Best Resource For Identifying Legit Applications?

bjb writes "While helping a somewhat computer illiterate person figure out a problem recently, they mentioned that PDF files had recently stopped working. Upon investigation I found something installed called 'PDF Suite.' Never having heard of it, I Googled it with 'malware' and other key words, but nothing turned up, though my suspicion remained (and was somewhat confirmed by WOT.) So my question is, where can you go to find out if something is legitimate? Because the person I'm helping is on a dial-up connection, downloading malware detection applications (and updates) is too heavy consider. And I don't maintain a USB stick with such apps, since I don't do this kind of thing very often. Where can you quickly find information?"

download.com

[martas]

and many other software download sites [claim to] thoroughly test submitted applications with antiviruses. in recent times i haven't downloaded any app from them that turned out to contain any sort of malware.

Re:download.com

[Saishuuheiki]

May be true, but not his question. His question is how do you tell if something you have is malware, not how to find something not malware.

Though theoretically you could see if it's on download.com...this can only prove that it isn't malware, not that it is

Re:download.com

[kalirion]

That might work if the application is infected by (known) malware. What if the application is itself the trojan, perhaps one that activates in the future so no one would have reported it yet? Unless someone has access to the source code and the time and inclination to look through it, how do you know it's safe?

Re:download.com

[martas]

good point, which is why i typically try to download relatively popular software, which is another thing such sites can help you determine.

Re:download.com

[Kurrel]

By testing it in a sandbox, of course! Here's a super-nifty free binary analyzer that runs in your browser: http://anubis.iseclab.org/

Re:download.com

[Anachragnome]

The first application I tried could not be analyzed due to it being a 15mb file (Aura Free Video Converter) as the Anubis site only allows files smaller them 8mb.

Interesting, but not very useful in the context of the OP, nor does it address the bandwidth limitation of a dial-up connection.

Re:download.com

I check with ninite.com or madgeeklab.com

Re:download.com

The same way you know your Linux kernel isn't back-doored, by getting the source and reviewing it line by line. Now where is that main function, I've got some work to do!

Re:download.com

[Cylix]

Uninstall them all and let God sort em out.

When I was ever called to sort some disaster of a mind fucked mess I wouldn't take prisoners. Usually, my first question was could I just re-image and generally this was a resounding no.

When you can't re-image you can only do the next best thing with next best thing results. Remove, scan and move on.

It's more like war time triage then anything else.

Sure, I feel somewhat bad they made it in the mess they did, but I can only personally do so much.

Re:download.com

[Keeper+Of+Keys]

He he heh! Now that my PDF reader is reasonably popular, I can switch on its backdoor functionality.

Re:download.com

[the_womble]

You are almost always safe assuming that if something is in the distro's repos it is legit and malware slipping through is very rare, even with obscure packages.

oh....

OK, then the best advice is that an OS without extensive repos provided by the vendor is not suitable for naive users, and you are wasting our time trying to fix the wrong problem.

Re:download.com

[somersault]

Though theoretically you could see if it's on download.com...this can only prove that it isn't malware, not that it is

Actually, it can only prove that the file hosted on download.com probably isn't a virus.. but it's very possible that other sites with the same software host a version of the file that has a trojan in the installer, or perhaps the developers of the application itself have decided to put in some unsavoury feature in the latest version, etc

Re:download.com

> Uninstall them all and let God sort em out.

Arnaud-Amaury, is that you?!

What is your OS?

[Kitkoan]

That will help in figuring out where to go.

Re:What is your OS?

Seen as "somewhat computer illiterate," read as "Windows."

Re:What is your OS?

[Kitkoan]

Seen as "somewhat computer illiterate," read as "Windows."

I know a lot of OSX users that fit that description.

Re:What is your OS?

[ColoBikerDude]

Seen as "somewhat computer illiterate," read as "Windows."

I know a lot of OSX users that fit that description.

The OP also said "dialup" and "malware" so I still read as "Windows." :)

Re:What is your OS?

Seen as "somewhat computer illiterate," read as "Windows."

OS X users suffer from using the search bar as the address bar just as much as Windows users. Also, have you ever tried instructing an OS X user on installing an app from a zipped .dmg file into the Apps folder?

It's not like OS X users are born knowing their UI/OS inside and out... or are they some kind of cult of the chosen few that I have successfully learned to infiltrate by learning to use a Mac despite my being born without instant OS X recall?

Re:What is your OS?

"Doubleclick it until it opens up a Finder window, and then drag the icon into the Application folder on the left hand side of the Finder window".

Re:What is your OS?

[e2d2]

Macs are dumbed down. So you gotta be smart to use them. Or something like that.

Re:What is your OS?

I know a lot of OSX users that fit that description.

And a quick check of Ubuntu Forums should convince anyone that Linux has long since joined the party. If posts on /. don't.

Re:What is your OS?

[OhHellWithIt]

"Doubleclick it until it opens up a Finder window, and then drag the icon into the Application folder on the left hand side of the Finder window".

Um, yeah. In December, my parents asked me to set up file sharing between Dad's Mac and Mom's PC, and the documentation on the Mac talked about a Finder window and some other stuff. I had to do a web search to learn how to decipher the MacSpeak. Intuitive, it's not. I sure was glad to go home to my Linux laptop.

Re:What is your OS?

[DJLuc1d]

Take the plunge. Assume, and I know this sounds crazy, but just for a moment assume that like 92% of people who have a computer, that it is a windows machine. That is one thing I am sick of people doing on help boards. First question is OS, next response is always 'windows' unless it is a mac forum. Stop answering a question with a question and actually try and help. And how exactly would this help someone determine what is malware ? Malware is malware, regardless of what version of windows you are running.

Re:What is your OS?

Eh, not even necessary. With the vast number of badware programs, a good theory to go with is "if you haven't heard of it personally, consider it badware until such time you've thoroughly researched it yourself".

Just like the legal system in a guilty until proven innocent sorta way.

Re:What is your OS?

[Kitkoan]

Malware is malware, regardless of what version of windows you are running.

Let me fix that for you.

Malware is malware, regardless of what OS your running.

And as for assuming anything, assumptions are where the biggest screw ups happen. If you just assume you know the problem with having little to no information to the problem then you are more likely to make a bigger problem. Lets assume then that we all give this person sites upon sites, a literal gold mine of sites for Windows machines. The person then spends hours upon hours combing through these sites and finds nothing. They then declare that everything listed was a complete waste of time, effort and use leaving them to assume that there is no such place that this information exists. The problem is they are the 6-8% of people using a Mac. And your assumption made this whole problem worse because they are still no closer to a solution for a place to learn this information but are now worse off thinking it's a lost cause. The question is also where to find legitimate software, not just ones that are malware. Maybe software that is free and not demanding money, or isn't known to conflict with other common software. Maybe they are worried that the site is hosting a pirated copy and not being noted. Or maybe the software is now abandoned and there are bigger better kinds like it.

Re:What is your OS?

[Kitkoan]

I know a lot of OSX users that fit that description.

And a quick check of Ubuntu Forums should convince anyone that Linux has long since joined the party. If posts on /. don't.

How is this a troll? He's right. Not everyone who uses Linux is a computer expert. Hell, when I started using Linux I was a beginner with Linux and just took a blind plunge. Wasn't hard with Ubuntu and thats why the forums are there, to help beginners and solve problems. It's the online FOSS version of Apple's Genius Bar in there stores and Microsoft store's Guru Bar. OSX and Linux are gaining speed with all users, not just the hardcore users.

Re:What is your OS?

[sbeckstead]

I don't see how this is funny. It is true at worst, a sad statement at best.

Re:What is your OS?

[spazdor]

"You're."

Re:What is your OS?

[Slur]

Please describe in nontechnical terms how to set up file-sharing on Linux.

Re:What is your OS?

[BobPaul]

On Ubuntu: Click "Places" at the top of the screen and then "Home". Find the folder you want to share (You know, the yellow picture of a paper folder that has movies in it?) and right click it. Click "Properties" on the menu that appears. Now click "Sharing" and choose "Share this folder". Click OK a couple of times to close all the boxes.

This is from memory, but it should be pretty close.

Re:What is your OS?

[arose]

He didn't say that working with his Linux laptop was intuitive, just that working with OS X necessary isn't.

Re:What is your OS?

Seen as "somewhat computer illiterate," read as "Windows."

I know a lot of OSX users that fit that description.

As you could also probably describe those Grandma's using Ubuntu (that their kindly sysadmin sons have them on) ...

Do you guys have pic's of Calvin pissing on a on your trucks too?

Re:What is your OS?

[Runaway1956]

This. AC has stated my policy, plainly. If I've never heard of it, and I don't know what it is, it's malware. In the computer world, it's "Guilty, until proven innocent."

And, when you think about it, the problem with malware is not so much that it exists. The real problem is that every gullible fool in the world automatically TRUSTS anything they find on the web.

Trust. Let the software distributor EARN some trust, don't just give it to him. And, those 10, 100, or even 1000 glowing reviews posted on his home site? He paid his niece to type those up, and she never saw the crap ware that her uncle developed.

Re:What is your OS?

[BrokenHalo]

I had to do a web search to learn how to decipher the MacSpeak.

Really?
Preferences -> Sharing -> File sharing (tick). Choose the folder you want to share.

I use Linux on my desktop machine (though not Ubuntu, I prefer Arch), but I can't say file sharing is any easier there. I don't see how it could be.

Re:What is your OS?

[OhHellWithIt]

I had to do a web search to learn how to decipher the MacSpeak.

Really? Preferences -> Sharing -> File sharing (tick). Choose the folder you want to share.

I use Linux on my desktop machine (though not Ubuntu, I prefer Arch), but I can't say file sharing is any easier there. I don't see how it could be.

I didn't say Linux was easier. It was just that the Mac online help required me to look up terminology just to understand it. It was just about as intuitive as file sharing from Windows once I got past that.

"to big to download"

[Sir_Lewk]

downloading malware detection applications (and updates) is too heavy consider.

Any yet they find the time to download all of that malware...

Re:"to big to download"

[Monkeedude1212]

Exactly. If you have the time to download an application you have time to download malware detection.

And really, what do you suppose you were going to do if Google did confirm it as Malware? You can't download anything and you don't have a USB stick with that stuff on it - in most cases you're pooched already.

It honestly sounds like either you or the person you're helping simply don't want to put in the effort in -actually- testing the machine for malware.

Re:"to big to download"

I believe his comment should be taken as, "This is a person that doesn't want/will not allow unfamiliar applications installed on their computer, but are not wise enough to filter out the crap they should not be touching."

Re:"to big to download"

[jtownatpunk.net]

A dialup connection can pull a quarter gig per day. Malwarebytes is under 10 megs with all updates and patches. (More like 8 megs.) You can get 200k per minute on dialup without breaking a sweat. That's 5 minutes per meg. That's 40 minutes for the full Malwarebytes download including updates. How much time do you plan to spend investigating the source of every installed program? Sure, it would be nice if there was a big list of every application on the planet with happy faces and frowny faces next to them but that would be a heck of a thing to maintain. The few companies that maintain such lists aren't likely to give you direct access as they've got commercial products built around that information. And, even if you found such a list, you would still have to pick through the installed programs and compare then one-by-one with the list. How long will that take? And the bad ones won't announce themselves by hopping on the add/remove programs list so you still need to scan. Start downloading and have a beer while you wait.

