Slashdot Mirror

← Back to Stories (view on slashdot.org)

Best Resource For Identifying Legit Applications?

Posted by kdawson on from the x-ray-goggles dept.

bjb writes "While helping a somewhat computer illiterate person figure out a problem recently, they mentioned that PDF files had recently stopped working. Upon investigation I found something installed called 'PDF Suite.' Never having heard of it, I Googled it with 'malware' and other key words, but nothing turned up, though my suspicion remained (and was somewhat confirmed by WOT.) So my question is, where can you go to find out if something is legitimate? Because the person I'm helping is on a dial-up connection, downloading malware detection applications (and updates) is too heavy consider. And I don't maintain a USB stick with such apps, since I don't do this kind of thing very often. Where can you quickly find information?"

45 of 255 comments (clear)

  1. download.com by martas · · Score: 3, Informative

    and many other software download sites [claim to] thoroughly test submitted applications with antiviruses. in recent times i haven't downloaded any app from them that turned out to contain any sort of malware.

    --
    weinersmith
    1. Re:download.com by kalirion · · Score: 3, Insightful

      That might work if the application is infected by (known) malware. What if the application is itself the trojan, perhaps one that activates in the future so no one would have reported it yet? Unless someone has access to the source code and the time and inclination to look through it, how do you know it's safe?

    2. Re:download.com by Cylix · · Score: 3, Informative

      Uninstall them all and let God sort em out.

      When I was ever called to sort some disaster of a mind fucked mess I wouldn't take prisoners. Usually, my first question was could I just re-image and generally this was a resounding no.

      When you can't re-image you can only do the next best thing with next best thing results. Remove, scan and move on.

      It's more like war time triage then anything else.

      Sure, I feel somewhat bad they made it in the mess they did, but I can only personally do so much.

      --
      "You should always go to other people's funerals; otherwise, they won't come to yours." -- Yogi Berra
    3. Re:download.com by Keeper+Of+Keys · · Score: 3, Insightful

      He he heh! Now that my PDF reader is reasonably popular, I can switch on its backdoor functionality.

  2. "to big to download" by Sir_Lewk · · Score: 4, Insightful

    downloading malware detection applications (and updates) is too heavy consider.

    Any yet they find the time to download all of that malware...

    --
    "linux is just DOS with a UNIX like syntax" -- Galactic Dominator (944134)
    1. Re:"to big to download" by Monkeedude1212 · · Score: 4, Insightful

      Exactly. If you have the time to download an application you have time to download malware detection.

      And really, what do you suppose you were going to do if Google did confirm it as Malware? You can't download anything and you don't have a USB stick with that stuff on it - in most cases you're pooched already.

      It honestly sounds like either you or the person you're helping simply don't want to put in the effort in -actually- testing the machine for malware.

    2. Re:"to big to download" by jtownatpunk.net · · Score: 2, Informative

      A dialup connection can pull a quarter gig per day. Malwarebytes is under 10 megs with all updates and patches. (More like 8 megs.) You can get 200k per minute on dialup without breaking a sweat. That's 5 minutes per meg. That's 40 minutes for the full Malwarebytes download including updates. How much time do you plan to spend investigating the source of every installed program? Sure, it would be nice if there was a big list of every application on the planet with happy faces and frowny faces next to them but that would be a heck of a thing to maintain. The few companies that maintain such lists aren't likely to give you direct access as they've got commercial products built around that information. And, even if you found such a list, you would still have to pick through the installed programs and compare then one-by-one with the list. How long will that take? And the bad ones won't announce themselves by hopping on the add/remove programs list so you still need to scan. Start downloading and have a beer while you wait.

      Or, since you know what you're up against, load up the thumb drive before you go over next time. Bring a couple of good spyware removal programs (and their standalone update files) along with the complete installer for a good AV program.

    3. Re:"to big to download" by the_denman · · Score: 2, Insightful

      Microsoft provides a free anti virus and anti spy-ware system called security essentials that is not that big that you can't occasionally pull down new definitions via the dialup. Also when you visit why not run a copy of autopatcher from your thumb drive to make sure they have all of their windows updates.

  3. Assume malware by c++0xFF · · Score: 5, Insightful

    If you've never heard of an application, assume that it's untrusted malware.

    Linux has been pioneering a way around this through trusted software repositories, but the concept hasn't panned out for Windows yet.

    1. Re:Assume malware by tepples · · Score: 4, Interesting

      If you've never heard of an application, assume that it's untrusted malware.

      Then how should a micro-ISV or a free software developer earn users' trust?

    2. Re:Assume malware by fuzzyfuzzyfungus · · Score: 4, Insightful

      There are certainly costs to the strategy; but it is still a decent heuristic for somebody in the demographic we are talking about(ie. clueless, no broadband, probably no backups, or even system restore media).

