Slashdot Mirror
Best Resource For Identifying Legit Applications?
bjb writes "While helping a somewhat computer illiterate person figure out a problem recently, they mentioned that PDF files had recently stopped working. Upon investigation I found something installed called 'PDF Suite.' Never having heard of it, I Googled it with 'malware' and other key words, but nothing turned up, though my suspicion remained (and was somewhat confirmed by WOT.) So my question is, where can you go to find out if something is legitimate? Because the person I'm helping is on a dial-up connection, downloading malware detection applications (and updates) is too heavy consider. And I don't maintain a USB stick with such apps, since I don't do this kind of thing very often. Where can you quickly find information?"
and many other software download sites [claim to] thoroughly test submitted applications with antiviruses. in recent times i haven't downloaded any app from them that turned out to contain any sort of malware.
weinersmith
That will help in figuring out where to go.
Attention... all grammer nazi"s! Is they're anything; wrong with: my post,
downloading malware detection applications (and updates) is too heavy consider.
Any yet they find the time to download all of that malware...
"linux is just DOS with a UNIX like syntax" -- Galactic Dominator (944134)
If you've never heard of an application, assume that it's untrusted malware.
Linux has been pioneering a way around this through trusted software repositories, but the concept hasn't panned out for Windows yet.
ummm, first hit on google for PDF Suite.
http://www.pdf-suite.com/
Looks legit to me...
"Legit" apps sells your info just as well as the others. That's another plug of open source software.
Fuck systemd. Fuck Redhat. Fuck Soylent, too. Wait, scratch the last one.
Does the vendor make md5 or sha1 hashes available?
Linux repositories are signed with pgp keys, this is usually pretty good(pun intended) for security. Even when breaches happen things are found out pretty quickly.
Searching the internet for downloads and running downloaded apps to install is a very 1990's way of installing software. Its hard to believe Windows users don't have App repositories yet.
find /usr/ports/* >> notmalware.txt
Unfortunately there's no one good list of "Trusted" software. Mostly because "trusted" cannot be empirically measured. Trusted by whom? Bloatware/Spyware/Crapware are sort of like art, you know it when you see it.
If it is malware, it's probably more secure against attack than Adobe Reader is.
No better time than now to start collecting installer .exe files.
The reason you collect the installers (or the portable installations for programs that don't require installers) is because in the Windows world, you never know when a publisher will go rogue. UsefulUtility 0.8.5 might be great, UsefulUtility 0.8.6 might come with an optional toolbar/crapware that can be deselected at install-time using the "custom" button, and UsefulUtility 0.8.7 might not have the option to delesect the toolbar/crapware.
In that case, UsefulUtility 0.8.5 or UsefulUtility 0.8.6 are the last safe versions (depending on how you define "safe"), and you stop upgrading. But even if the publisher vanishes from the face of the earth (or puts in gobs of crapware in 0.8.8), you've still got that USB stick with known-trustworthy installers.
The best place to find this sort of information, unfortunately, is by random googling on an app-by-app basis. UsefulUtility might have user forums, and when they go from 0.8.6 to 0.8.7, its users will be screaming bloody murder. Or you might come across a thread on one of the larger tech sites that talks about utilities, and when people start looking for replacements for UsefulUtility, you might find a BetterUtility that does the same thing, only with less bloat.
Did you try Googling it *without* the word malware?
http://www.google.com/#hl=en&source=hp&q=%22PDF+Suite%22&aq=f&aqi=g10&aql=&oq=&fp=1
Ho ho ho, allow me a moment, my monocle has fallen into my snifter of brandy. Ho ho!
I, being a LINUX USER, you see, do not have such mundane Mico$$$$$$$$$oft problems, ho ho!
Did I mention I use LINUX! Ho ho. I bet you are impressed with my LINUX USING ABILITY. We USERS OF LINUX have SOFTWARE REPOSITORIES, ho ho ho. By USING LINUX you too can have a SOFTWARE REPOSITORY.
What is that I hear? You use Mico$$$$$oft products?! Ho ho! My dear friend, you must cease at once and switch to LINUX. LINUX has SOFTWARE REPOSITORIES, did I mention this? Ho ho ho...
oh dear, it appears my monocle has come off again! Ho ho!
I don't think there's a good way to tell, short of a truly rigorous approach that takes a long time to verify all the software on a system. It's a combination of (1) too many things happening at once on a modern system, (2) lack of good DRM-type authentication (which would allow you to approve or disapprove vendors, or approve each software package independently if from a noncommercial vendor), (3) too much of the stuff that's happening being distributed to different locations. In linux, you can usually tell pretty easily what's going on by running ps and tracing down the processes--okay, you can hide stuff in libraries and modify the code, but you've got a good first step there.. In windows, some is in processes and some is in services, and it's a pain to even put together a list of everything that's running, much less find out where it comes from or whether it's the software it claims to be. It should be easy, but I don't know of a good way to do it.
