Slashdot Mirror

← Back to Stories (view on slashdot.org)

Best Resource For Identifying Legit Applications?

Posted by kdawson on from the x-ray-goggles dept.

bjb writes "While helping a somewhat computer illiterate person figure out a problem recently, they mentioned that PDF files had recently stopped working. Upon investigation I found something installed called 'PDF Suite.' Never having heard of it, I Googled it with 'malware' and other key words, but nothing turned up, though my suspicion remained (and was somewhat confirmed by WOT.) So my question is, where can you go to find out if something is legitimate? Because the person I'm helping is on a dial-up connection, downloading malware detection applications (and updates) is too heavy consider. And I don't maintain a USB stick with such apps, since I don't do this kind of thing very often. Where can you quickly find information?"

23 of 255 comments (clear)

  1. "to big to download" by Sir_Lewk · · Score: 4, Insightful

    downloading malware detection applications (and updates) is too heavy consider.

    Any yet they find the time to download all of that malware...

    --
    "linux is just DOS with a UNIX like syntax" -- Galactic Dominator (944134)
    1. Re:"to big to download" by Monkeedude1212 · · Score: 4, Insightful

      Exactly. If you have the time to download an application you have time to download malware detection.

      And really, what do you suppose you were going to do if Google did confirm it as Malware? You can't download anything and you don't have a USB stick with that stuff on it - in most cases you're pooched already.

      It honestly sounds like either you or the person you're helping simply don't want to put in the effort in -actually- testing the machine for malware.

    2. Re:"to big to download" by the_denman · · Score: 2, Insightful

      Microsoft provides a free anti virus and anti spy-ware system called security essentials that is not that big that you can't occasionally pull down new definitions via the dialup. Also when you visit why not run a copy of autopatcher from your thumb drive to make sure they have all of their windows updates.

  2. Assume malware by c++0xFF · · Score: 5, Insightful

    If you've never heard of an application, assume that it's untrusted malware.

    Linux has been pioneering a way around this through trusted software repositories, but the concept hasn't panned out for Windows yet.

    1. Re:Assume malware by fuzzyfuzzyfungus · · Score: 4, Insightful

      There are certainly costs to the strategy; but it is still a decent heuristic for somebody in the demographic we are talking about(ie. clueless, no broadband, probably no backups, or even system restore media).

      New entrants will naturally attract the attention of the sort of savvy tech enthusiasts who follow news outlets and whatnot, and are arguably in a far superior position to evaluate for utility and nonmalice. Once they've rendered their verdict, the noobs can follow the received wisdom, or have it done for them.

      "If you've never heard of an application, assume that it's untrusted malware." would make a shitty universal rule; but it is mostly a good idea in this context. Some people are better cut out to deal with technical risk than others. People with disposable VM appliances can do whatever they want. Noobs with dialup who will end up losing months of work, a week's use of their computer, and several hundred in Geek Squad fees if they do the wrong thing should probably stick to the beaten path.

  3. Does the vendor make md5 or sha1 hashes available? by number6x · · Score: 3, Insightful

    Does the vendor make md5 or sha1 hashes available?

    Linux repositories are signed with pgp keys, this is usually pretty good(pun intended) for security. Even when breaches happen things are found out pretty quickly.

    Searching the internet for downloads and running downloaded apps to install is a very 1990's way of installing software. Its hard to believe Windows users don't have App repositories yet.

  4. Re:What is your OS? by ColoBikerDude · · Score: 2, Insightful

    Seen as "somewhat computer illiterate," read as "Windows."

    I know a lot of OSX users that fit that description.

    The OP also said "dialup" and "malware" so I still read as "Windows." :)

  5. Re:how about google? by Mr+Z · · Score: 3, Insightful

    Well, if it was benign software, then maybe the free trial ended? Or, if it really did have some malware in it, maybe it was a "cracked" version, with extra Russian Hacker Goodness?

    --
    Program Intellivision!
  6. Re:Why are you doing this? by tepples · · Score: 2, Insightful

    Are you getting paid? And if not, why not? And if so, why are you trying to do this over the phone?

    Getting paid doesn't necessarily mean getting paid enough to 1. take a week off one's day job and 2. pay for round-trip airfare.

  7. Re:Does the vendor make md5 or sha1 hashes availab by Dr_Barnowl · · Score: 4, Insightful

    Signed hashes only assure you of the source of the files. They don't in themselves provide any assurance of trust.

    In the majority of these cases, the only thing it would achieve would be that you can state with some confidence that it's definitely the fault of a particular asshat.

  8. Re:Does the vendor make md5 or sha1 hashes availab by tepples · · Score: 2, Insightful

    LINUX has SOFTWARE REPOSITORIES, did I mention this?

    The software repositories associated with major desktop Linux distributions, such as Fedora and Ubuntu, have a drawback: not all applications, even useful and legitimate ones, satisfy the licensing requirements of the repositories. For example, almost no major label video games are completely free software and free assets.

