs and mail providers like hotmail are starting to filter email) containing "LEsbianPorn.jpg.exe" or somesuch.
  3. Sites with some sort of browser hack script running which hijacks the computer as soon as you visit it.
  Note that none of these intrinsically requires Windows in order to work. (1) just requires gullible users, (2) requires a gullible user and - optionally - a badly written email client, (3) requires a web browser with a suitable exploit.
5. Re:Virus really such a threat? by wintermute000 · 2009-05-24 00:17 · Score: 1
  
  It only takes one occasion to do damage potentially.
  I have a colleague who's only gotten a virus once in 20+ years of working in IT.
  Of course that particular virus/trojan whatever turned out to keylog his internet banking pw and he had his account drained.
  he is ultra security paranoid now and even forbids his kids to install anything before he runs it through three different scanners
True user experience by Anonymous Coward · 2009-05-23 11:14 · Score: 1, Funny

Well, the factory clearly provides a superior level of service. Users can get the true Windows Experience right out of the box.
Re:All signed also insecure by Anonymous Coward · 2009-05-23 12:07 · Score: 0

All signed apps would also be insecure as it only takes one app with a security bug for someone to get in.
So you'd have the restrictions of requiring signed apps (few apps, more cost, more hassle) plus
still have security problems...
Common practice? by alizard · 2009-05-23 13:11 · Score: 1

1. Yes, it is, most users don't know any better.
2. Malware writers do indeed write code targeting AV software. But not all of them.

--
Tech Public Policy stuff
1. Re:Common practice? by X0563511 · 2009-05-23 18:29 · Score: 1
  
  ... which leads to a computer version of MRSI. Once all the stupid malware is gone, the "good" stuff is all that's left.
  
  --
  For large sets, this will be our guide even unto death, for the LORD will work for each type of data it is applied to...
My Solution by The+MAZZTer · 2009-05-23 14:22 · Score: 1

When purchasing a new computer, wipe the drive. This has the added bonus of getting rid of bundleware, too, and sets it up nice for Linux! Well you can install Windows if you really want to. If your computer didn't come with an original Windows install disc, download and burn one (thanks bittorrent!). Hey, you bought Windows anyway with the computer, might as well get what you paid for.
1. Re:My Solution by Anonymous Coward · 2009-05-24 09:18 · Score: 0
  
  heterosexuals don't want faggot turd sucking fag linux on their machine. they want software that works and works without a bunch of drama unlike the fag whore linux. you have to fuck with linux to even get minor results out of it. no one wants that. it doesn't work out of the box. it sucks ass and you probably do to. linux bitch. rms wants to fuck you in the ass for your faggot shit.
What ought to happen by Animats · 2009-05-23 16:31 · Score: 3, Insightful

Recall Alert
U.S. Consumer Product Safety Commission
Office of Information and Public Affairs
Washington, DC 20207
May 23, 2009
Alert #09-993
M&A Companion Touch
The following product safety recall was voluntarily conducted by the firm in cooperation with the CPSC. Consumers should stop using the product immediately unless otherwise instructed.
Name of Product: "Companion Touch" notebook computer
Units: About 9,000
Distributor: M&A

Hazard: The laptop computer may have pre-installed hostile software (a "virus" or "worm") which could result in the unauthorized transmission of private user data, including bank account numbers and passwords, to a remote site.
Incidents/Injuries: None reported.
Remedy: Immediately stop using the device and return it to the point of sale for replacement. If bank account or credit card information has at any time been stored on the device, contact your bank and credit card providers to check for fraud and identity theft.
If computer security is to be taken seriously, such actions are essential.
kdawsonfud by El+Lobo · 2009-05-23 20:34 · Score: 1

Now, I know you are trolling, but so is our old friend kdawson ("for a change"). Really if I'm a seller of netbooks with Linuzz pre-installed, I could easily preinstall a rootkit on it as well. The only difference would be that there would not be any Kaspersky there to tell me about it.

--
It's time to realise that Abble's products are the biggest abomination these days. Just say NO to the dumb iAbble way!!
Even simplier by yacc143 · 2009-05-23 20:45 · Score: 1

Check the signature of your Linux image before installing it on the netbook.
While in theory the current crop of netbooks is capable of running Windows XP,
Windows XP is all but optimized for this weak hardware.
Linux distributions, OTOH, do take the User Interface limitations seriously.
Plus, netbooks are not capable to do gaming. Here goes the #1 reason why people still run Windows.
Netbooks are not used, usually yet, in Enterprises. Here goes the #2 reason (legacy WinXP software).
And for the intended use "surfing, mailing, chatting, perhaps a little text processing", modern Linux distributions bring all tools on board.
You need to install from scratch. by Colin+Smith · 2009-05-23 22:20 · Score: 1

If you haven't, you've handed your bank and credit card details over to the guy who did.