There are anti-malware programs that take a common swipe at your system. Sometimes they work. But it's like practicing bad medicine as opposed to figuring out what's really wrong--it may work sometimes, but it doesn't solve the larger problem. The reality is it's a completely broken system. We can hunt down bugs, and if we lock down a system from install-time and don't do anything too adventurous or unusual we can be sure to keep it clean, but our security model is basically wrong because we're blacklisting instead of whitelisting, and it's hard to even get a list in the first place. Why aren't there system utilities that automatically generate a list of all running processes and services and anything else that uses CPU time, lists their pipes to each other and to the file system and the network, and then verifies all of that against digitally signed configurations from the vendor?
If the software isn't doing what it's supposed to be doing, it should shut down after giving you a chance to override the shutdown. So leave the end-user with control, but leave the default conditions so for the 99.99% of end users who don't want the nondefault behavior, their machines are safe.
-- IANAL, this isn't legal advice, and definitely isn't legal advice for you. Also, Squee!
Are you getting paid? And if not, why not? And if so, why are you trying to do this over the phone?
Getting paid doesn't necessarily mean getting paid enough to 1. take a week off one's day job and 2. pay for round-trip airfare.
Signed hashes only assure you of the source of the files. They don't in themselves provide any assurance of trust.
In the majority of these cases, the only thing it would achieve would be that you can state with some confidence that it's definitely the fault of a particular asshat.
LINUX has SOFTWARE REPOSITORIES, did I mention this?
The software repositories associated with major desktop Linux distributions, such as Fedora and Ubuntu, have a drawback: not all applications, even useful and legitimate ones, satisfy the licensing requirements of the repositories. For example, almost no major label video games are completely free software and free assets.
If you're a small shop and can't afford the "arm, leg, and firstborn" prices of volume licensing, set up a system where a manager or an experienced IT admin pre-approves software installation, and makes a (hopefully organized) record* of what software got installed on what computer/server.
If you're not starting up, have all the users go through their PCs and write up a list of software on their computers. It's disruptive, it's time-consuming, but only when you do it the first time, and it ferrets out the odd user who installed Google Desktop and a crapton of add-ons, distracting him more than making him more productive.
* If there's discomfort over management approval of software installs, you could be fairly liberal about it and say "well, you can install anything within company policy (i.e. no porn), just let us know so we don't freak out when WeIRDsofTWAREName shows up."
"We are Microsoft. You shall be assimilated. Competition is futile."
Searching the internet for downloads and running downloaded apps to install is a very 1990's way of installing software. Its hard to believe Windows users don't have App repositories yet.
App repositories are only good if they are always up to date. One can go to Ubuntu forums, as an example, to find numerous stories of people having to go outside of the repositories to find the latest versions of apps or to find apps that aren't in the repository. Sure, repositories can help to ease in installing and finding software but they aren't this perfect magic bullet as people like you like to claim. If they were why is there any need of a mechanism to add 3rd party repositories in apt?
I'm trying to picture a penguin with a monocle and a snifter of brandy... it's like Mr. Peanut, but with booze.
Liberal? Conservative? Compare perspectives at Left-Right
Amusing, however app repositories arent confined to open source, Apple do it (At least for the IPhone), Nintendo do it, google do it, Sony do it. No reason Microsoft couldnt do it.
The best resource is still Google. You will need to be a little more patient and a little more competent with your search terms, however. Or you could just write in to Ask Slashdot.
And they aren't always up to date, certain software you might want could have been removed from them (XMMS for example with later versions of Ubuntu), or they just never included certain software in the first place.
Searching the internet for downloads and running downloaded apps to install is a very 1990's way of installing software. Its hard to believe Windows users don't have App repositories yet.
I haven't spent any time looking, but is there possibly a nice cross platform (Win/Lin/Mac) solution for an application developer to stick on his web server and give everyone a link to add that to their package manager of choice? That or some kind of uniform repository "tag" of sorts. This would be something that would contain the developer's repository information and all repository clients could understand how to read it and/or know if they support it.
It definitely would be cool (and avoid silly one click installs) if an indie developer distributing their application could just give their users a link and post their latest version(s) to that application so anyone can keep up to date with the latest version. I have a feeling such a system doesn't exist and people would get all strung up arguing how to do it.
Every time I start to have faith in humanity, I ruin it by driving to work between 7 and 8 am.