Or, since you know what you're up against, load up the thumb drive before you go over next time. Bring a couple of good spyware removal programs (and their standalone update files) along with the complete installer for a good AV program.

Re:"to big to download"

And really, what do you suppose you were going to do if Google did confirm it as Malware? You can't download anything and you don't have a USB stick with that stuff on it - in most cases you're pooched already.

Do they not make keyboards with a Delete key anymore?

Though incredibly tedious and annoying, deleting or renaming potential problem files in safe mode is an effective way of removing malware. In some cases, it's still the only way.

Though, frankly, once it gets to that point on a person's machine, I prefer to simply reinstall windows and lock everything down. If they don't like it, they can either stop screwing up their computer or stop asking me to fix it when they do.

Re:"to big to download"

[Monkeedude1212]

Some Malware puts itself onto the Kernell - and will be present during safe mode.

I take it you've never had to deal with an infest HAL.DLL before? Don't delete it.

Re:"to big to download"

PDF Suite appears to be legitimate software, at only 2.6 MB, it's smaller than Adobe Reader, and far smaller than most anti-virus/spyware.
Back when I had dial-up 10MB was probably the biggest thing I ever downloaded, an intermittent connection that cost me per-minute certainly wasn't suitable for downloading files.

Re:"to big to download"

[oatworm]

That's only one of the myriad options that malware uses. I've seen it modify registry keys so it runs whenever somebody logs in (usually by fiddling with the Userinit key in HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon) it automatically starts - that'll hold true even during Safe Mode boots, which makes it impossible to delete it while the operating system is running. Since a lot of tools are starting to catch on to that, many of them will just install themselves as hidden device drivers, which will, of course, also be largely operational during Safe Mode boots. Honestly, the best way to remove a virus from a Windows machine is to just nuke it from orbit - it's the only way to be sure.

Re:"to big to download"

This.

Computers are complicated devices with many moving parts. You would be wise to do things like put in "effort" and "time". I have friends (nerds even) who don't recognize the relation between actually fixing your computer, and it actually working, or sorta fixing your computer, and it sorta working.

Re:"to big to download"

[Idiomatick]

Most cases though deleting files and editing the registry can be done manually and remove most viruses. Seems like a lot more work than just installing some shitty anti-virus.

Re:"to big to download"

That's right, they don't. And honestly, who does? The point is less that he doesn't want to, and more that he doesn't want to spend more than ~10min doing it. I think, therefore a quick and easy source of "validity" like processlibrary.com or whatever that other one is, liutilities.com might come close to fitting the bill, if I understand the question correctly.

Re:"to big to download"

[BlackHawk-666]

Malware can be as simple as a hostile link in an email or on a webpage. If he's looked at porn or warez he's certainly exposed his machine to this stuff. How big the payload is could vary, but trojans and viruses have a history of being quite nimble. The AVG anti-virus copy I have is 60MB - and that's a hell of a download on a dial-up.

Re:"to big to download"

[the_denman]

Microsoft provides a free anti virus and anti spy-ware system called security essentials that is not that big that you can't occasionally pull down new definitions via the dialup. Also when you visit why not run a copy of autopatcher from your thumb drive to make sure they have all of their windows updates.

Re:"to big to download"

[cgenman]

If it is too heavy to download and install malware detection utilities over dial-up, I'm guessing they have no virus protection at all and are running unpatched versions of windows. This is fundamentally unsafe, and needs to be rectified immediately. They need to either deal with leaving their phone tied up for an hour a week running updates, or they need to get satellite internet access.

To the original poster, it's frequently more effective to find malware information by searching for the process name than by the application name.

Re:"to big to download"

[Sir_Lewk]

From the article, it sounds like he is more interested in checking out if larger software packages like pdf readers and the like are malware. In other words, he isn't concerned about small stuff, he's concerned about non-obvious trojans that quite possibly function 'correctly' otherwise.

Assume malware

[c++0xFF]

If you've never heard of an application, assume that it's untrusted malware.

Linux has been pioneering a way around this through trusted software repositories, but the concept hasn't panned out for Windows yet.

Re:Assume malware

[tepples]

If you've never heard of an application, assume that it's untrusted malware.

Then how should a micro-ISV or a free software developer earn users' trust?

Re:Assume malware

[fuzzyfuzzyfungus]

There are certainly costs to the strategy; but it is still a decent heuristic for somebody in the demographic we are talking about(ie. clueless, no broadband, probably no backups, or even system restore media).

New entrants will naturally attract the attention of the sort of savvy tech enthusiasts who follow news outlets and whatnot, and are arguably in a far superior position to evaluate for utility and nonmalice. Once they've rendered their verdict, the noobs can follow the received wisdom, or have it done for them.

"If you've never heard of an application, assume that it's untrusted malware." would make a shitty universal rule; but it is mostly a good idea in this context. Some people are better cut out to deal with technical risk than others. People with disposable VM appliances can do whatever they want. Noobs with dialup who will end up losing months of work, a week's use of their computer, and several hundred in Geek Squad fees if they do the wrong thing should probably stick to the beaten path.

Re:Assume malware

[b4dc0d3r]

some options:

• Release the source code, or source with paid registration
• Get listed by one of the major download sites as this poster said
• Get listed on one of the major OS-specific app news sites as in this thread

WOT has the same problem as anything else, false negatives. I found many different sites offering software with this name.

This one has links to tucows and is the Google keyword sponsored link, making it look legit: http://pdf-suite.com/us/default.asp
This has the same picture but entirely different website, looking suspicious: http://www.pdf-suite.com/
This looks like different software with the same name: http://www.aloaha.com/wi-software-en/printing.php
But that's featured on TechSite. Do you trust Techsite? http://www.techspot.com/downloads/4109-aloaha-pdf-suite.html

Basically it's the same reputation-based research you use anywhere - if a reputable source links to it, or even better offers it for download, your reputation improves exactly like PageRank. If dubious sites link to it, it looks like a bad idea to download.

Consider it from a different angle - if you are a Micro ISV, how do people hear about your product in the first place? Chances are you're not getting first-page google results unless you have a truly niche product. However people hear about it is a channel you want to strengthen.

Re:Assume malware

[perlchild]

I was going to say the only safe approach was to whitelist, but you beat me to it.

If you're not sure, don't.

You're better off living without that one piece of software that's obscure, than dealing with the malware.

If you really can't live without one piece of software, then you gotta research it.

Re:Assume malware

[Dynedain]

Linux has been pioneering a way around this through trusted software repositories, but the concept hasn't panned out for Windows yet.

I've been hearing this canard trotted out quite a bit recently... How Linux is so much easier than Windows to manage updates, so much easier than Windows to install software, etc.

But think about it for just a minute. The model only works because you trust RedHat, Gentoo, etc to do the right thing. Imagine if the recommended way for doing software installs or updating 3rd party apps was through Windows Update. How much uproar would there be about MS "requiring" software developers to register. How much fury would there be about MS trying to use it's monopoly practices to kill its competitors InstallShield and Download.com.

Just look at the iPhone app store. Do you really want that distribution model for Windows?

Re:Assume malware

[jedidiah]

This is a bogus argument.

The problem with the Apple store is that it is MANDATORY.

Also, something like a Linux package manager is something that 3rd parties can tap into
on an as needed basis as you decide they are trustworthy. The individual can do this.
They don't have to wait for Redhat (or whomever) to bless the vendor in question.

Re:Assume malware

[Miseph]

While I agree that it has some problems, I still think that's the best solution.

One idea would even be creating the framework such that when a program is installed, it adds the appropriate update repository and is updated through the interface, but not by Microsoft, or even with their direct corporate consent.

Yes, this might kill InstallShield, but who honestly cares? Nobody seems to be griping at the destruction of the floppy disk drive market, what's so magical about the application installation and update management software market?

Re:Assume malware

[Dynedain]

The problem with the Apple store is that it is MANDATORY.

Use of IE isn't mandatory, yet MS has been forced by the EU to make users actively choose between it and other browsers.

Re:Assume malware

[EdelFactor19]

Because you don't HAVE TO rely on them. You can always create your own repos, add other users repos, etc, etc. They just provide a very good channel for managing to the two together so that you can rely on an already existing infrastructure even if you are an independent dev. Everyone doesn't have to go out write up a crappy version of Installer software..

Furthermore, its linux, you can always grab the source and compile it yourself, or grab a binary. You are not forced to go through those channels to obtain an application; but they are they if you like (and are smart).

Better analogy, think itunes app store, except you can create your own 'store' that people can access in exactly the same way as they access everything else. All they have to do is add your 'store' to the list of approved stores.

The point here is that distro's do some of the approval for you, and can instill in you some confidence that the stuff is safe.

The reason it works for Linux so well is that most all of the software is free as in beer; so all of the software fits well into the architecture. On a PC most software costs something; and the companies involved like MS are in a position where it is their job to make a profit. They have little to gain by providing you with an easy way to install trusted free software, where do they make money by testing free software is safe? Apple almost gets there with their recommended picks and such from their website; they just need to create a decent application to deal with it; (please for the love of god not itunes....)

Re:Assume malware

[c++0xFF]

There are two differences between Windows/iPhone and the Linux model that need to be considered:

1) Linux is not a monopoly on its platform(s): there are several distros each trying to get marketshare
2) You can install software outside the repository (disclaimer: may not apply equally to all distros)

You're right that there's a level of trust, and that trust for Microsoft is quite lacking among slashdot readers. But the average Joe would welcome such a change! Less spyware/adware! Easier updates! Better security! Easier to install!

Microsoft would have to be careful: how do you balance restricting the applications in the store (to maintain quality) while being open enough to avoid antitrust issues? Apple, not needing to worry as much about antitrust, wields the banning button like a hand grenade instead of a scalpel. Microsoft my try some sort of certification process, but I have my doubts about that, too.

But why does it have to be Microsoft to begin with? A trusted third party could put together the package list and installer, Microsoft just supplies an integrated mechanism. This might side a little more on "open" (a odd word to apply to Microsoft) than would be ideal, but it's certainly better than what we have today.

Re:Assume malware

[Dynedain]

Microsoft my try some sort of certification process, but I have my doubts about that, too.

They did require certification on drivers for Vista (WHQL). There was a huge backlash against that and one of the reasons why people were so upset w/ Vista. Lots of hardware support problems because WHQL drivers didn't exist for a lot of products at launch. Hardware manufacturers didn't want to go through the extra hassle of getting WHQL certified.

Re:Assume malware

[ComputerGeek01]

If you've never heard of an application, assume that it's untrusted malware.

Then how should a micro-ISV or a free software developer earn users' trust?

By purchasing that trust through M$ of course, what a silly question.

Re:Assume malware

[Idiomatick]

"Linux has been pioneering a way around this through trusted software repositories, but the concept hasn't panned out for Windows yet."