  9. Re:download.com by kalirion · · Score: 3, Insightful

    That might work if the application is infected by (known) malware. What if the application is itself the trojan, perhaps one that activates in the future so no one would have reported it yet? Unless someone has access to the source code and the time and inclination to look through it, how do you know it's safe?

  10. Re:What is your OS? by Anonymous Coward · · Score: 1, Insightful

    "Doubleclick it until it opens up a Finder window, and then drag the icon into the Application folder on the left hand side of the Finder window".

  11. Re:how about google? by Mr+Z · · Score: 3, Insightful

    There is a legit package named PDF Suite. It's unclear whether that installation was legit or not. If "PDFs stopped working," it's entirely likely that the trial period for the legit software expired. No idea. I wasn't weighing in on either side of that.

    The problem as stated in this article's question is almost something of a fools errand: "I have a connection to the Internet that at best can give me benign but worthless stuff, and can give me unbounded amounts of virulent crap. I can't use this connection to download anything useful or helpful, nor can I bring anything with me that's useful and helpful. How do I avoid the crap?"

    Perhaps I overstate it a bit, but not by too much, I don't think.

    --
    Program Intellivision!
  12. Re:Why are you doing this? by Lunix+Nutcase · · Score: 2, Insightful

    Are you getting paid? And if not, why not? And if so, why are you trying to do this over the phone?

    Because some people are actually nice and want to help out their friends and family?

  13. Re:What is your OS? by OhHellWithIt · · Score: 3, Insightful

    "Doubleclick it until it opens up a Finder window, and then drag the icon into the Application folder on the left hand side of the Finder window".

    Um, yeah. In December, my parents asked me to set up file sharing between Dad's Mac and Mom's PC, and the documentation on the Mac talked about a Finder window and some other stuff. I had to do a web search to learn how to decipher the MacSpeak. Intuitive, it's not. I sure was glad to go home to my Linux laptop.

    --
    "Who controls the past controls the future. Who controls the present controls the past." -- George Orwell
  14. Re:What is your OS? by Kitkoan · · Score: 3, Insightful

    I know a lot of OSX users that fit that description.

    And a quick check of Ubuntu Forums should convince anyone that Linux has long since joined the party. If posts on /. don't.

    How is this a troll? He's right. Not everyone who uses Linux is a computer expert. Hell, when I started using Linux I was a beginner with Linux and just took a blind plunge. Wasn't hard with Ubuntu and thats why the forums are there, to help beginners and solve problems. It's the online FOSS version of Apple's Genius Bar in there stores and Microsoft store's Guru Bar. OSX and Linux are gaining speed with all users, not just the hardcore users.

    --
    Attention... all grammer nazi"s! Is they're anything; wrong with: my post,
  15. If they can't tell.... by Zadaz · · Score: 2, Insightful

    If they (or you) can't tell then running Antivirus and Malware detection isn't "too heavy consider" it's mandatory, even if it means a few hours on dialup. If they can download the crapware they can download the AV.

    (And you're being overly dramatic. Daily updates should take a few minutes to download at most, even on dialup.)

    If the King can't afford a food taster then he gets poisoned or he starves to death.

  16. Re:Er by nine-times · · Score: 2, Insightful

    I'm guessing you're being funny, but since you're modded "insightful"...

    I think what the OP was saying is, "I Googled it with 'malware' and other key words, but [no information about it being malware] turned up, though my suspicion remained..." So the problem wasn't that he couldn't find information about PDF Suite at all, but rather he couldn't find enough information to determine whether the program was legitimate.

  17. Anything can be "malware" by syntaxeater · · Score: 2, Insightful

    Outside of scanning and known definitions - the only difference between software and malware is intent. Creating a complete, current and accurate list of potential and existing "malware" is like trying to find a list of door and window manufacturers burglars use.

  18. Not enough bandwidth? Ehh... by wealthychef · · Score: 2, Insightful

    I call bullshit on the premise. If the user has bandwidth enough to download malware, he has bandwidth enough to download malware detection software and updates.

    --
    Currently hooked on AMP
  19. Re:What is your OS? by Runaway1956 · · Score: 2, Insightful

    This. AC has stated my policy, plainly. If I've never heard of it, and I don't know what it is, it's malware. In the computer world, it's "Guilty, until proven innocent."

    And, when you think about it, the problem with malware is not so much that it exists. The real problem is that every gullible fool in the world automatically TRUSTS anything they find on the web.

    Trust. Let the software distributor EARN some trust, don't just give it to him. And, those 10, 100, or even 1000 glowing reviews posted on his home site? He paid his niece to type those up, and she never saw the crap ware that her uncle developed.

    --
    "Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it." - Charlie Br
  20. Re:download.com by Keeper+Of+Keys · · Score: 3, Insightful

    He he heh! Now that my PDF reader is reasonably popular, I can switch on its backdoor functionality.