      New entrants will naturally attract the attention of the sort of savvy tech enthusiasts who follow news outlets and whatnot, and are arguably in a far superior position to evaluate for utility and nonmalice. Once they've rendered their verdict, the noobs can follow the received wisdom, or have it done for them.

      "If you've never heard of an application, assume that it's untrusted malware." would make a shitty universal rule; but it is mostly a good idea in this context. Some people are better cut out to deal with technical risk than others. People with disposable VM appliances can do whatever they want. Noobs with dialup who will end up losing months of work, a week's use of their computer, and several hundred in Geek Squad fees if they do the wrong thing should probably stick to the beaten path.

    3. Re:Assume malware by ekhben · · Score: 3, Funny

      If only I'd learned that rule before I first heard of MS Office...

  4. Does the vendor make md5 or sha1 hashes available? by number6x · · Score: 3, Insightful

    Does the vendor make md5 or sha1 hashes available?

    Linux repositories are signed with pgp keys, this is usually pretty good(pun intended) for security. Even when breaches happen things are found out pretty quickly.

    Searching the internet for downloads and running downloaded apps to install is a very 1990's way of installing software. Its hard to believe Windows users don't have App repositories yet.

  5. Feel free to use my method by yttrstein · · Score: 2, Funny

    find /usr/ports/* >> notmalware.txt

  6. Re:What is your OS? by Kitkoan · · Score: 5, Funny

    Seen as "somewhat computer illiterate," read as "Windows."

    I know a lot of OSX users that fit that description.

    --
    Attention... all grammer nazi"s! Is they're anything; wrong with: my post,
  7. Look at it this way by Anonymous Coward · · Score: 4, Funny

    If it is malware, it's probably more secure against attack than Adobe Reader is.

  8. Re:What is your OS? by ColoBikerDude · · Score: 2, Insightful

    Seen as "somewhat computer illiterate," read as "Windows."

    I know a lot of OSX users that fit that description.

    The OP also said "dialup" and "malware" so I still read as "Windows." :)

  9. Er by Quiet_Desperation · · Score: 5, Informative

    Did you try Googling it *without* the word malware?

    http://www.google.com/#hl=en&source=hp&q=%22PDF+Suite%22&aq=f&aqi=g10&aql=&oq=&fp=1

    1. Re:Er by nine-times · · Score: 2, Insightful

      I'm guessing you're being funny, but since you're modded "insightful"...

      I think what the OP was saying is, "I Googled it with 'malware' and other key words, but [no information about it being malware] turned up, though my suspicion remained..." So the problem wasn't that he couldn't find information about PDF Suite at all, but rather he couldn't find enough information to determine whether the program was legitimate.

  10. Re:how about google? by Mr+Z · · Score: 3, Insightful

    Well, if it was benign software, then maybe the free trial ended? Or, if it really did have some malware in it, maybe it was a "cracked" version, with extra Russian Hacker Goodness?

    --
    Program Intellivision!
  11. Re:Does the vendor make md5 or sha1 hashes availab by Anonymous Coward · · Score: 5, Funny

    Ho ho ho, allow me a moment, my monocle has fallen into my snifter of brandy. Ho ho!

    I, being a LINUX USER, you see, do not have such mundane Mico$$$$$$$$$oft problems, ho ho!

    Did I mention I use LINUX! Ho ho. I bet you are impressed with my LINUX USING ABILITY. We USERS OF LINUX have SOFTWARE REPOSITORIES, ho ho ho. By USING LINUX you too can have a SOFTWARE REPOSITORY.

    What is that I hear? You use Mico$$$$$oft products?! Ho ho! My dear friend, you must cease at once and switch to LINUX. LINUX has SOFTWARE REPOSITORIES, did I mention this? Ho ho ho...

    oh dear, it appears my monocle has come off again! Ho ho!

  12. Re:Why are you doing this? by tepples · · Score: 2, Insightful

    Are you getting paid? And if not, why not? And if so, why are you trying to do this over the phone?

    Getting paid doesn't necessarily mean getting paid enough to 1. take a week off one's day job and 2. pay for round-trip airfare.

  13. Re:Does the vendor make md5 or sha1 hashes availab by Dr_Barnowl · · Score: 4, Insightful

    Signed hashes only assure you of the source of the files. They don't in themselves provide any assurance of trust.

    In the majority of these cases, the only thing it would achieve would be that you can state with some confidence that it's definitely the fault of a particular asshat.

  14. Re:Does the vendor make md5 or sha1 hashes availab by tepples · · Score: 2, Insightful

    LINUX has SOFTWARE REPOSITORIES, did I mention this?

    The software repositories associated with major desktop Linux distributions, such as Fedora and Ubuntu, have a drawback: not all applications, even useful and legitimate ones, satisfy the licensing requirements of the repositories. For example, almost no major label video games are completely free software and free assets.