Oh come onnnnn. Windows is fine with this. Go to download.com or some such and nothing there will be malware loaded. CERTAINLY nothing with any decent rating, why would you want 1star apps anyways? Even if you just google an app... like "torrent app" it is really rare that there would be a malware app on the first....... 5 pages or so (I can't imagine needing to go past page 1). And beyond even that I'm certain that ANY techy/nerd guy has a list in his head of every single app that their non-nerd friend would use on their computer. In fact:

Browser: IE, FF, Opera, Chrome
Office suite: msoffice, openoffice, google docs
Images: photoshop, paint.net, gimp, paint...
music: winamp, amarok, wmp
video: cccp w/ mpc, vlc, wmp
messengers: msn, skype, gchat, w/e the hell yahoo's thing is called
PDF: foxit, adobe(if you don't care about the person)
email: gmail... just put a link on their desktop
There, you now have an excessive list of safe apps that the average non-computer user will need. I could probably list 50 more niche apps from memory but if you can read this then you also have google....
search: google.com

Re:Assume malware

And they got over it.

Re:Assume malware

[Jazz-Masta]

If you've never heard of an application, assume that it's untrusted malware.

Linux has been pioneering a way around this through trusted software repositories, but the concept hasn't panned out for Windows yet.

Linux? Never heard of it. Must be malware.

Re:Assume malware

[ekhben]

If only I'd learned that rule before I first heard of MS Office...

Re:Assume malware

[c++0xFF]

But then, isn't the nerd just serving as a trusted software repository for the non-nerd friend?

download.com can be seen that way as well, with its ratings as a form of "trust-o-meter".

Surely we can do better!

Re:Assume malware

[aquila.solo]

Excuse me, is your hair "pointy" by any chance?

;-)

Re:Assume malware

[Idiomatick]

I don't think it is necessary to do better. Using google to find apps directly or to find an app site such as download.com you are really unlikely to get viruses. Mind you firefox auto-protects people from virused sites (with the warning) so it is a helpful starting point to avoid really poor sites.

Re:Assume malware

[Matheus]

Good comment on the VM side... Run a simple windows VM as a DMZ for new software you want to try out... if it turns out foul then you can always go back a snapshot or two.

Re:Assume malware

Software comes from a source. The question is whether you trust that source.

So look them up. Do they have a real phone number? Call it. Do they have a real address? Check it out via Google Street view. Have they got an SSL certificate? Those have to be verified you know (there are varying levels of verification though, so check out the certifying authority for details).

Software that comes from verifiably real people or companies tends to be legit. Malware tends to come from anonymous scumbags for obvious reasons.

(and yes there are exceptions to these rules of thumb)

Re:Assume malware

[plague3106]

Which, if MS tried to do, I'm sure would be given hell for trying to control what software people are allowed to install on their own computers.

how about google?

ummm, first hit on google for PDF Suite.

http://www.pdf-suite.com/

Looks legit to me...

Re:how about google?

[Mr+Z]

Well, if it was benign software, then maybe the free trial ended? Or, if it really did have some malware in it, maybe it was a "cracked" version, with extra Russian Hacker Goodness?

Re:how about google?

Of course, but that the OP's question was whether the software was legit. Looks like legit software, and it took all of 2 seconds to determine that. Now, if the software was infected with malware or whatnot, that is a separate issue which the OP should investigate. So, what have we learned: OP is lazy and/or incompetent.

Re:how about google?

[Mr+Z]

There is a legit package named PDF Suite. It's unclear whether that installation was legit or not. If "PDFs stopped working," it's entirely likely that the trial period for the legit software expired. No idea. I wasn't weighing in on either side of that.

The problem as stated in this article's question is almost something of a fools errand: "I have a connection to the Internet that at best can give me benign but worthless stuff, and can give me unbounded amounts of virulent crap. I can't use this connection to download anything useful or helpful, nor can I bring anything with me that's useful and helpful. How do I avoid the crap?"

Perhaps I overstate it a bit, but not by too much, I don't think.

Re:how about google?

[dbcad7]

Maybe it's a file association problem ?

Legit

[oldhack]

"Legit" apps sells your info just as well as the others. That's another plug of open source software.

Re:Legit

[qw(name)]

"Legit" apps sells your info just as well as the others. That's another plug of open source software.

Google comes to mind...

Re:Legit

[FlyingBishop]

And there's a plug for the AGPL.

"Where can you quickly find information?"

Google.

Does the vendor make md5 or sha1 hashes available?

[number6x]

Does the vendor make md5 or sha1 hashes available?

Linux repositories are signed with pgp keys, this is usually pretty good(pun intended) for security. Even when breaches happen things are found out pretty quickly.

Searching the internet for downloads and running downloaded apps to install is a very 1990's way of installing software. Its hard to believe Windows users don't have App repositories yet.

Feel free to use my method

[yttrstein]

find /usr/ports/* >> notmalware.txt

Re:Feel free to use my method

[cormander]

Okay, so from what you're saying: rootkit != malware Good to know, reinstalling my OS after getting hacked is a big pain in the ass.

Hard to Define "Trusted"

[DIplomatic]

Unfortunately there's no one good list of "Trusted" software. Mostly because "trusted" cannot be empirically measured. Trusted by whom? Bloatware/Spyware/Crapware are sort of like art, you know it when you see it.

Re:Hard to Define "Trusted"

[einhverfr]

Are they calling it art these days?

Because I don't think Potter Stewart would have used the term "art" when he coined the phrase....

Look at it this way

If it is malware, it's probably more secure against attack than Adobe Reader is.

Maintain the USB stick.

[Tackhead]

And I don't maintain a USB stick with such apps, since I don't do this kind of thing very often.

No better time than now to start collecting installer .exe files.

The reason you collect the installers (or the portable installations for programs that don't require installers) is because in the Windows world, you never know when a publisher will go rogue. UsefulUtility 0.8.5 might be great, UsefulUtility 0.8.6 might come with an optional toolbar/crapware that can be deselected at install-time using the "custom" button, and UsefulUtility 0.8.7 might not have the option to delesect the toolbar/crapware.

In that case, UsefulUtility 0.8.5 or UsefulUtility 0.8.6 are the last safe versions (depending on how you define "safe"), and you stop upgrading. But even if the publisher vanishes from the face of the earth (or puts in gobs of crapware in 0.8.8), you've still got that USB stick with known-trustworthy installers.

The best place to find this sort of information, unfortunately, is by random googling on an app-by-app basis. UsefulUtility might have user forums, and when they go from 0.8.6 to 0.8.7, its users will be screaming bloody murder. Or you might come across a thread on one of the larger tech sites that talks about utilities, and when people start looking for replacements for UsefulUtility, you might find a BetterUtility that does the same thing, only with less bloat.

Re:Maintain the USB stick.

[Rob+the+Bold]

And I don't maintain a USB stick with such apps, since I don't do this kind of thing very often.

No better time than now to start collecting installer .exe files.

Unless you really don't want to become that "guy who knows computers and fixes mine for free". Even if they pay you -- or especially if they pay you -- you've gotta deal with that "you touched it last" problem the next time they install some malicious. I used to be that guy, and I did just as you said. And you're absolutely right about publishers "going rogue" and the advantages of keeping multiple old version, JIC.

I still keep that USB stick. But I try to make sure no one knows about it anymore. It's only for my wife's windows laptop that she won't part with yet.

I'd say if you've moved away from Windows yourself to try as hard as possible not to keep maintaining "somewhat computer illiterate person('s)" machines.

Re:Maintain the USB stick.

[WhitePanther5000]

you've still got that USB stick with known-trustworthy installers.

That's a great plan, until your USB stick gets infected from the machine you were trying to clean.

Er

[Quiet_Desperation]

Did you try Googling it *without* the word malware?

http://www.google.com/#hl=en&source=hp&q=%22PDF+Suite%22&aq=f&aqi=g10&aql=&oq=&fp=1

Re:Er

[wurp]

The only thing that could have made that comment better is to use LMGTFY instead of Google in the link.

Re:Er

[nine-times]

I'm guessing you're being funny, but since you're modded "insightful"...

I think what the OP was saying is, "I Googled it with 'malware' and other key words, but [no information about it being malware] turned up, though my suspicion remained..." So the problem wasn't that he couldn't find information about PDF Suite at all, but rather he couldn't find enough information to determine whether the program was legitimate.

Re:Er

[FormOfActionBanana]

Can you include the link?

Re:Er

[Monkeedude1212]

So the problem wasn't that he couldn't find information about PDF Suite at all, but rather he couldn't find enough information to determine whether the program was legitimate.

If you investigate the actual website - you'll see that PDF Suite looks very, very, very legit. Websites like that aren't that easy to deploy.

Re:Er

[nine-times]

Sure, it looks legit, but it's not as though stuff can't be faked or ripped from elsewhere, or that semi-legitimate software has never included any kind of problematic adware.

And like he said, he checked WOT and got negative results. So he's asking, "Do you know someplace where I can get a definitive answer on issues like these?"

Re:Er

[Facegarden]

Did you try Googling it *without* the word malware?

http://www.google.com/#hl=en&source=hp&q=%22PDF+Suite%22&aq=f&aqi=g10&aql=&oq=&fp=1

I'm pretty sure he meant "Nothing claiming it was malware turned up."

Not just that he was unable to find the software's source.

Re:Er

[Quiet_Desperation]

Well *I* was aiming for (barely) funny, so your beef is with the mods. ;-)

Re:Er

[nine-times]

No beef. It's just that I saw the possibility that lots of people were taking you seriously, and so I thought I'd point out that it was most likely a joke.

Did you consider...

[eeth]

that it might not be malware, but simply ancient software incompatible with newer documents?

repos

If it's legit it's in your repos.

Re:Does the vendor make md5 or sha1 hashes availab

Ho ho ho, allow me a moment, my monocle has fallen into my snifter of brandy. Ho ho!

I, being a LINUX USER, you see, do not have such mundane Mico$$$$$$$$$oft problems, ho ho!

Did I mention I use LINUX! Ho ho. I bet you are impressed with my LINUX USING ABILITY. We USERS OF LINUX have SOFTWARE REPOSITORIES, ho ho ho. By USING LINUX you too can have a SOFTWARE REPOSITORY.

What is that I hear? You use Mico$$$$$oft products?! Ho ho! My dear friend, you must cease at once and switch to LINUX. LINUX has SOFTWARE REPOSITORIES, did I mention this? Ho ho ho...

oh dear, it appears my monocle has come off again! Ho ho!

you answered your own question

[Fujisawa+Sensei]

I believe that you answered your own question.

Before installing an unknown application, do a little research first; such as google for the app + malware.

Why are you doing this?

[realmolo]

Helping someone try and fix their computer is an exercise in futility, even if you are getting paid for it. Are you getting paid? And if not, why not? And if so, why are you trying to do this over the phone?

Tell the person that they need to pay you to fix their computer (even if they need to ship it to you). Anything else is a waste of your time.

Re:Why are you doing this?

[tepples]

Are you getting paid? And if not, why not? And if so, why are you trying to do this over the phone?

Getting paid doesn't necessarily mean getting paid enough to 1. take a week off one's day job and 2. pay for round-trip airfare.

Re:Why are you doing this?

[Merc248]

Every time I've tried introducing a revenue stream, it's only resulted in people shying away from getting my help.

Even though it means, "yay, more free time for myself," it also means, "wow, people really don't value technical support."