If this person is important to you (ie, a relative, family friend), then set up a CD-R with A/V and malware detection on it such that it autoruns, and mail them a new, fresh copy once per month that includes the latest A/V definitions. Hell, include a defrag as part of the autorun process. What does this person do for updates to Windows? I'm betting nothing. Include those too.
90% of maintaining my computer semi-literate parents' and relatives' computers is basically this: (1) update antivirus, (2) run A/V, (3) update Windows, (4) defrag.
Put my fist through my alarm clock with its ding-dong death inside my ear. - The Blackjacks.
Searching the internet for downloads and running downloaded apps to install is a very 1990's way of installing software. Its hard to believe Windows users don't have App repositories yet.
How is that any less worse than having to dig up third-party repositories or searching the internet for packages to install software that isn't in your OS's repository?
Every time I've tried introducing a revenue stream, it's only resulted in people shying away from getting my help.
Even though it means, "yay, more free time for myself," it also means, "wow, people really don't value technical support."
"Hegelians, who love a synthesis, will probably conclude that he wears a wig." - Bertrand Russell
If it is not in the default repositories do not install it.
For novice users the Ubuntu Software Center is nice too.
Just delete the apps that aren't needed and replace them with OSS alternatives. Other than some well known software (Office, Photoshop, iTunes, etc) most everything else can be replaced with a better working, faster and generally better OSS alternative. Why keep that PDF suite? The most you would need would simply be Foxit, Sumatra PDF or Adobe Reader.
Taxation is legalized theft, no more, no less.
It's not, novice users should not be installing non-repository apps at all.
Of course since I am responding to a troll I am sure you will insist on making more silly claims.
Ho ho ho, allow me a moment, my monocle has fallen into my snifter of brandy. Ho ho!
I, being a LINUX USER, you see, do not have such mundane Mico$$$$$$$$$oft problems, ho ho!
Did I mention I use LINUX! Ho ho. I bet you are impressed with my LINUX USING ABILITY. We USERS OF LINUX have SOFTWARE REPOSITORIES, ho ho ho. By USING LINUX you too can have a SOFTWARE REPOSITORY.
What is that I hear? You use Mico$$$$$oft products?! Ho ho! My dear friend, you must cease at once and switch to LINUX. LINUX has SOFTWARE REPOSITORIES, did I mention this? Ho ho ho...
oh dear, it appears my monocle has come off again! Ho ho!
sudo apt-get install monocle
HTH.
Third party repositories are still better than random app off random webpage. As you first trust the repository before you would think of adding it. Nothing is a magic bullet, but you knew that already.
No go back under your bridge.
BitTornado, an application I administer, was once available via ZDNet, a site which distributed freeware and shareware apps much like Download.com. At some point someone began offering download mirrors for BitTornado and other apps, with installers that were modified and apparently contaminated with malware. I complained twice; the second time, they nastily asked whether I wanted them to remove BitTornado from their site. I told them yes.
Just because software is available via some popular gateway, you can't be 100% certain what you download will be perfect and free from malware.
Download.com has it all. Programs of every description.
Open Source. Closed Source. Free Ware. Trialware. Inkscape is there.
It's a painless way to survey pretty much everything worthwhile that is out there - and infinitely more accessible than SourceForge.
File Hippo has much narrower, utilitarian focus, but the essential apps are there. File Hippo's update checker is quick and reliable.
I do this all the time. I live in a rural area where some people still have dial-up. They get infected. I'm known as the computer geek, so they call me. I either go to their house, confirm that it's malware, etc, and then take the computer home with me, where I have broadband, my big box of tools, spare parts, etc, and work on it there, or just have them drop it off. I'll then either download what I need to clean the system, or I'll just completely re-install it for them. It's nice doing it from the comfort of my home. I can let it install or run scans while I work on other things. When it's done, I call them up, or go deliver it. And I get paid. Imagine that. I find that trying to work over dial-up is impossible, or a huge waste of my time, when it's much quicker to drive to my house than to wait for something to download. Also, trying to talk users through things over the phone, especially when they are on dial-up or hampered by a slow, infected computer, is an even bigger waste of time! So, even if you love this person, and want to just do it as a favor, then do yourself a favor, and take the computer somewhere where you have the proper tools, a good connection, and can do it at your leisure.
Release the source code, or source with paid registration
I know of several developers who refuse to release source code because they've had their software plagiarized[1] by some unscrupulous yet judgment-proof[2] party.
Get listed by one of the major download sites as this poster said
I looked into this, and it turns out that the way to get your software listed on Download.com is (fittingly) called Upload.com. And its policies don't look as bad as I expected.
[1] Copied without attribution. In most cases, plagiarism is a form of infringement.
[2] Lacking financial resources or located in another state or country.
may help. they collect a lot of md5's and have a plugin to run an md5 within explorer.
