Slashdot Mirror
Malware Found On Brand-New Windows Netbook
An anonymous reader alerts us to an interesting development that Kaspersky Labs stumbled across. They purchased a new M&A Companion Touch netbook in order to test a new anti-virus product targeted at the netbook segment, and discovered three pieces of malware on the factory-sealed netbook. A little sleuthing turned up the likely infection scenario — at the factory, someone was updating Intel drivers using a USB flash drive that was infected with a variant of the AutoRun worm. "Installed along with the worm was a rootkit and a password stealer that harvests log-in credentials for online games such as World of Warcraft. ... To ensure that a new PC is malware-free, [Kaspersky] recommended that before users connect the machine to the Internet, they install security software, update it by retrieving the latest definition file on another computer, and transferring that update to the new system, then running a full antivirus scan."
You could always reformat the darned thing from scratch using a known-good version of whatever OS you're going to be using.
Honestly, ever since Vista became the de-facto OS shipped with new computers, I've been doing that, anyway.
Kythe
Start with IIS 6 and that isn't really true anymore. It is widely accepted by those without a bias that IIS 6 is as good as equivalent Apache releases (when properly configured, of course).
That's irrelevant to the point I was making though, which is that popularity is not the only thing that matters where security is concerned.
Do you really think having to write software on 3 different systems will result in less malware? Do you think companies will double the development staff to accommodate the differences in systems? I think a 33/33/33 split would make software companies have to support more variances, but probably not do any as well as they do now.
This is an interesting point, but in the old days, software companies supported Commodore, Apple, IBM, Atari, etc. The reality of the situation is that for most big software companies, the number of programmers they have is only vaguely related to the income they generate from their software. A single programmer can write code that generates millions of dollars if you can get people to pay for it. So most companies are going to do a cost/benefit analysis: is it worth it to port my software to X system? If there are millions of users on that system, the answer is probably yes. Most major software already runs on both Macintosh and Windows, and OSX only has about 10% of the marketshare. I see no reason they wouldn't write for all three systems in many cases (although I admit I would be happy to leave Windows out, since it's relatively a pain to write for).
do you really think a Windows user that has just "clicks thru" wouldn't do the same on Linux (or type sudo first or whatever the equivalent is on OSX)?
This is a good question, and you are probably right, but the security model in OSX is a lot more clear, so it would be easier to teach users, "If you have to type in your password, something bad might happen!" On OSX application installation is just a matter of drag and drop, normally there is no need to type in your password, so if you do have to, then you really need to think about what you're doing.
Qxe4
First, the autorun worm was absurdly difficult to remove. The larger the organization the more likely it is to stick around.
Second, have you ever built a corporate or OEM OS image before? Using a usb drive to install drivers is not only likely, it's practical.
The way modern mass-images work is as follows: you have your technician machine, upon which you build the custom tools to incorporate into the image - this would be scripting software packages, customizing settings, etc. Then you have your build machine - this is a clean machine with a fresh OS install on it. You then customize that machine exactly the way you want it, installing custom packages, add all the drivers for all the machines in your product lineup (be sure to include a script to remove the unneeded drivers post-sysprep!), and reseal it to OEM spec with sysprep (which calls any necessary post-build scripts).
Now, you test, test, test, and test to be sure it is good, and mass deploy it to all your hard drives that will be going into all your machines. Much of this does not have to be changed when new models are added, and with MS's newer tools a lot can simply be slipped in to the image itself without having to re-seal it. Very convenient. That also may be how this thing got in as well, who knows.
The breakdown here was on the final step: apparently nobody scanned the test machine for viruses/malware before deploying the image. I'm surprised only a few netbooks were hit, unless the others just haven't noticed yet, heh.
Security is mostly a superstition... Avoiding danger is no safer in the long run than outright exposure. - Helen Keller
Nor is it really news. The wife bought a Compaq some years ago. I cleaned it of malware, then in a few days, she complained of more. Did a "restore" from the restore partition. Malware restored itself along with the Windows OS. Imagine that....... OEM's are PAID to install crapware, and they are only to happy to accept the money.
"Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it." - Charlie Br
You haven't thought this through. It's pretty well accepted that a monoculture is bad for computer security. If you would like to discuss the issue, then I suggest you inform yourself on the research and arguments in the topic, and then you will be much better informed to make an insightful comment. Then we can talk.
Qxe4