Re:Why are you doing this?

[Lunix+Nutcase]

Are you getting paid? And if not, why not? And if so, why are you trying to do this over the phone?

Because some people are actually nice and want to help out their friends and family?

Re:Why are you doing this?

[oodaloop]

Yeah, I feel the same way with any service I provide. Want me to hold the door for you? Pay up. Want me to help you move? Pay. Pick up a coke while I'm up? Pay. Jumpstart your car? Fix your collar? Point out your shoe's untied? That's right, PAY.

Who needs friends as long as you have money?

Re:Why are you doing this?

[jimicus]

Getting paid doesn't necessarily mean getting paid enough to 1. take a week off one's day job and 2. pay for round-trip airfare.

At this point it would probably be substantially cheaper, quicker and easier to post them a prepaid 3G dongle and deal remotely using a proper remote support tool.

Though if they're on dialup it's possible they live in the back end of beyond, in which case there may not be a 3G signal.

Re:Why are you doing this?

WILL FIX YOUR COMPz FOR SEX

Re:Why are you doing this?

[jedidiah]

Being unpaid tech support for Gates is not being nice, it's being a chump.

If your friends and family can't be self sufficient with their consumer electronics device then they need to buy a different brand of device.

Re:Why are you doing this?

[oatworm]

I doubt anybody is seriously suggesting that everybody should stop performing random acts of friendly charity - in a friendly situation, the friend probably brings something of value to the table that you can pester for in return (help with moving, watching your kid, going on that fishing trip with you, etc.). It's sort of like implicit bartering. As for most of the services you're providing, though, well...

1. Opening a door is low effort and low skill, so I don't expect renumeration for that.
2. Helping you move? Ignoring for a second that there are companies that do exactly that and charge accordingly, I make it a point to at least offer some decent food and drink (generally of the pizza and alcohol variety) when I'm asking my friends to move. Implicit bartering FTW.
3. Pick up a coke? Well, if you're grabbing one from the fridge, that's one thing, but if I'm making you grab one from the store, I should at least be willing to give you a little extra for gas, no?
4. Jumpstart my car? I have AAA, which is a paid-for service that will do exactly that on the occasion that I'm unable to find someone to attach my jumper cables to.
5. Fix your collar? Erm... I work in IT. What collar? ;-)
6. Point out your shoe's untied? This would be another "low effort, low skill" task with minimal renumeration.

Point being, there are many mundane and simple tasks that we can do for people, but many of the ones you listed are neither mundane nor simple. They're time consuming, highly skilled, or both. Tech support falls in this category - I'll do it for free for family and friends because they do or have done things for me for free, but I'm certainly not going to freely donate my time unless its for psychic rewards (i.e. for a cause that I really believe in) because it's a pain in the ass and there are other things I'd rather do with my time than fix some stranger's computer (like, say, technical support for friends and family!).

Re:Why are you doing this?

Hot chick probably?

Re:Why are you doing this?

[Anachragnome]

Instant mental image of you standing on a freeway off-ramp with that crudely scrawled on a piece of cardboard, 40oz'er in the dirt by your feet.

That was quickly replaced with a mental image of you standing outside The Blackhat Conference exactly the same way.

THAT was quickly replaced with a mental image of you standing on a Redmond freeway off-ramp with that crudely scrawled on a piece of cardboard, 40oz'er in the dirt by your feet...and getting a ride.

Re:Why are you doing this?

I've had luck talking people through installing tightvnc and adding me as a client. I can then do simple work. You're right in general though, talking people through trying to do anything is incredibly painful and normally doesn't work.

Re:Does the vendor make md5 or sha1 hashes availab

Its hard to believe Windows users don't have App repositories yet.

It's not *that* hard to believe...LOL

You can't really tell.

[Oxford_Comma_Lover]

I don't think there's a good way to tell, short of a truly rigorous approach that takes a long time to verify all the software on a system. It's a combination of (1) too many things happening at once on a modern system, (2) lack of good DRM-type authentication (which would allow you to approve or disapprove vendors, or approve each software package independently if from a noncommercial vendor), (3) too much of the stuff that's happening being distributed to different locations. In linux, you can usually tell pretty easily what's going on by running ps and tracing down the processes--okay, you can hide stuff in libraries and modify the code, but you've got a good first step there.. In windows, some is in processes and some is in services, and it's a pain to even put together a list of everything that's running, much less find out where it comes from or whether it's the software it claims to be. It should be easy, but I don't know of a good way to do it.

There are anti-malware programs that take a common swipe at your system. Sometimes they work. But it's like practicing bad medicine as opposed to figuring out what's really wrong--it may work sometimes, but it doesn't solve the larger problem. The reality is it's a completely broken system. We can hunt down bugs, and if we lock down a system from install-time and don't do anything too adventurous or unusual we can be sure to keep it clean, but our security model is basically wrong because we're blacklisting instead of whitelisting, and it's hard to even get a list in the first place. Why aren't there system utilities that automatically generate a list of all running processes and services and anything else that uses CPU time, lists their pipes to each other and to the file system and the network, and then verifies all of that against digitally signed configurations from the vendor?

If the software isn't doing what it's supposed to be doing, it should shut down after giving you a chance to override the shutdown. So leave the end-user with control, but leave the default conditions so for the 99.99% of end users who don't want the nondefault behavior, their machines are safe.

Re:You can't really tell.

[mlts]

Even better would be a system similar to Android. Before a package gets installed, it has a manifest list of permissions that are presented to the user before it is allowed to continue. Android also doesn't use executable files as the installation format. IMHO, executables should never be used to install. Instead, .MSI files should be the primary way that programs get installed.

I'd like to see Windows do the same. Present a user with "this program wants these permissions" and give the option to install, abourt, or custom select permissions. For example, a Tetris clone shouldn't need to take incoming connections in general.

Re:Does the vendor make md5 or sha1 hashes availab

[Dr_Barnowl]

Signed hashes only assure you of the source of the files. They don't in themselves provide any assurance of trust.

In the majority of these cases, the only thing it would achieve would be that you can state with some confidence that it's definitely the fault of a particular asshat.

Re:Does the vendor make md5 or sha1 hashes availab

[tepples]

LINUX has SOFTWARE REPOSITORIES, did I mention this?

The software repositories associated with major desktop Linux distributions, such as Fedora and Ubuntu, have a drawback: not all applications, even useful and legitimate ones, satisfy the licensing requirements of the repositories. For example, almost no major label video games are completely free software and free assets.

Document everything.

[magus_melchior]

If you're a small shop and can't afford the "arm, leg, and firstborn" prices of volume licensing, set up a system where a manager or an experienced IT admin pre-approves software installation, and makes a (hopefully organized) record* of what software got installed on what computer/server.

If you're not starting up, have all the users go through their PCs and write up a list of software on their computers. It's disruptive, it's time-consuming, but only when you do it the first time, and it ferrets out the odd user who installed Google Desktop and a crapton of add-ons, distracting him more than making him more productive.

* If there's discomfort over management approval of software installs, you could be fairly liberal about it and say "well, you can install anything within company policy (i.e. no porn), just let us know so we don't freak out when WeIRDsofTWAREName shows up."

Re:Does the vendor make md5 or sha1 hashes availab

[Lunix+Nutcase]

Searching the internet for downloads and running downloaded apps to install is a very 1990's way of installing software. Its hard to believe Windows users don't have App repositories yet.

App repositories are only good if they are always up to date. One can go to Ubuntu forums, as an example, to find numerous stories of people having to go outside of the repositories to find the latest versions of apps or to find apps that aren't in the repository. Sure, repositories can help to ease in installing and finding software but they aren't this perfect magic bullet as people like you like to claim. If they were why is there any need of a mechanism to add 3rd party repositories in apt?

Re:Does the vendor make md5 or sha1 hashes availab

[Anonymusing]

I'm trying to picture a penguin with a monocle and a snifter of brandy... it's like Mr. Peanut, but with booze.

Re:Does the vendor make md5 or sha1 hashes availab

[ScouseMouse]

Amusing, however app repositories arent confined to open source, Apple do it (At least for the IPhone), Nintendo do it, google do it, Sony do it. No reason Microsoft couldnt do it.

Google.com

[Kylow]

The best resource is still Google. You will need to be a little more patient and a little more competent with your search terms, however. Or you could just write in to Ask Slashdot.

Re:Does the vendor make md5 or sha1 hashes availab

[Lunix+Nutcase]

And they aren't always up to date, certain software you might want could have been removed from them (XMMS for example with later versions of Ubuntu), or they just never included certain software in the first place.

Re:Does the vendor make md5 or sha1 hashes availab

[nschubach]

Searching the internet for downloads and running downloaded apps to install is a very 1990's way of installing software. Its hard to believe Windows users don't have App repositories yet.

I haven't spent any time looking, but is there possibly a nice cross platform (Win/Lin/Mac) solution for an application developer to stick on his web server and give everyone a link to add that to their package manager of choice? That or some kind of uniform repository "tag" of sorts. This would be something that would contain the developer's repository information and all repository clients could understand how to read it and/or know if they support it.

It definitely would be cool (and avoid silly one click installs) if an indie developer distributing their application could just give their users a link and post their latest version(s) to that application so anyone can keep up to date with the latest version. I have a feeling such a system doesn't exist and people would get all strung up arguing how to do it.

How important is this person to you?

[pz]

If this person is important to you (ie, a relative, family friend), then set up a CD-R with A/V and malware detection on it such that it autoruns, and mail them a new, fresh copy once per month that includes the latest A/V definitions. Hell, include a defrag as part of the autorun process. What does this person do for updates to Windows? I'm betting nothing. Include those too.

90% of maintaining my computer semi-literate parents' and relatives' computers is basically this: (1) update antivirus, (2) run A/V, (3) update Windows, (4) defrag.

Re:How important is this person to you?

Defrag is cargo cult.

Re:How important is this person to you?

[mikael_j]

Sadly NTFS still benefits from the occasional defrag (although not to the extent that FAT did).

/Mikael

Re:How important is this person to you?

[tomhudson]

Defrag is cargo cult.

They're on dialup. Who's to say it isn't Win95 on an 80 meg fat-16 hard drive that was upgraded from wfw 3.1?

Re:How important is this person to you?

[Tacvek]

But you should be aware that Windows 7's Task Scheduler comes by default (at least mine did) with a background defragmentation task set to run once a week, and only while the computer is idle. That should probably be enough for most users. One should be aware of this if one desires to use another defragmentation utility, because having two defragmenters fight about where a file should go (either actively fight, or just a file is moved between two locations every time the other is run) is not good.

Re:How important is this person to you?

[LinuxIsGarbage]

And ext4 finally supports defrag. So much for Linux not needing defrag!

Re:How important is this person to you?

[randyleepublic]

Uh, no. A person on dial up does not need windows updates. (For that matter neither does anyone else as long at they are behind one layer of NAT.) Run XP SP 2 along with your generously provided AV updates, and they will be fine. On XP32, all the updates after SP2 are there to slow the computer down so Vista/7 doesn't look so pokey.

Re:How important is this person to you?