It scans the file with several virus scanners and returns the result. Not 100%, but quite useful.
It's not, novice users should not be installing non-repository apps at all.
Why? What if they want something that is more up to date than what is in the repository or what if the application they want has been removed?
Of course since I am responding to a troll I am sure you will insist on making more silly claims.
How am I a troll? Because I bring up legitimate issues that have appeared on various linux forums such as Ubuntu Forums?
Really, today, on dialup, the best you can do is run an up to date live cd that has a range of apps on it, suitable for most purposes, and drop the few bucks every few months to get an updated version snail mailed to you from one of the disk burner companies. Knoppix, ubuntu, whatever, one of those live versions.
Get a few different ones to start, see which works the best, then stick with that one if you can. I was on dialup until last year and actually had two different isps give me grief over being online excessively, and dang if it wasn't just trying to keep up to date with patches overnight in a lot of cases. Trying to patch plus surf at the same time made both near unusable, dialup really can't handle that well, so I did the "do it over night" deal, which lead to excessive hours online. Note, the cheaper "bargain" dialup providers gave me the grief, then I went with the large nationwide one sorta sounds like planet chains, which is full price, and never no grief from them. FWIW. Still took a long time though, and was a PITA for patches and updates. And forget full distro upgrades, that was just nuts to try and do that.
Modern web pages are designed for broadband for the most part. No way around it anymore, so for those stuck on dialup with no broadband on the horizon for another few decades, like still huge areas of the US, it's live CDs if they want to go online. Keep an old rat box with windows on it that isn't connected to the net *ever* never, ever, ever to play games if you must. Modern OSes and apps need frequent patching, and it takes a long time to do this on dialup, so just run the best live CD you can and be done with it. Not worry so much about malwarez then, just reboot for a clean new install every time, and make sure to keep images turned off for the most part, and run noscript and adblocker to also help with the security and to give you a fighting chance of viewing a web page under two minutes load time. That's the best I could come up with as a workable compromise being stuck on dialup from 95 until 09.
Third party repositories are still better than random app off random webpage.
Why? Any person can set up a random repository.
Nothing is a magic bullet, but you knew that already.
Which runs contrary to what the GP was attempting to project.
No go back under your bridge.
*yawn* Get some better material, kiddo.
Actually, as he is using Monocle then I'd like to suggest he might be a SUSE User.
Then sudo apt-get install monocle is absolutely useless.
I'd rather be riding my '63 Triumph T120.
Are you getting paid? And if not, why not? And if so, why are you trying to do this over the phone?
Because some people are actually nice and want to help out their friends and family?
Yeah, I feel the same way with any service I provide. Want me to hold the door for you? Pay up. Want me to help you move? Pay. Pick up a coke while I'm up? Pay. Jumpstart your car? Fix your collar? Point out your shoe's untied? That's right, PAY.
Who needs friends as long as you have money?
Tic-Tac-Toe, Global Thermonuclear War, and relationships all have the same winning move.
Getting paid doesn't necessarily mean getting paid enough to 1. take a week off one's day job and 2. pay for round-trip airfare.
At this point it would probably be substantially cheaper, quicker and easier to post them a prepaid 3G dongle and deal remotely using a proper remote support tool.
Though if they're on dialup it's possible they live in the back end of beyond, in which case there may not be a 3G signal.
because someone has to [xkcd.com]
Signed hashes only assure you of the source of the files. They don't in themselves provide any assurance of trust.
In the majority of these cases, the only thing it would achieve would be that you can state with some confidence that it's definitely the fault of a particular asshat.
How don't they provide provide assurance of trust?
If you trust Vendor A, and you install Vendor A's repo, then the number of things to worry about has just been sharply reduced, because you can reasonably trust that packages signed by Vendor A's repo do, in fact, come from Vendor A.
I think what you meant to say is that hashes only assure that the files came from a specific vendor, and that's self-evident. It's like saying that water is wet.
You don't see how this is a dramtic net improvement?
I have no problem with your religion until you decide it's reason to deprive others of the truth.
hopefully your friend has kept all the original packing that their computer came in. Repack everything and return it to the original vendor. Tell them that your friend (and quite possibly your friend's friend) is not really smart enough to own a computer.
Posts, MyBio or Sig, may contain satire, sarcasm, bolded nouns be sardonic or even witty & be Church of SD
How is removing XMMS a sign of not being up to date? XMMS hasn't been supported by the developer for years. Audacious is what you are looking for and I'm sure it's in the Ubuntu repos.
We hope your rules and wisdom choke you / Now we are one in everlasting peace
... almost no major label video games are completely free software and free assets.
Well, don't you have something better to do with your life than play games?