  15. How important is this person to you? by pz · · Score: 3, Interesting

    If this person is important to you (ie, a relative, family friend), then set up a CD-R with A/V and malware detection on it such that it autoruns, and mail them a new, fresh copy once per month that includes the latest A/V definitions. Hell, include a defrag as part of the autorun process. What does this person do for updates to Windows? I'm betting nothing. Include those too.

    90% of maintaining my computer semi-literate parents' and relatives' computers is basically this: (1) update antivirus, (2) run A/V, (3) update Windows, (4) defrag.

    --

    Put my fist through my alarm clock with its ding-dong death inside my ear. - The Blackjacks.
  16. Re:What is your OS? by e2d2 · · Score: 3, Funny

    Macs are dumbed down. So you gotta be smart to use them. Or something like that.

  17. Re:What is your OS? by Anonymous Coward · · Score: 2, Informative

    I know a lot of OSX users that fit that description.

    And a quick check of Ubuntu Forums should convince anyone that Linux has long since joined the party. If posts on /. don't.

  18. beware! by TheSHAD0W · · Score: 5, Informative

    BitTornado, an application I administer, was once available via ZDNet, a site which distributed freeware and shareware apps much like Download.com. At some point someone began offering download mirrors for BitTornado and other apps, with installers that were modified and apparently contaminated with malware. I complained twice; the second time, they nastily asked whether I wanted them to remove BitTornado from their site. I told them yes.

    Just because software is available via some popular gateway, you can't be 100% certain what you download will be perfect and free from malware.

  19. Re:how about google? by Mr+Z · · Score: 3, Insightful

    There is a legit package named PDF Suite. It's unclear whether that installation was legit or not. If "PDFs stopped working," it's entirely likely that the trial period for the legit software expired. No idea. I wasn't weighing in on either side of that.

    The problem as stated in this article's question is almost something of a fools errand: "I have a connection to the Internet that at best can give me benign but worthless stuff, and can give me unbounded amounts of virulent crap. I can't use this connection to download anything useful or helpful, nor can I bring anything with me that's useful and helpful. How do I avoid the crap?"

    Perhaps I overstate it a bit, but not by too much, I don't think.

    --
    Program Intellivision!
  20. Re:Why are you doing this? by Lunix+Nutcase · · Score: 2, Insightful

    Are you getting paid? And if not, why not? And if so, why are you trying to do this over the phone?

    Because some people are actually nice and want to help out their friends and family?

  21. Re:Why are you doing this? by oodaloop · · Score: 2, Funny

    Yeah, I feel the same way with any service I provide. Want me to hold the door for you? Pay up. Want me to help you move? Pay. Pick up a coke while I'm up? Pay. Jumpstart your car? Fix your collar? Point out your shoe's untied? That's right, PAY.

    Who needs friends as long as you have money?

    --
    Tic-Tac-Toe, Global Thermonuclear War, and relationships all have the same winning move.
  22. Obligitory XKCD link... by Stick32 · · Score: 2, Funny

    because someone has to [xkcd.com]

    1. Re:Obligitory XKCD link... by Anonymous Coward · · Score: 2, Funny

      There needs to be some sort of 'Fail' mod...

  23. Great tool for identifying legit applications by MobyDisk · · Score: 4, Funny

    Just download http:///www.amilegit.com.ru/legit_app_detector__win32_trojanfree!!!!.exe and it will scan the app and tell you if it is legitimate.

  24. Re:What is your OS? by OhHellWithIt · · Score: 3, Insightful

    "Doubleclick it until it opens up a Finder window, and then drag the icon into the Application folder on the left hand side of the Finder window".

    Um, yeah. In December, my parents asked me to set up file sharing between Dad's Mac and Mom's PC, and the documentation on the Mac talked about a Finder window and some other stuff. I had to do a web search to learn how to decipher the MacSpeak. Intuitive, it's not. I sure was glad to go home to my Linux laptop.

    --
    "Who controls the past controls the future. Who controls the present controls the past." -- George Orwell
  25. Or Jotti Re:Upload to virustotal.com by AJ+Mexico · · Score: 2, Informative

    I agree, virustotal answers the original question of an online-resource to check a file. A similar scanning service is http://virusscan.jotti.org/. Remember, take the answers with a grain of salt. These are both multi-scanner services, in which the file is examined by multiple virus-scanning software packages.

    --
    Computers obey me.
  26. Re:What is your OS? by Kitkoan · · Score: 3, Insightful

    I know a lot of OSX users that fit that description.

    And a quick check of Ubuntu Forums should convince anyone that Linux has long since joined the party. If posts on /. don't.