Rofl, what a load of crap.

simple

If it's not in the Ubuntu Software Center, don't even consider installing it. Works great for me.

file advisor

http://fileadvisor.bit9.com You can search by file name or md5 hash, but you'll want to use the md5 hash to ensure you are checking the real file (and that it is not just spoofing a good file)

Re:Does the vendor make md5 or sha1 hashes availab

[Lunix+Nutcase]

Searching the internet for downloads and running downloaded apps to install is a very 1990's way of installing software. Its hard to believe Windows users don't have App repositories yet.

How is that any less worse than having to dig up third-party repositories or searching the internet for packages to install software that isn't in your OS's repository?

The repositories dummy.

[h4rr4r]

If it is not in the default repositories do not install it.

For novice users the Ubuntu Software Center is nice too.

Re:The repositories dummy.

[charlieman]

I'm not a windows user, but whenever I'm forced to use it, I really miss the package manager.

One would though that with so many users, some of them could get together create a dpkg/synaptic-like program and make a repository with all the free software available for windows. It could also contain scripts for installing freely downloadable software that can't be redistributed. Heck, they could also allow some password based solution for software vendors who want users to get updates easily adding their repository.

Re:The repositories dummy.

Also it could help with shared libraries. I'm sick of downloading the whole python stack when installing a python app in windows. I already have python installed! The same for gtk and other stuff.

Best idea

[Darkness404]

Just delete the apps that aren't needed and replace them with OSS alternatives. Other than some well known software (Office, Photoshop, iTunes, etc) most everything else can be replaced with a better working, faster and generally better OSS alternative. Why keep that PDF suite? The most you would need would simply be Foxit, Sumatra PDF or Adobe Reader.

Download from CNET

Downloading only from CNET is probably the lowest common denominator that provides some level of protection

Re:Does the vendor make md5 or sha1 hashes availab

[h4rr4r]

It's not, novice users should not be installing non-repository apps at all.

Of course since I am responding to a troll I am sure you will insist on making more silly claims.

Re:Does the vendor make md5 or sha1 hashes availab

[mchugh]

Ho ho ho, allow me a moment, my monocle has fallen into my snifter of brandy. Ho ho!

I, being a LINUX USER, you see, do not have such mundane Mico$$$$$$$$$oft problems, ho ho!

Did I mention I use LINUX! Ho ho. I bet you are impressed with my LINUX USING ABILITY. We USERS OF LINUX have SOFTWARE REPOSITORIES, ho ho ho. By USING LINUX you too can have a SOFTWARE REPOSITORY.

What is that I hear? You use Mico$$$$$oft products?! Ho ho! My dear friend, you must cease at once and switch to LINUX. LINUX has SOFTWARE REPOSITORIES, did I mention this? Ho ho ho...

oh dear, it appears my monocle has come off again! Ho ho!

sudo apt-get install monocle

HTH.

Re:Does the vendor make md5 or sha1 hashes availab

[h4rr4r]

Third party repositories are still better than random app off random webpage. As you first trust the repository before you would think of adding it. Nothing is a magic bullet, but you knew that already.

No go back under your bridge.

beware!

[TheSHAD0W]

BitTornado, an application I administer, was once available via ZDNet, a site which distributed freeware and shareware apps much like Download.com. At some point someone began offering download mirrors for BitTornado and other apps, with installers that were modified and apparently contaminated with malware. I complained twice; the second time, they nastily asked whether I wanted them to remove BitTornado from their site. I told them yes.

Just because software is available via some popular gateway, you can't be 100% certain what you download will be perfect and free from malware.

Re:beware!

[BikeHelmet]

But the clue there is ZDNet. I stopped using them for downloads a decade ago.

The only sites I somewhat trust are filehippo and betanews.

Re:beware!

[kyrio]

+ to filehippo. I like the update checker they have, it saves me quite a bit of time.

Re:beware!

One solutuion would have been for the ZDNet to supply the checksum for their presumably mallware free copies. If they wouldn't have approved this, one must assune they would have been part of the virus-ring.

Re:beware!

Yes, the Ziff-Davis media company sure didn't do the due diligence.

What's happening to /. ?

What's with the incredibly nooby questions today?

News for (wannabe) nerds?

Download.com

[westlake]

Download.com has it all. Programs of every description.

Open Source. Closed Source. Free Ware. Trialware. Inkscape is there.

It's a painless way to survey pretty much everything worthwhile that is out there - and infinitely more accessible than SourceForge.

File Hippo has much narrower, utilitarian focus, but the essential apps are there. File Hippo's update checker is quick and reliable.

 

Re:Does the vendor make md5 or sha1 hashes availab

hashes don't assure you of the source at all, they just provide a unique (within the limits of the hash type) fingerprint for the file. If you know what a file's hash should be, the source is irrelevent.

Take the computer home with you

[generalhavok]

I do this all the time. I live in a rural area where some people still have dial-up. They get infected. I'm known as the computer geek, so they call me. I either go to their house, confirm that it's malware, etc, and then take the computer home with me, where I have broadband, my big box of tools, spare parts, etc, and work on it there, or just have them drop it off. I'll then either download what I need to clean the system, or I'll just completely re-install it for them. It's nice doing it from the comfort of my home. I can let it install or run scans while I work on other things. When it's done, I call them up, or go deliver it. And I get paid. Imagine that. I find that trying to work over dial-up is impossible, or a huge waste of my time, when it's much quicker to drive to my house than to wait for something to download. Also, trying to talk users through things over the phone, especially when they are on dial-up or hampered by a slow, infected computer, is an even bigger waste of time! So, even if you love this person, and want to just do it as a favor, then do yourself a favor, and take the computer somewhere where you have the proper tools, a good connection, and can do it at your leisure.

Re:Take the computer home with you

[Ritchie70]

Absolutely. I live 2 hours from my mom, but every couple years I've had to take her computer away from her for a couple weeks so I can bring it back "to the lab" and kill off all the malware I can find, apply updates, etc.

She finally got broadband, so I could turn on the automatic updates on everything and it's running OK.

I think she's due for a new system though, this one is probably 8 years old.

Thank you for recommending Upload.com

[tepples]

Release the source code, or source with paid registration

I know of several developers who refuse to release source code because they've had their software plagiarized[1] by some unscrupulous yet judgment-proof[2] party.

Get listed by one of the major download sites as this poster said

I looked into this, and it turns out that the way to get your software listed on Download.com is (fittingly) called Upload.com. And its policies don't look as bad as I expected.

[1] Copied without attribution. In most cases, plagiarism is a form of infringement.

[2] Lacking financial resources or located in another state or country.

bit9

[elhondo]

may help. they collect a lot of md5's and have a plugin to run an md5 within explorer.

Upload to virustotal.com

[drewhk]

It scans the file with several virus scanners and returns the result. Not 100%, but quite useful.

Re:Does the vendor make md5 or sha1 hashes availab

[Lunix+Nutcase]

It's not, novice users should not be installing non-repository apps at all.

Why? What if they want something that is more up to date than what is in the repository or what if the application they want has been removed?

Of course since I am responding to a troll I am sure you will insist on making more silly claims.

How am I a troll? Because I bring up legitimate issues that have appeared on various linux forums such as Ubuntu Forums?

Live CD

[zogger]

Really, today, on dialup, the best you can do is run an up to date live cd that has a range of apps on it, suitable for most purposes, and drop the few bucks every few months to get an updated version snail mailed to you from one of the disk burner companies. Knoppix, ubuntu, whatever, one of those live versions.

  Get a few different ones to start, see which works the best, then stick with that one if you can. I was on dialup until last year and actually had two different isps give me grief over being online excessively, and dang if it wasn't just trying to keep up to date with patches overnight in a lot of cases. Trying to patch plus surf at the same time made both near unusable, dialup really can't handle that well, so I did the "do it over night" deal, which lead to excessive hours online. Note, the cheaper "bargain" dialup providers gave me the grief, then I went with the large nationwide one sorta sounds like planet chains, which is full price, and never no grief from them. FWIW. Still took a long time though, and was a PITA for patches and updates. And forget full distro upgrades, that was just nuts to try and do that.

    Modern web pages are designed for broadband for the most part. No way around it anymore, so for those stuck on dialup with no broadband on the horizon for another few decades, like still huge areas of the US, it's live CDs if they want to go online. Keep an old rat box with windows on it that isn't connected to the net *ever* never, ever, ever to play games if you must. Modern OSes and apps need frequent patching, and it takes a long time to do this on dialup, so just run the best live CD you can and be done with it. Not worry so much about malwarez then, just reboot for a clean new install every time, and make sure to keep images turned off for the most part, and run noscript and adblocker to also help with the security and to give you a fighting chance of viewing a web page under two minutes load time. That's the best I could come up with as a workable compromise being stuck on dialup from 95 until 09.

Re:Live CD

[Guspaz]

Malware updates are usually very tiny, and should only take 10-20 minutes to download.

It's not hard to configure the malware app to connect the dialup in the middle of the night, download the update, and disconnect the dialup modem when it's done.

Re:Does the vendor make md5 or sha1 hashes availab

[Lunix+Nutcase]

Third party repositories are still better than random app off random webpage.

Why? Any person can set up a random repository.

Nothing is a magic bullet, but you knew that already.

Which runs contrary to what the GP was attempting to project.

No go back under your bridge.

*yawn* Get some better material, kiddo.

Re:Does the vendor make md5 or sha1 hashes availab

[RotateLeftByte]

Actually, as he is using Monocle then I'd like to suggest he might be a SUSE User.
Then sudo apt-get install monocle is absolutely useless.

Obligitory XKCD link...

[Stick32]

because someone has to [xkcd.com]

Re:Obligitory XKCD link...

There needs to be some sort of 'Fail' mod...

Re:Does the vendor make md5 or sha1 hashes availab

[mcrbids]

Signed hashes only assure you of the source of the files. They don't in themselves provide any assurance of trust.

In the majority of these cases, the only thing it would achieve would be that you can state with some confidence that it's definitely the fault of a particular asshat.

How don't they provide provide assurance of trust?

If you trust Vendor A, and you install Vendor A's repo, then the number of things to worry about has just been sharply reduced, because you can reasonably trust that packages signed by Vendor A's repo do, in fact, come from Vendor A.

I think what you meant to say is that hashes only assure that the files came from a specific vendor, and that's self-evident. It's like saying that water is wet.

You don't see how this is a dramtic net improvement?

Compulsory...

[vorlich]

hopefully your friend has kept all the original packing that their computer came in. Repack everything and return it to the original vendor. Tell them that your friend (and quite possibly your friend's friend) is not really smart enough to own a computer.

Re:Does the vendor make md5 or sha1 hashes availab

No reason Microsoft couldnt do it.

...except for massive anti-trust suits. Microsoft are in an absurdly sticky situation; if they ship some kind of repository, vendors who AREN'T on the (default) repository will sue (and rightly so). If they make third-party repositories and support multiple respositories (like Debian's apt/.deb, and I assume RPM/pacman/ebuild/etc), the attack vector will then switch to convincing users to add your repository, rather than getting them to install your malware. The only thing that would result in is pissed off users (another step to install programs, since vendors wouldn't cooperate enough to share repositories so you'd have one repo per app) and a better attack vector. And this is assuming vendors even WANT to use a repository system - remember, they already have their own install procedure (self-rolled updaters/install binaries/etc), and wouldn't be keen to throw all that work away (and possibly money down on licences for install binary middleware like InstallShield).