That is all.
Just download http:///www.amilegit.com.ru/legit_app_detector__win32_trojanfree!!!!.exe and it will scan the app and tell you if it is legitimate.
Ho ho ho...Ho ho...ho ho!...Ho ho...ho ho ho...Ho ho!...Ho ho ho...Ho ho!
Who are you? Santa?!?
I call it 'The Aristocrats'
When I >need something like a PDF reader, even for Windows, I often go to freshmeat.net first. There are many more solutions there that are functional in Windows than you might think.
In this case, I typed "PDF suite" into a Wikipedia search box, and ended up on the Foxit Reader page (http://en.wikipedia.org/wiki/Foxit_Reader) which contains this sentence:
"Foxit Phantom PDF Suite is a complete suite of PDF editing and creation software." complete with a link to their web site.
In general, though, it is not trivial to determine who can be trusted, and to determine where an obscure application came from.
hashes don't assure you of the source at all, they just provide a unique (within the limits of the hash type) fingerprint for the file. If you know what a file's hash should be, the source is irrelevent.
Sure, but cryptographically signed hashes tell you that somebody who possesses the private key used to sign the sha1sums file (or equivalent for other hashes) claims that the signed hash values are correct, so if you get a file with that hash you can be confident it has not been modified relative to what the key possessor calculated the hash on.
Thus, in this sense it assures you of the original source of the file, and that the file has not been tampered with, regardless of the end source the user gets the file from.
Stylish sheet to fix many problems in Slashdot's D3: https://gist.github.com/801524
Do and Dose are not fully interchangeable.
Why is it so hard to only have politicians for a few years, then have them go away?
This is /. Here trolls do not belong hiding under a bridge. This troll was right out in the open right where it is supposed to be.
Why is it so hard to only have politicians for a few years, then have them go away?
> So my question is, where can you go to find out if something is legitimate?
"apt-cache search " works for me, though you may prefer aptitude or synaptic.
You can, of course, trust the Ubuntu archive as well. Debian-multimedia is ok too, though it is unofficial.
Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
He could also be using Debian and needs a note taking application
WILL FIX YOUR COMPz FOR SEX
Mod Parent Up! I don't care if it's posted as anon, this is EXACTLY what would happen. About the only other scenario is if a neutral third party (har har) decided what repos were allowed to be added. The issue is that anyone with centralized control will eventually corrupt it. We don't trust Microsoft because they're already corrupt, but who is trustworthy and will remain so without wreaking privacy havoc?
I 100% agree with AC here. Repos in Windows are a good thing, but like most good ideas, the courtroom prohibits action from being taken.
Considering how Ubuntu comes with Mono now (save your jokes 'til the end, please), along with F-Spot, Banshee, Tomboy, and other Mono-based apps, I'd say sudo apt-get install monocle is just right. That said, if you're on a SUSE box, yes, "yum install monocle" would be more suitable syntax.
Before even bothering to discuss where to check to see if software is legit or not, my main question is why is this person still using dial-up? It is ridiculous to be using dial-up this day in age to browse the internet or be downloading software. I understand dial-up to be used for verification purposes or other low-data transfer usage, but where Hi-Speed connections can be had for as little as $10 a month, dial-up seems more problematic than its worth.
If sorting out the crap from the good is such a burden for them, then they are probably better off staying away from the latest version anyways.
This is Joe n00b we're talking about here, not Dave power user.
A Pirate and a Puritan look the same on a balance sheet.
And by "yum install monocle", I of course meant "yast2 -install monocle"... bloody hell...
Being unpaid tech support for Gates is not being nice, it's being a chump.
If your friends and family can't be self sufficient with their consumer electronics device then they need to buy a different brand of device.
A Pirate and a Puritan look the same on a balance sheet.
Now, this ain't bulletproof but it's a start.
1) Download autoruns, run it, take a look at what it finds.
2) Think something is suspicious? Upload to Virus Total.
3) Act accordingly
It's anything but foolproof and there are a LOT of things that will slip past, but it's a good way to start without having to know anything about software.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
I agree, virustotal answers the original question of an online-resource to check a file. A similar scanning service is http://virusscan.jotti.org/. Remember, take the answers with a grain of salt. These are both multi-scanner services, in which the file is examined by multiple virus-scanning software packages.
Computers obey me.
I doubt anybody is seriously suggesting that everybody should stop performing random acts of friendly charity - in a friendly situation, the friend probably brings something of value to the table that you can pester for in return (help with moving, watching your kid, going on that fishing trip with you, etc.). It's sort of like implicit bartering. As for most of the services you're providing, though, well...