--
Deleted
The good old days by Anonymous Coward · 2009-05-23 23:13 · Score: 0

I remember buying a Packard Bell computer in like 96-97. It came with lots of software bundled. First thing i did was doing an antivirus scan with the bundled antivirus software (i think it was some macafee thing-y) and it found virus on the computer - in the game fifa'97 to be exact. So i did the only right thing: installed linux.
re:Right...... by wintermute000 · 2009-05-24 00:04 · Score: 1

You're PPP????
network (read:cisco) tech (ducks head).
of course I jest
Re-format and re-install by amn108 · 2009-05-24 00:52 · Score: 1

To ensure that a new PC is malware-free, [Kaspersky] recommended that before users connect the machine to the Internet, they install security software, update it by retrieving the latest definition file on another computer, and transferring that update to the new system, then running a full antivirus scan.
No, what users should do is re-format and re-install.
Hmmm by Lost+Penguin · 2009-05-24 03:03 · Score: 1

Some malware comes pre-infected with Windows.

http://fedoraproject.org/wiki/Releases/11/Schedule

--
I am the unwilling control for my Origin.
Re: learn the basics by rhendershot · 2009-05-24 03:43 · Score: 1

Car and Camera analogies. cool....
If your tire goes flat on your car you don't waste any time with the fix. You do it yourself or you find someone who has the needed skills and availability. Note Availability. You can find that expertise in a lot of ways and the problem might be more along the lines of finding immediate communications than of finding the expertise.
That's not so different from the situation with the camera since, if you want to use it, you find someone to fix it.
Your computer is more like a drippy faucet. If you don't mind the ugly sounds and unappeasing smells it makes then you can just go on ignoring it. No matter the wife can't sleep due to the drip...drip...drip....drip.
It doesn't seem to me that forcing a user to install h/er OS would provide anything in terms of security consciousness. What it *could* do is provide a clean baseline that is certifiably infection-free. Useful if you need to reinstall. Critical if your "recovery media" are infected. That whole idea of a "clean baseline" would, however, contribute to security consciousness.
OEMs should be required to provide certified-infection-free products.
So should car vendors, but that's another rant ;)
Re:Microsoft does listen to people's complaints by rhendershot · 2009-05-24 04:41 · Score: 1

I'd be way happier with the latter two. Not concerned if Windows is open source. But real virtual desktops and a package manager are critical. Virtual desktops because, as anyone who uses them knows, they are just wickedly useful.
The Package Manager is the place where most infections occur on Windows. If only MSPackageInstaller process had permissions to install programs (eg place an executable binary into Path) **and the social-engineering of UAC were replaced** then a real authentication provides credentials to install. **and fix Windows' obsolescent reliance on three file description characters** then a more transportable and peer-reviewed association to executive.
Well, this particular part of it all has been working well outside of Windows for a long time now.
I dislike Ubuntu for relying on sudo credentials. I want to change the system on Ubuntu and my own password are required. On Fedora, they still require, my *root* password is to be supplied. I prefer that so that anyone with connection access has two levels of authentication.
But still, these are critical areas that Windows 7 do not address.
Acer laptops too.... nothing to see here. by Anonymous Coward · 2009-05-24 05:06 · Score: 0

Where's the news item? I bought some months ago a EUR 600 Vista laptop from Acer just to find out to my disappointment it contained 2 viruses middle of its own bloatware.
The nice was searching up the model number on the Net: it turned out to be well known that the entire model line of those Acer notebooks had those viruses spread worldwide..
It's just gross flaws in the business of certain vendors.
Monoculutures - we salute you by j_w_d · 2009-05-24 11:41 · Score: 1

The chief reason monocultures are a threat is that they represent a point source of failure. A single worm or trojan targeted at a weakness on a ubiquitous piece of software can take down every system exposed to it. If only a third of the systems exposed to a threat are vulnerable, the toxicity - so to speak - of the threat is far less. It is fairly obvious that no OS presents absolute security. The first Internet worm after all ran on Unix systems. Linux also has its hazards otherwise we would not have chkrootkit installed and running periodically.

Microsoft, though, is far and away the easy target because it IS the big target out there. We who adhere to OS's with lower target cross-sections salute your bravery and also thank you for volunteering to take point.

There are other targets of opportunity for black hats though, including Apache, Java, Flash and other utilities that are potentially more widespread than Windows, since they run on multiple OSs. However, the creators of cracks for these systems still seem to expect that the underlying OS will be Windows. So again, we thank you for being the proud targets you are.

--
------ The only greater hazard to your liberty than n politicians is n+1 politicians.
Linux's magic by speedtux · 2009-05-24 12:34 · Score: 1

There's nothing magic about Linux, other than its ability to suppress the geek skepticism reflex.
There's quite a bit of magic, actually, and it's the Linux's "app store", aka package management system. People just don't download and install software from anywhere, they install software through package managers. Software installed through package managers is configured, tested, and signed by the distribution maintainer. And those people seem to be doing a good job keeping malware off the machines.
Um.. "DUH" ? by Anonymous Coward · 2009-05-24 17:10 · Score: 0

To most people who aren't drooling idiots, paid shills, or fools that have hitched their wagon to MS, Windows *IS* malware.
Therefore, *by definition* every machine automatically has the malware "Windows" on it.