It's best to leave repositories for those who already have it (Linux, BSD) or for those who more rigidly control their platforms (Apple/OSX, Sony/PS3, Nintendo/Wii). Personally, I'd rather Microsoft not even try, lest they turn everyone off of the idea of repositories (which is a damn good one) when they F it UBAR (and they will, though not necessarily because they're incompetent).

Is it in the repository?

So my question is, where can you go to find out if something is legitimate?

The quickie test is: if it's in the repository (Linux) or ports (*BSD), then the app probably at least means well; it's very unlikely going to be deliberate malware (though it might be buggy). If it's not in the repository and not written in-house, then it's at least suspicious. Who vouched for it? How does it get installed in the first place? It's actually pretty rare for this situation to even come up; when it does, there ought to be an explanation. Is this a developer checking out app sources from github or something?

If it's suspicious, then you need to audit the source yourself (Hi, Theo!), do without it, or install it with acceptance that it may compromise the machine (you're doing this in a VM, right?). If you're a casual user, then the real answer 99.999% of the time, is to do without. You don't want to end up like those poor Windows users.

Re:Does the vendor make md5 or sha1 hashes availab

[amRadioHed]

How is removing XMMS a sign of not being up to date? XMMS hasn't been supported by the developer for years. Audacious is what you are looking for and I'm sure it's in the Ubuntu repos.

Re:Does the vendor make md5 or sha1 hashes availab

[frank_adrian314159]

... almost no major label video games are completely free software and free assets.

Well, don't you have something better to do with your life than play games?

Great tool for identifying legit applications

[MobyDisk]

Just download http:///www.amilegit.com.ru/legit_app_detector__win32_trojanfree!!!!.exe and it will scan the app and tell you if it is legitimate.

Re:Great tool for identifying legit applications

[rpgdude]

Just download http:///www.amilegit.com.ru/legit_app_detector__win32_trojanfree!!!!.exe and it will scan the app and tell you if it is legitimate.

I downloaded the program and tried running it, but Debian GNU/Linux said it couldn't execute the file.

Re:Great tool for identifying legit applications

[RockWolf]

Just download http:///www.amilegit.com.ru/legit_app_detector__win32_trojanfree!!!!.exe [amilegit.com.ru] and it will scan the app and tell you if it is legitimate.
I downloaded the program and tried running it, but Debian GNU/Linux said it couldn't execute the file.

Bah. If it can't run an awesome executable like that, it's not worth running as your main OS. Look, they also host a really awesome (guaranteed virus-free!!1!) version of Windows - that'll run it, better than that busted Linux stuff that doesn't have a start menu. Link: http:///www.amilegit.com.ru/windows_win7_sp2-RTM_legitkey.rar

Re:Does the vendor make md5 or sha1 hashes availab

[MonsterTrimble]

Ho ho ho...Ho ho...ho ho!...Ho ho...ho ho ho...Ho ho!...Ho ho ho...Ho ho!

Who are you? Santa?!?

Re PDFSuite

You may have just found an old Windows app. PDF995 had a number of pdf applications, and I think all together they became pdfsuite. They were entirely legitimate, sold for about $20 as I remember, and let you export print files as pdfs, make changes to pdfs, etc. Try searching for PDF995 Suite.

Check other sources?

[northernboy]

When I >need something like a PDF reader, even for Windows, I often go to freshmeat.net first. There are many more solutions there that are functional in Windows than you might think.

In this case, I typed "PDF suite" into a Wikipedia search box, and ended up on the Foxit Reader page (http://en.wikipedia.org/wiki/Foxit_Reader) which contains this sentence:

"Foxit Phantom PDF Suite is a complete suite of PDF editing and creation software." complete with a link to their web site.

In general, though, it is not trivial to determine who can be trusted, and to determine where an obscure application came from.

Re:Does the vendor make md5 or sha1 hashes availab

[Tacvek]

hashes don't assure you of the source at all, they just provide a unique (within the limits of the hash type) fingerprint for the file. If you know what a file's hash should be, the source is irrelevent.

Sure, but cryptographically signed hashes tell you that somebody who possesses the private key used to sign the sha1sums file (or equivalent for other hashes) claims that the signed hash values are correct, so if you get a file with that hash you can be confident it has not been modified relative to what the key possessor calculated the hash on.

Thus, in this sense it assures you of the original source of the file, and that the file has not been tampered with, regardless of the end source the user gets the file from.

Re:Does the vendor make md5 or sha1 hashes availab

[Dishevel]

Umm. Don't want to do it. But.....

Do and Dose are not fully interchangeable.

Re:Does the vendor make md5 or sha1 hashes availab

[Dishevel]

This is /. Here trolls do not belong hiding under a bridge. This troll was right out in the open right where it is supposed to be.

If it's in the Debian archive it's ok.

[John+Hasler]

> So my question is, where can you go to find out if something is legitimate?

"apt-cache search " works for me, though you may prefer aptitude or synaptic.

You can, of course, trust the Ubuntu archive as well. Debian-multimedia is ok too, though it is unofficial.

Re:Does the vendor make md5 or sha1 hashes availab

[teh+moges]

He could also be using Debian and needs a note taking application

Re:Does the vendor make md5 or sha1 hashes availab

[Voyager529]

Mod Parent Up! I don't care if it's posted as anon, this is EXACTLY what would happen. About the only other scenario is if a neutral third party (har har) decided what repos were allowed to be added. The issue is that anyone with centralized control will eventually corrupt it. We don't trust Microsoft because they're already corrupt, but who is trustworthy and will remain so without wreaking privacy havoc?

I 100% agree with AC here. Repos in Windows are a good thing, but like most good ideas, the courtroom prohibits action from being taken.

Re:Does the vendor make md5 or sha1 hashes availab

[oatworm]

Considering how Ubuntu comes with Mono now (save your jokes 'til the end, please), along with F-Spot, Banshee, Tomboy, and other Mono-based apps, I'd say sudo apt-get install monocle is just right. That said, if you're on a SUSE box, yes, "yum install monocle" would be more suitable syntax.

Really Dialup?

[dthardcore]

Before even bothering to discuss where to check to see if software is legit or not, my main question is why is this person still using dial-up? It is ridiculous to be using dial-up this day in age to browse the internet or be downloading software. I understand dial-up to be used for verification purposes or other low-data transfer usage, but where Hi-Speed connections can be had for as little as $10 a month, dial-up seems more problematic than its worth.

Re:Really Dialup?

[Lunix+Nutcase]

Because not all areas of even the US have broadband penetration?

Re:Really Dialup?

[baka_toroi]

Are you implying Free Market rules don't benefit the whole country? You must be communist.
BTW, perhaps this person doesn't live in a 1st world country...

Re:Really Dialup?

[Rick17JJ]

Despite living near a small city in Arizona, high-speed access only became available here about 3 years ago. In some rural areas where cell phones don't work, they probably still don't have high-speed Internet available.

When I was stuck on dial-up, I could not get the faster 56K dial-up, because the local telephone lines were only good enough for 26.4K. Fortunately, DSL from the telephone company finally became available for $39.99 per month, several years ago. By the way, cable was not available where I live.

Are there actually places where people can actually get high speed Internet for only $10? That is 1/4 what my only option for high-speed access costs.

Re:Really Dialup?

[dthardcore]

Yeah there are places where you can get connections for that low of a price, but its not really "Hi-Speed" 768k which even though is not wicked fast, it is still a big improvement over 56k. But anyways, there are much more options available now, DSL is available in many more places because of the advancement in equipment that allows access to people who are further away from the main Telecommunication office. But also the availability of Satellite access now allows almost anyone to get a high-speed connection.

Re:Really Dialup?

[dthardcore]

Well I asked why he is still using dial-up because he doesn't state that it is not available in that area. I didn't ask for someone else to speculate why he's using dial-up because what would be the point? Does responding with a dumb/condescending answer make you feel better? Because if this person was in the US they can get Hi-Speed access just about everywhere now, as long as they can see the sky you can get satellite access. But I was looking for a legitimate answer to why he was still using dial-up.

Re:Does the vendor make md5 or sha1 hashes availab

[jedidiah]

If sorting out the crap from the good is such a burden for them, then they are probably better off staying away from the latest version anyways.

This is Joe n00b we're talking about here, not Dave power user.

Re:Does the vendor make md5 or sha1 hashes availab

[oatworm]

And by "yum install monocle", I of course meant "yast2 -install monocle"... bloody hell...

iPad, Anyone?

If only there were a moderated, if a little bit restrictive, "store" where one could purchase "apps". A single, central location for free and for-pay applications... hmm. That way you wouldn't have to double-check and perform research on whether or not an application will asplode your computer. If only there was a platform just-locked-down-enough to prevent this kind of snafu. Maybe if it had a nice, touch interface, you could give it to a computer-illiterate person. Making it shiny might not hurt. Oh, and a 3G/Edge connection sure would be nice, to drop the chains of dialup and all.

Too bad nothing like the iPad exists.

Oh wait.

Re:Does the vendor make md5 or sha1 hashes availab

What if they want something that is more up to date than what is in the repository or what if the application they want has been removed?

If a (particular version of) an application hasn't hit the repositories - and especially if it has been redacted, there's a reason for it. If it's political, then just add another repository and be done with it. But if it's technical; then people who don't know how to compile from source, or install from a standalone packages (including building dependancies) should NOT be using packages which are not in the repository, because they certainly won't know how to fix it when it goes pear-shaped. Remember, package management administration requires root/superuser access, which implies that they are the administrator of the machine, and therefore the ones that are going to have to "wear it" when the system fails. Cripes, Ubuntu is already running on the "unstable" repository* - are these users on ubuntuforums.com so desperate for the latest version that they're willing to make their system MORE unstable than "unstable" to get it?

* Yes, I'm aware that these classifications are Debian's, and that Debian has notoriously conservative ideas on what comprises "stable" and "unstable". But dammit, Debian isn't lying when it says "stable", and if you've ever cleared up truly borked upgrades you'd know how much it's worth to stick with "stable" - doubly so if you don't even have the ability to clean it up.

How to find malware on your system

[Opportunist]

Now, this ain't bulletproof but it's a start.

1) Download autoruns, run it, take a look at what it finds.
2) Think something is suspicious? Upload to Virus Total.
3) Act accordingly

It's anything but foolproof and there are a LOT of things that will slip past, but it's a good way to start without having to know anything about software.

Or Jotti Re:Upload to virustotal.com

[AJ+Mexico]

I agree, virustotal answers the original question of an online-resource to check a file. A similar scanning service is http://virusscan.jotti.org/. Remember, take the answers with a grain of salt. These are both multi-scanner services, in which the file is examined by multiple virus-scanning software packages.

Nuke it from orbit just to be sure

[PPalmgren]

If it isn't used frequently for a specific purpose, its not a specific tool for their computer use. Remove it and install foxit, and also install an anti-malware program and run it anyways.

Malwarebytes and Foxit are both fairly small, I don't think dialup should be an issue here.

Re:Does the vendor make md5 or sha1 hashes availab

[h4rr4r]

Look at your own username. You might as well make it "Troll".