;-)
1. Opening a door is low effort and low skill, so I don't expect renumeration for that.
2. Helping you move? Ignoring for a second that there are companies that do exactly that and charge accordingly, I make it a point to at least offer some decent food and drink (generally of the pizza and alcohol variety) when I'm asking my friends to move. Implicit bartering FTW.
3. Pick up a coke? Well, if you're grabbing one from the fridge, that's one thing, but if I'm making you grab one from the store, I should at least be willing to give you a little extra for gas, no?
4. Jumpstart my car? I have AAA, which is a paid-for service that will do exactly that on the occasion that I'm unable to find someone to attach my jumper cables to.
5. Fix your collar? Erm... I work in IT. What collar?
6. Point out your shoe's untied? This would be another "low effort, low skill" task with minimal renumeration.
Point being, there are many mundane and simple tasks that we can do for people, but many of the ones you listed are neither mundane nor simple. They're time consuming, highly skilled, or both. Tech support falls in this category - I'll do it for free for family and friends because they do or have done things for me for free, but I'm certainly not going to freely donate my time unless its for psychic rewards (i.e. for a cause that I really believe in) because it's a pain in the ass and there are other things I'd rather do with my time than fix some stranger's computer (like, say, technical support for friends and family!).
If it isn't used frequently for a specific purpose, its not a specific tool for their computer use. Remove it and install foxit, and also install an anti-malware program and run it anyways.
Malwarebytes and Foxit are both fairly small, I don't think dialup should be an issue here.
Look at your own username. You might as well make it "Troll".
Just tell them to buy their software from NewEgg.com, that company would never let any malware pass to the consumer.
If they (or you) can't tell then running Antivirus and Malware detection isn't "too heavy consider" it's mandatory, even if it means a few hours on dialup. If they can download the crapware they can download the AV.
(And you're being overly dramatic. Daily updates should take a few minutes to download at most, even on dialup.)
If the King can't afford a food taster then he gets poisoned or he starves to death.
I couldn't find that package, so I decided to sudo aptitude install everything in subsection cli-mono instead.
Would that work?
One of these days, I am going to flip out. When I flip out, I'll be back in five minutes.
Is it just me that felt like he was getting stabbed in the chest each he read "___ do it". I normally don't make a big dal about grammar but...
Atleast the last one was right.
Outside of scanning and known definitions - the only difference between software and malware is intent. Creating a complete, current and accurate list of potential and existing "malware" is like trying to find a list of door and window manufacturers burglars use.
...I pretty much stick with Malwarebytes, CCleaner, SpywareBlaster, and MSE.
Actually, I got this tip off another /. post...researched each (non-MS) application, determined for myself that they were legit, and have not looked back. In fact, I just spent a few minutes last night eradicating the trojan "Microsoft" Antivirus 2010 on a friend's computer using the Malwarebytes app on a USB. Worked like a charm.
But don't take my word for it...do your own evaluation. I think you'll like what you find.
Get the ISO from http://trinityhome.org/Home/index.php?wpid=1&front_id=12 for the Trinity Rescue Kit. Run it. Update it and save the updated ISO image. Burn that to a CD and give it to your friend. He can run it and disinfect his computer without an Internet connection. Give him an updated CD every month.
"I believe in Karma. That means I can do bad things to people all day long and I assume they deserve it." : Dogbert
I'm happy you use Linux, but you don't have to be so sarcastic.
It would be a good idea for vendors of Windows-centric software to create a common source for downloads like Apple's app store for i-phone . It would help keep out mal-ware. Altruistic support for small time projects would put a happy face on things.
The current flock of vendors would probably use the repositories to block serious competition.
This is definitely not a Microsoft created problem. It is a problem that affects Windows users, but Microsoft didn't create the problem.
Microsoft should be able to solve it, but probably wouldn't be allowed to set up a solution. Other software vendors would fear giving this power to MS and would complain to the DOJ. Too bad, MS would probably be the best one to certify software as safe and run the thing.
Instant mental image of you standing on a freeway off-ramp with that crudely scrawled on a piece of cardboard, 40oz'er in the dirt by your feet.
That was quickly replaced with a mental image of you standing outside The Blackhat Conference exactly the same way.
THAT was quickly replaced with a mental image of you standing on a Redmond freeway off-ramp with that crudely scrawled on a piece of cardboard, 40oz'er in the dirt by your feet...and getting a ride.
How is that malware secretly updating itself going to happen to a live linux CD? If the machine is turned off it is turned off, it is not going to be dialing out, plus, you can't burn anything to a CDR once it is fixed. Plus it is linux. It may be security by obscurity, but whatever works....works.