    How is this a troll? He's right. Not everyone who uses Linux is a computer expert. Hell, when I started using Linux I was a beginner with Linux and just took a blind plunge. Wasn't hard with Ubuntu and thats why the forums are there, to help beginners and solve problems. It's the online FOSS version of Apple's Genius Bar in there stores and Microsoft store's Guru Bar. OSX and Linux are gaining speed with all users, not just the hardcore users.

    --
    Attention... all grammer nazi"s! Is they're anything; wrong with: my post,
  27. If they can't tell.... by Zadaz · · Score: 2, Insightful

    If they (or you) can't tell then running Antivirus and Malware detection isn't "too heavy consider" it's mandatory, even if it means a few hours on dialup. If they can download the crapware they can download the AV.

    (And you're being overly dramatic. Daily updates should take a few minutes to download at most, even on dialup.)

    If the King can't afford a food taster then he gets poisoned or he starves to death.

  28. Anything can be "malware" by syntaxeater · · Score: 2, Insightful

    Outside of scanning and known definitions - the only difference between software and malware is intent. Creating a complete, current and accurate list of potential and existing "malware" is like trying to find a list of door and window manufacturers burglars use.

  29. When I'm forced to use Windows... by pongo000 · · Score: 2, Informative

    ...I pretty much stick with Malwarebytes, CCleaner, SpywareBlaster, and MSE.

    Actually, I got this tip off another /. post...researched each (non-MS) application, determined for myself that they were legit, and have not looked back. In fact, I just spent a few minutes last night eradicating the trojan "Microsoft" Antivirus 2010 on a friend's computer using the Malwarebytes app on a USB. Worked like a charm.

    But don't take my word for it...do your own evaluation. I think you'll like what you find.

  30. Free Virus Scanner by hduff · · Score: 2, Informative

    Get the ISO from http://trinityhome.org/Home/index.php?wpid=1&front_id=12 for the Trinity Rescue Kit. Run it. Update it and save the updated ISO image. Burn that to a CD and give it to your friend. He can run it and disinfect his computer without an Internet connection. Give him an updated CD every month.

    --
    "I believe in Karma. That means I can do bad things to people all day long and I assume they deserve it." : Dogbert
  31. Dude a flash stick is cheap by hairyfeet · · Score: 2, Informative

    You can get one at Big lots for $10 for a 4Gb, or if you check with surpluscomputers occasionally you can get bundles of 1Gb to 2Gb sticks for dirt cheap. So get a really cheap stick and then get the Computer Repair Utility Toolkit V2 which is like the Swiss Army Knife of PC Tools. So much more than simple malware repair it has fixes for networking, file recovery,info, scripts and tweaks, and it is simple to add you own. Just add Malwarebytes Antimalware and portable Firefox along with updating the included ClamAV and you have a one stop PC shop in your pocket.

    but trying to guess what is a nasty and what ain't, especially when dealing with dialup, is simply a fool's game. There are literally thousands of new pieces of nasty released every day, and even if you guess right on this one there is no telling what else could be on that machine. Take the Toolkit I linked to above, add installers for Comodo AV and MalwareBytes, along with the latest Firefox, and simply stick the flash on your keyring and be done with it. Just plug the stick into any PC USB port once a week to update it and you have a full toolset in your pocket. So what if you don't do it everyday? The few times you DO run into something like this you will be able to handle it easily and look like a genius at the same time, all for a few dollar flash stick and less than 5 minutes a week.

    --
    ACs don't waste your time replying, your posts are never seen by me.
  32. Not enough bandwidth? Ehh... by wealthychef · · Score: 2, Insightful

    I call bullshit on the premise. If the user has bandwidth enough to download malware, he has bandwidth enough to download malware detection software and updates.

    --
    Currently hooked on AMP
  33. Re:What is your OS? by Runaway1956 · · Score: 2, Insightful

    This. AC has stated my policy, plainly. If I've never heard of it, and I don't know what it is, it's malware. In the computer world, it's "Guilty, until proven innocent."

    And, when you think about it, the problem with malware is not so much that it exists. The real problem is that every gullible fool in the world automatically TRUSTS anything they find on the web.

    Trust. Let the software distributor EARN some trust, don't just give it to him. And, those 10, 100, or even 1000 glowing reviews posted on his home site? He paid his niece to type those up, and she never saw the crap ware that her uncle developed.

    --
    "Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it." - Charlie Br
  34. Re:Does the vendor make md5 or sha1 hashes availab by the_womble · · Score: 2, Informative

    It is much easier to deal with the rare piece of software that is not in the repo, than lots and lots of software that is not in the non-existent repos.

    Gamers are rarely completely naive users, and are rarely Linux users anyway.

    There is usually a recognised non-free repo which should be enabled on installation for free-as-in-beer proprietary software. The problem only needs to be solved once.

    Proprietary paid for software is usually safe-ish anyway (no worse than on Windows) and only a small proportion of all the software you install (serious gamers aside, again)