Trust NewEgg

[gksmith]

Just tell them to buy their software from NewEgg.com, that company would never let any malware pass to the consumer.

download.com has no magic wand

[H4x0r+Jim+Duggan]

> see if it's on download.com...this can only prove that it isn't malware

Proof? Dude, what do you think the download.com guys do?

They get given a binary, they run some black box testing on the output of it, then shrug their shoulders and say "looks okay".

The closest you can get to "proof" is if the source code is online as free software, there are developers that don't work for the same company, and there are plenty of users. In those situations, malware tends to be found and removed.

Failing that, the simplest criteria is just that it be free software. That doesn't guarantee anything, but there are almost no cases of free software containing malware. ...or maybe you meant that being on download.com is just a proof that the software isn't *too* bad.

Re:download.com has no magic wand

[ncc74656]

The closest you can get to "proof" is if the source code is online as free software, there are developers that don't work for the same company, and there are plenty of users. In those situations, malware tends to be found and removed.

Even that's not enough.

If the app is open source, the chance of spyware..

For me if the app is open source, then the chances of spyware are slim. I know literally handfull of opensource applications that contained malicious stuff, and each time it happens, it is widely publicized (PDF Creator as an example). Other source - check if wikipedia mentions anything about the software.

I dont think any antivirus or antispyware program would be good to scan software, when the software itself is unique spyware.

One other example of software I don't like is stuff made by google. Google.com is great website but I trust it only when i open it with firefox. stuff like picassa or google toolbar which sends ton of info back to google servers is not something i can tolerate on my pc.

One other option would be switching to system like ubuntu - then spyware would not be a concern anymore (I'm seriously considering switching after using windows 7 for a bit. going back to xp is not an option as my pc has more than 4gb of ram and i want it used)

Re:Does the vendor make md5 or sha1 hashes availab

Latest version not in the repositories? No problem! Just svn/git from the developers server the tagged version, preferably on command line, read both README and INSTALL, run ./configure --prefix=/it/goes/here --whatnot=yes --even-more-arguments=yes.
After this you realize that you need to get the dependency packages either from the repositories or by the perfectly sane method of svn/git and ./configure && make && make install.

Now at this point you can return to the original source code and ./configure && make && make install.

If anything fails just go trough a pile of mailing-list archives and you might find how it should be done.

You now have the application that was outdated on your repositories at a newer version and as an added bonus you just polluted by accident both /usr and possibly /lib by not knowing what you are doing.

But hey, you can always reinstall ubuntu from scratch. With any luck you actually saved your home folder and a snapshot of installed packages in a text file so you can get it up to almost the same as before you trashed it.

Easy as cake.

Re:Does the vendor make md5 or sha1 hashes availab

Well, don't you have something better to do with your life than play games?

Yeah, he's gotta make 37 more tetris clones, and then post on slashdot 329 more times complaining that 4-player party games aren't popular on PCs.

Simple - only use apps that cost over $100 each

If they don't have time to keep AV updated and they run Windows, they need to pay for every app they use. There are no 100% trustworthy free apps, just ask Microsoft. In fact, they should only use paid Microsoft apps.

The good news is since they aren't really using the Internet, they don't need to patch anything either.

BTW, my sister, who is also on dialup asked a similar question over Xmas. I told her there was no answer that she'd like. Sorry. The best answer I could give her was to only use Linux when online. She rejected my solution. OTOH, I refuse to provide computer support to MS-Windows users in my family, except Mom. I figure I owe her. I'm gonna switch her to Linux on my next visit, tho.

If they can't tell....

[Zadaz]

If they (or you) can't tell then running Antivirus and Malware detection isn't "too heavy consider" it's mandatory, even if it means a few hours on dialup. If they can download the crapware they can download the AV.

(And you're being overly dramatic. Daily updates should take a few minutes to download at most, even on dialup.)

If the King can't afford a food taster then he gets poisoned or he starves to death.

Re:Does the vendor make md5 or sha1 hashes availab

[Orbijx]

I couldn't find that package, so I decided to sudo aptitude install everything in subsection cli-mono instead.

Would that work?

Re:Does the vendor make md5 or sha1 hashes availab

[Idiomatick]

Is it just me that felt like he was getting stabbed in the chest each he read "___ do it". I normally don't make a big dal about grammar but...

Atleast the last one was right.

Anything can be "malware"

[syntaxeater]

Outside of scanning and known definitions - the only difference between software and malware is intent. Creating a complete, current and accurate list of potential and existing "malware" is like trying to find a list of door and window manufacturers burglars use.

When I'm forced to use Windows...

[pongo000]

...I pretty much stick with Malwarebytes, CCleaner, SpywareBlaster, and MSE.

Actually, I got this tip off another /. post...researched each (non-MS) application, determined for myself that they were legit, and have not looked back. In fact, I just spent a few minutes last night eradicating the trojan "Microsoft" Antivirus 2010 on a friend's computer using the Malwarebytes app on a USB. Worked like a charm.

But don't take my word for it...do your own evaluation. I think you'll like what you find.

Easy peasy

If you can't find it at packages.debian.org, it ain't worth the trouble.
No, really.

Free Virus Scanner

[hduff]

Get the ISO from http://trinityhome.org/Home/index.php?wpid=1&front_id=12 for the Trinity Rescue Kit. Run it. Update it and save the updated ISO image. Burn that to a CD and give it to your friend. He can run it and disinfect his computer without an Internet connection. Give him an updated CD every month.

Re:Does the vendor make md5 or sha1 hashes availab

[number6x]

I'm happy you use Linux, but you don't have to be so sarcastic.

It would be a good idea for vendors of Windows-centric software to create a common source for downloads like Apple's app store for i-phone . It would help keep out mal-ware. Altruistic support for small time projects would put a happy face on things.

The current flock of vendors would probably use the repositories to block serious competition.

This is definitely not a Microsoft created problem. It is a problem that affects Windows users, but Microsoft didn't create the problem.

Microsoft should be able to solve it, but probably wouldn't be allowed to set up a solution. Other software vendors would fear giving this power to MS and would complain to the DOJ. Too bad, MS would probably be the best one to certify software as safe and run the thing.

check the repository

[Jessta]

well you just look for it in your distribution's package reposito...oh you're running windows..Microsoft really should have something like that.
I guess they'll get around to it when they're done with all those important 3D desktop effects.

Re:Does the vendor make md5 or sha1 hashes availab

It's funny and true, too.

How?

[zogger]

How is that malware secretly updating itself going to happen to a live linux CD? If the machine is turned off it is turned off, it is not going to be dialing out, plus, you can't burn anything to a CDR once it is fixed. Plus it is linux. It may be security by obscurity, but whatever works....works.

Re:How?

[Guspaz]

By "malware updates", I mean antiviral or antimalware updates. I mean that you don't need to resort to a live CD, that the updates for these programs can be done overnight easily enough to make it unnecessary.

Re:Does the vendor make md5 or sha1 hashes availab

[turing_m]

Well, don't you have something better to do with your life than play games?

Even then, linux is not a panacea for a game free existence. There are plenty of highly addictive games in FOSS operating systems, including Ubuntu. Even FreeBSD has the power to serve... you up games. The more addictive the game is, the higher the likelihood of there being a port for it. To find the most addictive ones, just sort by rating using the PC-BSD game repository - http://www.pbidir.com/bt/category/games/rating/. Wesnoth, Tremulous, Assault Cube. And if you give it a chance, the roguelikes (Angband, Nethack) will happily eat as much time as you can throw at them.

Re:Does the vendor make md5 or sha1 hashes availab

[higuita]

one more reason to use only free software...
closed apps, abandoned software, obsolete apps, etc are set to disappear with time, its the survival of the strongest and being free software is huge strength.
being a closed and bad app is half way to die, even if popular (see the flash, attacked by all sides, is set to be replaced and irrelevant sooner of later)

but hey, nothing forbids closed apps builds of building a repository

Preventing malware for Dummies

Install some good AV and FW. Period. Other than that, preventing to get the computer infected with malware in the first place and for whatever stupid reasons avoid having to bother with scanners and updates, "teach" him this: Only download from the original author's homepage and don't use Google to find it as it might turn up websites looking like it might be the homepage but aren't. Use wikipedia instead and follow the "official website" link there. If it doesn't have a wikipedia entry... well, if you are someone computer illiterate, then really just don't bother. There is a more popular and easier to use app for your task out there. How do you find it? Wikipedia, of course. I don't know what this PDF suite is but searching for pdf +list will turn up a list for many PDF creators and readers that are popular enough to have an entry. Just take your pick there. Same goes for anything else. Protip for you: If you care about your friend, just clean his computer, install the protections from your USB stick, show him how to use them and make sure to bring updates the next time you are around. Also let him just call and ask you if something is safe to download, request his download-link by email and check it with your broadband. If you don't care about him, then... just don't care! Say NO! and kthxbye.

Surprised no one mentioned this.

[v(*_*)vvvv]

There are several good online virus scanners. They will ask you to download a small plugin, but I've used them with great success, without having to install applications.

http://housecall.trendmicro.com/
http://security.symantec.com/sscv6/home.asp

Also, two arguments against what is often suggested:

1) Virus scanners aren't for everyone. Some are extremely intrusive, often with their own "innovative" interfaces that make them bulky and impossible to manage for novices. Some will hijack your email applications, not tell you exactly when they block or delete something, and can also hinder web surfing speeds. If you don't know how things work already, having a scanner will make things even more confusing. Add subscription fees, and I say the whole thing isn't worth it.

2) No, I don't think "knowing your software" is a good way to tell if something is legit. Seriously, Windows alone will update itself and install weird things, as do most large software suites these days. They give ambiguous names to critical components, and to think we would know them unless they were dangerous is a bit much.

If you know what you're doing, I'd say you can avoid most issues by just being careful and knowing the signs (of danger and of contamination).

If you don't (or helping someone who doesn't), then I say dumb down the apps so things are simpler and safer. Like migrate to gmail, make FireFox or Chrome the default browser, and just setup all the bundled security features to their appropriate settings (windows firewall etc).

 

What is "legit" software?

[deblau]

If you ponder this question for long enough, the answer will come to you.

Re:Does the vendor make md5 or sha1 hashes availab

[Facegarden]

Amusing, however app repositories arent confined to open source, Apple do it (At least for the IPhone), Nintendo do it, google do it, Sony do it. No reason Microsoft couldnt do it.

Holy bungling of plural/singular verbs Batman!

"Google *does* it".

Re:Does the vendor make md5 or sha1 hashes availab

[lgw]

Microsoft already does it. Microsoft has a repository, which vendors can optionally submit drivers to, complete with digital signatures validated by the OS and all that jazz. The model seems to work pretty well, and I don't see why it couldn't work for non-driver software.

Re:Does the vendor make md5 or sha1 hashes availab

[charlieman]

Compare that to a clueless windows user who hasn't updated anything since he got the computer...
Usually people who want the latest version of something is because they need certain functionality it brings. The clueless person will conform with just having the application.

Default repositories could satisfy the clueless users perfectly.