Even then, linux is not a panacea for a game free existence. There are plenty of highly addictive games in FOSS operating systems, including Ubuntu. Even FreeBSD has the power to serve... you up games. The more addictive the game is, the higher the likelihood of there being a port for it. To find the most addictive ones, just sort by rating using the PC-BSD game repository - http://www.pbidir.com/bt/category/games/rating/. Wesnoth, Tremulous, Assault Cube. And if you give it a chance, the roguelikes (Angband, Nethack) will happily eat as much time as you can throw at them.
If I have seen further it is by stealing the Intellectual Property of giants.
one more reason to use only free software...
closed apps, abandoned software, obsolete apps, etc are set to disappear with time, its the survival of the strongest and being free software is huge strength.
being a closed and bad app is half way to die, even if popular (see the flash, attacked by all sides, is set to be replaced and irrelevant sooner of later)
but hey, nothing forbids closed apps builds of building a repository
Higuita
There are several good online virus scanners. They will ask you to download a small plugin, but I've used them with great success, without having to install applications.
http://housecall.trendmicro.com/
http://security.symantec.com/sscv6/home.asp
Also, two arguments against what is often suggested:
1) Virus scanners aren't for everyone. Some are extremely intrusive, often with their own "innovative" interfaces that make them bulky and impossible to manage for novices. Some will hijack your email applications, not tell you exactly when they block or delete something, and can also hinder web surfing speeds. If you don't know how things work already, having a scanner will make things even more confusing. Add subscription fees, and I say the whole thing isn't worth it.
2) No, I don't think "knowing your software" is a good way to tell if something is legit. Seriously, Windows alone will update itself and install weird things, as do most large software suites these days. They give ambiguous names to critical components, and to think we would know them unless they were dangerous is a bit much.
If you know what you're doing, I'd say you can avoid most issues by just being careful and knowing the signs (of danger and of contamination).
If you don't (or helping someone who doesn't), then I say dumb down the apps so things are simpler and safer. Like migrate to gmail, make FireFox or Chrome the default browser, and just setup all the bundled security features to their appropriate settings (windows firewall etc).
If you ponder this question for long enough, the answer will come to you.
This post expresses my opinion, not that of my employer. And yes, IAAL.
Amusing, however app repositories arent confined to open source, Apple do it (At least for the IPhone), Nintendo do it, google do it, Sony do it. No reason Microsoft couldnt do it.
Holy bungling of plural/singular verbs Batman!
"Google *does* it".
Worldwide Military budgets: $2100 billion. Worldwide Space Exploration budgets: $38 billion. Really, world? Really?
Microsoft already does it. Microsoft has a repository, which vendors can optionally submit drivers to, complete with digital signatures validated by the OS and all that jazz. The model seems to work pretty well, and I don't see why it couldn't work for non-driver software.
Socialism: a lie told by totalitarians and believed by fools.
Compare that to a clueless windows user who hasn't updated anything since he got the computer...
Usually people who want the latest version of something is because they need certain functionality it brings. The clueless person will conform with just having the application.
Default repositories could satisfy the clueless users perfectly.
You can get one at Big lots for $10 for a 4Gb, or if you check with surpluscomputers occasionally you can get bundles of 1Gb to 2Gb sticks for dirt cheap. So get a really cheap stick and then get the Computer Repair Utility Toolkit V2 which is like the Swiss Army Knife of PC Tools. So much more than simple malware repair it has fixes for networking, file recovery,info, scripts and tweaks, and it is simple to add you own. Just add Malwarebytes Antimalware and portable Firefox along with updating the included ClamAV and you have a one stop PC shop in your pocket.
but trying to guess what is a nasty and what ain't, especially when dealing with dialup, is simply a fool's game. There are literally thousands of new pieces of nasty released every day, and even if you guess right on this one there is no telling what else could be on that machine. Take the Toolkit I linked to above, add installers for Comodo AV and MalwareBytes, along with the latest Firefox, and simply stick the flash on your keyring and be done with it. Just plug the stick into any PC USB port once a week to update it and you have a full toolset in your pocket. So what if you don't do it everyday? The few times you DO run into something like this you will be able to handle it easily and look like a genius at the same time, all for a few dollar flash stick and less than 5 minutes a week.
ACs don't waste your time replying, your posts are never seen by me.
I call bullshit on the premise. If the user has bandwidth enough to download malware, he has bandwidth enough to download malware detection software and updates.
Currently hooked on AMP
I trust programs in Debian stable.
I trust the Debian folks. So far, so good!
Your mileage may vary.
Uh, Linux geek since 1999.
Too bad, MS would probably be the best one to certify software as safe and run the thing.
Yeah, just like they were so good at certifying that something was "Vista-ready," or "Designed for XP."
I'm not saying that they'll start pushing malware, but I wouldn't be at all surprised to hear about kickbacks, and vendor lockout and other things that would make the DOJ's case that much easier.
McAfee SiteAdvisor plugin for Firefox
Support the FairTax
As soon as I saw the filename it looked very suspicious but alas it's a known bug in a sound driver. That being said, I wonder how many viruses are hiding using the filenames of known buggy drivers.
In my experience if your application fails a DRM check it's probably legit.
see the flash, attacked by all sides
Don't worry, he can outrun them.
USB stick?
What's that?
I feel sorry for non-geek computer users. It really is tough to tell what is safe software and what isn't.
Personally, I would check sourceforge.net first for an open source equivalent. I'm not an open source zealot, but OSS tends to be malware free, and the bonus is that I can freely give a copy to other people. When that fails nonags.com is where I go. They test for naggy shareware, and I think malware and viruses.
Outside of that? Who knows. I trust my gut based on the website, or I run it in a virtual machine! But other people just don't have that option. Even using Google for the software product + "review" will get you fake affiliate reviews.
I doubt there is a way of knowing what you ask. That requires clarevoyance. If its present threat most anti viral software or resident shields will know about it. Just use them and let them run a full system check. I use TeaTimer that comes with Spybot S&D and never had any permanent problems. Its bit cumbersome on resources but how much is your safety worth vs the advantage of getting an extra 2-5FPS on your favourite game??? Dont feed people fish. Teach them how to protect their fish and not reel in infected fish just because the Sirens offered them. :) :)
He's probably English.
In America, organizations (such as "Microsoft") are generally considered singular nouns. We write "Microsoft does that" or "Microsoft is this".
In England, they're more commonly thought of as plural. "Microsoft do that", "Microsoft are this". It's not necessarily better or worse, but it can be jarring.
It is much easier to deal with the rare piece of software that is not in the repo, than lots and lots of software that is not in the non-existent repos.
Gamers are rarely completely naive users, and are rarely Linux users anyway.
There is usually a recognised non-free repo which should be enabled on installation for free-as-in-beer proprietary software. The problem only needs to be solved once.
Proprietary paid for software is usually safe-ish anyway (no worse than on Windows) and only a small proportion of all the software you install (serious gamers aside, again)
download the open disc and burn a copy for them
I realize that this is not the angle the OP was after, but as far as I can see, the most reliable way to ensure that your programs are legitimate is to use open source software. It is not bulletproof, since there are potential problems related to patents, but I think if the owners of the alleged patents were serious, they would have come out of the woodwork by now. And we shouldn't forget that most SW patents seem to be of a very dubious nature.
Open My Computer > Tools > Folder Options > File Types > Scroll down to PDF > Change "Opens with" to Adobe Reader. Not malware. Just idiocy.
The best resource for discovering legitimate applications is in your own skull. The second-best is an internet search engine.
"Upon investigation I found something installed called 'PDF Suite.' Never having heard of it, I Googled it with 'malware' and other key words, but nothing turned up..."
Dig deeper. I googled "PDF Suite" and found pdf-suite.com, which claims to be "a leader in the "Online Software Selling" business reaching 5.4 million unique visitors per month (Google Analytics, January 2008)." I then checked whois.org to see who owned pdf-suite.com, and found it was owned by Interactive Brands of Montreal, Quebec. interactivebrands.com claims to be "a privately held corporation, it was formed by a team of experienced industry professionals who had a vision of creating the “ultimate” digital-market-dedicated affiliate programs."
Googling "interactivebrands.com" brought up this note:
"McAfee TrustedSource web reputation analysis found potential security risks with this site. Use with extreme caution."
OK, I understand now. Ya, that was what I was doing, overnight updates, but frequently it resulted in just tieing up the line and being connected for excessive hours that annoyed the ISP. Plus, running diskless with just a live CD is just way more secure. Fast, too, blazing fast even on modest hardware if you have enough RAM. I am seriously considering that for my next upgrade for my desktop, looking for a used server board that can hold a ton of RAM and going completely diskless. I am not a big media packrat or anything, stuff I really need to keep I can burn to a cheap CD disk. Mostly I just want a fast internet appliance. I don't even have a big hard drive, it is only 8 gigs and frequently is mostly empty now as it is.
Guess I learned to get by with less being on dialup all those years.
Don't try to identify the myriads of malware. Persuade such folks to surf from a live CD.
.
Regards,
Bill Drissel
Even that's not enough.
20 January 2017: the End of an Error.
...dumped in the bad end of a red light district. That's about how easy it is for users to learn how to judge such things for themselves. You may think they are just idiots, but try to ponder how many factors really go into determining the suspiciousness of data/apps/sites on the web; it's more factors than the simple gut feeling would suggest.
Emotions! In your brain!