Dude a flash stick is cheap

[hairyfeet]

You can get one at Big lots for $10 for a 4Gb, or if you check with surpluscomputers occasionally you can get bundles of 1Gb to 2Gb sticks for dirt cheap. So get a really cheap stick and then get the Computer Repair Utility Toolkit V2 which is like the Swiss Army Knife of PC Tools. So much more than simple malware repair it has fixes for networking, file recovery,info, scripts and tweaks, and it is simple to add you own. Just add Malwarebytes Antimalware and portable Firefox along with updating the included ClamAV and you have a one stop PC shop in your pocket.

but trying to guess what is a nasty and what ain't, especially when dealing with dialup, is simply a fool's game. There are literally thousands of new pieces of nasty released every day, and even if you guess right on this one there is no telling what else could be on that machine. Take the Toolkit I linked to above, add installers for Comodo AV and MalwareBytes, along with the latest Firefox, and simply stick the flash on your keyring and be done with it. Just plug the stick into any PC USB port once a week to update it and you have a full toolset in your pocket. So what if you don't do it everyday? The few times you DO run into something like this you will be able to handle it easily and look like a genius at the same time, all for a few dollar flash stick and less than 5 minutes a week.

Not enough bandwidth? Ehh...

[wealthychef]

I call bullshit on the premise. If the user has bandwidth enough to download malware, he has bandwidth enough to download malware detection software and updates.

If it is available to Debian stable then okay

[mrflash818]

I trust programs in Debian stable.

I trust the Debian folks. So far, so good!

Your mileage may vary.

Re:Does the vendor make md5 or sha1 hashes availab

neither are do and does.

Re:Does the vendor make md5 or sha1 hashes availab

[aquila.solo]

Too bad, MS would probably be the best one to certify software as safe and run the thing.

Yeah, just like they were so good at certifying that something was "Vista-ready," or "Designed for XP."

I'm not saying that they'll start pushing malware, but I wouldn't be at all surprised to hear about kickbacks, and vendor lockout and other things that would make the DOJ's case that much easier.

McAfee SiteAdvisor plugin for Firefox

[d_54321]

McAfee SiteAdvisor plugin for Firefox

Re:Does the vendor make md5 or sha1 hashes availab

The driver model only works because drivers are naturally uncompetitive. If you have a new computer, and it has a nVidia 9400GT, you don't think "who should I get to supply my driver?" (at least, not if you're on Windows). But if you want to go to slashdot, you certainly DO say "which browser should I use?" (especially if you're in Europe). In fact, this European "browser choice" issue is a perfect model for what I'm talking about - Microsoft only implemented this because they were forced to; and even now people complain that $OBSCURE_BROWSER doesn't get equal coverage. As I said earlier - if they implemented it of their own accord, you better believe that they'd either get sued for it (for leaving out $OBSCURE_BROWSER, or unfairly favouring IE/$POPULAR_BROWSERS, or charging too much for small ISVs to afford, or whatever), or it would just be the exact same free-for-all model we have now, only with an annoying extra step.

You're right in that the technical aspect is relatively easy; it's the social and political (and legal) aspect which kill this idea.

PS. If you want to see repositories done right, check out [most linux distributions]. Standalone installers like windows mean that the application has to include all of its libraries, so the installers are generally huge - but on linux, because package management can assure the developer that the user will have (or be able to get) the requires dependencies, the developer only ships his code and a list of dependencies (in the particular repository systems' format) and so the installs are almost always tiny. Plus, they don't need to include installers, uninstallers and updaters, because that's handled by the package manager. Plus, there's the security aspect; a malicious or buggy application has to make it past the package maintainer (some buggy ones do, but very few malicious packages do).

Today I got the BSOD for ha20x2k.sys

[KPexEA]

As soon as I saw the filename it looked very suspicious but alas it's a known bug in a sound driver. That being said, I wonder how many viruses are hiding using the filenames of known buggy drivers.

Re:Does the vendor make md5 or sha1 hashes availab

I fuckin hate those repositories and wish to always manage my own software. I hate the fact that standard app installers are not used for linux. One of the major reasons (besides being crappy ass super slow) I don't use linux is because of the software installation issues.

Futhermore linux sucks and will probably always fail at being a desktop operating system. Compiling everything into the kernal just plain blows. No one using KDE successfully when it is the obvious fucking choice as the main desktop for any PC running Linux is another obvious blunder.

It needs scrapped and rebuilt as objects but then it wouldn't be a unix clone then would it?

DRM

[tsotha]

In my experience if your application fails a DRM check it's probably legit.

Re:Does the vendor make md5 or sha1 hashes availab

[afallowhorizon]

see the flash, attacked by all sides

Don't worry, he can outrun them.

USB stick?

[gumpish]

USB stick?

What's that?

Whoa...

Still on dialup? Don't go out on the Internet; you can be infected with malware just by connecting. No downloads, no browser use, no IM programs running, no email...just being connected will let somebody connect to your PC and exploit security holes. Ditch dialup and connect with something fast enough to get daily antivirus and antimalware updates...you've been warned. I've seen a Windows 2000 Advanced Server running nothing but SAMBA (shared folders) and Exchange get filled with malware like a swiss cheese with nobody running on the desktop (except for occasional reboots and user-account maintenance)...no web browsing, no actual Internet use, just being connected let the malware (MIRC bots, phantom user accounts being added, Mytob worm infections, and LOTS more) into the server. No decent antivirus = not safe at all.

sourceforge.net, then nonags.com

[WoTG]

I feel sorry for non-geek computer users. It really is tough to tell what is safe software and what isn't.

Personally, I would check sourceforge.net first for an open source equivalent. I'm not an open source zealot, but OSS tends to be malware free, and the bonus is that I can freely give a copy to other people. When that fails nonags.com is where I go. They test for naggy shareware, and I think malware and viruses.

Outside of that? Who knows. I trust my gut based on the website, or I run it in a virtual machine! But other people just don't have that option. Even using Google for the software product + "review" will get you fake affiliate reviews.

Protect your fish.

[fonitrus]

I doubt there is a way of knowing what you ask. That requires clarevoyance. If its present threat most anti viral software or resident shields will know about it. Just use them and let them run a full system check. I use TeaTimer that comes with Spybot S&D and never had any permanent problems. Its bit cumbersome on resources but how much is your safety worth vs the advantage of getting an extra 2-5FPS on your favourite game??? Dont feed people fish. Teach them how to protect their fish and not reel in infected fish just because the Sirens offered them. :) :)

Re:Does the vendor make md5 or sha1 hashes availab

[Toonol]

He's probably English.

In America, organizations (such as "Microsoft") are generally considered singular nouns. We write "Microsoft does that" or "Microsoft is this".

In England, they're more commonly thought of as plural. "Microsoft do that", "Microsoft are this". It's not necessarily better or worse, but it can be jarring.

Re:Does the vendor make md5 or sha1 hashes availab

[the_womble]

It is much easier to deal with the rare piece of software that is not in the repo, than lots and lots of software that is not in the non-existent repos.

Gamers are rarely completely naive users, and are rarely Linux users anyway.

There is usually a recognised non-free repo which should be enabled on installation for free-as-in-beer proprietary software. The problem only needs to be solved once.

Proprietary paid for software is usually safe-ish anyway (no worse than on Windows) and only a small proportion of all the software you install (serious gamers aside, again)

www.theopendisc.com

[ei4anb]

download the open disc and burn a copy for them

GPL

[jandersen]

I realize that this is not the angle the OP was after, but as far as I can see, the most reliable way to ensure that your programs are legitimate is to use open source software. It is not bulletproof, since there are potential problems related to patents, but I think if the owners of the alleged patents were serious, they would have come out of the woodwork by now. And we shouldn't forget that most SW patents seem to be of a very dubious nature.

Solutions, solutions, ...

Solution #1. Tell everyone to ask an expert. At this point there are two possibilities: 1) They are click-happy idiots with their brains turned off since they were born. They don't know how to locate experts, also couldn't care less and will loudly whine when 'messenger' doesn't work. Hopeless - stay away. 2) They are ignorant but intelligent. Tell them to always buy software at a brick and mortar store and to ask an expert before. If they don't ask, put them on the queue, punish them with waiting time until you are tired of waiting.

Solution #2. If the person is important to you (parents, fiance, no one else), set up an old computer and a DSL/Cable service at their home. Install Linux there. At your home host a virtual machine with familiar software (windows/thunderbird) accessing a IMAP server also virtual at your home. Firewall that virtual pair off your own network or put them on their own virtual network so they are isolated. The local account at your parents' is locked down completely, and of course no admin privileges. Teach them how to use remote desktop. Let them click on trojans/whatever at their convenience. When they call, tell them 'One minute, dad', and just power off their VM and revert it to a good snapshot (the one I didn't tell you to do! You did it, right?). They are good before they can hang up the phone. Email is not gone because I said it's IMAP. Nothing is gone. No virus can get out, revert equals instant disinfection of the most sophisticated malware. Your parents are happy, you are happy. Make them pay for *your* DSL.

Of course there are downsides to this: I hear you yadda yadda. Parents/fiancé don't want fancy. Shut up.

Well, in this instance...

[Dexy]

Open My Computer > Tools > Folder Options > File Types > Scroll down to PDF > Change "Opens with" to Adobe Reader. Not malware. Just idiocy.

Research

[Brian+Edwards]

The best resource for discovering legitimate applications is in your own skull. The second-best is an internet search engine.

"Upon investigation I found something installed called 'PDF Suite.' Never having heard of it, I Googled it with 'malware' and other key words, but nothing turned up..."

Dig deeper. I googled "PDF Suite" and found pdf-suite.com, which claims to be "a leader in the "Online Software Selling" business reaching 5.4 million unique visitors per month (Google Analytics, January 2008)." I then checked whois.org to see who owned pdf-suite.com, and found it was owned by Interactive Brands of Montreal, Quebec. interactivebrands.com claims to be "a privately held corporation, it was formed by a team of experienced industry professionals who had a vision of creating the “ultimate” digital-market-dedicated affiliate programs."

Googling "interactivebrands.com" brought up this note:

"McAfee TrustedSource web reputation analysis found potential security risks with this site. Use with extreme caution."

OK

[zogger]

OK, I understand now. Ya, that was what I was doing, overnight updates, but frequently it resulted in just tieing up the line and being connected for excessive hours that annoyed the ISP. Plus, running diskless with just a live CD is just way more secure. Fast, too, blazing fast even on modest hardware if you have enough RAM. I am seriously considering that for my next upgrade for my desktop, looking for a used server board that can hold a ton of RAM and going completely diskless. I am not a big media packrat or anything, stuff I really need to keep I can burn to a cheap CD disk. Mostly I just want a fast internet appliance. I don't even have a big hard drive, it is only 8 gigs and frequently is mostly empty now as it is.

Guess I learned to get by with less being on dialup all those years.

Helping the clueless

[drissel]

Don't try to identify the myriads of malware. Persuade such folks to surf from a live CD.
.
Regards,
    Bill Drissel

Like a 14-year old girl...

[Securityemo]

...dumped in the bad end of a red light district. That's about how easy it is for users to learn how to judge such things for themselves. You may think they are just idiots, but try to ponder how many factors really go into determining the suspiciousness of data/apps/sites on the web; it's more factors than the simple gut feeling would suggest.